Link to home
Start Free TrialLog in
Avatar of kialn
kialn

asked on

VPN clients can't reach server

Have 3 servers. Over the weekend oddly had to rebuilt RAID on 2 of them.  Both are file servers, both are  Windows 2000. This may have nothing to do with issue except it's the only thing that happened recently.  All went fine. We are up and running internally just fine

Today, VPN clients can ping the one file server that had RAID rebuilt (192.168.1.3) but CAN'T reach our mail server (192.168.1.4 - no changes to that machine over the weekend, that one is server 2003, AD) both run DNS.  Also can't reach other server. When they VPN in the ipconfig has a valid IP 192.168.1.229, the wrong subnet 255.255.255.255 (should be 255.255.255.0). The 2 DNS servers are 192.168.1.3 and 4 but only 3 shows up in ipconfig.

Also in the ipconfig it says DHCP enabled: NO.  Our SonicWall, (firewall and VPN device) acts as the DHCP server.  Seems like it could be the SonicWall but it looks fine, no errors. I've rebooted EVERYTHING, including the SonicWall and all  servers.  That server did have a problem over the weekend 192.168.1.3, has an error in the DNS log the day I was working on it:  EVENT 6702:

"DNS Server has updated its own host (A) records.  In order to insure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code.
 
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
 
If this DNS server's ActiveDirectory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
 
To insure proper replication:
1) Find this server's ActiveDirectory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact.  (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the ActiveDirectory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data. "

DNS looks fine to me - no other errors.  Like I said, everything is fine within our network.
Any help very appreciated.
Ki
Avatar of Rob Williams
Rob Williams
Flag of Canada image

It's not much help but 255.255.255.255 is the typical and correct subnet mask for a VPN client, even though the network to which it is connecting uses 255.255.255.0. Also it is normal for the VPN client to show "DHCP enabled: NO".
Avatar of kialn
kialn

ASKER

Ok, thanks.  That's good to know - I didn't think it was related to the VPN (but wasn't sure) but rather a DNS issue.
Does sound like DNS. Might be worth running DCDiag and NetDiag to see if they pick up any configuration errors. (note: NetDiag requires matching version for O/S, 2003 included in link, others are available from O/S install CD)
http://www.computerperformance.co.uk/w2k3/utilities/windows_dcdiag.htm
http://www.computerperformance.co.uk/w2k3/utilities/windows_netdiag.htm
ASKER CERTIFIED SOLUTION
Avatar of kialn
kialn

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial