XP VPN DNS problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Our XP Pro (SP2) computers using VPN are not registering in DNS when they
connect. Our 2000 (SP4) computers do not have this issue, nor do the XP
machines connected directly on the LAN.

Here is the setup:
Remote computers use Microsoft VPN to connect via PPTP to our Windows 2000
(SP4) server running RRAS, DHCP, DNS and is also the Domain Controller (WINS
is disabled). The server has 1 NIC and is behind our firewall using NAT. RRAS
uses DHCP and has dynamic DNS updating enabled.

Windows Firewall is off. "Register this connection's addresses in DNS" is
checked. "Use default gateway on remote network" is checked. WINS is set to
disabled (we do not use NetBios/WINS).

Again, 2000 Pro machines are not experiencing this problem. I saw 17
connections on RRAS, 6 of those were from XP machines, and those were the
only 6 not listed in DNS. What am I missing?
 
Hello,

Thanks for posting!

Have you checked if there is any related error in system log? If possible,
please send the MPS report for research.

The Detailed steps are as the following:
=============================

Download the MPSRPT_NETWORK.EXE from the following link and then run this
tool to gather some information from the problematic computer:

http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE

To run this tool:

1. Double-click on the MPSRPT_NETWORK.EXE file.

I understand this process may take some time, however it will not have a
negative effect on the performance.

2. A CAB file will be generated in the
%systemroot%\MPSReports\Network\Reports\Cab directory called
%COMPUTERNAME%_MPSReports.CAB. The CAB file will contain the reports
generated by the MPS Reporting Tool.

3. Send the CAB file as an attachment to (e-mail address removed)

Best Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
| Thread-Topic: XP VPN DNS problem
| thread-index: AcYtxD3piw1DO4/fRPK2ipO0VeO5DQ==
| X-WBNR-Posting-Host: 67.87.221.111
| From: "=?Utf-8?B?RWRkeSAtIE1DU0U=?=" <[email protected]>
| Subject: XP VPN DNS problem
| Date: Thu, 9 Feb 2006 14:00:30 -0800
| Lines: 19
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.ras_routing
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.ras_routing:17770
| X-Tomcat-NG: microsoft.public.win2000.ras_routing
|
| Our XP Pro (SP2) computers using VPN are not registering in DNS when they
| connect. Our 2000 (SP4) computers do not have this issue, nor do the XP
| machines connected directly on the LAN.
|
| Here is the setup:
| Remote computers use Microsoft VPN to connect via PPTP to our Windows
2000
| (SP4) server running RRAS, DHCP, DNS and is also the Domain Controller
(WINS
| is disabled). The server has 1 NIC and is behind our firewall using NAT.
RRAS
| uses DHCP and has dynamic DNS updating enabled.
|
| Windows Firewall is off. "Register this connection's addresses in DNS" is
| checked. "Use default gateway on remote network" is checked. WINS is set
to
| disabled (we do not use NetBios/WINS).
|
| Again, 2000 Pro machines are not experiencing this problem. I saw 17
| connections on RRAS, 6 of those were from XP machines, and those were the
| only 6 not listed in DNS. What am I missing?
| --
| Eddy - MCSE
|
 
I am running the file now. I see event 40960 and 40961 on LSASrv. Also two
others stating that cifs/domain.com and ldap/domain.com cannot be found (I do
not have the error codes in front of me for those).
 
Hello,

Thanks for your reply!

I would like to suggest you check to see if the following article is useful:

891559 You cannot access resources after you install Security Bulletin
MS04-011 or Windows XP Service Pack 2
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;891559>

Hope the information helps.

Best Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
| Thread-Topic: XP VPN DNS problem
| thread-index: AcYw3e0FYpiqu4vOQJuQehAAf0pFSw==
| X-WBNR-Posting-Host: 68.165.252.66
| From: "=?Utf-8?B?RWRkeSAtIE1DU0U=?=" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: RE: XP VPN DNS problem
| Date: Mon, 13 Feb 2006 12:41:54 -0800
| Lines: 107
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.ras_routing
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.ras_routing:17793
| X-Tomcat-NG: microsoft.public.win2000.ras_routing
|
| I am running the file now. I see event 40960 and 40961 on LSASrv. Also
two
| others stating that cifs/domain.com and ldap/domain.com cannot be found
(I do
| not have the error codes in front of me for those).
| --
| Eddy - MCSE
|
|
| "Jason Tan (MSFT)" wrote:
|
| > Hello,
| >
| > Thanks for posting!
| >
| > Have you checked if there is any related error in system log? If
possible,
| > please send the MPS report for research.
| >
| > The Detailed steps are as the following:
| > =============================
| >
| > Download the MPSRPT_NETWORK.EXE from the following link and then run
this
| > tool to gather some information from the problematic computer:
| >
| >
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
| > 15706/MPSRPT_NETWORK.EXE
| >
| > To run this tool:
| >
| > 1. Double-click on the MPSRPT_NETWORK.EXE file.
| >
| > I understand this process may take some time, however it will not have
a
| > negative effect on the performance.
| >
| > 2. A CAB file will be generated in the
| > %systemroot%\MPSReports\Network\Reports\Cab directory called
| > %COMPUTERNAME%_MPSReports.CAB. The CAB file will contain the reports
| > generated by the MPS Reporting Tool.
| >
| > 3. Send the CAB file as an attachment to (e-mail address removed)
| >
| > Best Regards,
| >
| > Jason Tan
| >
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| >
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| >
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| >
| >
| > --------------------
| > | Thread-Topic: XP VPN DNS problem
| > | thread-index: AcYtxD3piw1DO4/fRPK2ipO0VeO5DQ==
| > | X-WBNR-Posting-Host: 67.87.221.111
| > | From: "=?Utf-8?B?RWRkeSAtIE1DU0U=?=" <[email protected]>
| > | Subject: XP VPN DNS problem
| > | Date: Thu, 9 Feb 2006 14:00:30 -0800
| > | Lines: 19
| > | Message-ID: <[email protected]>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.win2000.ras_routing
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.ras_routing:17770
| > | X-Tomcat-NG: microsoft.public.win2000.ras_routing
| > |
| > | Our XP Pro (SP2) computers using VPN are not registering in DNS when
they
| > | connect. Our 2000 (SP4) computers do not have this issue, nor do the
XP
| > | machines connected directly on the LAN.
| > |
| > | Here is the setup:
| > | Remote computers use Microsoft VPN to connect via PPTP to our Windows
| > 2000
| > | (SP4) server running RRAS, DHCP, DNS and is also the Domain
Controller
| > (WINS
| > | is disabled). The server has 1 NIC and is behind our firewall using
NAT.
| > RRAS
| > | uses DHCP and has dynamic DNS updating enabled.
| > |
| > | Windows Firewall is off. "Register this connection's addresses in
DNS" is
| > | checked. "Use default gateway on remote network" is checked. WINS is
set
| > to
| > | disabled (we do not use NetBios/WINS).
| > |
| > | Again, 2000 Pro machines are not experiencing this problem. I saw 17
| > | connections on RRAS, 6 of those were from XP machines, and those were
the
| > | only 6 not listed in DNS. What am I missing?
| > | --
| > | Eddy - MCSE
| > |
| >
| >
|
 
That particular computer is having some problems and the article you referred
to seems to point in the right direction. DFS was not active on the file
server (it was enabled on the DC, but not being used). I tried using DFS, but
that still did not work.
One of the "Workarounds" was:
• You can make a domain controller available to the computer.

I think this is the crux of the problem. I thought the domain controller WAS
available to the computer, but I think the problem is that without
registering in DNS, the DC is not available.

Two questions:
1. Could it be a binding issue?
2. Do you think using IAS would fix this? I am currently not running IAS. Do
you think I should be?

Thanks again for the help.
 
Hello,

Thanks for posting!

I think the issue may occur under multiple situations. To isolate the
issue, please confrim if you have applied Security Bulletin MS04-01. If so,
please attempt to uninstall it and check the issue. Additionally please
verify you have configured the VPN server in place.

How To Install and Configure a Virtual Private Network Server in Windows
2000
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;308208>

Hope the information helps. If there is anything that is unclear, please
feel free to let me know.

Best Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
| Thread-Topic: XP VPN DNS problem
| thread-index: AcYybAIgUPXZuQrKQ9W7sIpWnTAnzg==
| X-WBNR-Posting-Host: 68.165.252.66
| From: "=?Utf-8?B?RWRkeSAtIE1DU0U=?=" <[email protected]>
| References: <[email protected]>
| Subject: RE: XP VPN DNS problem
| Date: Wed, 15 Feb 2006 12:11:30 -0800
| Lines: 42
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 8bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.ras_routing
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.ras_routing:17801
| X-Tomcat-NG: microsoft.public.win2000.ras_routing
|
| That particular computer is having some problems and the article you
referred
| to seems to point in the right direction. DFS was not active on the file
| server (it was enabled on the DC, but not being used). I tried using DFS,
but
| that still did not work.
| One of the "Workarounds" was:
| • You can make a domain controller available to the computer.
|
| I think this is the crux of the problem. I thought the domain controller
WAS
| available to the computer, but I think the problem is that without
| registering in DNS, the DC is not available.
|
| Two questions:
| 1. Could it be a binding issue?
| 2. Do you think using IAS would fix this? I am currently not running IAS.
Do
| you think I should be?
|
| Thanks again for the help.
| --
| Eddy - MCSE
|
|
| "Eddy - MCSE" wrote:
|
| > Our XP Pro (SP2) computers using VPN are not registering in DNS when
they
| > connect. Our 2000 (SP4) computers do not have this issue, nor do the XP
| > machines connected directly on the LAN.
| >
| > Here is the setup:
| > Remote computers use Microsoft VPN to connect via PPTP to our Windows
2000
| > (SP4) server running RRAS, DHCP, DNS and is also the Domain Controller
(WINS
| > is disabled). The server has 1 NIC and is behind our firewall using
NAT. RRAS
| > uses DHCP and has dynamic DNS updating enabled.
| >
| > Windows Firewall is off. "Register this connection's addresses in DNS"
is
| > checked. "Use default gateway on remote network" is checked. WINS is
set to
| > disabled (we do not use NetBios/WINS).
| >
| > Again, 2000 Pro machines are not experiencing this problem. I saw 17
| > connections on RRAS, 6 of those were from XP machines, and those were
the
| > only 6 not listed in DNS. What am I missing?
| > --
| > Eddy - MCSE
|
 
Back
Top