If you have a computer that is connected to a domain and is plugged into the domain network but doesn't have the domain profile active in the firewall settings of Windows 7 check to make sure you have your domain DNS server set as your primary DNS.
I had a client have an external DNS set for "faster internet" but it was causing errors on the machine because the PDC couldn't communicate with it correctly.
A client of mine mentioned he wasn't able to access his mapped drives over the VPN. I remotely connected to his PC and noticed if I pinged hostname.domain.local it resolves to 22.214.171.124. I confirmed he was connected to the VPN and I could ping the IP of the PC directly. I did a quick lookup of that IP address and it turns out its owned by Comcast. Comcast's DNS Helper service was to blame. They were resolving all failed hostnames to their IP address rather then letting it fail and allowing his companies DNS server to resolve it correctly.
To fix this you have 2 options:
- Opt-Out of Comcast's DNS Helper service
- Switch to a public DNS service like OpenDNS or Google's DNS servers
Right now Comcast has this enabled by default for all customers with dynamically assigned IP addresses. Business customers are not affected.
Below is an article on the topic that is a great read.