Question on settings with two Nics - VPN and Internal LAN

  • Thread starter Thread starter Tom Bain
  • Start date Start date
T

Tom Bain

Ok, Windows 2003 multihomed server upgraded from 2000
Server. Recently added a secend nic for VPN purposes. At
first there was trouble because the multihomed server
hosts my DHCP and DNS services and it kept putting an A
Host record for the VPN address in the DNS Console. So I
think, this is new to me.

Anyways, the MS article someone here led me to was 289735.
I did it and it worked except when trying to use Remote
Desktop Connection from home it won't work on Netbios
name, only IP address. Now, not a big deal, but UNC paths
don't work and a program we nees to use works on UNC
paths. So, thats it.

I guess my questions are this. In the DNS Console, SHOULD
there be a Host record for the VPN IP address, if so, that
would seem to be part of the solution to me. In the TCP/IP
properties of each nic card, go to Advanced, you have the
4 tabs: IP settings, DNS, WINS, and Options. Now, we don't
use WINS, but on the WINS tab you have the 3 options for
changing how Netbios works over TCP/IP. My question is,
if you change these what affects do they have. If you
don't use WINS does it make any difference?

If I have to undo those registry changes from article
289735 what will the consequences of that be?

Anything to help me understand this is appreciated.
 
Follow up question/statement/comment. Reading through
article 289735 I arched my eyebrow at either preventing
the registering of A record with the DNS Server or
registering of A record with Netlogon. My experience is
limited so to be honest I don't know the difference/total
effect of both of these or their keys in the registry. At
the time I just wanted the problem solved.

Now I think that maybe only one of these actions was
required to solve my issue. I am leaning towards the
Netlogon issue as the resolution and if I took the key out
that prevented the registering of A record with the DNS
Server it might be fixed and my VPN might work. Although
my experience is limited and I need some real
administrators out there to tell me if I'm close and what
direction to take.

Thanks folks.
 
No, you don't need an A record in DNS for the VPN interface. All clients,
on the LAN or remote, should use the server's LAN IP. Its DNS name should
resolve to that LAN IP only.

The problems discussed in 289735 really only affect the LAN clients.
They are the ones which are confused by multiple IP addresses for the server
name, and they are the ones which need the netlogon info to log into AD.

Because the dialup connection doesn't handle LAN broadcasts, Netbios
names are a problem unless you are running WINS on the LAN. You can add an
lmhosts file to the client with entries for machines you need to contact on
the LAN. If the Netbios name is the same as the DNS name, you can resolve
them through DNS. (W2k uses both methods simultaneously). Check that the
remote client receives the correct DNS address at connection time, and that
it has the correct DNS suffix set in the connection properties (ie if the
machine on the LAN is fred.mydomain.com , make the domain suffix is
mydomain.com).
 
Back
Top