UNC path / VPN question

Hello!
I have recently setup VPN (PPTP) against a Windows 2003 server and it works ok.`
The VPN server is member of the domain, with another 2003 server as DC.
But UNC paths like \\servername\sharename don't seem to work when connected to the VPN.
Sharenames like \\local_ip\sharename e.g. \\10.1.1.17\sharename do work.

How can I make UNC paths like \\servername\sharename work also through VPN?
I have tried adding the servername to the lmhosts.sam file, but it don't seem to work.
LVL 10
rj2Asked:
Who is Participating?
 
JBlondConnect With a Mentor Commented:
Try to add your internal WINS-Server manually to the VPN connection or configure the DHCP server on the other side to deploy the WINS-server adress on VPN connections.

Another possibility is to configure the DNS server to integrate WINS:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/19w2kadc.mspx - Managing DNS Server Configuration and Security
Search for 'Integrating WINS with DNS'
0
 
lrmooreConnect With a Mentor Commented:
Don't use the lmhosts.sam file..
How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/support/kb/articles/Q180/0/94.ASP 

Pay particular attention to the space requirements between the quotation marks, the fact that the file cannot have any extension (.txt, .sam)..
0
 
rj2Author Commented:
Ok, any ideas on why the UNC path don't work though the VPN?
It should work, shouldn't it?
Is there something I can do to make it work without an LMHOSTS file?

I tried adding LMHOSTS like shown in the link, but it did not seem to help.
When using 2003 server as DC the names look like servername.domain.local
Only the servername should be used in the LMHOSTS file, not servername.domain.local?

0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
rj2Author Commented:
It did work with the LMHOST file, sorry ;-) I was a bit too quick when testing it.

But it would be even better if I could make it work without the LMHOST file, is that possible?
0
 
lrmooreConnect With a Mentor Commented:
Maybe this will help

How to troubleshoot DNS name resolution on the Internet in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;816567
0
 
rj2Author Commented:
ok, I will check it out.
The DNS seems to be working ok when directly connect to the LAN though, UNC paths work fine then.
The problem with UNC paths only occurs when connecting externally through the VPN.
0
 
rj2Author Commented:
That's weird, isn't it? When all other packages go though the VPN without any problems, what is different with the name resolution when using UNC paths?
0
 
lrmooreConnect With a Mentor Commented:
Here's another article that might help
http://www.tacteam.net/isaserverorg/vpnkitbeta2/dnsvpn.htm
0
 
NeotericITCommented:
rj2, what is the IP information on your network? Do an ipconfig /all from a machine NOT connected to the VPN, then do an ipconfig /all on the machine connected to the VPN. This would be a good starting point.

Your DNS server is not configured correctly, or your client is pointing to the wrong DNS resolver.

To answer your earlier lmhost question; yes "servername" not "servername.namespace.com" should reside in a lmhost file. The "servername.namespace.com" names are supposed to go in the hosts file. But you should be able to configure AD DNS to do all the name resolutions.
0
 
rj2Author Commented:
DNS config is the same for VPN connection and direct connection.

We have two gateways from the network. The default gateway assigned from DHCP is the main gateway. The VPN server use the other gateway.

I will check the DHCP and DNS config. The info under "VPN clients cannot resolve unqualified names" in the link from lrmoore sounds promising. Could it be that clients use broadcast for resolving UNC path names when directly connected, but that this don't work for VPN clients?

I currently have only "003 router" and "006 DNS servers" under scope options for DHCP. Should there be more options here?
For DNS I have some forwarding zones so that requests to the webserver is resolved internally for clients on the LAN, we use NAT.
0
 
JBlondCommented:
I suppose you have to activate 'NetBIOS over TCP/IP' as the UNC paths are using the NetBIOS-name of the server. There's is an option for this in every network connection in windows. You haven't described how you estabish the VPN connection. If a router does establish the connection for you, there should be the same option somewhere in the router config.
0
 
rj2Author Commented:
I establish VPN connection with Windows XP VPN client (Start, Connect to, ...)
Looks like "NetBIOS over TCP/IP" is activated by default, I have not turned it off.
0
 
NeotericITConnect With a Mentor Commented:
rj2, I would still like to see the info from an ipconfig /all from pc not on vpn and from a pc that is connected to the vpn....

Dude, clients use whatever you tell them to use. If your using a 2003 server then you should be using Active Directory DNS to resolve both long and short computer names. Both the vpn and network clients will query the dns server listed in their TCP/IP settings. Before you even attempt to map drives to server names start of with nslookup "servername" to see if the DNS is right. Then try some ping "servername" to make sure u get a response. If while connected to the VPN you can not resolve nslookup "servername" then you won't be able to map to names.
0
 
rj2Author Commented:
Ipconfig /ALL when not connected to VPN (directly on LAN)

Windows IP Configuration

        Host Name . . . . . . . . . . . . : mylaptop
        Primary Dns Suffix  . . . . . . . : mycompany.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : mycompany.local

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Dell Wireless 1450 Dual Band WLAN Mini-PCI Card
        Physical Address. . . . . . . . . : 00-11-22-33-44-55
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.0.1.205
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.1.1
        DHCP Server . . . . . . . . . . . : 10.0.1.6
        DNS Servers . . . . . . . . . . . : 10.0.1.6
                                            194.1.2.3
                                            194.2.3.4
        Primary WINS Server . . . . . . . : 10.0.1.6
        Lease Obtained. . . . . . . . . . : 21. april 2005 08:33:11
        Lease Expires . . . . . . . . . . : 1. mai 2005 11:33:11

ipconfig /ALL for VPN connection:
PPP adapter Mycompany VPN:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-11-22-33-44-55
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.1.188
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 10.0.1.188
        DNS Servers . . . . . . . . . . . : 10.0.1.6
                                            194.1.2.3

There probably is a DNS or DHCP problem here, I'm trying to find out exactly what that problem is and how to fix it.
10.0.1.6 is my local DNS server

c:\>  nslookup SERVERNAME 10.0.1.6
*** Can't find server name for address 10.0.1.6: Non-existent domain
Server:  UnKnown
Address:  10.0.1.6

Name:    SERVERNAME.mycompany.local
Address:  10.0.1.6
0
 
rj2Author Commented:
The nslookup command above is when connected to LAN. I will try the same command from home when connected to VPN when I get home.
0
 
rj2Author Commented:
Adding WINS to the DHCP server does not seem to help.
Adding the WINS server to the VPN connection manually worked, it fixed the problem.
But the ideal fix for me to the problem would be on the server, then I don't have to help everybody add WINS manually on the VPN connection on their clients :-)
I will try to integrate WINS with DNS for the mycompany.local domain as described in the link.
0
 
lrmooreConnect With a Mentor Commented:
>c:\>  nslookup SERVERNAME 10.0.1.6
*** Can't find server name for address 10.0.1.6: Non-existent domain
Server:  UnKnown
Address:  10.0.1.6

DNS is not properly set up. This error means there is no PTR record for the server itself in the DNS zone
Is there a SRV record? Does this dns server point to itself as the primary DNS?
0
 
rj2Author Commented:
When I right-click on the mycompany.local zone, the server itself is listed under "Name servers".
I have SOA, WINS lookup and NS records that points to itself, but I don't see any SRV records.
I have only added A records, the rest is added automatically by Windows.

What do I need to add?
0
 
lrmooreConnect With a Mentor Commented:
In the TCP/IP configuration - not the DNS configuration - the server must list itself as the primary nameserver
You need SRV records in the primary zone
and you need PTR records in the in-addr.arpa zone
 http://www.petri.co.il/active_directory_srv_records.htm
http://techrepublic.com.com/5100-10586_11-5611515.html
0
 
rj2Author Commented:
The server already have itself as primary in TCP/IP config.

What is the primary zone? I have both zones named _msdcs.mycompany.local, mycompany.local and maybe 10 others, one for each domain.

I don't have a zone in-addr.arpa. "Reverse lookup zones" is currently empty, should  in-addr.arpa be added there?
0
 
lrmooreConnect With a Mentor Commented:
Another good reference on SRV records
http://support.microsoft.com/kb/241505/EN-US/

Yes, you need to add the in-addr.arpa zones before you can add the PTR records in them.
0
 
NeotericITCommented:
Hi rj2, wow this has been an active thread. Thanks for the ipconfig post. This is a good starting point. It looks like lrmoore has been adding some helpful information. I would disagree with his recommendation to add a Reverse lookup zone at this stage in the game. Reverse lookup zones resolve IP addresses to Servernames... I haven't seen anything that would suggest this is an issue. Reverse lookup zones rarely need to be configured.

Did you setup WINS on your network? WINS is no longer needed in a Win2003 Active Directory environment. I would try and completely get away from WINS if possible. This may be a different topic for another day though.

I noticed from your ipconfig that your local NIC is setup to use DHCP and your VPN is not. Is your DHCP server handing out these WINS servers to the clients? If your network is dependant on WINS then you need to add the WINS servers to all clients on your network; both local and vpn... The easy way to do this is configure a DHCP server to give your VPN clients the WINS information (if you have found that WINS is required on your network).....

Again there are several ways to accomplish your goal. Your solution will depend on the way your environment is currently setup, how much control you have over that, and how much work it will take to change that.

I would still like to see an ipconfig /all from a VPN connection. Also stick to the nslookup tool.

Have fun,
Bryan
0
 
turtle19Commented:
Came across this post whilst having the same problem on SBS2008.

After much frustration, the below article solved my problem first time!

http://nicholas.piasecki.name/blog/2009/06/getting-wins-like-computer-name-resolution-over-vpn-in-sbs-2008/

Hope this helps someone else.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.