markithomas
asked on
Can only ping by FQDN between two different domains
I have two different sites connected via an IPSec LAN to LAN VPN. I am able to browse shares, printers, terminal services etc but only by IP and FQDN. At each site there is a dns server and that resolves names for the internet and LAN resources local to each site. the DNS set up has forwarders pointing to each office DNS server, and I have added secondary zones which are copies of the others primary zones, but still I can only ping by FQDN. eg ping server1 timesout, ping server1.domain.com gets a reply.
I have trawled through other solutions all day, if there is a solution out there I can't see it and I am sure it's not too big a problem to someone!
Thanks
I have trawled through other solutions all day, if there is a solution out there I can't see it and I am sure it's not too big a problem to someone!
Thanks
Mark Pavlak
is this tunnel using software or hardware?
Try and configure Reverse lookup zones also, and see how it goes.
CHeers
CHeers
ASKER
the tunnel is a hardware tunnel
ASKER
I created reverse zone but can only create a stub zone, it won't create a secondary and still can only ping to the server.domain.com
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks, that seems to work after a quick test, is there a way to update the dns suffixes automatically with dhcp? I don't fancy changing all the machines individually. I don't fancy the idea of WINS, it seems a bit retro, like going back to NT 4 but if thats what it takes then thats what it needs.
look in the settings of the Hardware and make sure icmp is turned on.
Not with DHCP, sorry; this applies to Server 2003, but might work with XP clients as well:
New group policies for DNS in Windows Server 2003
http://support.microsoft.com/?kbid=294785
If this doesn't work for XP, here's (among other methods) a VB script that you could use in a GPO as computer(!) startup script:
How to configure a domain suffix search list on the Domain Name System clients
http://support.microsoft.com/?kbid=275553
As for WINS, if you don't use it, make sure NetBIOS over TCP/IP is disabled, as you'll have the NetBIOS name resolution broadcast traffic otherwise. If you're using Exchange, you might want to reconsider the use of WINS, though:
Exchange Server 2003 and Exchange 2000 Server require NetBIOS name resolution for full functionality
http://support.microsoft.com/?kbid=837391
New group policies for DNS in Windows Server 2003
http://support.microsoft.com/?kbid=294785
If this doesn't work for XP, here's (among other methods) a VB script that you could use in a GPO as computer(!) startup script:
How to configure a domain suffix search list on the Domain Name System clients
http://support.microsoft.com/?kbid=275553
As for WINS, if you don't use it, make sure NetBIOS over TCP/IP is disabled, as you'll have the NetBIOS name resolution broadcast traffic otherwise. If you're using Exchange, you might want to reconsider the use of WINS, though:
Exchange Server 2003 and Exchange 2000 Server require NetBIOS name resolution for full functionality
http://support.microsoft.com/?kbid=837391
split points :)