Solved

Windows Vista computer connects to VPN but DNS doesn't work?

Posted on 2008-10-17
14
1,083 Views
Last Modified: 2012-05-05
Hello,
My company has a small office and has a couple of employees that are moving offsite.
The office building they are moving into has given us 3 public ip addresses that are fully routable, and each machine is connected successfully via windows-based VPN.
The problem relates as I see it perhaps to VPN.

Each machine recieves an ip address from the RAS server, when I check the ipconfig of each machine, but the Vista machines cannot ping machines using DNS friendly local names.

I might end up resorting to editing an LMHOST file, but I really would prefer to get this to work correctly and understand it.  

One problem that could be causing problems, is the stupid network conenction wizards.  When I mouse over the familiar icon of two comptuers in the right hand corner, there is an X over it as if there is something disconnected.  I am connected to the internet fine, but it says no connections found.  When I go through the wizard to connect to the internet, the only options are Dial-up and Broadband PPPoE that requires username/password.  Obviously the comptuer is connected to the internet, but I cannot specify  "Connection that is always on" or anything to that extent.   The result is when I click Start on the Vista machine and go to Connect, it says no networks are found, even though there is a local area network connection and also a functioning VPN connection.  I hate Vista.

Please help
Ryan
0
Comment
Question by:opl3sa
  • 8
  • 5
14 Comments
 
LVL 1

Expert Comment

by:ozoid
ID: 22747318
Hi - Your RAS server should be giving out an IP address for the computer connecting through VPN - this should also be giving out your DNS Server settings. If you want to manually enter Host Names then the Hosts file would be better than the LMHosts file Vista would look in the Hosts file before the LMHosts file. I agree somewhat that Vista is overly annoying when trying to do simple tasks like setup a VPN or standard network adapter.
For new VPN connections use the Control Panel - Network and Sharing Center - Setup a Network or Connection - Connect to a Workplace.
Bear in mind that normally when connected to a VPN - all your network traffic will go across the VPN.
Send in your settings (IPConfig etc) if you want any specific help
0
 

Author Comment

by:opl3sa
ID: 22748292
Yes the DHCP server on the RAS server gives an ip address with DNS servers.  It gives the two DNS servers that are being used locally, 192.168.168.168 (the router) and 192.168.168.249 (the SBS server).  They work fine on the XP box, doesn't work on the Vista machine...

I'm not at the computer, but if I gave you an ipconfig it would look normal, with a public ip address bound to the ethernet adapter and a local 192.168.168.x address and DNS servers relating to the local network.

XP works, Vista doesn't.  I was hoping to get a "oh vista sucks here's what you gotta do" response, but I guess vista sucks so bad no one knows what the problem is

Ryan

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22748540
I disagree with the "Vista sucks" comments :-)
 I frequently use the Windows VPN client with Vista, without issue.

I am not sure why you would have no problem with XP but issues with Vista. Might you be using different security software? Some anti-virus software and many "security suites" will block VPN traffic.

Is the basic VPN client working on the Vista machines? You mention; "Vista machines cannot ping machines using DNS friendly local names" but can you ping an IP on the RRAS site? (preferably other than the RRAS server.

It it is all machines at one site, are you aware the local subnet must be different that the site to which you are connecting? For example if the RRAS server site uses 192.168.1.x locally, the site from which you are connecting must use something different or the packets cannot be routed over the VPN. All network segments (subnets) must be different within the path.

If you can ping an IP but not a FQDN try adding your corporate DNS suffix, such as MyDomain.abc to the advanced TCP/IP IPv4 advance properties under the DNS tab of the PPP/VPN adapter on the client machine.
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx

If there is any need to review the Vista VPN client configuration have a look at the following:
http://www.onecomputerguy.com/networking/vista_vpn_client.htm
0
 

Author Comment

by:opl3sa
ID: 22749539
Yes these are all good suggestions.
Trend Micro Internet Security is installed on the system, but for the purposes of these tests, it has been completely shut down.  
When I say "Vista Machines cannot ping machines using friend DNS local names" that's exactly what I mean.  They can ping ip addresses, including the RAS server itself, as well as other computers on the other end fine. It's just DNS that won't work pretty much.  However that affects outlook.  If I try to edit the mail profile to connect to the exchange server via ip address, it turns it into steinhauser1.steinhauser.local, and then can't connect to it.

Here's an update though, I have Vista machine here that can, and I have a Vista machine that can't.
The Vista machine that can, when I click on Start- > Connect it says "You are currently connected to local area network". And then I can choose the VPN connection I want to connect to, and it works.

On the vista machines that can't, when I click Start-> Connect it says "You are not currently connected to any network" even though i am on a local area network and can access the internet fine.

I firmly believe that the problem lies in this fact, not any other

Ryan
0
 

Author Comment

by:opl3sa
ID: 22749547
Ooops you also suggested these ip addresses are on different network ID's
Yes they are
One network is 192.168.168.x
The other computer's ip address is public.  If you  must know its:
216.39.229.44
255.255.255.224
216.39.229.33

DNS1 12.127.16.68
DNS2 12.127.17.72

That public ip address as well as .45 and .46 work and work well.  Fully routable.  I'm not even using NAT here.

Thanks in Advance
Ryan
0
 

Author Comment

by:opl3sa
ID: 22750357
So no one else has any ideas about this one?
You have no idea how bad I will hate Windows Vista if I can't figure this out and end up rebuilding the machine back to Windows XP

I will create 3 or 4 websites dedicated to bashing Windows Vista
I will be a crusader against this unruly operating system

Ryan
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22750809
>> "I will create 3 or 4 websites dedicated to bashing Windows Vista
I will be a crusader against this unruly operating system"
If that is a threat, you are aware none of us work for Microsoft?  :-)   Feel free.
I do admit, though Vista generally works well, there are compatibility issues, and definitely lots of differences, especially relating to networking.

I can see different reasons why you might not be assigned appropriate DNS information but if it works from 1 machine it would tend to indicate the server is properly configured. There are also several issues that can cause problems with the VPN, including Trend Micro, even when disabled, but if that were the case it would affect more than DNS.

I don't have any other suggestions at this point but if you can "hang in" it is pretty quiet here on the weekends. You may get some fresh ideas the first of the week.

Out of curiosity might this be a Dell PC/Laptop, and might it be a wireless connection?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:opl3sa
ID: 22751068
Haha I know I just don't understand why Microsoft would put out a product that would upset IT people, when they count on those IT people to suggest clients operating systems.  People are staying away from Vista for good reason, and Microsoft is forcing the operating system down our throat by not allowing me to buy XP pro OEM keys since earlier this summer, even though we are Microsoft OEM system builders.

Ryan
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 22751096
I really don't mean to start an argument, but I don't know that IT people are staying away from Vista. It is being deployed by the thousands, and most It folk I know really don't pay attention to the negative press. For some reason Vista has received a very bad rap. There are a lot of issues with drivers, hardware, and software compatibility, but technically that is an issue with the vendors of the 3rd party equipment that refuse to release updated drivers.
Sorry if I am preaching, but it is more that I am surprised, as I find all Vista installations we have done have been virtually seamless. We have had more issues with IE7 compatibility (granted included with Vista) than Vista itself.
As mentioned, please don't take this as criticism of your comments, but just observations from my point of view. You certainly are not alone in your thoughts.

I thought Microsoft extended XP sales to system builders until June 2009? Although I don't have a problem with Vista, I agree you should have the option of buying XP. I am sure you have many clients that are not ready to make the jump due to reasons like legacy software compatibility. Many of the systems we have done over the last 6 months are HP's with Vista and XP downgrade rights. A nice combination offering them both options, but based on your comments we may not be able to get those much longer. Too bad, as it's the best of both worlds.

As above: might your problematic PC, be a Dell PC/Laptop, and might it be a wireless connection? I am not sure why, but Dell wireless units seem to get the "You are not currently connected to any network" message more often.
0
 

Author Comment

by:opl3sa
ID: 22751129
They are IBM/Lenovo desktop PC's pre-installed with Vista Business
I was chasing the problem down in several of these posts.  It's related to one of the services in Vista, a network location service.  The service can't start, so windows doesn't realize it's connected to any networks.

I found about 10-15 posts, and they all either were unresolved, people accepted a solution that was just a question, or the accepted solution was to rebuild the computer.  One person had success with a sfc /scannow, but I've never had success with that utility and it probably wouldn't do anything.

Ryan
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22752894
I wonder if the NLA (Network Location Awareness) problem is a result of the root problem rather than the problem itself. The fact that you cannot start it definitely indicates a problem, but I just stopped it on one Vsta PC and made a successful VPN connection. However, it restarted the service so I assumed it was necessary. I then totally disabled NLA and then still had no problems making a VPN connection, accessing files, or getting the correct IP.

Perhaps check the NLA dependent services in the services management console and see if one of those may not be started or set to disabled. They might also be affecting other network issues such as you are experiencing.

The only time I have had problems starting NLA was with a Symantec Security suite installed on a PC, so it is possible there is a conflict.

I agree with you on SFC, though the concept is great I have never found it resolved anything.
0
 

Author Comment

by:opl3sa
ID: 22753008
There is one service dependant on the Nlasvc, and it cannot start either.
One thing I know is that network Magic was installed on this computer at some point.
This is not a pristine computer.
I have a working Vista machine sitting right beside it, so I have to assume something is wrong with some operating system files.  Maybe the SFC will work, but when I tried it it requires to be in console mode.  Since this company uses roaming profiles, I'm just going to rebuild it completely using the restoration partition and see where we get.

Thanks for all your help.
0
 

Author Closing Comment

by:opl3sa
ID: 31507373
You have responded to many of my posts, thanks a lot for your help.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22753040
I could see something like 'network Magic' affecting the connection, but funny that it only seems to affect DNS.
Sorry we haven't been able to be more help. Let us know how you make out. I assume the rebuild will resolve, but curious to hear.
--Rob
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

So who is this article for? If you are like most of the computer users out there, you probably only realize the meaning of 'System maintenance' after something goes wrong. This article is for you if you care about keeping your system working opti…
I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now