browsing over VPN

[Richard Prossor]

I have a problem browsing over VPN. I have two Microsoft articles which seem
to be in conflict with each other with regard to DisableNetBiosoverTcpip
settings in the registry on a computer with two network cards (in my case
SBS2k).

Can anyone help on which is right?

KB292822 requires you to set up a registry key DisableNetBIOSoverTcpip.

KB830063 advises you to delete this registry key.

Regards

Richard

 

[Danny Slye - [MSFT}]

I have had good success with following 292822 to prevent the RAS adapter
from registering NBT and breaking browsing\name resolution on the LAN. In
order for vpn clients to browse reliably they have to get a WINS server
assigned to them from the RAS server. Make sure that the RRAS server is
configured as a WINS client and the IP properties of the RAS server is
configured to "use the following adapter to obtain DHCP, DNS, WINS
addresses for dialup clients", set the adapter to the internal adapter.
--------------------

I have a problem browsing over VPN. I have two Microsoft articles which seem
to be in conflict with each other with regard to DisableNetBiosoverTcpip
settings in the registry on a computer with two network cards (in my case
SBS2k).

Can anyone help on which is right?

KB292822 requires you to set up a registry key DisableNetBIOSoverTcpip.

KB830063 advises you to delete this registry key.

Regards

Richard

__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

 

[Richard Prossor]

thanks for your reply

the RRAS server is also a WINS server. The setting is as you describe. Using
IPconfig the VPN'ed client shows DNS and WINS referring to the server.

Regards

Richard

I have had good success with following 292822 to prevent the RAS adapter
from registering NBT and breaking browsing\name resolution on the LAN. In
order for vpn clients to browse reliably they have to get a WINS server
assigned to them from the RAS server. Make sure that the RRAS server is
configured as a WINS client and the IP properties of the RAS server is
configured to "use the following adapter to obtain DHCP, DNS, WINS
addresses for dialup clients", set the adapter to the internal adapter.
--------------------

I have a problem browsing over VPN. I have two Microsoft articles which seem
to be in conflict with each other with regard to DisableNetBiosoverTcpip
settings in the registry on a computer with two network cards (in my case
SBS2k).

Can anyone help on which is right?

KB292822 requires you to set up a registry key DisableNetBIOSoverTcpip.

KB830063 advises you to delete this registry key.

Regards

Richard

__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

 

[Bill Grant]

The browser service should only use one interface of the server. So you
need to disable Netbios over TCP/IP on both the public NIC and the RRAS
internal interface. Only the server's LAN NIC should appear in WINS
associated with the name of the server. After you have made the registry
changes, check WINS to make sure it hasn't retained any old entries. The
domain master browser entry <domainname 1b> should show the LAN NIC IP
address of the server only.

thanks for your reply

the RRAS server is also a WINS server. The setting is as you describe. Using
IPconfig the VPN'ed client shows DNS and WINS referring to the server.

Regards

Richard

I have had good success with following 292822 to prevent the RAS adapter
from registering NBT and breaking browsing\name resolution on the LAN. In
order for vpn clients to browse reliably they have to get a WINS server
assigned to them from the RAS server. Make sure that the RRAS server is
configured as a WINS client and the IP properties of the RAS server is
configured to "use the following adapter to obtain DHCP, DNS, WINS
addresses for dialup clients", set the adapter to the internal adapter.
--------------------

I have a problem browsing over VPN. I have two Microsoft articles which seem
to be in conflict with each other with regard to DisableNetBiosoverTcpip
settings in the registry on a computer with two network cards (in my case
SBS2k).

Can anyone help on which is right?

KB292822 requires you to set up a registry key DisableNetBIOSoverTcpip.

KB830063 advises you to delete this registry key.

Regards

Richard

__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

 

[Richard Prossor]

I am not quite sure what you mean in this reply. WINS currently has an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser 192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's in the range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . : prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . : prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>

The browser service should only use one interface of the server. So you
need to disable Netbios over TCP/IP on both the public NIC and the RRAS
internal interface. Only the server's LAN NIC should appear in WINS
associated with the name of the server. After you have made the registry
changes, check WINS to make sure it hasn't retained any old entries. The
domain master browser entry <domainname 1b> should show the LAN NIC IP
address of the server only.

thanks for your reply

the RRAS server is also a WINS server. The setting is as you describe. Using
IPconfig the VPN'ed client shows DNS and WINS referring to the server.

Regards

Richard

I have had good success with following 292822 to prevent the RAS adapter
from registering NBT and breaking browsing\name resolution on the LAN.

In

 

[Bill Grant]

That looks OK. Netbios over TCP/IP is disabled on the PPP adapter.

Problems can arise if more than one interface tries to build a segment
browse list. The browser software has no way to merge browse lists if the
interfaces are on the same machine. Consequently you can get browser
failures and browser elections being forced. That is why KB 292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting as your segment
browser and your DMB. It is also recognising the existence of another
domain, with DMB at 172.16.0.9 (presumably one of the dialup machines is in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does it recommend deleting
DisableNetbiosOverTcpip ?

I am not quite sure what you mean in this reply. WINS currently has an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser 192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's in the range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . : prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . : prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>

The browser service should only use one interface of the server. So you
need to disable Netbios over TCP/IP on both the public NIC and the RRAS
internal interface. Only the server's LAN NIC should appear in WINS
associated with the name of the server. After you have made the registry
changes, check WINS to make sure it hasn't retained any old entries. The
domain master browser entry <domainname 1b> should show the LAN NIC IP
address of the server only.

LAN. server

is my
case

 

[Richard Prossor]

Hi Bill

thanks for your reply

the link is here

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win2000

there is a specific note in the article which says:

Note Virtual private network (VPN) clients may not be able to browse the
network, but the VPN clients can access resources if the domain controller
is a multihomed computer that is running as the domain master browser.

Regards

Richard

That looks OK. Netbios over TCP/IP is disabled on the PPP adapter.

Problems can arise if more than one interface tries to build a segment
browse list. The browser software has no way to merge browse lists if the
interfaces are on the same machine. Consequently you can get browser
failures and browser elections being forced. That is why KB 292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting as your segment
browser and your DMB. It is also recognising the existence of another
domain, with DMB at 172.16.0.9 (presumably one of the dialup machines is in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does it recommend deleting
DisableNetbiosOverTcpip ?

I am not quite sure what you mean in this reply. WINS currently has an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser 192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's in the range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . : prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . : prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>

The browser service should only use one interface of the server. So you
need to disable Netbios over TCP/IP on both the public NIC and the RRAS
internal interface. Only the server's LAN NIC should appear in WINS
associated with the name of the server. After you have made the registry
changes, check WINS to make sure it hasn't retained any old entries. The
domain master browser entry <domainname 1b> should show the LAN NIC IP
address of the server only.

thanks for your reply

the RRAS server is also a WINS server. The setting is as you describe.
Using
IPconfig the VPN'ed client shows DNS and WINS referring to the server.

Regards

Richard


I have had good success with following 292822 to prevent the RAS adapter
from registering NBT and breaking browsing\name resolution on the

LAN.

In
order for vpn clients to browse reliably they have to get a WINS server
assigned to them from the RAS server. Make sure that the RRAS

server

is
configured as a WINS client and the IP properties of the RAS

server

is

 

[Bill Grant]

Thanks. I will try to absorb what it is trying to say and get back to
you!

Hi Bill

thanks for your reply

the link is here

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20
00

there is a specific note in the article which says:

Note Virtual private network (VPN) clients may not be able to browse the
network, but the VPN clients can access resources if the domain controller
is a multihomed computer that is running as the domain master browser.

Regards

Richard

That looks OK. Netbios over TCP/IP is disabled on the PPP adapter.

Problems can arise if more than one interface tries to build a segment
browse list. The browser software has no way to merge browse lists if the
interfaces are on the same machine. Consequently you can get browser
failures and browser elections being forced. That is why KB 292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting as your segment
browser and your DMB. It is also recognising the existence of another
domain, with DMB at 172.16.0.9 (presumably one of the dialup machines is in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does it recommend deleting
DisableNetbiosOverTcpip ?

I am not quite sure what you mean in this reply. WINS currently has an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser 192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's in the range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . : prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . : prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface of the server.

So
you

need to disable Netbios over TCP/IP on both the public NIC and the RRAS
internal interface. Only the server's LAN NIC should appear in WINS
associated with the name of the server. After you have made the registry
changes, check WINS to make sure it hasn't retained any old entries. The
domain master browser entry <domainname 1b> should show the LAN

NIC
IP

address of the server only.

thanks for your reply

the RRAS server is also a WINS server. The setting is as you describe.
Using
IPconfig the VPN'ed client shows DNS and WINS referring to the server.

Regards

Richard


I have had good success with following 292822 to prevent the RAS
adapter
from registering NBT and breaking browsing\name resolution on

the
LAN.

In
order for vpn clients to browse reliably they have to get a WINS
server
assigned to them from the RAS server. Make sure that the RRAS server
is
configured as a WINS client and the IP properties of the RAS

server

is
configured to "use the following adapter to obtain DHCP, DNS, WINS
addresses for dialup clients", set the adapter to the internal
adapter.
--------------------


I have a problem browsing over VPN. I have two Microsoft articles
which
seem
to be in conflict with each other with regard to
DisableNetBiosoverTcpip
settings in the registry on a computer with two network cards

(in
my

case
SBS2k).

Can anyone help on which is right?

KB292822 requires you to set up a registry key
DisableNetBIOSoverTcpip.

KB830063 advises you to delete this registry key.

Regards

Richard




__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties and confers no
rights.
Please reply to the newsgroup so that others may benefit. Thanks!

 

[Bill Grant]

The browsing problem with multihomed browsers goes back to NT (where it
was known as the multihomed PDC problem). If Netbios binds to multiple
interfaces, the computer browser service gets confused, because it was
designed to only recognise one interface in each machine. The "fix" was to
disable Netbios over TCP/IP on all but one interface, forcing the browser
service to build a segment browse list on one interface only. Some other
machine then assumed the segment master browser role for the "other"
subnet(s), and the DMB was able to find the other browse masters (using
WINS) to build a combined browse list. See KB 191611 "Symptoms of Multihomed
Browsers".

RRAS introduced another problem because the "internal" interface to
which the remotes (RAS or VPN clients) connect was also Netbios enabled and
created another case of a multihomed browser. DNS with dynamic registration
in W2k introduced a similar problem for DNS names. As outlined in 292822,
the Netbios fix was to disable Netbt on the internal interface. (The DNS fix
remains the same in 830063 as it was in 289735 and 292822).Obviously,
changes made from SP3 onwards have shown up problems with browsing (and
logon from legacy clients) with Netbt disabled on this interface.

It appears that the current recommendation is to delete the registry
value DisableNetbiosOverTcpip to get around these problems. But this will
require that the remotes do not use the same subnet as the LAN machines.
(The default is to use DHCP to issue IP addresses in the same subnet as the
LAN machines. The RRAS server does proxy ARP for the remote clients on the
LAN). Having two IPs in the same subnet for the DMB would cause havoc with
browsing. So you need to use a static pool of addresses in a different IP
subnet for the remotes (and the internal interface).

If the remotes are in a different subnet from the LAN machines, you will
need to enable IP routing on the RRAS server. If the RRAS server is not the
default gateway of the LAN machines, you may also need extra routing on the
LAN to actually get traffic for the remote client's subnet to the RRAS
router.

I hope to set up a test rig soon to see just what is going on, now that
I am aware of the changes. It might explain some odd problems which have
come up lately in this newsgroup.

Bill Grant
MVP - Networking
Sydney, NSW

Thanks. I will try to absorb what it is trying to say and get back to
you!

Hi Bill

thanks for your reply

the link is here

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20

00

there is a specific note in the article which says:

Note Virtual private network (VPN) clients may not be able to browse the
network, but the VPN clients can access resources if the domain controller
is a multihomed computer that is running as the domain master browser.

Regards

Richard

That looks OK. Netbios over TCP/IP is disabled on the PPP adapter.

Problems can arise if more than one interface tries to build a segment
browse list. The browser software has no way to merge browse lists if the
interfaces are on the same machine. Consequently you can get browser
failures and browser elections being forced. That is why KB 292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting as your segment
browser and your DMB. It is also recognising the existence of another
domain, with DMB at 172.16.0.9 (presumably one of the dialup machines

is
in

a domain called pointprogress).

I can't find KB 830063. In what circumstances does it recommend deleting
DisableNetbiosOverTcpip ?





I am not quite sure what you mean in this reply. WINS currently has an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser 192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's in the range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . : prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . : prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface of the

server.

So entries.
The

confers

no

 

[Richard Prossor]

Hi Bill

Thanks for the reply - it is coming a little clearer now.

To summarise: 830063 should be implemented after 292822 and this introduces
the following changes:

1) delete the registry value DisableNetbiosOverTcpip created after applying
292822
2) enable Netbios over TCP/IP in WINS settings in advanced for the External
NIC
3) IP's for remote clients MUST be from a static pool in RRAS properties

The result will be to enable browsing over VPN and proper logon from pre
2000 clients.

Before I apply this, can you help me understand what happens in this
scenario if a laptop which normally connects remotely then comes in to the
office and connects directly to the internal network?

Regards

Richard

The browsing problem with multihomed browsers goes back to NT (where it
was known as the multihomed PDC problem). If Netbios binds to multiple
interfaces, the computer browser service gets confused, because it was
designed to only recognise one interface in each machine. The "fix" was to
disable Netbios over TCP/IP on all but one interface, forcing the browser
service to build a segment browse list on one interface only. Some other
machine then assumed the segment master browser role for the "other"
subnet(s), and the DMB was able to find the other browse masters (using
WINS) to build a combined browse list. See KB 191611 "Symptoms of Multihomed
Browsers".

RRAS introduced another problem because the "internal" interface to
which the remotes (RAS or VPN clients) connect was also Netbios enabled and
created another case of a multihomed browser. DNS with dynamic registration
in W2k introduced a similar problem for DNS names. As outlined in 292822,
the Netbios fix was to disable Netbt on the internal interface. (The DNS fix
remains the same in 830063 as it was in 289735 and 292822).Obviously,
changes made from SP3 onwards have shown up problems with browsing (and
logon from legacy clients) with Netbt disabled on this interface.

It appears that the current recommendation is to delete the registry
value DisableNetbiosOverTcpip to get around these problems. But this will
require that the remotes do not use the same subnet as the LAN machines.
(The default is to use DHCP to issue IP addresses in the same subnet as the
LAN machines. The RRAS server does proxy ARP for the remote clients on the
LAN). Having two IPs in the same subnet for the DMB would cause havoc with
browsing. So you need to use a static pool of addresses in a different IP
subnet for the remotes (and the internal interface).

If the remotes are in a different subnet from the LAN machines, you will
need to enable IP routing on the RRAS server. If the RRAS server is not the
default gateway of the LAN machines, you may also need extra routing on the
LAN to actually get traffic for the remote client's subnet to the RRAS
router.

I hope to set up a test rig soon to see just what is going on, now that
I am aware of the changes. It might explain some odd problems which have
come up lately in this newsgroup.

Bill Grant
MVP - Networking
Sydney, NSW

Thanks. I will try to absorb what it is trying to say and get back to
you!

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20

if
the

machines

is

has

an

entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser 192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's in the range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . : prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . : prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface of the

server.

So
you
need to disable Netbios over TCP/IP on both the public NIC and the
RRAS
internal interface. Only the server's LAN NIC should appear in WINS
associated with the name of the server. After you have made the
registry
changes, check WINS to make sure it hasn't retained any old entries.
The
domain master browser entry <domainname 1b> should show the

LAN
NIC

IP
address of the server only.

thanks for your reply

the RRAS server is also a WINS server. The setting is as you
describe.
Using
IPconfig the VPN'ed client shows DNS and WINS referring to the
server.

Regards

Richard


I have had good success with following 292822 to prevent the RAS
adapter
from registering NBT and breaking browsing\name resolution

on
the

LAN.

In
order for vpn clients to browse reliably they have to get a WINS
server
assigned to them from the RAS server. Make sure that the RRAS
server
is
configured as a WINS client and the IP properties of the RAS
server
is
configured to "use the following adapter to obtain DHCP,

DNS,
WINS

addresses for dialup clients", set the adapter to the internal
adapter.
--------------------


I have a problem browsing over VPN. I have two Microsoft articles
which
seem
to be in conflict with each other with regard to
DisableNetBiosoverTcpip
settings in the registry on a computer with two network

cards
(in

my
case
SBS2k).

Can anyone help on which is right?

KB292822 requires you to set up a registry key
DisableNetBIOSoverTcpip.

KB830063 advises you to delete this registry key.

Regards

Richard




__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties and

confers

no
rights.
Please reply to the newsgroup so that others may benefit. Thanks!

 

[Bill Grant]

Just one point. Step 1 will enable Netbt on the RAS/VPN interface.
That is all you need. I would not enable Netbt on the external NIC. That
would enable hackers and others on the Internet access to your Netbios info
(which they don't need to know!). And you don't really need your public IP
registering in WINS. (Your remote clients use the RAS interface after
connection).

Exactly how a client behaves when you use it remotely and also on a LAN
connection varies. If it is running XP Pro it should behave sensibly. XP is
better than previous OSs in keeping things connection specific. But you will
probably still see "old" browser info when you change over. It takes a while
for browser info to settle down, because it relies on broadcasts and UDP
messages.

Hi Bill

Thanks for the reply - it is coming a little clearer now.

To summarise: 830063 should be implemented after 292822 and this introduces
the following changes:

1) delete the registry value DisableNetbiosOverTcpip created after applying
292822
2) enable Netbios over TCP/IP in WINS settings in advanced for the External
NIC
3) IP's for remote clients MUST be from a static pool in RRAS properties

The result will be to enable browsing over VPN and proper logon from pre
2000 clients.

Before I apply this, can you help me understand what happens in this
scenario if a laptop which normally connects remotely then comes in to the
office and connects directly to the internal network?

Regards

Richard

The browsing problem with multihomed browsers goes back to NT

(where

it
was known as the multihomed PDC problem). If Netbios binds to multiple
interfaces, the computer browser service gets confused, because it was
designed to only recognise one interface in each machine. The "fix" was to
disable Netbios over TCP/IP on all but one interface, forcing the browser
service to build a segment browse list on one interface only. Some other
machine then assumed the segment master browser role for the "other"
subnet(s), and the DMB was able to find the other browse masters (using
WINS) to build a combined browse list. See KB 191611 "Symptoms of Multihomed
Browsers".

RRAS introduced another problem because the "internal" interface to
which the remotes (RAS or VPN clients) connect was also Netbios enabled and
created another case of a multihomed browser. DNS with dynamic registration
in W2k introduced a similar problem for DNS names. As outlined in 292822,
the Netbios fix was to disable Netbt on the internal interface. (The DNS fix
remains the same in 830063 as it was in 289735 and 292822).Obviously,
changes made from SP3 onwards have shown up problems with browsing (and
logon from legacy clients) with Netbt disabled on this interface.

It appears that the current recommendation is to delete the registry
value DisableNetbiosOverTcpip to get around these problems. But this will
require that the remotes do not use the same subnet as the LAN machines.
(The default is to use DHCP to issue IP addresses in the same subnet as the
LAN machines. The RRAS server does proxy ARP for the remote clients on the
LAN). Having two IPs in the same subnet for the DMB would cause havoc with
browsing. So you need to use a static pool of addresses in a different IP
subnet for the remotes (and the internal interface).

If the remotes are in a different subnet from the LAN machines, you will
need to enable IP routing on the RRAS server. If the RRAS server is not the
default gateway of the LAN machines, you may also need extra routing on the
LAN to actually get traffic for the remote client's subnet to the RRAS
router.

I hope to set up a test rig soon to see just what is going on, now that
I am aware of the changes. It might explain some odd problems which have
come up lately in this newsgroup.

Bill Grant
MVP - Networking
Sydney, NSW

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20

00

there is a specific note in the article which says:

Note Virtual private network (VPN) clients may not be able to browse the
network, but the VPN clients can access resources if the domain controller
is a multihomed computer that is running as the domain master browser.

Regards

Richard


That looks OK. Netbios over TCP/IP is disabled on the PPP adapter.

Problems can arise if more than one interface tries to build a
segment
browse list. The browser software has no way to merge browse lists if
the
interfaces are on the same machine. Consequently you can get browser
failures and browser elections being forced. That is why KB 292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting as your
segment
browser and your DMB. It is also recognising the existence of another
domain, with DMB at 172.16.0.9 (presumably one of the dialup

machines

is
in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does it recommend
deleting
DisableNetbiosOverTcpip ?





I am not quite sure what you mean in this reply. WINS currently

has

an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser 192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's in the range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . : prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . : prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface of the server.
So
you
need to disable Netbios over TCP/IP on both the public NIC and the
RRAS
internal interface. Only the server's LAN NIC should appear in WINS
associated with the name of the server. After you have made the
registry
changes, check WINS to make sure it hasn't retained any old entries.
The
domain master browser entry <domainname 1b> should show the LAN
NIC
IP
address of the server only.

thanks for your reply

the RRAS server is also a WINS server. The setting is as you
describe.
Using
IPconfig the VPN'ed client shows DNS and WINS referring to the
server.

Regards

Richard


message
I have had good success with following 292822 to prevent

the
RAS

adapter
from registering NBT and breaking browsing\name resolution on
the
LAN.

In
order for vpn clients to browse reliably they have to get

a
WINS

server
assigned to them from the RAS server. Make sure that the RRAS
server
is
configured as a WINS client and the IP properties of the RAS
server
is
configured to "use the following adapter to obtain DHCP, DNS,
WINS
addresses for dialup clients", set the adapter to the internal
adapter.
--------------------


I have a problem browsing over VPN. I have two Microsoft
articles
which
seem
to be in conflict with each other with regard to
DisableNetBiosoverTcpip
settings in the registry on a computer with two network cards
(in
my
case
SBS2k).

Can anyone help on which is right?

KB292822 requires you to set up a registry key
DisableNetBIOSoverTcpip.

KB830063 advises you to delete this registry key.

Regards

Richard




__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties and confers
no
rights.
Please reply to the newsgroup so that others may benefit.
Thanks!

 

[Richard Prossor]

Hi Bill

thanks for your help, I'll give it a try - deleting one registry key doesn't
seem like too much hard work given I have a working static pool already. I
would be interested in hearing any comments you have after you set it up in
your test environment.

Regards

Richard

Just one point. Step 1 will enable Netbt on the RAS/VPN interface.
That is all you need. I would not enable Netbt on the external NIC. That
would enable hackers and others on the Internet access to your Netbios info
(which they don't need to know!). And you don't really need your public IP
registering in WINS. (Your remote clients use the RAS interface after
connection).

Exactly how a client behaves when you use it remotely and also on a LAN
connection varies. If it is running XP Pro it should behave sensibly. XP is
better than previous OSs in keeping things connection specific. But you will
probably still see "old" browser info when you change over. It takes a while
for browser info to settle down, because it relies on broadcasts and UDP
messages.

Hi Bill

Thanks for the reply - it is coming a little clearer now.

To summarise: 830063 should be implemented after 292822 and this introduces
the following changes:

1) delete the registry value DisableNetbiosOverTcpip created after applying
292822
2) enable Netbios over TCP/IP in WINS settings in advanced for the External
NIC
3) IP's for remote clients MUST be from a static pool in RRAS properties

The result will be to enable browsing over VPN and proper logon from pre
2000 clients.

Before I apply this, can you help me understand what happens in this
scenario if a laptop which normally connects remotely then comes in to the
office and connects directly to the internal network?

Regards

Richard


(where

was

to enabled
and DNS
fix as
the you
will not
the on
the

back

to

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20

00

there is a specific note in the article which says:

Note Virtual private network (VPN) clients may not be able to

browse
the

network, but the VPN clients can access resources if the domain
controller
is a multihomed computer that is running as the domain master browser.

Regards

Richard


That looks OK. Netbios over TCP/IP is disabled on the PPP adapter.

Problems can arise if more than one interface tries to build a
segment
browse list. The browser software has no way to merge browse

lists
if

the
interfaces are on the same machine. Consequently you can get browser
failures and browser elections being forced. That is why KB 292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting as your
segment
browser and your DMB. It is also recognising the existence of another
domain, with DMB at 172.16.0.9 (presumably one of the dialup machines
is
in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does it recommend
deleting
DisableNetbiosOverTcpip ?





I am not quite sure what you mean in this reply. WINS

currently
has

an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser 192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's in the
range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . : prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . : prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface of the
server.
So
you
need to disable Netbios over TCP/IP on both the public NIC

and
the

RRAS
internal interface. Only the server's LAN NIC should appear in
WINS
associated with the name of the server. After you have made the
registry
changes, check WINS to make sure it hasn't retained any old
entries.
The
domain master browser entry <domainname 1b> should show

the
LAN

NIC
IP
address of the server only.

thanks for your reply

the RRAS server is also a WINS server. The setting is as you
describe.
Using
IPconfig the VPN'ed client shows DNS and WINS referring to the
server.

Regards

Richard


message
I have had good success with following 292822 to prevent the
RAS
adapter
from registering NBT and breaking browsing\name

resolution
on

the
LAN.

In
order for vpn clients to browse reliably they have to

get

a the
RRAS

 

[Bill Grant]

So far, everything looks OK. I set up a router between the workgroup and
the domain to prevent browsing bypassing the VPN connection. I set up a
domain on W2k server with SP4 with a local client and enabled the server as
a remote access server. I didn't use the DisableNetbiosOverTcpip registry
change and I used the static pool in a different subnet. Name resolution and
browsing on the LAN are not affected by a remote connection from the
workgroup, and no funny entries appear in WINS.

As usual, the remote client is the main problem in browsing the domain.
Unless you actually do a domain login using a dialup connection from
scratch, the client doesn't correctly browse the domain LAN. If it has
already done a local login, it is likely to fail to browse the domain, even
with XP.

The problem is apparent if you monitor the traffic over the VPN link. If
you try to browse from the Microsoft Windows Network icon, it uses the
correct interface and tries to get a browse list from the domain. But it
uses the local domain/workgroup name instead of the domain name where the
server is. So it tries to resolve the Domain Master Browser using WINS,but
it uses the wrong name! For instance, my workgroup is CAMDEN, and my domain
is RRAS. Even if I connect using a domain username, the client tries to
resolve the name <CAMDEN 1B> in WINS, and that fails. Perhaps it would
work if the workgroup name was the same as the domain!

If you force the client to ask the right question by doing a net view
/domain:rras from a command prompt you actually get the browse list with no
trouble.

Hi Bill

thanks for your help, I'll give it a try - deleting one registry key doesn't
seem like too much hard work given I have a working static pool already. I
would be interested in hearing any comments you have after you set it up in
your test environment.

Regards

Richard

Just one point. Step 1 will enable Netbt on the RAS/VPN interface.
That is all you need. I would not enable Netbt on the external NIC. That
would enable hackers and others on the Internet access to your Netbios info
(which they don't need to know!). And you don't really need your public IP
registering in WINS. (Your remote clients use the RAS interface after
connection).

Exactly how a client behaves when you use it remotely and also on a LAN
connection varies. If it is running XP Pro it should behave sensibly. XP is
better than previous OSs in keeping things connection specific. But you will
probably still see "old" browser info when you change over. It takes a while
for browser info to settle down, because it relies on broadcasts and UDP
messages.

was on
the havoc
with different
IP back

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20 build

a

segment
browse list. The browser software has no way to merge browse lists
if
the
interfaces are on the same machine. Consequently you can get browser
failures and browser elections being forced. That is why KB 292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting as your
segment
browser and your DMB. It is also recognising the existence of
another
domain, with DMB at 172.16.0.9 (presumably one of the dialup
machines
is
in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does it recommend
deleting
DisableNetbiosOverTcpip ?





I am not quite sure what you mean in this reply. WINS currently
has
an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser 192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's in the
range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this
helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . :
prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . :
prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100
Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface of the
server.
So
you
need to disable Netbios over TCP/IP on both the public NIC and
the
RRAS
internal interface. Only the server's LAN NIC should

appear

in made
the to
the prevent
the get the
RAS

 

[Richard Prossor]

Hi Bill

my clients are all set up as domain members. When away they log on to the
domain even though they are not connected. They then bring up the connection
when required.

I guess that either this or naming the workgroup the same as the domain
should work

Can you browse from the server to the connected clients?


Regards

Richard

So far, everything looks OK. I set up a router between the workgroup and
the domain to prevent browsing bypassing the VPN connection. I set up a
domain on W2k server with SP4 with a local client and enabled the server as
a remote access server. I didn't use the DisableNetbiosOverTcpip registry
change and I used the static pool in a different subnet. Name resolution and
browsing on the LAN are not affected by a remote connection from the
workgroup, and no funny entries appear in WINS.

As usual, the remote client is the main problem in browsing the domain.
Unless you actually do a domain login using a dialup connection from
scratch, the client doesn't correctly browse the domain LAN. If it has
already done a local login, it is likely to fail to browse the domain, even
with XP.

The problem is apparent if you monitor the traffic over the VPN link. If
you try to browse from the Microsoft Windows Network icon, it uses the
correct interface and tries to get a browse list from the domain. But it
uses the local domain/workgroup name instead of the domain name where the
server is. So it tries to resolve the Domain Master Browser using WINS,but
it uses the wrong name! For instance, my workgroup is CAMDEN, and my domain
is RRAS. Even if I connect using a domain username, the client tries to
resolve the name <CAMDEN 1B> in WINS, and that fails. Perhaps it would
work if the workgroup name was the same as the domain!

If you force the client to ask the right question by doing a net view
/domain:rras from a command prompt you actually get the browse list with no
trouble.

Hi Bill

thanks for your help, I'll give it a try - deleting one registry key doesn't
seem like too much hard work given I have a working static pool already. I
would be interested in hearing any comments you have after you set it up in
your test environment.

Regards

Richard

public

IP a
LAN XP
is you
will to
the "fix"
was interface
to (The
DNS subnet
as

clients

on machines,
you is
not routing
on which
have

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20

00

there is a specific note in the article which says:

Note Virtual private network (VPN) clients may not be able to browse
the
network, but the VPN clients can access resources if the domain
controller
is a multihomed computer that is running as the domain master
browser.

Regards

Richard


That looks OK. Netbios over TCP/IP is disabled on the PPP
adapter.

Problems can arise if more than one interface tries to

build

a
segment
browse list. The browser software has no way to merge browse lists
if
the
interfaces are on the same machine. Consequently you can get
browser
failures and browser elections being forced. That is why KB 292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting

as
your

segment
browser and your DMB. It is also recognising the existence of
another
domain, with DMB at 172.16.0.9 (presumably one of the dialup
machines
is
in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does it
recommend
deleting
DisableNetbiosOverTcpip ?





I am not quite sure what you mean in this reply. WINS currently
has
an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser
192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's

in
the

range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this
helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . :
prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . :
prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100
Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface of the
server.
So
you
need to disable Netbios over TCP/IP on both the public

NIC
and

the
RRAS
internal interface. Only the server's LAN NIC should

appear

in
WINS
associated with the name of the server. After you have made
the
registry
changes, check WINS to make sure it hasn't retained any old
entries.
The
domain master browser entry <domainname 1b> should

show
the

LAN
NIC
IP
address of the server only.

message
thanks for your reply

the RRAS server is also a WINS server. The setting is

as
you

describe.
Using
IPconfig the VPN'ed client shows DNS and WINS

referring

to

the
server.

Regards

Richard


"Danny Slye - [MSFT}" <[email protected]>

wrote
in

message
I have had good success with following 292822 to prevent
the
RAS
adapter
from registering NBT and breaking browsing\name resolution
on
the
LAN.

In
order for vpn clients to browse reliably they have

to
get

a
WINS
server
assigned to them from the RAS server. Make sure

that
the

RRAS
server
is
configured as a WINS client and the IP properties of the
RAS
server
is
configured to "use the following adapter to obtain DHCP,
DNS,
WINS
addresses for dialup clients", set the adapter to the
internal
adapter.
--------------------


I have a problem browsing over VPN. I have two Microsoft
articles
which
seem
to be in conflict with each other with regard to
DisableNetBiosoverTcpip
settings in the registry on a computer with two network
cards
(in
my
case
SBS2k).

Can anyone help on which is right?

KB292822 requires you to set up a registry key
DisableNetBIOSoverTcpip.

KB830063 advises you to delete this registry key.

Regards

Richard




__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties and
confers
no
rights.
Please reply to the newsgroup so that others may benefit.
Thanks!

 

[Bill Grant]

I am away from home for a few days. I will give you an update when I get
back.

Hi Bill

my clients are all set up as domain members. When away they log on to the
domain even though they are not connected. They then bring up the connection
when required.

I guess that either this or naming the workgroup the same as the domain
should work

Can you browse from the server to the connected clients?


Regards

Richard

So far, everything looks OK. I set up a router between the workgroup and
the domain to prevent browsing bypassing the VPN connection. I set up a
domain on W2k server with SP4 with a local client and enabled the server as
a remote access server. I didn't use the DisableNetbiosOverTcpip registry
change and I used the static pool in a different subnet. Name resolution and
browsing on the LAN are not affected by a remote connection from the
workgroup, and no funny entries appear in WINS.

As usual, the remote client is the main problem in browsing the domain.
Unless you actually do a domain login using a dialup connection from
scratch, the client doesn't correctly browse the domain LAN. If it has
already done a local login, it is likely to fail to browse the domain, even
with XP.

The problem is apparent if you monitor the traffic over the VPN

link.

If
you try to browse from the Microsoft Windows Network icon, it uses the
correct interface and tries to get a browse list from the domain. But it
uses the local domain/workgroup name instead of the domain name where the
server is. So it tries to resolve the Domain Master Browser using WINS,but
it uses the wrong name! For instance, my workgroup is CAMDEN, and my domain
is RRAS. Even if I connect using a domain username, the client tries to
resolve the name <CAMDEN 1B> in WINS, and that fails. Perhaps it would
work if the workgroup name was the same as the domain!

If you force the client to ask the right question by doing a net view
/domain:rras from a command prompt you actually get the browse list with no
trouble.

already.

I up
in public

on

a

sensibly.

XP from
pre

in

to it
was clients the
RRAS on,
now

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20

00

there is a specific note in the article which says:

Note Virtual private network (VPN) clients may not be able to
browse
the
network, but the VPN clients can access resources if the domain
controller
is a multihomed computer that is running as the domain master
browser.

Regards

Richard


That looks OK. Netbios over TCP/IP is disabled on the PPP
adapter.

Problems can arise if more than one interface tries to build
a
segment
browse list. The browser software has no way to merge browse
lists
if
the
interfaces are on the same machine. Consequently you can get
browser
failures and browser elections being forced. That is why KB
292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting as
your
segment
browser and your DMB. It is also recognising the existence of
another
domain, with DMB at 172.16.0.9 (presumably one of the dialup
machines
is
in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does it
recommend
deleting
DisableNetbiosOverTcpip ?





I am not quite sure what you mean in this reply. WINS
currently
has
an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser
192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser 172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out

IP's

in

the
range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope this
helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . :
prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . :
prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100
Network
Connection
Physical Address. . . . . . . . . : 00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface

of
the

server.
So
you
need to disable Netbios over TCP/IP on both the public NIC
and
the
RRAS
internal interface. Only the server's LAN NIC should appear
in
WINS
associated with the name of the server. After you have made
the
registry
changes, check WINS to make sure it hasn't retained

any
old

entries.
The
domain master browser entry <domainname 1b> should show
the
LAN
NIC
IP
address of the server only.

message
thanks for your reply

the RRAS server is also a WINS server. The setting

is

as referring of
the warranties
and

 

[Richard]

Hi Bill

have you made any progress?

I have been running using the setup in KB830063 for the past week or so.
However browsing is still not working. I have had a few times when the whole
internal network comes up but most times I only see my local remote machine
when browsing.

There are a couple of things I have noticed which I could do with some help
understanding:

1) VPN client has connectivity but cannot browse internal Lan, RRAS server
can see both VPN and internal, internal pc's can only see internal network.
The query is that if I ping the name of the remote vpn client from an
internal pc, the name is resolved to the ip from the static pool but the
ping returns the error "request timed out". From remote vpn I can ping all
internal pc's.

2) browstat status report on the server gives the message about not finding
GetAdapterStatus. What is this about. I list the browstat status below:

Microsoft Windows 2000 [Version 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.



Z:\>browstat status





Status for domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0A8EE090-9A09-4B01

-AD1E-19126C308DBD}

Browsing is active on domain.

Master browser name is: PROSSORNT01

Master browser is running build 2195

3 backup servers retrieved from master PROSSORNT01

\\ICSCANSVR

\\PROSSORNT01

\\PROSSOR-SES

There are 22 servers in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0

A8EE090-9A09-4B01-AD1E-19126C308DBD}

There are 1 domains in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0A

8EE090-9A09-4B01-AD1E-19126C308DBD}





Status for domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F5953732-A984-4CF7

-B704-ADA3657B5706}

Browsing is active on domain.

Master name cannot be determined from GetAdapterStatus. Using
\\PROSSORNT01



Master browser is running build 2195

1 backup servers retrieved from master PROSSORNT01

\\PROSSORNT01

There are 22 servers in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F

5953732-A984-4CF7-B704-ADA3657B5706}

There are 1 domains in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F5

953732-A984

Regards


Richard

I am away from home for a few days. I will give you an update when I get
back.

Hi Bill

my clients are all set up as domain members. When away they log on to the
domain even though they are not connected. They then bring up the connection
when required.

I guess that either this or naming the workgroup the same as the domain
should work

Can you browse from the server to the connected clients?


Regards

Richard



workgroup
and server
as resolution
and link. with
no already.

it

up NIC.
That on sensibly. But
you

takes

a and
UDP in

to

NT

because

it interface.
(The But
this server
is

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20

00

there is a specific note in the article which says:

Note Virtual private network (VPN) clients may not be able to
browse
the
network, but the VPN clients can access resources if the domain
controller
is a multihomed computer that is running as the domain master
browser.

Regards

Richard


That looks OK. Netbios over TCP/IP is disabled on the PPP
adapter.

Problems can arise if more than one interface tries to
build
a
segment
browse list. The browser software has no way to merge browse
lists
if
the
interfaces are on the same machine. Consequently you can get
browser
failures and browser elections being forced. That is why KB
292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7

acting
as

your
segment
browser and your DMB. It is also recognising the

existence
of

another
domain, with DMB at 172.16.0.9 (presumably one of the dialup
machines
is
in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does it
recommend
deleting
DisableNetbiosOverTcpip ?





message
I am not quite sure what you mean in this reply. WINS
currently
has
an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser
192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser
172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out

IP's

in
the
range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope
this
helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . :
prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . :
prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom
NetXtreme
Gigabit
Ethernet
Physical Address. . . . . . . . . :
00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100
Network
Connection
Physical Address. . . . . . . . . :
00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Interface
Physical Address. . . . . . . . . :
00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface of
the
server.
So
you
need to disable Netbios over TCP/IP on both the

public
NIC

and
the
RRAS
internal interface. Only the server's LAN NIC should
appear
in
WINS
associated with the name of the server. After you have
made
the
registry
changes, check WINS to make sure it hasn't retained any
old
entries.
The
domain master browser entry <domainname 1b>

should
show

 

[Bill Grant]

I think you are expecting too much. A client-server or "dialup" style
VPN connection is a pretty simple setup. It was designed to give a remote
client a point-to-point connection to a LAN.

If your remote client got to browse the LAN once, I suspect it would
again if you gave it enough time. Browsing takes a while to settle down.

To get the sort of interaction you seem to want you would need to set up
routed connection between your remote site and your LAN. By that I mean a
LAN-to-LAN or router-to-router VPN (preferably a persistent connection).
This gives any client in one site access to any client in the other, and
name resolution and browsing can be set up to work as they do in any routed
network. As far as browsing is concerned, that means each site has a local
browse master and the DMB produces a combined browse list of the two sites.

Hi Bill

have you made any progress?

I have been running using the setup in KB830063 for the past week or so.
However browsing is still not working. I have had a few times when the whole
internal network comes up but most times I only see my local remote machine
when browsing.

There are a couple of things I have noticed which I could do with some help
understanding:

1) VPN client has connectivity but cannot browse internal Lan, RRAS server
can see both VPN and internal, internal pc's can only see internal network.
The query is that if I ping the name of the remote vpn client from an
internal pc, the name is resolved to the ip from the static pool but the
ping returns the error "request timed out". From remote vpn I can ping all
internal pc's.

2) browstat status report on the server gives the message about not finding
GetAdapterStatus. What is this about. I list the browstat status below:

Microsoft Windows 2000 [Version 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.



Z:\>browstat status





Status for domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0A8EE090-9A09-4B01

-AD1E-19126C308DBD}

Browsing is active on domain.

Master browser name is: PROSSORNT01

Master browser is running build 2195

3 backup servers retrieved from master PROSSORNT01

\\ICSCANSVR

\\PROSSORNT01

\\PROSSOR-SES

There are 22 servers in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0

A8EE090-9A09-4B01-AD1E-19126C308DBD}

There are 1 domains in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0A

8EE090-9A09-4B01-AD1E-19126C308DBD}





Status for domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F5953732-A984-4CF7

-B704-ADA3657B5706}

Browsing is active on domain.

Master name cannot be determined from GetAdapterStatus. Using
\\PROSSORNT01



Master browser is running build 2195

1 backup servers retrieved from master PROSSORNT01

\\PROSSORNT01

There are 22 servers in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F

5953732-A984-4CF7-B704-ADA3657B5706}

There are 1 domains in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F5

953732-A984

Regards


Richard

I am away from home for a few days. I will give you an update when I get
back.

up

a But
it where
the it also
on takes logon
from in
this comes
in to because forcing
the only.
Some "Symptoms
of outlined
in to
the going
on, and
get

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20

able
to the
PPP

tries

to

build
a
segment
browse list. The browser software has no way to merge browse
lists
if
the
interfaces are on the same machine. Consequently you

can
get

browser
failures and browser elections being forced. That is

why
KB

292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting
as
your
segment
browser and your DMB. It is also recognising the existence
of
another
domain, with DMB at 172.16.0.9 (presumably one of the dialup
machines
is
in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does it
recommend
deleting
DisableNetbiosOverTcpip ?





message
I am not quite sure what you mean in this reply. WINS
currently
has
an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser
192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser
172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out IP's
in
the
range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server. I hope
this
helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . :
prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . :
prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom
NetXtreme
Gigabit
Ethernet
Physical Address. . . . . . . . . :
00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
PRO/100
Network
Connection
Physical Address. . . . . . . . . :
00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.176.221.154
Subnet Mask . . . . . . . . . . . :
255.255.255.252
Default Gateway . . . . . . . . . : 80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Interface
Physical Address. . . . . . . . . :
00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . :
255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one

interface
of

the
server.
So
you
need to disable Netbios over TCP/IP on both the public
NIC
and
the
RRAS
internal interface. Only the server's LAN NIC should
appear
in
WINS
associated with the name of the server. After you have
made
the
registry
changes, check WINS to make sure it hasn't

retained
any

old
entries.
The
domain master browser entry <domainname 1b> should
show
the
LAN
NIC
IP
address of the server only.

in
message
thanks for your reply

the RRAS server is also a WINS server. The

setting
is

as
you
describe.
Using
IPconfig the VPN'ed client shows DNS and WINS
referring
to
the
server.

Regards

Richard


"Danny Slye - [MSFT}"

wrote
in
message
I have had good success with following 292822 to
prevent
the
RAS
adapter
from registering NBT and breaking browsing\name
resolution
on
the
LAN.

In
order for vpn clients to browse reliably they have
to
get
a
WINS
server
assigned to them from the RAS server. Make sure
that
the
RRAS
server
is
configured as a WINS client and the IP

properties

of
the
RAS
server
is
configured to "use the following adapter to obtain
DHCP,
DNS,
WINS
addresses for dialup clients", set the adapter to
the
internal
adapter.
--------------------


I have a problem browsing over VPN. I have two
Microsoft
articles
which
seem
to be in conflict with each other with regard to
DisableNetBiosoverTcpip
settings in the registry on a computer with two
network
cards
(in
my
case
SBS2k).

Can anyone help on which is right?

KB292822 requires you to set up a registry key
DisableNetBIOSoverTcpip.

KB830063 advises you to delete this registry key.

Regards

Richard




__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties
and
confers
no
rights.
Please reply to the newsgroup so that others may
benefit.
Thanks!

 

[Richard Prossor]

Thanks for your reply

I am getting ADSL at a couple of the remote sites and will then see how this
goes.

My problem is that I did have it all working fine last year

I still don't understand what is happening with the ping from internal lan
to remote client. Why is the name resolved to an ip address (to me this
means DNS is working) but then there is no connectivity to the remote
client? What I am wanting to do is be able to print to a printer attached to
the remote client from the internal LAN. I can now achieve this from the
RRAS server but not from the rest of the LAN - and not from my application
server which is what I really want to do.

The reason I put up browstat listing is that I used to get a choice of the 3
terminal servers from home when I logged on to terminal services but now get
none (I can still connect). I think this is the same as the browsing issue
but do not know.

Regards

Richard

I think you are expecting too much. A client-server or "dialup" style
VPN connection is a pretty simple setup. It was designed to give a remote
client a point-to-point connection to a LAN.

If your remote client got to browse the LAN once, I suspect it would
again if you gave it enough time. Browsing takes a while to settle down.

To get the sort of interaction you seem to want you would need to set up
routed connection between your remote site and your LAN. By that I mean a
LAN-to-LAN or router-to-router VPN (preferably a persistent connection).
This gives any client in one site access to any client in the other, and
name resolution and browsing can be set up to work as they do in any routed
network. As far as browsing is concerned, that means each site has a local
browse master and the DMB produces a combined browse list of the two sites.

Hi Bill

have you made any progress?

I have been running using the setup in KB830063 for the past week or so.
However browsing is still not working. I have had a few times when the whole
internal network comes up but most times I only see my local remote machine
when browsing.

There are a couple of things I have noticed which I could do with some help
understanding:

1) VPN client has connectivity but cannot browse internal Lan, RRAS server
can see both VPN and internal, internal pc's can only see internal network.
The query is that if I ping the name of the remote vpn client from an
internal pc, the name is resolved to the ip from the static pool but the
ping returns the error "request timed out". From remote vpn I can ping all
internal pc's.

2) browstat status report on the server gives the message about not finding
GetAdapterStatus. What is this about. I list the browstat status below:

Microsoft Windows 2000 [Version 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.



Z:\>browstat status





Status for domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0A8EE090-9A09-4B01

-AD1E-19126C308DBD}

Browsing is active on domain.

Master browser name is: PROSSORNT01

Master browser is running build 2195

3 backup servers retrieved from master PROSSORNT01

\\ICSCANSVR

\\PROSSORNT01

\\PROSSOR-SES

There are 22 servers in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0

A8EE090-9A09-4B01-AD1E-19126C308DBD}

There are 1 domains in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0A

8EE090-9A09-4B01-AD1E-19126C308DBD}





Status for domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F5953732-A984-4CF7

-B704-ADA3657B5706}

Browsing is active on domain.

Master name cannot be determined from GetAdapterStatus. Using
\\PROSSORNT01



Master browser is running build 2195

1 backup servers retrieved from master PROSSORNT01

\\PROSSORNT01

There are 22 servers in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F

5953732-A984-4CF7-B704-ADA3657B5706}

There are 1 domains in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F5

953732-A984

Regards


Richard

I am away from home for a few days. I will give you an update when

I
get

back.

Hi Bill

my clients are all set up as domain members. When away they log on

to
the

domain even though they are not connected. They then bring up the
connection
when required.

I guess that either this or naming the workgroup the same as the domain
should work

Can you browse from the server to the connected clients?


Regards

Richard



So far, everything looks OK. I set up a router between the workgroup
and
the domain to prevent browsing bypassing the VPN connection. I set

up

a
domain on W2k server with SP4 with a local client and enabled the server
as
a remote access server. I didn't use the DisableNetbiosOverTcpip
registry
change and I used the static pool in a different subnet. Name resolution
and
browsing on the LAN are not affected by a remote connection from the
workgroup, and no funny entries appear in WINS.

As usual, the remote client is the main problem in browsing the
domain.
Unless you actually do a domain login using a dialup connection from
scratch, the client doesn't correctly browse the domain LAN. If it has
already done a local login, it is likely to fail to browse the domain,
even
with XP.

The problem is apparent if you monitor the traffic over the VPN
link.
If
you try to browse from the Microsoft Windows Network icon, it uses the
correct interface and tries to get a browse list from the domain. But
it
uses the local domain/workgroup name instead of the domain name where
the
server is. So it tries to resolve the Domain Master Browser using
WINS,but
it uses the wrong name! For instance, my workgroup is CAMDEN, and my
domain
is RRAS. Even if I connect using a domain username, the client

tries
to

resolve the name <CAMDEN 1B> in WINS, and that fails.

Perhaps

it list
with set
it specific.
But broadcasts
and for
the back
to delete
the problems.
But

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20

00

there is a specific note in the article which says:

Note Virtual private network (VPN) clients may not be able
to
browse
the
network, but the VPN clients can access resources if the
domain
controller
is a multihomed computer that is running as the domain
master
browser.

Regards

Richard


That looks OK. Netbios over TCP/IP is disabled on the
PPP
adapter.

Problems can arise if more than one interface

tries

to
build
a
segment
browse list. The browser software has no way to merge
browse
lists
if
the
interfaces are on the same machine. Consequently you can
get
browser
failures and browser elections being forced. That is why
KB
292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7 acting
as
your
segment
browser and your DMB. It is also recognising the existence
of
another
domain, with DMB at 172.16.0.9 (presumably one of the
dialup
machines
is
in
a domain called pointprogress).

I can't find KB 830063. In what circumstances

does
it

recommend
deleting
DisableNetbiosOverTcpip ?

in

message
I am not quite sure what you mean in this reply. WINS
currently
has
an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser
192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser
172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out
IP's
in
the
range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the Server.

I
hope

this
helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : prossornt01
Primary DNS Suffix . . . . . . . :
prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
prossorsnt.prossors.com
prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . :
prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom
NetXtreme
Gigabit
Ethernet
Physical Address. . . . . . . . . :
00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . :
255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
PRO/100
Network
Connection
Physical Address. . . . . . . . . :
00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . :
80.176.221.154
Subnet Mask . . . . . . . . . . . :
255.255.255.252
Default Gateway . . . . . . . . . :
80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN
(PPP/SLIP)
Interface
Physical Address. . . . . . . . . :
00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . :
255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface
of
the
server.
So
you
need to disable Netbios over TCP/IP on both the public
NIC
and
the
RRAS
internal interface. Only the server's LAN NIC should
appear
in
WINS
associated with the name of the server. After

you
have

made
the
registry
changes, check WINS to make sure it hasn't retained
any
old
entries.
The
domain master browser entry <domainname 1b> should
show
the
LAN
NIC
IP
address of the server only.

in
message
thanks for your reply

the RRAS server is also a WINS server. The setting
is
as
you
describe.
Using
IPconfig the VPN'ed client shows DNS and WINS
referring
to
the
server.

Regards

Richard


"Danny Slye - [MSFT}"

wrote
in
message
I have had good success with following

292822

to they
have adapter
to regard
to registry
key.

 

[Richard Prossor]

a change to last post.

I have a windows millenium remote pc connected to the server. I have
disconnected and internal W2k pc from the network and connected via VPN

1) The RRAS server browse list shows all the pc's
2) The remote pc's can see each other on browsing but not the internal LAN
3) the internal LAN pc's cannot see the millenium pc but can still see the
disconnected W2k pc

All of the above can connect to each other - so for my purposes I think I
will call it a day.

For anyone who knows how these things work, if I search for computers using
a wildcard (e.g. dell*) I only get returned the computers in the same ip
range, however if I search for a computer with its full name (e.g.
dellddfn60j) it will come up even though it is not in the same ip range.

Regards

Richard

Thanks for your reply

I am getting ADSL at a couple of the remote sites and will then see how this
goes.

My problem is that I did have it all working fine last year

I still don't understand what is happening with the ping from internal lan
to remote client. Why is the name resolved to an ip address (to me this
means DNS is working) but then there is no connectivity to the remote
client? What I am wanting to do is be able to print to a printer attached to
the remote client from the internal LAN. I can now achieve this from the
RRAS server but not from the rest of the LAN - and not from my application
server which is what I really want to do.

The reason I put up browstat listing is that I used to get a choice of the 3
terminal servers from home when I logged on to terminal services but now get
none (I can still connect). I think this is the same as the browsing issue
but do not know.

Regards

Richard

I think you are expecting too much. A client-server or "dialup" style
VPN connection is a pretty simple setup. It was designed to give a remote
client a point-to-point connection to a LAN.

If your remote client got to browse the LAN once, I suspect it would
again if you gave it enough time. Browsing takes a while to settle down.

To get the sort of interaction you seem to want you would need to

set

up
routed connection between your remote site and your LAN. By that I mean a
LAN-to-LAN or router-to-router VPN (preferably a persistent connection).
This gives any client in one site access to any client in the other, and
name resolution and browsing can be set up to work as they do in any routed
network. As far as browsing is concerned, that means each site has a local
browse master and the DMB produces a combined browse list of the two sites.

Hi Bill

have you made any progress?

I have been running using the setup in KB830063 for the past week or so.
However browsing is still not working. I have had a few times when the whole
internal network comes up but most times I only see my local remote machine
when browsing.

There are a couple of things I have noticed which I could do with some help
understanding:

1) VPN client has connectivity but cannot browse internal Lan, RRAS server
can see both VPN and internal, internal pc's can only see internal network.
The query is that if I ping the name of the remote vpn client from an
internal pc, the name is resolved to the ip from the static pool but the
ping returns the error "request timed out". From remote vpn I can ping all
internal pc's.

2) browstat status report on the server gives the message about not finding
GetAdapterStatus. What is this about. I list the browstat status below:

Microsoft Windows 2000 [Version 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.



Z:\>browstat status





Status for domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0A8EE090-9A09-4B01

-AD1E-19126C308DBD}

Browsing is active on domain.

Master browser name is: PROSSORNT01

Master browser is running build 2195

3 backup servers retrieved from master PROSSORNT01

\\ICSCANSVR

\\PROSSORNT01

\\PROSSOR-SES

There are 22 servers in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0

A8EE090-9A09-4B01-AD1E-19126C308DBD}

There are 1 domains in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{0A

8EE090-9A09-4B01-AD1E-19126C308DBD}





Status for domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F5953732-A984-4CF7

-B704-ADA3657B5706}

Browsing is active on domain.

Master name cannot be determined from GetAdapterStatus. Using
\\PROSSORNT01



Master browser is running build 2195

1 backup servers retrieved from master PROSSORNT01

\\PROSSORNT01

There are 22 servers in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F

5953732-A984-4CF7-B704-ADA3657B5706}

There are 1 domains in domain PROSSORNT on transport
\Device\NetBT_Tcpip_{F5

953732-A984

Regards


Richard



I am away from home for a few days. I will give you an update

when

I set
up it
has uses
the domain.
But

and

my Perhaps registry
key and
also happens
in binds
to machine.
The the
LAN

in

a subnet
to say
and

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063&Product=win20

00

there is a specific note in the article which says:

Note Virtual private network (VPN) clients may not

be
able

to
browse
the
network, but the VPN clients can access resources if the
domain
controller
is a multihomed computer that is running as the domain
master
browser.

Regards

Richard


That looks OK. Netbios over TCP/IP is disabled

on
the

PPP
adapter.

Problems can arise if more than one interface tries
to
build
a
segment
browse list. The browser software has no way to merge
browse
lists
if
the
interfaces are on the same machine. Consequently

you
can

get
browser
failures and browser elections being forced. That

is
why

KB
292822
recommends diabling Netbt on the RAS interface.

Your system is working correctly with 192.0.0.7
acting
as
your
segment
browser and your DMB. It is also recognising the
existence
of
another
domain, with DMB at 172.16.0.9 (presumably one of the
dialup
machines
is
in
a domain called pointprogress).

I can't find KB 830063. In what circumstances does
it
recommend
deleting
DisableNetbiosOverTcpip ?

in
message
I am not quite sure what you mean in this reply. WINS
currently
has
an
entries for Master browser as below:

Record name Type
IP address State Static Owner
PROSSORNT [1Bh] Domain Master Browser
192.0.0.7
Active 192.0.0.7
POINTPROGRESS [1Bh] Domain Master Browser
172.16.0.9
Active 192.0.0.7

RRAS is configured to use a static pool and give out
IP's
in
the
range
172.16.0.1 to 172.16.0.50.

I attach below the ipconfig /all from the

Server.

I

hope
this
helps

Regards

Richard



Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . :
prossornt01
Primary DNS Suffix . . . . . . . :
prossorsnt.prossors.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
prossorsnt.prossors.com

prossors.com

Ethernet adapter Internal NIC:

Connection-specific DNS Suffix . :
prossorsnt.prossors.com
Description . . . . . . . . . . . : Broadcom
NetXtreme
Gigabit
Ethernet
Physical Address. . . . . . . . . :
00-10-18-02-17-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.0.0.7
Subnet Mask . . . . . . . . . . . :
255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.0.0.7
Primary WINS Server . . . . . . . : 192.0.0.7

Ethernet adapter External NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
PRO/100
Network
Connection
Physical Address. . . . . . . . . :
00-06-5B-3D-6D-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . :
80.176.221.154
Subnet Mask . . . . . . . . . . . :
255.255.255.252
Default Gateway . . . . . . . . . :
80.176.221.153
DNS Servers . . . . . . . . . . . : 192.0.0.7

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN
(PPP/SLIP)
Interface
Physical Address. . . . . . . . . :
00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . :
255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Z:\>










The browser service should only use one interface
of
the
server.
So
you
need to disable Netbios over TCP/IP on both the
public
NIC
and
the
RRAS
internal interface. Only the server's LAN NIC should
appear
in
WINS
associated with the name of the server. After you
have
made
the
registry
changes, check WINS to make sure it hasn't retained
any
old
entries.
The
domain master browser entry <domainname 1b>
should
show
the
LAN
NIC
IP
address of the server only.

"Richard Prossor"

wrote
in
message
thanks for your reply

the RRAS server is also a WINS server. The setting
is
as
you
describe.
Using
IPconfig the VPN'ed client shows DNS and WINS
referring
to
the
server.

Regards

Richard


"Danny Slye - [MSFT}"

wrote
in
message
I have had good success with following

292822

to
prevent
the
RAS
adapter
from registering NBT and breaking browsing\name
resolution
on
the
LAN.

In
order for vpn clients to browse reliably they
have
to
get
a
WINS
server
assigned to them from the RAS server.

Make
sure

that
the
RRAS
server
is
configured as a WINS client and the IP
properties
of
the
RAS
server
is
configured to "use the following adapter to
obtain
DHCP,
DNS,
WINS
addresses for dialup clients", set the adapter
to
the
internal
adapter.

have
two

Microsoft
articles
which
seem
to be in conflict with each other with regard
to
DisableNetBiosoverTcpip
settings in the registry on a computer

with
two

network
cards
(in
my
case
SBS2k).

Can anyone help on which is right?

KB292822 requires you to set up a

registry
key

DisableNetBIOSoverTcpip.

KB830063 advises you to delete this registry
key.

Regards

Richard




__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no
warranties
and
confers
no
rights.
Please reply to the newsgroup so that

others
may

benefit.
Thanks!