[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

UNC path / VPN question

Posted on 2005-04-19
23
Medium Priority
?
2,139 Views
Last Modified: 2010-07-23
Hello!
I have recently setup VPN (PPTP) against a Windows 2003 server and it works ok.`
The VPN server is member of the domain, with another 2003 server as DC.
But UNC paths like \\servername\sharename don't seem to work when connected to the VPN.
Sharenames like \\local_ip\sharename e.g. \\10.1.1.17\sharename do work.

How can I make UNC paths like \\servername\sharename work also through VPN?
I have tried adding the servername to the lmhosts.sam file, but it don't seem to work.
0
Comment
Question by:rj2
  • 11
  • 6
  • 3
  • +2
23 Comments
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1200 total points
ID: 13817829
Don't use the lmhosts.sam file..
How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/support/kb/articles/Q180/0/94.ASP 

Pay particular attention to the space requirements between the quotation marks, the fact that the file cannot have any extension (.txt, .sam)..
0
 
LVL 10

Author Comment

by:rj2
ID: 13818052
Ok, any ideas on why the UNC path don't work though the VPN?
It should work, shouldn't it?
Is there something I can do to make it work without an LMHOSTS file?

I tried adding LMHOSTS like shown in the link, but it did not seem to help.
When using 2003 server as DC the names look like servername.domain.local
Only the servername should be used in the LMHOSTS file, not servername.domain.local?

0
 
LVL 10

Author Comment

by:rj2
ID: 13818078
It did work with the LMHOST file, sorry ;-) I was a bit too quick when testing it.

But it would be even better if I could make it work without the LMHOST file, is that possible?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1200 total points
ID: 13818113
Maybe this will help

How to troubleshoot DNS name resolution on the Internet in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;816567
0
 
LVL 10

Author Comment

by:rj2
ID: 13818165
ok, I will check it out.
The DNS seems to be working ok when directly connect to the LAN though, UNC paths work fine then.
The problem with UNC paths only occurs when connecting externally through the VPN.
0
 
LVL 10

Author Comment

by:rj2
ID: 13818176
That's weird, isn't it? When all other packages go though the VPN without any problems, what is different with the name resolution when using UNC paths?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1200 total points
ID: 13818226
Here's another article that might help
http://www.tacteam.net/isaserverorg/vpnkitbeta2/dnsvpn.htm
0
 

Expert Comment

by:NeotericIT
ID: 13821652
rj2, what is the IP information on your network? Do an ipconfig /all from a machine NOT connected to the VPN, then do an ipconfig /all on the machine connected to the VPN. This would be a good starting point.

Your DNS server is not configured correctly, or your client is pointing to the wrong DNS resolver.

To answer your earlier lmhost question; yes "servername" not "servername.namespace.com" should reside in a lmhost file. The "servername.namespace.com" names are supposed to go in the hosts file. But you should be able to configure AD DNS to do all the name resolutions.
0
 
LVL 10

Author Comment

by:rj2
ID: 13821965
DNS config is the same for VPN connection and direct connection.

We have two gateways from the network. The default gateway assigned from DHCP is the main gateway. The VPN server use the other gateway.

I will check the DHCP and DNS config. The info under "VPN clients cannot resolve unqualified names" in the link from lrmoore sounds promising. Could it be that clients use broadcast for resolving UNC path names when directly connected, but that this don't work for VPN clients?

I currently have only "003 router" and "006 DNS servers" under scope options for DHCP. Should there be more options here?
For DNS I have some forwarding zones so that requests to the webserver is resolved internally for clients on the LAN, we use NAT.
0
 
LVL 21

Expert Comment

by:JBlond
ID: 13822675
I suppose you have to activate 'NetBIOS over TCP/IP' as the UNC paths are using the NetBIOS-name of the server. There's is an option for this in every network connection in windows. You haven't described how you estabish the VPN connection. If a router does establish the connection for you, there should be the same option somewhere in the router config.
0
 
LVL 10

Author Comment

by:rj2
ID: 13824748
I establish VPN connection with Windows XP VPN client (Start, Connect to, ...)
Looks like "NetBIOS over TCP/IP" is activated by default, I have not turned it off.
0
 

Assisted Solution

by:NeotericIT
NeotericIT earned 200 total points
ID: 13828448
rj2, I would still like to see the info from an ipconfig /all from pc not on vpn and from a pc that is connected to the vpn....

Dude, clients use whatever you tell them to use. If your using a 2003 server then you should be using Active Directory DNS to resolve both long and short computer names. Both the vpn and network clients will query the dns server listed in their TCP/IP settings. Before you even attempt to map drives to server names start of with nslookup "servername" to see if the DNS is right. Then try some ping "servername" to make sure u get a response. If while connected to the VPN you can not resolve nslookup "servername" then you won't be able to map to names.
0
 
LVL 10

Author Comment

by:rj2
ID: 13831605
Ipconfig /ALL when not connected to VPN (directly on LAN)

Windows IP Configuration

        Host Name . . . . . . . . . . . . : mylaptop
        Primary Dns Suffix  . . . . . . . : mycompany.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : mycompany.local

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Dell Wireless 1450 Dual Band WLAN Mini-PCI Card
        Physical Address. . . . . . . . . : 00-11-22-33-44-55
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.0.1.205
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.1.1
        DHCP Server . . . . . . . . . . . : 10.0.1.6
        DNS Servers . . . . . . . . . . . : 10.0.1.6
                                            194.1.2.3
                                            194.2.3.4
        Primary WINS Server . . . . . . . : 10.0.1.6
        Lease Obtained. . . . . . . . . . : 21. april 2005 08:33:11
        Lease Expires . . . . . . . . . . : 1. mai 2005 11:33:11

ipconfig /ALL for VPN connection:
PPP adapter Mycompany VPN:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-11-22-33-44-55
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.1.188
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 10.0.1.188
        DNS Servers . . . . . . . . . . . : 10.0.1.6
                                            194.1.2.3

There probably is a DNS or DHCP problem here, I'm trying to find out exactly what that problem is and how to fix it.
10.0.1.6 is my local DNS server

c:\>  nslookup SERVERNAME 10.0.1.6
*** Can't find server name for address 10.0.1.6: Non-existent domain
Server:  UnKnown
Address:  10.0.1.6

Name:    SERVERNAME.mycompany.local
Address:  10.0.1.6
0
 
LVL 10

Author Comment

by:rj2
ID: 13831609
The nslookup command above is when connected to LAN. I will try the same command from home when connected to VPN when I get home.
0
 
LVL 21

Accepted Solution

by:
JBlond earned 600 total points
ID: 13831631
Try to add your internal WINS-Server manually to the VPN connection or configure the DHCP server on the other side to deploy the WINS-server adress on VPN connections.

Another possibility is to configure the DNS server to integrate WINS:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/19w2kadc.mspx - Managing DNS Server Configuration and Security
Search for 'Integrating WINS with DNS'
0
 
LVL 10

Author Comment

by:rj2
ID: 13832290
Adding WINS to the DHCP server does not seem to help.
Adding the WINS server to the VPN connection manually worked, it fixed the problem.
But the ideal fix for me to the problem would be on the server, then I don't have to help everybody add WINS manually on the VPN connection on their clients :-)
I will try to integrate WINS with DNS for the mycompany.local domain as described in the link.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1200 total points
ID: 13832654
>c:\>  nslookup SERVERNAME 10.0.1.6
*** Can't find server name for address 10.0.1.6: Non-existent domain
Server:  UnKnown
Address:  10.0.1.6

DNS is not properly set up. This error means there is no PTR record for the server itself in the DNS zone
Is there a SRV record? Does this dns server point to itself as the primary DNS?
0
 
LVL 10

Author Comment

by:rj2
ID: 13833039
When I right-click on the mycompany.local zone, the server itself is listed under "Name servers".
I have SOA, WINS lookup and NS records that points to itself, but I don't see any SRV records.
I have only added A records, the rest is added automatically by Windows.

What do I need to add?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1200 total points
ID: 13833111
In the TCP/IP configuration - not the DNS configuration - the server must list itself as the primary nameserver
You need SRV records in the primary zone
and you need PTR records in the in-addr.arpa zone
 http://www.petri.co.il/active_directory_srv_records.htm
http://techrepublic.com.com/5100-10586_11-5611515.html
0
 
LVL 10

Author Comment

by:rj2
ID: 13833311
The server already have itself as primary in TCP/IP config.

What is the primary zone? I have both zones named _msdcs.mycompany.local, mycompany.local and maybe 10 others, one for each domain.

I don't have a zone in-addr.arpa. "Reverse lookup zones" is currently empty, should  in-addr.arpa be added there?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1200 total points
ID: 13835679
Another good reference on SRV records
http://support.microsoft.com/kb/241505/EN-US/

Yes, you need to add the in-addr.arpa zones before you can add the PTR records in them.
0
 

Expert Comment

by:NeotericIT
ID: 13839589
Hi rj2, wow this has been an active thread. Thanks for the ipconfig post. This is a good starting point. It looks like lrmoore has been adding some helpful information. I would disagree with his recommendation to add a Reverse lookup zone at this stage in the game. Reverse lookup zones resolve IP addresses to Servernames... I haven't seen anything that would suggest this is an issue. Reverse lookup zones rarely need to be configured.

Did you setup WINS on your network? WINS is no longer needed in a Win2003 Active Directory environment. I would try and completely get away from WINS if possible. This may be a different topic for another day though.

I noticed from your ipconfig that your local NIC is setup to use DHCP and your VPN is not. Is your DHCP server handing out these WINS servers to the clients? If your network is dependant on WINS then you need to add the WINS servers to all clients on your network; both local and vpn... The easy way to do this is configure a DHCP server to give your VPN clients the WINS information (if you have found that WINS is required on your network).....

Again there are several ways to accomplish your goal. Your solution will depend on the way your environment is currently setup, how much control you have over that, and how much work it will take to change that.

I would still like to see an ipconfig /all from a VPN connection. Also stick to the nslookup tool.

Have fun,
Bryan
0
 

Expert Comment

by:turtle19
ID: 33272151
Came across this post whilst having the same problem on SBS2008.

After much frustration, the below article solved my problem first time!

http://nicholas.piasecki.name/blog/2009/06/getting-wins-like-computer-name-resolution-over-vpn-in-sbs-2008/

Hope this helps someone else.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question