Win2K3 VPN - Connecting, but no name resolution???

  • Thread starter Thread starter nun
  • Start date Start date
N

nun

I previously had VPN working great on Win2K w/AD. I created a new
server with 2K3 and a new AD (on a new forest (core.local)). I set up
RAS, remotes can "connect" (authenticate) via VPN, but have a problem
accessing servers with name resolution.

BTW (not sure if it's related) - I noticed some local XP clients also
having nothing in their network neighborhood, but can still access the
server via fully qualified name.

Office:
Router is hosting DHCP. First DNS in the router settings points to
the AD machine (..222.2). The AD server is also the server hosting
RAS. Offce IP is 192.168.222.*. VPN range is static ...80-89.

Remote:
IP 192.168.1.*

Below is my session results. ipconfig shows the connection info. The
PPP shows the DNS with my AD server first (.2), then the external DNS.
Something I find odd is the subnet mask of .225. Is this normal? I
can ping my AD server (ASERVER) with the IP and with the server name.
My other server (SERVER1) I can ping the IP, but not the name.

Is this a name resolution problem? ...or WINS issue? Should AD
handle name resolution?

-------------------------------------------------------------

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : bbarxxxx
Primary Dns Suffix . . . . . . . : ncu.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ncu.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE
Network Connecti
on
Physical Address. . . . . . . . . : 00-11-11-DD-EE-E2
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.129
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.10

PPP adapter Core:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.222.87
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.222.87
DNS Servers . . . . . . . . . . . : 192.168.222.2
24.116.33.232

C:\>ping 192.168.222.5

Pinging 192.168.222.5 with 32 bytes of data:

Reply from 192.168.222.5: bytes=32 time=109ms TTL=127
Reply from 192.168.222.5: bytes=32 time=121ms TTL=127
Reply from 192.168.222.5: bytes=32 time=18ms TTL=127
Reply from 192.168.222.5: bytes=32 time=26ms TTL=127

Ping statistics for 192.168.222.5:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 121ms, Average = 68ms

C:\>ping server1
Ping request could not find host server1. Please check the name and
try again.
 
DNS should be able to handle the name resolution for the remote client.
The client is getting the correct DNS address, so it should work now if you
use the FQDN (eg server1.core.local ) If you want it to work with just
server1, you need to add the DNS suffix (core.local) to the connection
properties of the client. Then it should work with just the machine name.

Don't worry about th netmask. It just indicates you are using a point to
point connection. If you can ping by IP, routing is working.

Network Neighborhood uses the computer browser service. That depends on
LAN broadcasts and Netbios names. It usually doesn't work too well on a VPN
connection because the connection doesn't carry broadcasts.

I am surprised to see you are using 192.168.222.2 and 24.116.33.232 as
DNS addresses. With AD it is safer to use only the local DNS address, and
set this DNS to forward to a public DNS server. That way it can resolve both
local and foreign DNS queries itself.
 
What if Core was our (we own it) registered name on the internet (eg:
core.com)? (Note: core.com is just an example).

In the remote client's connection Networking > TCPIP > I set the
preferred DNS server to our AD server at the office (222.2) and no
alternate. In Advanced > DNS I set the DNS entry to only 222.2,
append core.com DNS suffix, and DNS suffix for this connection to
core.com.

My router's (Linksys via cable connection) DHCP setting has the DNS
entry of 222.2. It used to have 222.2 and the ISPs DNS setting, but I
removed it. Still,local clients will get 222.2 first followed by the
ISPs DNSs.

When I ping server1, it appends the suffix (server1.core.com), but the
IP address it returns is using our External IP address

I think what I'm battleing is that I'm trying to reference core.com
which I've named as my AD forest, yet I have a core.com that points to
another location (a hosting site). I think it's getting confused (or
I'm getting confused) as to what to point to. I realize this may not
be too common where your domain name points to a different location
other than where your AD resides. When I installed AD I didn't think
it mattered where core.com points to. Could this be the case?

If so, does AD have an "alias" so that I could connect to core.local
and bypass the core.com? Would/Should I reinstall / rename AD to
another forest (core.local)?

Thanks for you input and help.
 
Well that isn't a VPN problem. It just means that your DNS is not set up
properly!

A VPN connection gets you "inside" the private network. So a VPN client
should be seeing DNS in the same way as a LAN client. A LAN client should
not be seeing the external IP of your server in DNS.
 
Back
Top