Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 249
  • Last Modified:

WWW. and internal Windows Domain name

I am having a great deal of problems recently in negotiating Exchange over a VPN.

I think I have discovered my problem however I need a solution to the problem.  The users within the company are using the Microsoft VPN to access there Exchange remotely.  I have noticed that some users are recieving the incorrect IP address of our exchange Server.  They are recieving our WWW IP address.  When the Domain was originally set up the Third party used the domain name "ADMYDOMAIN" and it appears on all computers as "computer.mydomain.com".  The problem is our www domain is also called "mydomain.com".  I have set LMHOST files to list our exchange server and imported them into the VPN (I have not imported the HOST files) .  We still have the same results. Random users at random times recieving the external address.  Are basic internet settings are dynamically set to attain IP and DNS.

Where would I set this to eliminate the poitential for the users getting the IP address from our WWW.  Or will I need to do the terrible job of creating a new domain internally?

Thanks
0
Karabustech
Asked:
Karabustech
  • 4
  • 3
1 Solution
 
scampgbCommented:
Hi

When the user establishes a VPN connection to the network, it needs to be allocated an internal IP address and DNS settings.

Make sure that your Routing & Remote access service is set to get IP addresses from your internal DHCP server (Server properties, IP tab)

Make sure that the DHCP scope is set up properly, with the correct DNS server address(es)

The DNS server IP should be set to the IP address of your internal DNS server.

Test the VPN connection again and check what DNS server address you've got  (with ipconfig /all)

Ping the exchange server by name - it should resolve the IP address correctly.

On a related note, do you have the exchange server name listed on both the internal and external DNS servers?

Let me know how you get on with it, and I'll see what else I can come up with.

Steve
0
 
KarabustechAuthor Commented:
Thanks for speedy response.

Make sure that your Routing & Remote access service is set to get IP addresses from your internal DHCP server (Server properties, IP tab)

-It is set correctly

Make sure that the DHCP scope is set up properly, with the correct DNS server address(es)

-This is set and both DNS server IP addresses show.  Under Properties General tab the folloing options are selected:
03 Router
06 DNS Server
044 WINS/NBNS Servers
046 WINS/NBT Node Type

Are any others required? like 069 SMTP or 015 DNS Domain Name

Our Exchange server should only be listed internally.  It should not be listed anywhere externally.  

I did notice that the dns entry for the exchange server is in all CAPS.  Is DNS case sensitive?  The server name is all CAPS when I check properties of the exchange server.  However I do see entries in reverse lookup that the FQDN is in lower case and also NS records in lower case.

There is also a entry listed for www. that matches the IP address users are recieving when trying to connect to exchange.

Tested VPN again and it worked on one system but not on a second system.

When I do a /displaydns on the system while attached to vpn the FQDN of exchange is displayed in lower case.

Hope some of this info can help you help me.

Neil
0
 
scampgbCommented:
Hi Neil

The DHCP scope sounds good to me.  I assume that 046 WINS/NBT type is set to 0x8 ?

"Our Exchange server should only be listed internally.  It should not be listed anywhere externally. " 
You said "should", so I suggest that you check your external DNS :-)

DNS is not case-sensitive.

You said that it works on one system but not on another.  Just to clarify, is it always certain VPN users that have the problem?

Also - how is the exchange server defined on the client PC?  Is this manually entered, or do you use profgen to set this up?

On a PC that has this problem, can you please do the following?

Look at the Exchange account setup (through control panel) - confirm that the name of the server is correct.
Use "nbtstat -c" to see what NetBIOS to IP mappings you've got.
Go to a command prompt and ping the server name - check what IP you get back

If you let me know the results of the above, it'll help greatly

Thanks
Steve
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
KarabustechAuthor Commented:

Yes WINS/NBT is 0x8

This is a random problem and cannot be nailed down to a single computer.  It clears it self up for several logins then the problem starts again.

Our clients are configured manually and check name is selected.

I did just run the NBstat on a system right after connecting to the VPN.  It was blank!

I then pinged the exchange server by name and it replied with a time between 100 - 150ms.  It did report the correct IP address also.

I ran nbtstat again and the exchange server appeared with the following info

Name: ex2000   <00> Type: Unique      Host ADD: 192.168.1.2   Life: 592 secs

I checked the display dns and it had the correct IP address listed and the correct name.  This time it did not list the external address.  But outlook displays that server is unavailable then prompts again for the Username,password and Domain.

This is why I am so lost to me it appears as if it should be working but the server.
0
 
scampgbCommented:
Hi

Can you please try the above over a few VPN sessions to check that you're getting consistent results?

If that's the case, then we've established the following:

The DNS lookup for the server IP is working correctly
The NetBIOS name lookup is working (that's what NBTSTAT tells us).
The exchange server can be contacted, and return responses to the pings


One other thing to test, when you're connected to the VPN and are unable to access Outlook: try connecting to the Exchange server by UNC name - ie \\EX2000

You mentioned to start off with that the VPN clients were being supplied with the external address of your webserver.  Is this still the case with the tests above?

I must admit, I'm intrigued by this now!

Steve
0
 
KarabustechAuthor Commented:
Hi Steve,

thanks for your help and not returning more information.

It was a client side DNS issue.  The domain prefix was active under computer name.  This caused for some reason our users return our www. IP address.  Some reason instead of remaining in our network it was tunneling back out to the internet to check the DNS  I think it was split tunneling from the client side.

This was fixed by removing the prefix and adding new HOSTS and reapplying the LMHOSTS.  Also flushing dns and reapplying.

All is working now.

Thanks for your help.  It lead me in the right direction.  
0
 
scampgbCommented:
Hi.  Sorry that I couldn't find THE answer for you (it sounds like a very odd setup!), but I'm glad I managed to help in some way.

All the best.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now