?
Solved

SBS 2003, VPN, and No Browsing

Posted on 2006-05-09
26
Medium Priority
?
891 Views
Last Modified: 2010-04-19
OK... I'm gonna apologies in advance if I seem short in this post.  I've been trying to get a resolution for this probelm and I have had no luck as of yet.  

I posted here before with the same issues, but there were 2 NIC cards in the 2003 server.  After trying and failing to get a split network working, I ended up removing the external NIC card and I'm now running on one.  I was under the impression that the problem would then go away.  It did not.  

The connection works fine, but when I try to connect to the server with say Outlook, that calles the server name to get connected, it fails.  Pinging the server name ends up giving a different IP address (64.100.x.x) than what the right IP address should be (192.168.117.7).  To add insult to injury, this is also hit & miss, meaning sometimes I ping the right address, sometimes not.  

Now I have tested with two different PCs configured the same on the VPN side.  One will ping the right address, the other will not.  DNS has been flushed, re-configured, etc... to no avail.  I'm wondering if I need a LMHOST Table.  

I may end up enabling VPN on an NT4 box I still have for other reasons, cause I am not finding a solution for this issue.  (Trust me, I've searched.)  I found something here that stated the RRAS IPs need to be seperate from the DHCP pool.  I've block address and set them up under RRAS to be used, but I'm pretty sure I had this set already before re-running the wizards.  

Thank you in advance.  

Tom
0
Comment
Question by:Tommy_Joe
  • 13
  • 8
  • 3
24 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16641523
Tommy, are you running ISA on the SBS box?
I would suggest we move this question to the SBS topic area if you are agreeable?
You may not like it but I would certainly have both NIC's in the SBS box. It is far more secure and far simpler to administrate.

let me know about ISA etc.
0
 

Author Comment

by:Tommy_Joe
ID: 16641726
It's fine if you want to move the thread.  

I don't think I'm running ISA.  Not seeing any icons or settings for it.  We do have a hardware firewall/router in the network.  
0
 

Author Comment

by:Tommy_Joe
ID: 16641819
Looks like I do not have ISA loaded on here.  Should it be?

Tom
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16641829
You may not have it but let some of the SBS guys get a chance to see this question and lets get their views.
0
 

Author Comment

by:Tommy_Joe
ID: 16642038
OK.  Thank you.
0
 

Author Comment

by:Tommy_Joe
ID: 16652324
The problem still exist.  

500 points.  Anyone want to take a crack at it?  

Tom
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16652850
Tommy, I'll get a note to the SBS Page Editor. He will hopefully be able to get you some assistance. If not, I'll tae it on myself.

regards
keith
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16653889
Tommy,

Do you still have all those IP Addresses on your NIC?  Can you please post a current IPCONFIG /ALL?

Thanks.

Jeff
TechSoEasy
0
 

Author Comment

by:Tommy_Joe
ID: 16654932
C:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER1
   Primary Dns Suffix  . . . . . . . : Trustbuilder.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : Trustbuilder.com

Ethernet adapter Internal Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0E-0C-3F-04-AC
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.117.168
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 192.168.117.167
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 192.168.117.166
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 192.168.117.7
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.117.254
   DNS Servers . . . . . . . . . . . : 192.168.117.7
   Primary WINS Server . . . . . . . : 192.168.117.7

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.117.169
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

I know, I know the extra IPs are there for the websites.  Haven't gotten to that yet.  As stated, the extra NIC was removed to no avail.  In some cases, I do ping SERVER1 to 192.168.117.7 and in some cases the SERVER1 IP ends up being 64.100.X.X.  

I have setup currently the RRAS to use a group of IPs 192.168.117.169 thru .182, but I have also tried it with DHCP enabled on RRAS as well.  

I'm pretty sure I have something wrong in the Server configuration, and I've run the wizards for ICW and RRAS.  I'm sure it's something I'm missing, but I wish I can find out what that is.  

Thank you for your time.  (Again)
Tom
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16655698
That something is all of those IP's --- Get rid of them!  Use Host Headers instead.

If you don't believe me, remove them temporarily... then rerun the CEICW and Remote Access Configuration Wizard... and see if it all works.  You normally DON'T manually configure RRAS on an SBS... so hopefully your manual configuration will be overwritten by the wizards... but I wouldn't count on that.

Jeff
TechSoEasy
0
 

Author Comment

by:Tommy_Joe
ID: 16657740
OK... Question about that.  Last weekend when I removed the external NIC I also tried to remove those IPs.  Logins were slow and they evenually re-appeared in the DNS Database.  Do I have to run a IPCONFIG /FLUSHDNS and /REGISTERDNS on all workstations, or is there a different way to get those address removed.

Thanks again.  

Tom
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16660660
Well, you certainly have to rerun the CEICW and then I would suggest that you reboot all of the workstations which will do the same as the IPCONFIG /FLUSHDNS and /REGISTERDNS.   You can reboot the machines from the server's console if you like by using the SHUTDOWN command.  See shutdown /? for info from the CMD line.

If they reappeared in DNS then you need to remove them from the DNS Server Properties.  Right click on the DNS Server to access the properties dialogue.

They may also have to be removed from Active Directory... but usually if you delete both the forward and reverse zone entries you'll be okay.  

Jeff
TechSoEasy
0
 

Author Comment

by:Tommy_Joe
ID: 16661060
OK... I'm gonna do that tonight.  Here's hoping I can put this thing to bed.

I'll let you know how it turns out.  

Tom
0
 

Author Comment

by:Tommy_Joe
ID: 16663976
OK... At least as far as I can tell, I can now Ping SERVER1 and get the right IP address.  However, if I try to ping or goto one of the websites we host, it tries to connect to the public address opposed to SERVER1's address.  This does work within the network but not through the VPN connection.  

I've only tested with one PC.  I have not tried using my laptop from home yet, which use to give me the 64.x.x.x address before.  So I'm not sure this is ready to go as of yet.  

New IPCONFIG /ALL from SERVER1
Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER1
   Primary Dns Suffix  . . . . . . . : Trustbuilder.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : Trustbuilder.com

Ethernet adapter Internal Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0E-0C-3F-04-AC
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.117.7
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.117.254
   DNS Servers . . . . . . . . . . . : 192.168.117.7
   Primary WINS Server . . . . . . . : 192.168.117.7

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.117.30
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

I've also ran the ICW and RRAS wizards.  

The websites are an issue cause one of the owners needs to be able to use FP2003 publish function to make changes.  

Thanks!  
Tom

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16664006
You need to use HOST HEADERS on your websites in order to have them work properly.  This is set up in IIS Manager.  You should have each web site configured there.

The directories where the websites sit can be most anywhere on your network.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16664014
Also, you will need to create an "A" HOST record in your DNS Forward Lookup Zone for each host header/alias you create to be able to resolve the sites within the LAN.

Your Companyweb SharePoint site is already set up this way in IIS and DNS... just copy how that is configured and you should be good to go.  You'll notice in the IIS Manager that the Companyweb site is not configured for "All IP Addresses" but rather it designates the internal IP.  The same should be true for your other sites.

Jeff
TechSoEasy
0
 

Author Comment

by:Tommy_Joe
ID: 16664193
I'll check the host headers when I get in the office tomorrow.  I do have an A Record setup for each website and there is a reverse IP record for each.  

Here's an example of my luck as of now... I got home to check things out and the T1 is dead at the office.  :rolleyes:

Tom
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 16670394
Well, you don't want the reverse IP's if you've now removed them from your NIC since the ONLY IP is now 192.168.117.7.  But that points out an error in my instructions to you... sorry, I should have told you to put an alias (CNAME) record for each site.  There should be NO A records for any of those sites which are hosted locally.

And I also just realized that you are using .com as your LOCAL Top Level Domain.  Generally it's recommended that you use .local for your LAN's domain space... but you cannot change this at this point.  So you will also need to add A HOSTNAME records for anything that must resolve beyond your local LAN within the Trustbuilder.com space (such as if you have a web server with your ISP that www.trustbuilder.com would need to resolve to).


For the sites you are hosting on your LAN, you need to ad a CNAME record that looks something like this:

companyweb      Alias (CNAME)      SERVER1.Trustbuilder.com.


If you need local users to resolve external names, then you would add an A record that looks something like this:

www      Host (A)      67.111.111.111   (or whatever the IP is of the remote server)


So, I'm sorry that I may have provided confusing instructions before... hope this now makes sense.  For an overview of DNS Naming on an SBS please see:  http://support.microsoft.com/kb/296250

Jeff
TechSoEasy
0
 

Author Comment

by:Tommy_Joe
ID: 16670676
So... .local eh?  Yet another reason to slap the consultants.  

No problem with the confusion.  (Can't screw me up any more than I already am! :-))  I'll check those out and review that article.  I'll let you know.  

Thanks again.  

Tom
0
 

Author Comment

by:Tommy_Joe
ID: 16671746
OK... This is getting interesting...

If I goto a neighboring business, with my laptop, and VPN into my network, everything's fine.  If I come home and hookup the same laptop to my network, I get the wrong IPs for SERVER1 (75.x.x.x).  Also flushdns does not work.  

Now I have not examined the other network config, but I have a DSL setup with a firewall and a server (for developement work I use to do).  It's interesting how it works in some places, but not others.  If it helps, my boss is not able to resolve the server name from his home setup either.  

How's that for weird?  

Tom
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16672075
If your home LAN's IP Subnet is the same as the office's then you are going to have problems browsing.  But now that you know it works at one location then you will be able to narrow down the issue to being most likely caused by the configurations at your home and your boss'.

Jeff
TechSoEasy
0
 

Author Comment

by:Tommy_Joe
ID: 16674848
I'm gonna close this thread out, and open a new one in Networking for the inconsistant VPN connection.  I believe the problem is fixed on the server side.  My office laptop still gives me some weird IPs but my personal PC in the house can do name resolution, but not web address.  In the other location everything worked fine.  I think I need some assistence from some Router/Firewall folks.  

Thank you Jeff for all your help.  

Tom
0
 

Author Comment

by:Tommy_Joe
ID: 16699586
Adding a footnote to this thread.  

I found the problem.  Where the VPN did work, the DNS Servers available on that configuration were piblic IP addresses.  It appears when a private IP address is used (192.168.x.x, 10.x.x.x) VPN cannot do the name resolution or find the right IP address.  

I had a private IP address on my DNS as did my boss on his home network configuration.  I changed mine to the ISP's IP address and it works fine on both my laptop and the home PC.  My boss will change his router to point the DNS to the ISPs DNS Server.  That seems to be the issue.  (Never was an issue before, but I guess it's a security thing.)

Tom
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16699693
Well, I'm not entirely sure what you are saying there... since the routers at home SHOULD have the ISP's DNS IP's, but that should pass through to your PC if you use DHCP at home as well.  You aren't running DNS privately at your home, I wouldn't think.

But glad you got it straightened out.

Jeff
TechSoEasy
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
Loops Section Overview
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question