• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 491
  • Last Modified:

DNS doesn't have record for client machine

We have a windows 2003 server and domain.  We have about 40 some XP pro workstations and one remote user living in another country.  This remote users computer was originally setup in the office, and was/is a member of our windows domain.  This users connects to our office via our VPN a few times a week for short periods of time.  I am trying to push down to him our Anti Virus package which is managed by our main server.  Unfortunately, there is no name resolution for his computer, and I can't figure out where to tell my windows server to search, or probe for his computer.  He get's a local IP address when he is VPN'd in, and I can use VNC to connect to him ONLY if I connect to the IP address.  I can ping his IP address, but can't ping his computer name.  On his end, he can ping our servers, by name, as well as other computers on our network.  So, his pc can translate names to internal ip addresses, but we can't get to him with his computer name.  I use Symantec Anti Virus corporate edition, and when I try to push the client out to his computer, his computer doesn't show up in the list of available computers.  I can get the anti virus installed via other methods, so that isn't really my concern, but I would like to know how I can have my windows dns server/domain controller to be aware of his computer when he is connected to us via the VPN.  I tried doing ipconfig/registerdns on his end, but that didn't do anything.  I also told our dns server to "update server data files" but that didn't help either.  I noticed that in my DHCP server on the windows server, the ip address he had was registered to another pc on our network...that at the time was not on our network.  I am really pretty clueless how all this happens, especially when we have multiple pc's connected to hard ethernet cables, wireless connections and VPN connections.
0
jbobst
Asked:
jbobst
  • 3
  • 2
1 Solution
 
acpcCommented:
hi jbobst

I started reading your post and have one question, is your purpose to deploy Symantec antivirus or get his pc to register with dns.  

If the answer is only to get him to install symantec, then your best option is to use the web install utility in Symantec server, which w allow you to create a simple web site, which when configured has the settings required to report your your symantec server, allow the user to click a link, and the antivirus is downloaded and installed with the specific properties requried to be managed or unmanaged by your server.

Look for the webinst folder on your symantec antivirus corporate cd, find the documentation which outllines the installation steps. it is quite simple and provides a good method for remote clients to install off site. We use this as our main method of deploying offiste, to avoid any complications

If you require dns setup anyway, post back and i will be happy to read teh rest of teh post and help

Regards, Alan
0
 
jbobstAuthor Commented:
I did just have him copy the symantec files over the network, but I was more curious about why our servers and pc's can't "reach" him through name resolution...or rather, how do I tell my server about his existance on our network and create a dns record? so I can use his computer name to copy files, remote control, etc, rather than finding out what his IP address is and doing everything through IP address.
0
 
acpcCommented:
When you say he gets a internal ip address, does this exclude DMZ address.

The issue may be that he does not have enought time to declare his address. on the client machine verify these settigns - In network settings > internet properties / tcp ip > advanced > dns > register this connetion's address in DNS - checked

Or the better option is to create a static ip address reservation, then create a host a record in dns specifically linking the static ip address to the name

Hope this helps

Regards, Alan
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
Alan Huseyin KayahanCommented:
   Hi jbobst
       First of all, keep in mind that you can not apply a Software Installation policy via Computer policy to a client that connects via VPN client, because computer policy pushes itself way before login screen. So you should apply software installation policy via User Policy.
      Second is, make sure the VPN client software is set to connect before logon screen (for example "Enable start before logon" option in Cisco VPN client), so that User policy can push itself, otherwise user will logon by cashed credidentals and wont get policy.
      About the DNS registering issue, make sure "Register this connection's address in DNS" is checked as Alan mentioned in TCP/IP properties. Also make sure there is no Static IP assigned to VPN adapter, that it obtain IP from DHCP server. And in properties of DHCP server, make sure it is set to "Allow both Secure/Non secure dynamic updates". In some cases that above 2 dont work, add the domain.xxx DNS suffix to the remote computer name.

Regards
0
 
jbobstAuthor Commented:
I think my problem is this:  We have a Sonicwall 2040 firewall.  It's DHCP Server is turned off (per Sonicwall) as our Windows 2003 Server is our DHCP server.  I blocked out 20 addresses from our scope so that the Sonicwall could use them for VPN clients.  Apparently, vpn connections are not using the 20 address that I blocked out in our Windows Server, and are overlapping some of our local PC's (not sure how that happens when the DHCP server should be assigning them to available addresses).  Anyway, I have the block of 20 address setup in our Sonicwall DHCP table, but I am confused as we have to have the DHCP server on the sonicwall disabled.  I think I need to create a new thread in the Sonicwall/Firewall/VPN section.

I recall contacting Sonicwall Support (which was probably a mistake in the first place) and having them help me set this up.  I have a DHCP Server Scope setup on our Sonicwall - as a dynamic scope.  But, since the "Enable DHCP Server" is unchecked, I think it is not doing anything.
0
 
acpcCommented:
You would be correct in saying that. If the DHCP is not enabled then it will cntact your dhcp server for addresses.

The better optiona nd the most secure is to set dhcp in your dhcp server to assign using ip reservation based on mac addresses, that way you asign mac addresses tot eh client and only the ip address that you assign. No overlapping with dhcp.
The dhcp is releasing ip addresses due to teh fact that at teh time the client onnects, the lease is up on teh client mchine internally whfih had previously been assigned this address, but havento yet refreshed.

It is alwys best to configure in terms of security, so if you assign ip reservation you will ensure that teh external cleints only recieves an assiged ip address, whcih allows for monitoring conenctions, and also ensures that other out ide the company can not obtain an ip address even if they do manage to bypass your security

Just a thought

Regards, Alan
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now