?
Solved

Name resolution in VPN connection

Posted on 2006-04-07
9
Medium Priority
?
379 Views
Last Modified: 2010-03-19
I am having an issue with name resolution while connected through a vpn. I have remote sites that connect to a main office through MS VPN connections. They connect to one of two boxes. One is a Windows 2k server and one is a Windows 2k SBS server. I think this is a name resolution issue because after connecting I can sometimes ping FQDN of various servers and sometimes I can not. I assign IP addresses via DHCP and also assign a DNS server and WINS server at time of connection. The DNS and WINS server assigned are the internal IP addresses of the SBS box (which, by default, is the PDC). This issue seems to happen more on Windows 2K box connections, but does happen sometimes on the SBS box as well. And what happens alot is when I initially connect I get name resolution, but then it fails after just a couple of minutes. I am not even able to ping the server that the vpn connection is made to.

0
Comment
Question by:budmanlud
  • 5
  • 4
9 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16401364
Name resolution over VPN's is a common problem as NetBIOS names are not normally broadcast over a VPN. I am surprised adding the WINS server IP has not resolved for you. Have a look at the list below concerning name resolution workarounds.
You should be able to connect and ping consistently using the IP of the remote device. If this is not the case you may have other issues. Dropped connections are often due to, too high an MTU (Maximum Transmission Unit) packet size. The following sites outline the problem, how to test and adjust. If you decide to make changes, the MTU should be changed on the connecting PC and it's local router:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnslow.htm
http://help.expedient.net/broadband/mtu.shtml

NetBIOS name workarounds:
1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfd_lmh_QXQQ.asp
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]


0
 

Author Comment

by:budmanlud
ID: 16416681
I am using a hosts file on the client machines that points to various servers on our office network. In the client offices, no servers exist. So should I add the WINS server IP address to the network cards/vpn connections on the client machine of the WINS server in our main office? I will test the MTU settings idea. The thing is, I am showing that I am still attached through the vpn but lose all name resolution.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16420071
>>"I am using a hosts file on the client machines that points to various servers on our office network."
Hosts file will work although technically you should be using the LMHosts file.
You might want to verify your Hosts/LMHosts file entries are functioning. At a command prompt enter
  nbtstat  -R
to purge and reload the local name cache
then enter
  nbtstat  -c
to display the current name cache which should include your LMHosts file entries.
Note; the nbtstat "switches" R & c are case sensitive.

>>"So should I add the WINS server IP address to the network cards/vpn connections"
Assuming you are using the built in Windows VPN, add the WINS server IP address to the DHCP scope, under DHCP scope option #044  You should also add your SBS, the DNS server to option #006 and the domain name, such as MyDomain.local to option #015. This will automatically assign the necessary parameters to your VPN clients, assuming you are assigning IP's with DHCP (the default option).  Keep in mind WINS is only useful if you have enabled the WINS service on your server.
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 

Author Comment

by:budmanlud
ID: 16421809
After doing the first nbtstat command you suggested, I get no names in cache when I do the second (nbtstat -c). My file is hosts and is in the windows\system32\drivers\etc directory. Does this mean it is not working? And if so, what should I do to fix this?
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 16422302
Sounds like it is not working. There are a few oddities about those files. First I would recommend removing your entries from the Hosts file and using the LMHosts file in the same folder. The Hosts file is intended for DNS names such as  abc.domain.com  where as LMHosts id for NetBIOS names such as your computer names. Make note of these requirements:
-The LMHosts file, if it has not been used, has a .sam extension (sample). When you save it, save without an extension. To be sure of this save with quotations...   "lmhosts"
-Using the PRE option as per the instructions in the file pre loads the names for faster resolution. If you choose to use this option PRE must be capitalized
-you must hit the return key after entering a line, before saving (very important)
-and #'s are comment lines

Then again test by running:
  nbtstat  -R
to purge and reload the local name cache
then enter
  nbtstat  -c
to display the current name cache which should include your LMHosts file entries.
Note; the nbtstat "switches" R & c are case sensitive.
0
 

Author Comment

by:budmanlud
ID: 16435950
I changed the MTU and redid the LMHosts file. The nbtstat -c does come back with my lmhosts file. But I am still having problems. I am thinking that there must be something else that is causing either packets to drop or some other networking issue. I am awarding you the points since you showed me some new stuff.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16436070
Thanks budmanlud.

MTU can definitely cause some dropped connections, though it shouldn't affect name resolution, unless not connected of course. Following links may be of some help explaining the problem, how to test, and how to change. Keep in mind should be set on the client machine and on their local router. PPTP VPNs need to be set to 1430 or lower if setting it manually.

http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnslow.htm
http://help.expedient.net/broadband/mtu.shtml

Good luck,
--Rob
0
 

Author Comment

by:budmanlud
ID: 16436422
Microsoft says that by default VPN connections are at 1400 MTU. And by following the directions, that is what the optimal setting is on the client machines. And there never seems to be a dropped connections from the machine vpn'd into. Just lose Exchange connections and shared folder connections. Could this be server rather than client related?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16436624
>>"Microsoft says that by default VPN connections are at 1400 MTU. "
Actually MS default is 1500
Recommended for PPPoE connections 1492
Recommended PPTP VPN connections 1430
Lower is fine.
However in most cases Windows and the router automatically adjusts quite satisfactorily.
Here is a list if interested:
http://kbserver.netgear.com/kb_web_files/n100603.asp

>>"Could this be server rather than client related?"
Hard to say, but I would think if it was server related some local/LAN users would loose their connection.

Do you have a keep alive option on your router. Try enabling that, especially if a PPPoE connection.
I have a client with SBC in the US that after considerable testing we discovered she looses her connection for 2-120 seconds up to 10 times a day. So on occasion it can be ISP related.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question