VPN connection cannot resolve host name

  • Thread starter Thread starter A. Barnett
  • Start date Start date
A

A. Barnett

Hi,

I am running W2K Pro and XP Pro behind a router, and can make VPN
connections to another network. But only the XP VPN is able to resolve DNS
names. The W2K PC cannot resolve any DNS names once inside the VPN. I've
tried connecting with/without the router, and still no luck. Also disabled
virus scanner and software firewall briefly - no luck either.

I recently re-installed W2K (VPN was working fine before that). I also
occasionally get 0x7F, 0x0A, and 0x1E bugchecks (was getting the 0x7Fs
frequently prior to W2K re-installation).

Have also replaced the motherboard and NIC card, since the first MB had a
bad NIC.

Have recently upgraded Norton Internet Security and SystemWorks to 2005
version. I also de-installed these to see if that might be related - no
difference on VPN, but have not had any bugchecks since (still too early to
tell probably).

Any help would be greatly appreciated, especially with the host name issue
inside the VPN.

Thanks!
Andy
 
posting the result of both computer ipconfig /all here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi,

I am running W2K Pro and XP Pro behind a router, and can make VPN
connections to another network. But only the XP VPN is able to resolve DNS
names. The W2K PC cannot resolve any DNS names once inside the VPN. I've
tried connecting with/without the router, and still no luck. Also disabled
virus scanner and software firewall briefly - no luck either.

I recently re-installed W2K (VPN was working fine before that). I also
occasionally get 0x7F, 0x0A, and 0x1E bugchecks (was getting the 0x7Fs
frequently prior to W2K re-installation).

Have also replaced the motherboard and NIC card, since the first MB had a
bad NIC.

Have recently upgraded Norton Internet Security and SystemWorks to 2005
version. I also de-installed these to see if that might be related - no
difference on VPN, but have not had any bugchecks since (still too early to
tell probably).

Any help would be greatly appreciated, especially with the host name issue
inside the VPN.

Thanks!
Andy
 
Thanks, Bob,

Here are the two IPCONFIG/ALLs, from the XP and the W2K PCs. (I have dummied
up the numbers - hope that doesn't mess things up to much.) Note that both
listings are inside the VPN connection. XP Pro does fine, but W2K can only
use IP addresses to navigate the inter/intranets.

1) XP Pro (this PC will resolve host names inside the VPN, either intranet
or internet):

IPCONFIG/ALL >ipconfig_xp.txt

Windows IP Configuration

Host Name . . . . . . . . . . . . : <dummy_xp>
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : <dummya.dummyb>.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : <dummy1.dummy2>.com
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX
NIC (3C905B-TX)
Physical Address. . . . . . . . . : aa-bb-cc-dd-ee-ff
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.<dummy1.dummy2>
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.<dummy1.dummy3>
DHCP Server . . . . . . . . . . . : 192.168.<dummy1.dummy3>
DNS Servers . . . . . . . . . . . : <A.B.C.D1>
<A.B.C.D2>
<A.B.C.D3>
Lease Obtained. . . . . . . . . . : Saturday, November 26, 2005
7:29:19 AM
Lease Expires . . . . . . . . . . : Tuesday, November 29, 2005
7:29:19 AM

Ethernet adapter {44A0A5C7-F9CD-41F5-BD30-E09E0303959D}:

Connection-specific DNS Suffix . : dummya.dummyb.local
Description . . . . . . . . . . . : Nortel IPSECSHM Adapter - Packet
Scheduler Miniport
Physical Address. . . . . . . . . : aa-bb-cc-dd-ee-ff
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.<b.c.d>
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 172.<b.c.d1>
DNS Servers . . . . . . . . . . . : 172.<b.c.d2>
172.<b.c.d3>
Primary WINS Server . . . . . . . : 172.<b.c.d4>
Secondary WINS Server . . . . . . : 172.<b.c.d5>


==============================================================

2) W2K Pro (this PC will not resolve host names inside VPN connection -
neither intranet nor internet):

IPCONFIG/ALL >ipconfig_w2k.txt

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : <dummy>
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : <dummy1.dummy2.com>

Ethernet adapter {A67D8438-3BD9-4BB1-AD62-9FFFA07151E7}:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NOC Extranet Access Adapter
Physical Address. . . . . . . . . : aa-bb-cc-dd-ee-ff
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 172.<b.c.d1>
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 172.<b.c.d2>
DNS Servers . . . . . . . . . . . :

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : <dummy1.dummy2.com>
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
Ethernet NIC
Physical Address. . . . . . . . . : aa-bb-cc-dd-ee-ff
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.<dummya.dummyb>
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.<dummya.dummyb1>
DHCP Server . . . . . . . . . . . : 192.168.<dummya.dummyb2>
DNS Servers . . . . . . . . . . . : <dummy1.dummy2.dummy3.dummy4>
<dummy1.dummy2.dummy3.dummy5>
<dummy1.dummy2.dummy3.dummy6>
Lease Obtained. . . . . . . . . . : Sunday, November 27, 2005 6:19:55 AM
Lease Expires . . . . . . . . . . : Wednesday, November 30, 2005 6:19:55 AM

posting the result of both computer ipconfig /all here may help.
 
OK, so now do an nslookup for a local address, an Internet address, and a
remote network address and see which server is being queried for each
lookup. A real common way to overcome this is to put the remote network DNS
server as the primary and your ISP's DNS as the secondary. Then when the VPN
is disconnected DNS will fall back to the second entry, and when connected
use the remote.

....kurt
 
Hi, Kurt,

I ran nslookup inside the VPN on the XP PC, and got this:
nslookup <intranet.dummy.com>
Click to expand...
Server: a.b.c.local
Address: 172.x.y.z

Non-authoritative answer:
Name: <intranet.dummy.com>
Address: 172.x.y.z2

And I ran nslookup outside the VPN through ISP on the W2K PC, and got this:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>nslookup www.google.com
Server: dns-cac-lb.southeast.rr.com
Address: 24.25.5.150

Non-authoritative answer:
Name: www.l.google.com
Addresses: 64.233.161.147, 64.233.161.99, 64.233.161.104
Aliases: www.google.com

Then I started up Nortel Extranet Contivity Client (to handle the VPN), and
under Options / Name Server Options, I put this:

DNS
Primary DNS Server: 172.x.y.z
Secondary DNS Server: 24.25.5.150

And got the same "cannot resolve host name" when I tried to access
<intranet.dummy.com> or www.google.com inside the VPN (via Contivity).

So, then I went to "Network and Dial-up Connections" under "Control Panel"
on W2K, and under the "Properties / General / Internet Protocol (TCP/IP) /
Properties" I put the same information for Primary and Secondary DNS, after
selecting "Use the following DNS server addresses". Now when I connect via
Contivity VPN, I get "Login Failure due to: Driver failure". So I then
removed the DNS settings under the Contivity dialog, and I get the login
failure, or "maximum number of sessions reached, but do not successfully
connect. I then set the Network and Dial-up Connections DNS settings back to
"Obtain DNS server address automatically", and still get the same messages
(instead of getting a VPN connection, but without the DNS resolution
ability). I will wait awhile, and try again with your suggestions.

Thanks!
Andy
 
When you get the VPN back up, see if you can ping the DNS server on the
remote network. You should be able to connect to hosts / servers there by IP
address even without name resolution. If you can't ping by IP address,
you'll need to troubleshoot the VPN.

....kurt

A. Barnett said:
Hi, Kurt,

I ran nslookup inside the VPN on the XP PC, and got this:
nslookup <intranet.dummy.com>
Click to expand...
Server: a.b.c.local
Address: 172.x.y.z

Non-authoritative answer:
Name: <intranet.dummy.com>
Address: 172.x.y.z2

And I ran nslookup outside the VPN through ISP on the W2K PC, and got
this:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>nslookup www.google.com
Server: dns-cac-lb.southeast.rr.com
Address: 24.25.5.150

Non-authoritative answer:
Name: www.l.google.com
Addresses: 64.233.161.147, 64.233.161.99, 64.233.161.104
Aliases: www.google.com

Then I started up Nortel Extranet Contivity Client (to handle the VPN),
and
under Options / Name Server Options, I put this:

DNS
Primary DNS Server: 172.x.y.z
Secondary DNS Server: 24.25.5.150

And got the same "cannot resolve host name" when I tried to access
<intranet.dummy.com> or www.google.com inside the VPN (via Contivity).

So, then I went to "Network and Dial-up Connections" under "Control Panel"
on W2K, and under the "Properties / General / Internet Protocol (TCP/IP) /
Properties" I put the same information for Primary and Secondary DNS,
after
selecting "Use the following DNS server addresses". Now when I connect via
Contivity VPN, I get "Login Failure due to: Driver failure". So I then
removed the DNS settings under the Contivity dialog, and I get the login
failure, or "maximum number of sessions reached, but do not successfully
connect. I then set the Network and Dial-up Connections DNS settings back
to
"Obtain DNS server address automatically", and still get the same messages
(instead of getting a VPN connection, but without the DNS resolution
ability). I will wait awhile, and try again with your suggestions.

Thanks!
Andy
Click to expand...
 
Hi, Kurt,

Sorry for the long post below - lots of info.

Still getting occasional bugchecks. This time the Event Viewer reads:

Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 12/1/2005
Time: 12:31:58 AM
User: N/A
Computer: <mycomputer>
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e
(0xc0000005, 0xa00bbba9, 0x00000000, 0x00000001). Microsoft Windows
2000 [v15.2195]. A dump was saved in: C:\WINNT\MEMORY.DMP.

I got the VPN up again (apparently the firewall was blocking it). Here's the
ping from inside the VPN:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>ping 172.20.62.95

Pinging 172.20.62.95 with 32 bytes of data:

Reply from 172.20.62.95: bytes=32 time=11ms TTL=124
Reply from 172.20.62.95: bytes=32 time=10ms TTL=124
Reply from 172.20.62.95: bytes=32 time=10ms TTL=124
Reply from 172.20.62.95: bytes=32 time=10ms TTL=124

Ping statistics for 172.20.62.95:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 11ms, Average = 10ms

I believe this means the DNS server is reachable. Same results occurred for
secondary DNS server, and primary/secondary WINS servers.

But, if I ping a DNS name (local or internet) from inside the VPN with "ping
<hostname>", I get "Unknown host <hostname>".

So, I put the DNS and WINS server names, and the domain name (<a.b.local>)
in the Nortel Contivity setup, and the VPN worked as before, but still
cannot see DNS names.

Using NETDIAG under the VPN, I get these results (note the WARNINGs). In
particular the "[WARNING] The net card 'Nortel IPSECSHM Adapter' may not be
working because it has not received any packets." - I don't see this adapter
under System / Device Manager / Network adapters (it is visible on the XP
PC).

C:> netdiag >netdiag_w2k_vpn.txt
...................................

Computer Name: <mycomputer>
DNS Host Name: <mycomputer>
System info : Windows 2000 Professional (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB329115
KB823182
KB823559
KB824105
KB824151
KB825119
KB826232
KB828035
KB828741
KB828749
KB832353
KB835732
KB837001
KB839645
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB842773
KB871250
KB873333
KB873339
KB885250
KB885835
KB885836
KB888113
KB890046
KB890859
KB891781
KB892944
KB893066
KB893086
KB893756
KB893803v2
KB894320
KB896358
KB896422
KB896423
KB896424
KB896688-IE6SP1-20051004.130236
KB897715-OE6SP1-20050503.210336
KB899587
KB899589
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB905495-IE6SP1-20050805.184113
KB905749
Q147222
Q818043
Q828026
Update Rollup 1


Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Nortel IPSECSHM Adapter' may not be working
because it has not received any packets.
[WARNING] The net card 'Nortel IPSECSHM Adapter' may not be working
because it has not received any packets.

Per interface results:

Adapter : {A67D8438-3BD9-4BB1-AD62-9FFFA07151E7}

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : <mycomputer>
Autoconfiguration IP Address : 0.0.0.0
Subnet Mask. . . . . . . . : 0.0.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
IpConfig results . . . . . : Failed
Pinging DHCP server - not reachable
WARNING: DHCP server may be down.

AutoConfiguration results. . . . . . : Failed
[WARNING] AutoConfiguration is in use. DHCP not available.

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : Local Area Connection 2

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : <mycomputer>.nc.rr.com
IP Address . . . . . . . . : 192.168.0.3
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
Dns Servers. . . . . . . . : 24.25.5.150
24.25.4.107
24.25.4.108


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed
Dns domain name is not specified.
Dns forest name is not specified.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{60248A90-B57B-4B0C-96EC-88058DD19D2B}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{60248A90-B57B-4B0C-96EC-88058DD19D2B}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{60248A90-B57B-4B0C-96EC-88058DD19D2B}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Skipped


DC list test . . . . . . . . . . . : Skipped


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Skipped


LDAP test. . . . . . . . . . . . . : Skipped


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped
The IPSec Policy Agent service is not started.


The command completed successfully

Thanks for your help! I'll check for an updated Nortel Contivity client and
try re-installing.
 
Back
Top