Quickbooks file server with VPN remote clients

[Luis Rodriguez]

Hello all, I don't really know where to start with this so I apologize in advance if this post is a little unorganized. Basically I had/have a Tax office set up with a file server so they can run quickbooks independently on their own computers but keep a community file pool so everyone can use all the files. Everything fine and dandy right?

Well they recently expanded so they have a new office, and the owner wants the computers configured the same way. So what I did was set up a VPN using Hamachi so the network folders and files could still be accessable. I suppose you could say it works, however it is extremely slow (normally files would open in around 30 seconds, now its taking a few minutes). The owner didn't like this, so I set them up with a jungle drive so the remote users could have the files on their computers while the jungle drive synced the new files on the file server, but that didnt work out too well either, since some users were on the jungle drive and some directly on the file server, they didnt sync too well.

As an attempt to speed things up, I physically moved the server to the new office (they have MUCH faster internet, so I thought using the first office as the remote computers would be taking less of a hit.) Although the new remote computers in the first office ARE slightly faster, it's still not fast enough.

And now the new problems...I'm having some DNS issues on the new server. The server is running SBS 2011, and does NOT have AD or anything fancy, and since the move I cannot access the folders or remote desktop using the nameserver (freedomserver), I'm forced to use the IP adress. I haven't made any changes on the server and I'm not sure as to why this would happen, but I feel this could have an impact on speed since the network folders are mapped with the nameserver and not the ip address.

So what I'm asking the community is, #1 how could I go about fixing the name server (I feel this top priority), And what steps or alternatives could I do/make to make everything run smoother faster.

Server - SBS 2011 essentials
4 windows 7 work stations
1 floating windows 7 laptop

For the record everything was running fine before the expansion. Thank you all in advance.

-Louie

 

[Luis Rodriguez]

Not sure if it helps any, but if I do a ipconfig -a ipofserver I get an appropriate name back, using both the hamachi IP and local IP, also the server name does show under "networks" in my computer, however when I click on it the searching icon appears and the computer freezes.

 

[marley1]

Quickbooks is not supported over VPN

Look at RDP or Terminal Services

 

[marley1]

SBS 2011 essentials automatically creates a domain. I have a feeling you want to join the machines to that domain.

Also need to make sure the computers DNS resolve to the SBS box

 

[YeOldeStonecat]

First....get hamachi out of there, it's a home grade cheesy VPN service for kids that game and do p2p file sharing. For a business, if you're doing to do VPN tunnels to create a WAN between "central office/mothership" and brand "satellite" offices, you use business grade routers that support site to site VPN tunnels and have them do the hub 'n spoke WAN. They have their own CPU to crunch the VPN traffic, waaaaAAAAaaaaay better than slow pokey software VPN done on a server.

Central office should have the fastest possible connection from their ISP....especially the upload. Traditionally it's not good to run heavier database accounting apps through VPN tunnels, due to a higher likelyhood of database corruption. However with todays Docsis 3 cable connections with 3, 5, even 10 meg and more upload speeds...it's great. Pretty much can have a 10 meg LAN between two offices....so you can run apps like Quickbooks through those tunnels. Yeah it may take an extra 10 seconds to open up a book....so what.

However, if they're stuck on prehistoric old DSL with only a 384 or possibly 768k upload....that will be unusable and likely result in frequent corruption of company files. Not to mention excrutiangly long periods to open files. So it's much wiser to utilze a terminal server and have the satellite offices do an RDP connection to it.

Computers at the satellite office should use the SBS box's IP as their DNS...they can log into the domain through the VPN tunnel. Each office should have a separate IP range...central office something like 192.168.10.xxx, remote office something like 192.168.11.xxx. (notice 3rd octet is different) (and I stay away from common IP ranges such as home users may have, like 192.168.0.xxx and 192.168.1.xxx).

 

[Luis Rodriguez]

First....get hamachi out of there, it's a home grade cheesy VPN service for kids that game and do p2p file sharing. For a business, if you're doing to do VPN tunnels to create a WAN between "central office/mothership" and brand "satellite" offices, you use business grade routers that support site to site VPN tunnels and have them do the hub 'n spoke WAN. They have their own CPU to crunch the VPN traffic, waaaaAAAAaaaaay better than slow pokey software VPN done on a server.

Central office should have the fastest possible connection from their ISP....especially the upload. Traditionally it's not good to run heavier database accounting apps through VPN tunnels, due to a higher likelyhood of database corruption. However with todays Docsis 3 cable connections with 3, 5, even 10 meg and more upload speeds...it's great. Pretty much can have a 10 meg LAN between two offices....so you can run apps like Quickbooks through those tunnels. Yeah it may take an extra 10 seconds to open up a book....so what.

However, if they're stuck on prehistoric old DSL with only a 384 or possibly 768k upload....that will be unusable and likely result in frequent corruption of company files. Not to mention excrutiangly long periods to open files. So it's much wiser to utilze a terminal server and have the satellite offices do an RDP connection to it.

Computers at the satellite office should use the SBS box's IP as their DNS...they can log into the domain through the VPN tunnel. Each office should have a separate IP range...central office something like 192.168.10.xxx, remote office something like 192.168.11.xxx. (notice 3rd octet is different) (and I stay away from common IP ranges such as home users may have, like 192.168.0.xxx and 192.168.1.xxx).

Thank you for the advice, I fully understand tunneling via routers and it's advantages, however neither offices have a static public IP address. Another major cause for headaches is that in their new office (server office), they have amazing fiber grade internet, however it's shared amongst the building users (included in rent) and the building won't offer support without a significant additional cost to the client, so I was kind of muscled into going a software VPN route. I was able to fix the DNS issues I was having with the server, and everything seems to be in "operational" order.

What devices would you reccomend using for tunneling the 2 offices, as well as a floating laptop. One thing i considered was utilizing windows offline filing for the network drives, but I'm unsure on how to force the computer to use the offline files (on the computer) for faster access and then syncing to the server after the save.

Thank you all again, this has set my mind in a better direction. I got caught up with a client that doesnt value his network and doesnt want to put extra funds into it so i'm rather desperate and looking for alternatives.

 

[marley1]

Zyxel USG50 or higher are great for site to site.

However you skipped my post.

Quickbooks over ANY VPN is not supported and your client will e ****** with the slow response of the program as even more ****** with the data corruption.

To do this correctly you need the roaming users to remote into a server.

Pick up a Dell t110 or refurb with server 2012 and some RDS Cals. Publish the program in Remote App and be happy.

A thread above regarding Sage is the same feedback

 

[Luis Rodriguez]

Zyxel USG50 or higher are great for site to site.

However you skipped my post.

Quickbooks over ANY VPN is not supported and your client will e ****** with the slow response of the program as even more ****** with the data corruption.

To do this correctly you need the roaming users to remote into a server.

Pick up a Dell t110 or refurb with server 2012 and some RDS Cals. Publish the program in Remote App and be happy.

A thread above regarding Sage is the same feedback

I didnt mean to skip it. I looked up that part and it seems kind of overkill (at least to me) they dont have a rack or anything fancy, the server is just sitting in the same office as one of the employees. would the cisco RV180 do the trick? Also when you say for people to "remote in" do i have to create 5 different users in the server and give them their own usernames etc. and with the VPN it seems i can do RD fine, or is that the wrong way to do it?

 

[angry_geek]

Please don't take this the wrong way. I read through this thread a couple of times, and this is my conclusion: You are out of your league on this one. There are good reasons things are done a certain way and not done other ways. You're about to create a royal mess for your customer, and a potentially devastating situation for your business. Stop what you're doing and approach this situation like a student. Listen to the advice given you. Set everything up in your own lab so you know how to do it and deal with any issues. When you can make it work PROPERLY in your own lab, then you can tackle your customer's needs. There is no shame in admitting something is beyond your skill set. However, diving head long into something you shouldn't be doing just to get the business, is a very bad idea.

Do not learn on customers' time and systems.

 

[ComputerRepairTech]

Since networking is my weak point the only contribution I can make here is I know my file sharing works with my router and openvpn as long as I am using TAP (not TUN).

 

[Markverhyden]

Just because you can get something to work does not mean it is a recommended practice. I've been able to get QB to work over VPN in the past but it is very unreliable.

Intuit's official position is that it does not work over a VPN tunnel. So if you call them up for support they will tell you to take a hike. That includes data corruption issues.

The problem is that with many ISP connections you have, such as cable, DSL, and FIOS are async. Meaning that the up and down rates are not the same. Between that and the built in latency of VPN itself means that you will have problems when you are accessing the database over a VPN tunnel. A LAN link, which is what is recommended, does not have that problem.

So the only reliable way for remote access is a RDP type of access. You can do things like logmein but that only works for one user at a time. Terminal server is the way for multiple users. Of course you could always move them to their web based services. I've done that with a few customers.

 

[Luis Rodriguez]

Please don't take this the wrong way. I read through this thread a couple of times, and this is my conclusion: You are out of your league on this one. There are good reasons things are done a certain way and not done other ways. You're about to create a royal mess for your customer, and a potentially devastating situation for your business. Stop what you're doing and approach this situation like a student. Listen to the advice given you. Set everything up in your own lab so you know how to do it and deal with any issues. When you can make it work PROPERLY in your own lab, then you can tackle your customer's needs. There is no shame in admitting something is beyond your skill set. However, diving head long into something you shouldn't be doing just to get the business, is a very bad idea.

Do not learn on customers' time and systems.

I completely agree. This IS beyond my skill set. I understand the theory however have never done it in practice. The client is a friend of the family's otherwise i would have passed the job from the start. Just thought I'd try to gather some info from the community to head in the right direction. I'm not diving into things that are ahead of me, like i said, it's more of a favor type of thing and it's something I thought I could learn on.

 

[marley1]

I didnt mean to skip it. I looked up that part and it seems kind of overkill (at least to me) they dont have a rack or anything fancy, the server is just sitting in the same office as one of the employees. would the cisco RV180 do the trick? Also when you say for people to "remote in" do i have to create 5 different users in the server and give them their own usernames etc. and with the VPN it seems i can do RD fine, or is that the wrong way to do it?

Yes you need to create users for those to log into. Even if this is a small office this is the only way to get this working. VPN IS NOT SUPPORTED BY QUICKBOOKS AND WILL CAUSE DATA CORRUPTION. THIS IS A FACT.

Most of my offices the staff will have a desktop, they may also have a personal laptop so they will remote from home or the field into the work desktop.

If you just have roaming field users you want a Terminal Server. You do not need anything fancy. A Dell T110 with Server 2012 Standard (May be able to get away with Foundation) and 5 RDS CALS will be fine. Cost will be about $2500-$3000 not including setup.

You could build a server if you want.

 

[Ccomp5950]

Essentially you have two options for remote access to quickbooks.

Either move the entire business to using "Quickbooks Online", or setup a terminal server. You don't even have to have an actual server OS to do this, you can setup Logmein to a workstation with quickbooks installed if you were inclined to do so.

VPN's can work, but they are not recommended because Quickbooks has bolted on and clunked together their netcode where they only reliably work over a non-congested LAN. I've had to setup VLAN's once and add switches because the 20+ users on the switch were eating up enough of the gigabit lan where quickbooks would get corrupted. Granted they were in a high use environment (video editing / 3d graphics cluster rendering).

 

[Luis Rodriguez]

Essentially you have two options for remote access to quickbooks.

Either move the entire business to using "Quickbooks Online", or setup a terminal server. You don't even have to have an actual server OS to do this, you can setup Logmein to a workstation with quickbooks installed if you were inclined to do so.

VPN's can work, but they are not recommended because Quickbooks has bolted on and clunked together their netcode where they only reliably work over a non-congested LAN. I've had to setup VLAN's once and add switches because the 20+ users on the switch were eating up enough of the gigabit lan where quickbooks would get corrupted. Granted they were in a high use environment (video editing / 3d graphics cluster rendering).

They have a server and i installed RDS on it last night, I'm just doing some more research on setting it up. I added their programs to the remote apps but I can't seem to manage users since they aren't using Active Directory.

 

[TAPtech]

Interesting this showed up in the forum list as I have just done a remote QuickBooks setup for a client.

As others here have said- it is best not to be accessing the QB database from outside the LAN. A remote desktop type connection, from whatever software, is far better. There is way less to go wrong and kerfunckle the database.

If it is server 2012 just set up remote access so they can access a desktop from afar. My last client I used GPO to make it so that when they login, all they get is the QuickBooks application (no explorer) and it closes the session if they close the program. Works well and is fairly failure resistant. Manages the available licenses well (you can set it to disconnect after a certain amount of idle time)