Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

VPN User Unable to Access Shares via Server Name, But Can Via IP Address

Hello everyone, new user here :)

I'm an admin for a small business and lately have been scratching my head at two things...

First off, we use Windows Small Business Server 2003 Standard Edition.
We have VPN setup and it works otherwise perfectly fine, no infrastructure issues, etc (well I could use a new server but thats besides the point :) ).

But on to the issues..

# 1 -A user who works primarily from home now, used to have their notebook setup being joined to our domain, we'll call it contoso.local  .  Over the weekend, they experienced issues connecting to his home workgroup and changed the comp settings back to a workgroup.  Now when connecting to work via VPN, though it lets him in and all, he can't access shares on the network that he has privs too via server name...e.g. \\sbs\data .  Instead it tells him he doesn't have the privs, but then if I go and access it via IP address directly, e.g. \\192.168.x.x\data it lets him in without any issues!  Mind boggling!  
I've tried including and exlcuding the domain when having him login to vpn but I'm scratching my head on this one!  Gateway use on the server end is enabled for this user btw.

# 2 - Sometimes when users connect via VPN (in this case gateway use is disabled on the server end), they cannot resolve server names, but can access those servers via IP address. I've had then flush and register their DNS, etc but nothing seems to help...what would cause this?

Thanks for any tips and help you can give!
0
MilleniumFalcon
Asked:
MilleniumFalcon
  • 48
  • 14
  • 13
  • +3
2 Solutions
 
miqrogrooveCommented:
It sounds like client computer isn't configured to use the remote WINS server.  You'll need a good understanding of the name resolution process, which is typically to query the Computer Browser service, and fail over to DNS.  If the client is configured to use local or broadband name servers, then you wont get the VPN names to resolve in any case.
0
 
butor69Commented:
the problem seems to be a WINS problem they don't receive the wins server when connecting by VPN.

DFo you use WINS in your LAN, is it correctly configured (in the DHCP option)

Is your DNS config also correct (DNS server must be yourSBS server

Regards
0
 
MilleniumFalconAuthor Commented:
DNS is set correctly, but as far as DHCP what should I be looking at specifically?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
MilleniumFalconAuthor Commented:
Also I'm more interested in issue # 1 at this point :) # 2 can wait :)
0
 
miqrogrooveCommented:
Here are some tips from the web, your milage may vary:

Like WINS, the client must be assigned the DNS server IP address. This can be done manually on the client, or assigned through DHCP by the RRAS server. Once again if using DHCP, the RRAS server will not supply the DNS address from the DHCP scope options. The DNS server IP must be assigned to the RRAS server's network adapter, and it will then be inherited by the VPN client when it connects.
On the VPN client's network adapter, under TCP/IP properties, advanced, DNS, you also need to add the domain DNS suffix, such as MyDomain.local in the "DNS suffix for this connection" box.
0
 
miqrogrooveCommented:
0
 
MilleniumFalconAuthor Commented:
Thanks :thumbsup: that will take care of issue # 2, but what about # 1?
0
 
miqrogrooveCommented:
Issue #1 is more than likely being caused by issue #2.  I wouldn't attempt troubleshooting both at the same time.  ;)
0
 
miqrogrooveCommented:
Also FYI, the client could have different credentials saved based on the two paths.  The best way to confirm this is to ask the user to browse to the Desktop in an explorer window, right click on My Computer, select Map Network Drive, and specifically click where it says "Connect using a different user name".
0
 
MilleniumFalconAuthor Commented:
Hmm, I can confirm off hand that the credentials are identical, so I know that shouldn't be the issue.  I'll have to read into the other items later and give 'em a try.
0
 
miqrogrooveCommented:
> I can confirm off hand

There is really no way to confirm that 'off hand' ;)  If there is a name resolution problem and the client isn't joining the domain, then for all we know the client is transmitting "guest"/"" as the credential set based on its local GPO settings.
0
 
butor69Commented:
when on the laptop conencted with vpn you run nslookup and type the server name, do you receive the correct IP address?

what are the result of ping Netbios_name, ping IP address?

0
 
MilleniumFalconAuthor Commented:
Confirming off hand, meaning I checked that out already.

As I said before I can map and connect via IP address of the server, but NOT the server name.
0
 
MilleniumFalconAuthor Commented:
@butor69, I'll have to check that later.
0
 
miqrogrooveCommented:
You'll have to at least confirm that the server name and server FQDN are causing the same problem, to eliminate WINS issues as the cause.  If we can narrow it down to a DNS resolution problem we might kill two birds with one stone.
0
 
MilleniumFalconAuthor Commented:
Ok, so just to confirm the attack plan here for after hours (hard to do much during the day, especially when it comes to 'adjusting' things ;) )....

1. Re-confirm that the right credentials are being given by trying to map a network drive and try with the correct username and password.  Might  as well give it a try again, can't hurt!!

2 - On same workstation, when connected via VPN, run nslookup <servername>, record IP address.

3 - On same workstation ping Netbios_name, ping IP address

4 - On the VPN client's network adapter, under TCP/IP properties, advanced, DNS,  add the domain DNS suffix, such as MyDomain.local in the "DNS suffix for this connection" box.
0
 
MilleniumFalconAuthor Commented:
Also, decided to poke around the R&RA settings...

Currently, things are set up as a Remote Access Server, with Windows Authentication for all around security, IP routing enabled, Allow IP based remote access and demand dial connections is enabled, using a static addy pool of 31 addresses, and broadcast name resolution is also enabled.

 RAS is also able to select the adapter.  

All PPP options are enabled.

How can I verify that the DNS server IP *is* assigned to the RRAS server's network adapter, I mean I'm assuming it is considering both NICS in the server are static and all of the DNS info is pre-populated.
0
 
miqrogrooveCommented:
Step 4 first, then step 2.  Then run nslookup against the FQDN.  If you are not getting expected results then run ipconfig /all

I would move on to netbios, wins, and file sharing issues after DNS is working fully as expected.
0
 
MilleniumFalconAuthor Commented:
Hi again.

Doing some work remotely here from my own workstation just yeilded some oddball results..at least for the NS lookup...

I applied step # 4 above first, and then left the VPN connection default (using the gateway via vpn, etc).

Here is what I got for the nslookup on the server... (does this for the others too..)  We do have a primary and secondary DNS server as well.


c:\Program Files\Microsoft Visual Studio 9.0\VC>nslookup <servername>
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.x.x

Name:    <servername>.contoso.local
Address:  192.168.x.x


c:\Program Files\Microsoft Visual Studio 9.0\VC>
0
 
miqrogrooveCommented:
That means nslookup connected to a DNS server with missing PTR records.
0
 
butor69Commented:
no reverse zone for 192.168.x.x
0
 
dcsdaveCommented:
I used to have the same issues and used the following tool to create a VPN disk and it works every time.
http://technet.microsoft.com/en-us/library/cc739464.aspx
0
 
MilleniumFalconAuthor Commented:

C:\Documents and Settings\user>nslookup server
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.x.x

*** UnKnown can't find server: Server failed

C:\Documents and Settings\user>
--
ping test works fine!!!


C:\Documents and Settings\user>ping server

Pinging server.contoso.local [192.168.x.x] with 32 bytes of data:

Reply from 192.168.x.x: bytes=32 time<1ms TTL=128
Reply from 192.168.x.x: bytes=32 time<1ms TTL=128
Reply from 192.168.x.x: bytes=32 time<1ms TTL=128
Reply from 192.168.x.x: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.x.x:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\user>
---
After an ipconfig /registerdns was run after the above two tests...look what happend!


C:\Documents and Settings\user>nslookup server
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.x.x

Name:    server.contoso.local
Address:  192.168.x.x


C:\Documents and Settings\user>
-------

Now, when trying to access \\server\ I get a message indicating server is not accessible, etc etc.
Trying via IP address now doesn't work either.

This morning, the shortcuts I had created for the user using the IP addresses of the servers stopped working and would only let him in via direct server name! A few minutes after that, it stopped working and now i can't get to the main server...this is all so strange!

Now, mapping a folder to the network with the users credentials on the main server won't work either!
0
 
MilleniumFalconAuthor Commented:
Ok, I went back into DNS and noted that in the reverse zone there were no pointers to the servers...which was odd.

We did have a bit of a crash where group policies were eatten, DNS and DHCP reset itself to default, and even VPN reset to default...so we rebuilt everything again but maybe forgot a few things.

Anyhow, I put in the PTR records for our three servers and for each of their nics (dual nics in each) so hopefully that will solve the missing PTR issue.
0
 
MilleniumFalconAuthor Commented:
And actually, there we go.

When I ran an nslookup on our mains erver, I got no issues!
0
 
butor69Commented:
2 Nics? so Netbios on the two NICS or do you use failover?
0
 
MilleniumFalconAuthor Commented:
The only failover is from the primary server to the secondary server with DNS should I have to reboot it or shut it down, etc.

Beyond that, the NICS are used to sorta seperate traffic and add in an extra place where I can move traffic in an out of (especially for backups).  
0
 
MilleniumFalconAuthor Commented:
Ok, so while nslookup servername works internally, it still doesn't seem to work when connected via VPN from outside, even when including the domain.local in the VPN settings and such.

What's my next step in the diagnostic process?
0
 
dcsdaveCommented:
You might try adding a hosts entry on the remote PC.  C:\Windows\System32\Drivers\etc\  Open with notepad.  Enter the IP address right below the last entry then hit "Tab" then enter the "Server Name"
Save and exit.  A couple times I had Spybot running on the PC and I couldn't save the Hosts file back to the original location so  I just copied it to the desktop changed the entry and copied it back and that worked.

Hope that helps.
0
 
butor69Commented:
when the notebook is connected with vpn, does it receive the right DNS entries?

If no, then your VPN server is not right configured.
If you have the right DNS server (the internal ones) and that nslookup doesn't work , can you ping the ip address  of the DNS server?
there is maybe a filtering on the IP (firewall, ...)
0
 
MilleniumFalconAuthor Commented:
DNS settings appear to be correct, however I'd still like to double check things on this end while I'm here and doing maintenance on the servers tonight.

As I'm still new to the Routing and Remote Access scene (practice makes perfect!), what settings specifically am I looking for?
0
 
MilleniumFalconAuthor Commented:
Hello everyone.

NSlookup, again, is still failing exeternally when connected via VPN.
Internally it's working great again.

Can someone please point me to where I should be looking next, under what options, settings, etc, to rectify this?

The issue is still apparent and annoying, and I'd like to get it fixed once and for all!

Thanks!
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
I have a few questions so I can get an idea of the issues...

1) What SBS server configuration are you using -- one NIC, two NIC, ISA, etc?
2) Do you have NetBIOS enabled on the NICs?
3) What kind of PCs are accessing the SBS server -- XP and/or Vista?
4) What VPN solution is in place -- a gateway-to-gateway tunnel or are you using SBS' VPN Server and allowing client VPNs sessions?
5) If using a VPN client, which VPN client are your external users using?
6) Are you using a hardware router? If so, what ports do you have opened/forwarded on your router?
0
 
MilleniumFalconAuthor Commented:
1) What SBS server configuration are you using -- two nics, no ISA

2) Do you have NetBIOS enabled on the NICs? - Yes.  NEtbios settings are set to default for both NICS.

3) What kind of PCs are accessing the SBS server -- XP and/or Vista? - Primarily XP, a few Vista

4) What VPN solution is in place -- a gateway-to-gateway tunnel or are you using SBS' VPN Server and allowing client VPNs sessions? - SBS's VPN server (Routing and Remote Access)

5) If using a VPN client, which VPN client are your external users using? - Window's VPN client on all accounts

6) Are you using a hardware router? If so, what ports do you have opened/forwarded on your router?
Yes, our primary connection to the world is a Linksys router.  Firewall, SPI,DoS,Block WAN Request,MRemote Management, Multicast Passthrough all enabled

MTU is auto.

For the VPN, PPTP is allowed as a passthrough.
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Even though you have PPTP passthrough enabled, you need to read over this article/blog for additional ports that are required when VPN is concerned.

http://msmvps.com/blogs/bradley/archive/2005/01/21/33537.aspx

---

Also, have you applied the Vista & Outlook 2007 Update to the SBS server as well?

Windows Small Business Server 2003: Windows Vista and Outlook 2007 compatibility update
http://support.microsoft.com/kb/926505
0
 
MilleniumFalconAuthor Commented:
Hi there.

Other ports are enabled, for OWA access via https (443), along with SMTP and IMAP, but why would I need to enable anything like IPSec if PPTP is in use only with the VPN?

"Windows Small Business Server 2003: Windows Vista and Outlook 2007 compatibility update" is installed already as well.
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Even though you have PPTP pass-through enabled (this is commonly called GRE or Protocol 47) on the router, ports 500 & 1723 also needs to be forwarded to the SBS server.
0
 
MilleniumFalconAuthor Commented:
Well, just went back to the router and ensured 500 (IPSec is opened to the server) along with 1723 (which already is) are open, so after this, if NSlookup fails and the same issues apply externally with the VPN, where do I go from there?
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Please post the ipconfig /all from the SBS server and from one of the client PC's using VPN when connected.
0
 
MilleniumFalconAuthor Commented:
From SBS Server:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBSSERVER
   Primary Dns Suffix  . . . . . . . : CONTOSO.LOCAL
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.60
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Secondary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-12-3F-6D-D7-62
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.x2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.x.x
   DNS Servers . . . . . . . . . . . : 192.168.x.x
   Primary WINS Server . . . . . . . : 192.168.73.4

Ethernet adapter Primary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-10-18-0A-F2-17
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.x
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.73.1
   DNS Servers . . . . . . . . . . . : 192.168.x.x
   Primary WINS Server . . . . . . . : 192.168.x.x

C:\Documents and Settings\Administrator>


From a client over VPN:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\eweihrauch>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : homeserver
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Description . . . . . . . . . . . : TAP-Win32 Adapter V8
   Physical Address. . . . . . . . . : 00-FF-5C-68-01-8A

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-0C-76-14-A2-9F
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1

PPP adapter assuretec:

   Connection-specific DNS Suffix  . : CONTOSO.LOCAL
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.64
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.x.x
   Primary WINS Server . . . . . . . : 192.168.x.x

C:\Documents and Settings\eweihrauch>
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Can you repost w/o sanitizing the internal network IPs? I am trying to confirm that the internal IPs are correctly set for WINS, Gateway, DNS, NICs, etc.
0
 
MilleniumFalconAuthor Commented:
For security reasons I'd really rather not.

How badly do you really need them?
0
 
MilleniumFalconAuthor Commented:
As long as you don't mind the domain being sanitized (not that it should be needed)

SErver:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBSServer
   Primary Dns Suffix  . . . . . . . : CONTOSO.LOCAL
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.60
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Secondary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-12-3F-6D-D7-62
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.73.1
   DNS Servers . . . . . . . . . . . : 192.168.73.4
   Primary WINS Server . . . . . . . : 192.168.73.4

Ethernet adapter Primary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-10-18-0A-F2-17
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.73.1
   DNS Servers . . . . . . . . . . . : 192.168.73.4
   Primary WINS Server . . . . . . . : 192.168.73.4

C:\Documents and Settings\Administrator>
----

Client:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\eweihrauch>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : homeserver
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Description . . . . . . . . . . . : TAP-Win32 Adapter V8
   Physical Address. . . . . . . . . : 00-FF-5C-68-01-8A

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-0C-76-14-A2-9F
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1

PPP adapter assuretec:

   Connection-specific DNS Suffix  . : CONTOSO.LOCAL
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.66
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.73.4
   Primary WINS Server . . . . . . . : 192.168.73.4

C:\Documents and Settings\eweihrauch>
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
From all of the PCs [local and VPN connected] and SBS Server too, run:
'ipconfig /flushdns' and 'ipconfig /registerdns'

---

One other thing I recommend is running the SBS Best Practices Analyzer on the SBS server to see if there are any underlying issues.

Description of the Windows Small Business Server 2003 Best Practices Analyzer tool
http://support.microsoft.com/?kbid=940439
0
 
MilleniumFalconAuthor Commented:
Hi, those settings were after the DNS was flushed and re-registered.
Makes no difference.

As for the SBS best practices, I'll check it out again.  Its already installed and I've previously used it along with the one for Exchange to fix a # of issues.

However, beyond this, what else should I look at?
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
About the only thing I can think of is possibly re-running the RRAS and CEIEW wizards again, as these handle all of your network configurations.

You stated in the past that you had suffered a server crash that caused damage to the group policies and DNS and VPN were reset to default. I just help wondering if something else might be underlying as a result of that crash.
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
One other possibility might be a netmask issue with the VPN...

Please post a 'route print' from both the SBS server and a connected VPN client.
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
When I was looking over the client ipconfig output, I noticed the following 'WINS Proxy Enabled'. This might be the culprit that is causing the problem.

How to Disable NetBT Proxy on Incoming Connections
http://support.microsoft.com/kb/319848
0
 
MilleniumFalconAuthor Commented:
Well the biggest issue is I'm getting dual errors with the best practices wizard of:
"The DNS client is not configured to point only to the internal IP address of the server"

Beyond that its just a few trivial things like the /3G switch not being supported (though I took it out a while back??), and something about a non default OMA setting which is fine since thats working wtihout an issue.

Ok, dumb question, as I've personally never ran through the CEIEW wizard befiore (SBS was in place long before I got here), what are the impacts on running this during the day?  I'm assuming I shouldn't since it will most likely cause some issues temporarily or for a unspecified ammount of time whilst it completes, right?
--

For route print:

From the server (note 73.1 is the Linksys)

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 12 3f 6d d7 62 ...... Broadcom NetXtreme Gigabit Ethernet
0x10004 ...00 10 18 0a f2 17 ...... Broadcom NetXtreme Gigabit Ethernet
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.73.1     192.168.73.4     10
          0.0.0.0          0.0.0.0     192.168.73.1     192.168.73.2     10
    24.147.217.25  255.255.255.255     192.168.73.1     192.168.73.2     10
    71.181.61.195  255.255.255.255     192.168.73.1     192.168.73.2     10
    71.243.45.188  255.255.255.255     192.168.73.1     192.168.73.2     10
     92.1.186.134  255.255.255.255     192.168.73.1     192.168.73.2     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     192.168.73.0    255.255.255.0     192.168.73.2     192.168.73.2     10
     192.168.73.0    255.255.255.0     192.168.73.4     192.168.73.4     10
     192.168.73.2  255.255.255.255        127.0.0.1        127.0.0.1     10
     192.168.73.4  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.73.60  255.255.255.255        127.0.0.1        127.0.0.1     50
    192.168.73.62  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.63  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.65  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.66  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.68  255.255.255.255    192.168.73.60    192.168.73.60      1
   192.168.73.255  255.255.255.255     192.168.73.2     192.168.73.2     10
   192.168.73.255  255.255.255.255     192.168.73.4     192.168.73.4     10
        224.0.0.0        240.0.0.0     192.168.73.2     192.168.73.2     10
        224.0.0.0        240.0.0.0     192.168.73.4     192.168.73.4     10
  255.255.255.255  255.255.255.255     192.168.73.2     192.168.73.2      1
  255.255.255.255  255.255.255.255     192.168.73.4     192.168.73.4      1
Default Gateway:      192.168.73.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\Administrator>
-------

From a client:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\eweihrauch>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff 5c 68 01 8a ...... TAP-Win32 Adapter V8
0x10003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10004 ...00 0c 76 14 a2 9f ...... NVIDIA nForce Networking Controller
0x60005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100     21
          0.0.0.0          0.0.0.0    192.168.73.60    192.168.73.67      1
    69.95.155.106  255.255.255.255      192.168.0.1    192.168.0.100     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.0.0    255.255.255.0    192.168.0.100    192.168.0.100     20
    192.168.0.100  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.0.200  255.255.255.255        127.0.0.1        127.0.0.1     50
    192.168.0.255  255.255.255.255    192.168.0.100    192.168.0.100     20
    192.168.73.67  255.255.255.255        127.0.0.1        127.0.0.1     50
   192.168.73.255  255.255.255.255    192.168.73.67    192.168.73.67     50
        224.0.0.0        240.0.0.0    192.168.0.100    192.168.0.100     20
        224.0.0.0        240.0.0.0    192.168.73.67    192.168.73.67      1
  255.255.255.255  255.255.255.255    192.168.0.100    192.168.0.100      1
  255.255.255.255  255.255.255.255    192.168.0.200                2      1
  255.255.255.255  255.255.255.255    192.168.73.67    192.168.73.67      1
Default Gateway:     192.168.73.60
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\eweihrauch>

So where to start then I guess..disable NetBT Proxy, or re-run the CEIEW wiz?
The RRAS wiz was re-run not long ago after that crash, would it be necessary to re-run that after CEIEW as well?
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
I recommend re-running the CEIEW first before disabling the NetBT Proxy.

Just remember, if you run the CEIEW wizard, just make sure you're doing it from the box itself and not via a terminal session as it resets the network ports.

0
 
MilleniumFalconAuthor Commented:
Will do.

Just to clarify though, will this greatly interrupt any net traffic internally?
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Yes -- it will cause a network outage as it is being utilized as a network gateway.

I recommend running the CEIEW after-hours or during an outage window where you aren't having a lot of incoming and outgoing traffic.
0
 
MilleniumFalconAuthor Commented:
Ah well, won't be today then :)
0
 
MilleniumFalconAuthor Commented:
Actually, how long does it take?
If 15mins or less I could just do it at EOB today and get it done with.
I know some people stay late even on a day like today (Fri + Halloween) so I always try to plan maintenance on days where people will mostly be out and a bit later as not to disrupt too much.
0
 
butor69Commented:
I As I already said, I don't understand why you have two nics, on the same subnet using both Netbios.
Thsi can give a lot of problems mainly name resolution. If you want to have backup network card, use load balancing or something like that. I'm sure that your problem come from the two Netbios enabled NICs.

Please disable one of them and see what happens.

Regards
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
I have to agree with butor69 as well for the added NIC card...

Although it is common to use two NICs to separate traffic for Windows setup for things like having a heartbeat network (i.e. High Availability, fail-over) or for sending streams to a different infrastructure (i.e. a backup or NAS/SAN environment) -- but each of these solutions should be on a different VLAN and not on the same subnet.

Now if you had the two NICs 'teamed', then that would be a different story entirely as it would utilize two different switches to make the network addressing faster and much more functional.
0
 
MilleniumFalconAuthor Commented:
The reason that there is a second NIC is for segregating normal traffic from backup traffic.
We have 2+ terrabytes of info being backed up in full every weekend, and incrementals every night.
With a 10/100 network in place, its too damn slow otherwise, so I created a gigabit backbone using secodary nics and funnel the backups through them.

During the day it's only used for about 1 other user who needs the gigabit speeds due to the # of files going back and forth.

Replacing networking equipment at this point, as we're a small biz, isn't an option, so I have to work with what i've got.
0
 
butor69Commented:
If yourBackup software use netbios name to make backup you don't separate the traffic at all.

If it use IP address you can disable netbios on the backup card.

If you want really separate them , create another IP range for your backup and Yes you can enable netbios on it.


0
 
MilleniumFalconAuthor Commented:
It's just as easy to disable the netbios on the secondary nics.

0
 
MilleniumFalconAuthor Commented:
Ok, so I've disabled netbios on all secondary nics, turned off the chimney stacks (BUE related stuff), popped in another gig of ram to max out the main server (unrelated), and re-ran through the wizard to reset some things (which broke IIS but luckily I was able to restore it from a previous state save).

nslookup still fails over VPN, and I noticed, even with specifying options on the client end, the gateway address is still 0.0.0.0 , now what?
0
 
MilleniumFalconAuthor Commented:
cough *bump*

I noticed that when connected to VPN if I do an nslookup server.contoso.local it's sucessful, but not if I do nslookup server .

Still, thoughts are most welcome at this point!
0
 
Tonyc92007Commented:
Just a thought after reading through..you have a default gateway on server both NICS. should only have 1 default gateway. Flush reconnect retry
if no help
I would try for a temporary status anyway, disable the secondary card and try again.


0
 
MilleniumFalconAuthor Commented:
Disabling the secondary nic is not an option at this point.
Additionally, this issue existed long before I enabled the secondary nics as it were.
0
 
butor69Commented:
What about the DNS suffix  of your VPN clinet if nslookyp server  FQDN works, and nslookup server doesn't work. That means that your DNS suffix doesn't match the DNS suffix of your domain.
0
 
MilleniumFalconAuthor Commented:
How would I fix that then?
0
 
butor69Commented:
In the TCP parameters of your client , you can add DNS suffix
0
 
MilleniumFalconAuthor Commented:
Actually I've done that already, for example added contoso.local since the domain is effectively contoso.local .
0
 
MilleniumFalconAuthor Commented:
Ka-bump!
0
 
butor69Commented:
can you do an ipconfig /all?
0
 
MilleniumFalconAuthor Commented:
Results are the same as whats already pasted above ^^^^
0
 
MilleniumFalconAuthor Commented:
FYI this is really only happening on workstations that have NOT been joined to the domain.  Even with the contoso.local appended to the vpn settings.
0
 
MilleniumFalconAuthor Commented:
I'd like to put this entire issue to rest this week if I could.
I appreciate all the help thus far but right now it looks like I'm running in circles.
0
 
MilleniumFalconAuthor Commented:
Anyone!?!?

Secondary nic on primary server has been disabled which makes no difference for any user connected on a workstation to the VPN thats not already in the domain.

I'd greatly appreciate some feedback here.
0
 
MilleniumFalconAuthor Commented:
One thing I'm noticing, at least on my remote, home PC, is that the NIC I have there is set to be static (as it's a server).

My default gateway @ home is 192.168.0.1

When connected to VPN, and trying NSlookup, its failing since it cant find the domain contoso.local, and looks like it is defaulting to the 192.168.0.1
0
 
butor69Commented:
when you do nslookup , type the command set d2, it will set the mode to dubug so we can maybe have more details

Do you have any Firewall or antivirus on your client?


0
 
MilleniumFalconAuthor Commented:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Erich Weihrauch>nslookup contoso
Server:  contoso.local
Address:  192.168.73.4

*** contoso.local can't find contoso: Server failed

C:\Users\Erich Weihrauch>nslookup contoso.local
Server:  contoso.local
Address:  192.168.73.4

Name:    contoso.local
Address:  192.168.73.4


C:\Users\Erich Weihrauch>nslookup contoso
Server:  contoso.local
Address:  192.168.73.4

*** contoso.local can't find contoso: Server failed

C:\Users\Erich Weihrauch>nslookup contoso set d2
Usage:
   nslookup [-opt ...]             # interactive mode using default server
   nslookup [-opt ...] - server    # interactive mode using 'server'
   nslookup [-opt ...] host        # just look up 'host' using default server
   nslookup [-opt ...] host server # just look up 'host' using 'server'

C:\Users\Erich Weihrauch>nslookup set d2
*** Can't find server address for 'd2':
Server:  contoso.local
Address:  192.168.73.4

*** contoso.local can't find set: Server failed

C:\Users\Erich Weihrauch>dpnslookup set contoso d2
'dpnslookup' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Erich Weihrauch>dpnslookup set d2 contoso
'dpnslookup' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Erich Weihrauch>nslookup
Default Server:  contoso.local
Address:  192.168.73.4

> set d2
> contoso
Server:  contoso.local
Address:  192.168.73.4

------------
SendRequest(), len 23
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = A, class = IN

------------
------------
Got answer (23 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = SERVFAIL
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = A, class = IN

------------
------------
SendRequest(), len 23
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = AAAA, class = IN

------------
------------
Got answer (23 bytes):
    HEADER:
        opcode = QUERY, id = 3, rcode = SERVFAIL
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = AAAA, class = IN

------------
*** contoso.local can't find contoso: Server failed
> contoso.local
Server:  contoso.local
Address:  192.168.73.4

------------
SendRequest(), len 33
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso.local, type = A, class = IN

------------
------------
Got answer (49 bytes):
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso.local, type = A, class = IN
    ANSWERS:
    ->  contoso.local
        type = A, class = IN, dlen = 4
        internet address = 192.168.73.4
        ttl = 3600 (1 hour)

------------
------------
SendRequest(), len 33
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso.local, type = AAAA, class = IN

------------
------------
Got answer (79 bytes):
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        contoso.local, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  contoso.local
        type = SOA, class = IN, dlen = 34
        ttl = 3600 (1 hour)
        primary name server = contoso.local
        responsible mail addr = hostmaster
        serial  = 14451
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
Name:    contoso.local
Address:  192.168.73.4

>
0
 
MilleniumFalconAuthor Commented:
bump
0
 
butor69Commented:
what I don't understand is your server name
 contoso.local I assume that it's name.domain.local ?




0
 
MilleniumFalconAuthor Commented:
Yes.
0
 
MilleniumFalconAuthor Commented:
Happy Turkey Week!

BUMP!
0
 
MilleniumFalconAuthor Commented:
Anyone?

Honestly I'd really like to solve this issue already.
All the necessary info should be in this whole issue, along with logs etc.....
0
 
butor69Commented:
I think the better way to analyze your problem is to connect by VPN and see if the problem is the same with our PC
0
 
MilleniumFalconAuthor Commented:
I'm sorry but that is NOT a possibility.  Besides, the problem will be the same.  I have PC's joined to the domain, and a # of personal workstations @ home not associated with the domain that act exactly the same.

Bottom line is, if the information above is not suffice to solve the problem then I will close this issue as it's going down the toilet faster than an unwanted pregnancy on prom night.
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
One other option, though it's a bit of a long shot...

Have you applied/installed Windows Server 2003 Service Pack 2 (SP2)? As part of the Win2k3 SP2 release, there is a Windows Server 2003 Scalable Networking Pack (SNP) embedded within it. On a computer that has a TCP/IP Offload-enabled network adapter, you may experience many network-related problems.

The SNP feature was to offload the processing of network packets from the CPU to the Network card.  This has caused more issues than helping the network enhancements. And this is a major issue if the network card is a Broadcom network card -- which is the most widely installed NIC on all servers.

An update to turn off default SNP features is available for Windows Server 2003-based and Small Business Server 2003-based computers
http://support.microsoft.com/kb/948496
0
 
MilleniumFalconAuthor Commented:
Hello.

Yes, SP2 is installed.
Turning the features on and off made no impact.
0
 
butor69Commented:
Do you have any antivirus/firewall installed on your computers (even if it's disabled)?
0
 
MilleniumFalconAuthor Commented:
Yes, and it's been tested prior and post installation with no varying results.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 48
  • 14
  • 13
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now