Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

VPN User Unable to Access Shares via Server Name, But Can Via IP Address

Posted on 2008-10-21
87
719 Views
Last Modified: 2008-12-31
Hello everyone, new user here :)

I'm an admin for a small business and lately have been scratching my head at two things...

First off, we use Windows Small Business Server 2003 Standard Edition.
We have VPN setup and it works otherwise perfectly fine, no infrastructure issues, etc (well I could use a new server but thats besides the point :) ).

But on to the issues..

# 1 -A user who works primarily from home now, used to have their notebook setup being joined to our domain, we'll call it contoso.local  .  Over the weekend, they experienced issues connecting to his home workgroup and changed the comp settings back to a workgroup.  Now when connecting to work via VPN, though it lets him in and all, he can't access shares on the network that he has privs too via server name...e.g. \\sbs\data .  Instead it tells him he doesn't have the privs, but then if I go and access it via IP address directly, e.g. \\192.168.x.x\data it lets him in without any issues!  Mind boggling!  
I've tried including and exlcuding the domain when having him login to vpn but I'm scratching my head on this one!  Gateway use on the server end is enabled for this user btw.

# 2 - Sometimes when users connect via VPN (in this case gateway use is disabled on the server end), they cannot resolve server names, but can access those servers via IP address. I've had then flush and register their DNS, etc but nothing seems to help...what would cause this?

Thanks for any tips and help you can give!
0
Comment
Question by:MilleniumFalcon
  • 48
  • 14
  • 13
  • +3
87 Comments
 
LVL 11

Assisted Solution

by:miqrogroove
miqrogroove earned 20 total points
ID: 22769950
It sounds like client computer isn't configured to use the remote WINS server.  You'll need a good understanding of the name resolution process, which is typically to query the Computer Browser service, and fail over to DNS.  If the client is configured to use local or broadband name servers, then you wont get the VPN names to resolve in any case.
0
 
LVL 1

Expert Comment

by:butor69
ID: 22770297
the problem seems to be a WINS problem they don't receive the wins server when connecting by VPN.

DFo you use WINS in your LAN, is it correctly configured (in the DHCP option)

Is your DNS config also correct (DNS server must be yourSBS server

Regards
0
 

Author Comment

by:MilleniumFalcon
ID: 22770434
DNS is set correctly, but as far as DHCP what should I be looking at specifically?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:MilleniumFalcon
ID: 22770436
Also I'm more interested in issue # 1 at this point :) # 2 can wait :)
0
 
LVL 11

Expert Comment

by:miqrogroove
ID: 22770559
Here are some tips from the web, your milage may vary:

Like WINS, the client must be assigned the DNS server IP address. This can be done manually on the client, or assigned through DHCP by the RRAS server. Once again if using DHCP, the RRAS server will not supply the DNS address from the DHCP scope options. The DNS server IP must be assigned to the RRAS server's network adapter, and it will then be inherited by the VPN client when it connects.
On the VPN client's network adapter, under TCP/IP properties, advanced, DNS, you also need to add the domain DNS suffix, such as MyDomain.local in the "DNS suffix for this connection" box.
0
 
LVL 11

Expert Comment

by:miqrogroove
ID: 22770575
0
 

Author Comment

by:MilleniumFalcon
ID: 22770579
Thanks :thumbsup: that will take care of issue # 2, but what about # 1?
0
 
LVL 11

Expert Comment

by:miqrogroove
ID: 22770677
Issue #1 is more than likely being caused by issue #2.  I wouldn't attempt troubleshooting both at the same time.  ;)
0
 
LVL 11

Expert Comment

by:miqrogroove
ID: 22770706
Also FYI, the client could have different credentials saved based on the two paths.  The best way to confirm this is to ask the user to browse to the Desktop in an explorer window, right click on My Computer, select Map Network Drive, and specifically click where it says "Connect using a different user name".
0
 

Author Comment

by:MilleniumFalcon
ID: 22770712
Hmm, I can confirm off hand that the credentials are identical, so I know that shouldn't be the issue.  I'll have to read into the other items later and give 'em a try.
0
 
LVL 11

Expert Comment

by:miqrogroove
ID: 22770834
> I can confirm off hand

There is really no way to confirm that 'off hand' ;)  If there is a name resolution problem and the client isn't joining the domain, then for all we know the client is transmitting "guest"/"" as the credential set based on its local GPO settings.
0
 
LVL 1

Expert Comment

by:butor69
ID: 22770865
when on the laptop conencted with vpn you run nslookup and type the server name, do you receive the correct IP address?

what are the result of ping Netbios_name, ping IP address?

0
 

Author Comment

by:MilleniumFalcon
ID: 22770876
Confirming off hand, meaning I checked that out already.

As I said before I can map and connect via IP address of the server, but NOT the server name.
0
 

Author Comment

by:MilleniumFalcon
ID: 22770887
@butor69, I'll have to check that later.
0
 
LVL 11

Expert Comment

by:miqrogroove
ID: 22770926
You'll have to at least confirm that the server name and server FQDN are causing the same problem, to eliminate WINS issues as the cause.  If we can narrow it down to a DNS resolution problem we might kill two birds with one stone.
0
 

Author Comment

by:MilleniumFalcon
ID: 22771444
Ok, so just to confirm the attack plan here for after hours (hard to do much during the day, especially when it comes to 'adjusting' things ;) )....

1. Re-confirm that the right credentials are being given by trying to map a network drive and try with the correct username and password.  Might  as well give it a try again, can't hurt!!

2 - On same workstation, when connected via VPN, run nslookup <servername>, record IP address.

3 - On same workstation ping Netbios_name, ping IP address

4 - On the VPN client's network adapter, under TCP/IP properties, advanced, DNS,  add the domain DNS suffix, such as MyDomain.local in the "DNS suffix for this connection" box.
0
 

Author Comment

by:MilleniumFalcon
ID: 22771543
Also, decided to poke around the R&RA settings...

Currently, things are set up as a Remote Access Server, with Windows Authentication for all around security, IP routing enabled, Allow IP based remote access and demand dial connections is enabled, using a static addy pool of 31 addresses, and broadcast name resolution is also enabled.

 RAS is also able to select the adapter.  

All PPP options are enabled.

How can I verify that the DNS server IP *is* assigned to the RRAS server's network adapter, I mean I'm assuming it is considering both NICS in the server are static and all of the DNS info is pre-populated.
0
 
LVL 11

Expert Comment

by:miqrogroove
ID: 22771547
Step 4 first, then step 2.  Then run nslookup against the FQDN.  If you are not getting expected results then run ipconfig /all

I would move on to netbios, wins, and file sharing issues after DNS is working fully as expected.
0
 

Author Comment

by:MilleniumFalcon
ID: 22771595
Hi again.

Doing some work remotely here from my own workstation just yeilded some oddball results..at least for the NS lookup...

I applied step # 4 above first, and then left the VPN connection default (using the gateway via vpn, etc).

Here is what I got for the nslookup on the server... (does this for the others too..)  We do have a primary and secondary DNS server as well.


c:\Program Files\Microsoft Visual Studio 9.0\VC>nslookup <servername>
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.x.x

Name:    <servername>.contoso.local
Address:  192.168.x.x


c:\Program Files\Microsoft Visual Studio 9.0\VC>
0
 
LVL 11

Expert Comment

by:miqrogroove
ID: 22771655
That means nslookup connected to a DNS server with missing PTR records.
0
 
LVL 1

Expert Comment

by:butor69
ID: 22772368
no reverse zone for 192.168.x.x
0
 
LVL 5

Expert Comment

by:dcsdave
ID: 22773747
I used to have the same issues and used the following tool to create a VPN disk and it works every time.
http://technet.microsoft.com/en-us/library/cc739464.aspx
0
 

Author Comment

by:MilleniumFalcon
ID: 22776959

C:\Documents and Settings\user>nslookup server
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.x.x

*** UnKnown can't find server: Server failed

C:\Documents and Settings\user>
--
ping test works fine!!!


C:\Documents and Settings\user>ping server

Pinging server.contoso.local [192.168.x.x] with 32 bytes of data:

Reply from 192.168.x.x: bytes=32 time<1ms TTL=128
Reply from 192.168.x.x: bytes=32 time<1ms TTL=128
Reply from 192.168.x.x: bytes=32 time<1ms TTL=128
Reply from 192.168.x.x: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.x.x:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\user>
---
After an ipconfig /registerdns was run after the above two tests...look what happend!


C:\Documents and Settings\user>nslookup server
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.x.x

Name:    server.contoso.local
Address:  192.168.x.x


C:\Documents and Settings\user>
-------

Now, when trying to access \\server\ I get a message indicating server is not accessible, etc etc.
Trying via IP address now doesn't work either.

This morning, the shortcuts I had created for the user using the IP addresses of the servers stopped working and would only let him in via direct server name! A few minutes after that, it stopped working and now i can't get to the main server...this is all so strange!

Now, mapping a folder to the network with the users credentials on the main server won't work either!
0
 

Author Comment

by:MilleniumFalcon
ID: 22777402
Ok, I went back into DNS and noted that in the reverse zone there were no pointers to the servers...which was odd.

We did have a bit of a crash where group policies were eatten, DNS and DHCP reset itself to default, and even VPN reset to default...so we rebuilt everything again but maybe forgot a few things.

Anyhow, I put in the PTR records for our three servers and for each of their nics (dual nics in each) so hopefully that will solve the missing PTR issue.
0
 

Author Comment

by:MilleniumFalcon
ID: 22777414
And actually, there we go.

When I ran an nslookup on our mains erver, I got no issues!
0
 
LVL 1

Expert Comment

by:butor69
ID: 22778657
2 Nics? so Netbios on the two NICS or do you use failover?
0
 

Author Comment

by:MilleniumFalcon
ID: 22778797
The only failover is from the primary server to the secondary server with DNS should I have to reboot it or shut it down, etc.

Beyond that, the NICS are used to sorta seperate traffic and add in an extra place where I can move traffic in an out of (especially for backups).  
0
 

Author Comment

by:MilleniumFalcon
ID: 22795971
Ok, so while nslookup servername works internally, it still doesn't seem to work when connected via VPN from outside, even when including the domain.local in the VPN settings and such.

What's my next step in the diagnostic process?
0
 
LVL 5

Expert Comment

by:dcsdave
ID: 22797765
You might try adding a hosts entry on the remote PC.  C:\Windows\System32\Drivers\etc\  Open with notepad.  Enter the IP address right below the last entry then hit "Tab" then enter the "Server Name"
Save and exit.  A couple times I had Spybot running on the PC and I couldn't save the Hosts file back to the original location so  I just copied it to the desktop changed the entry and copied it back and that worked.

Hope that helps.
0
 
LVL 1

Expert Comment

by:butor69
ID: 22798194
when the notebook is connected with vpn, does it receive the right DNS entries?

If no, then your VPN server is not right configured.
If you have the right DNS server (the internal ones) and that nslookup doesn't work , can you ping the ip address  of the DNS server?
there is maybe a filtering on the IP (firewall, ...)
0
 

Author Comment

by:MilleniumFalcon
ID: 22813162
DNS settings appear to be correct, however I'd still like to double check things on this end while I'm here and doing maintenance on the servers tonight.

As I'm still new to the Routing and Remote Access scene (practice makes perfect!), what settings specifically am I looking for?
0
 

Author Comment

by:MilleniumFalcon
ID: 22849826
Hello everyone.

NSlookup, again, is still failing exeternally when connected via VPN.
Internally it's working great again.

Can someone please point me to where I should be looking next, under what options, settings, etc, to rectify this?

The issue is still apparent and annoying, and I'd like to get it fixed once and for all!

Thanks!
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22849947
I have a few questions so I can get an idea of the issues...

1) What SBS server configuration are you using -- one NIC, two NIC, ISA, etc?
2) Do you have NetBIOS enabled on the NICs?
3) What kind of PCs are accessing the SBS server -- XP and/or Vista?
4) What VPN solution is in place -- a gateway-to-gateway tunnel or are you using SBS' VPN Server and allowing client VPNs sessions?
5) If using a VPN client, which VPN client are your external users using?
6) Are you using a hardware router? If so, what ports do you have opened/forwarded on your router?
0
 

Author Comment

by:MilleniumFalcon
ID: 22850064
1) What SBS server configuration are you using -- two nics, no ISA

2) Do you have NetBIOS enabled on the NICs? - Yes.  NEtbios settings are set to default for both NICS.

3) What kind of PCs are accessing the SBS server -- XP and/or Vista? - Primarily XP, a few Vista

4) What VPN solution is in place -- a gateway-to-gateway tunnel or are you using SBS' VPN Server and allowing client VPNs sessions? - SBS's VPN server (Routing and Remote Access)

5) If using a VPN client, which VPN client are your external users using? - Window's VPN client on all accounts

6) Are you using a hardware router? If so, what ports do you have opened/forwarded on your router?
Yes, our primary connection to the world is a Linksys router.  Firewall, SPI,DoS,Block WAN Request,MRemote Management, Multicast Passthrough all enabled

MTU is auto.

For the VPN, PPTP is allowed as a passthrough.
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22851006
Even though you have PPTP passthrough enabled, you need to read over this article/blog for additional ports that are required when VPN is concerned.

http://msmvps.com/blogs/bradley/archive/2005/01/21/33537.aspx

---

Also, have you applied the Vista & Outlook 2007 Update to the SBS server as well?

Windows Small Business Server 2003: Windows Vista and Outlook 2007 compatibility update
http://support.microsoft.com/kb/926505
0
 

Author Comment

by:MilleniumFalcon
ID: 22851400
Hi there.

Other ports are enabled, for OWA access via https (443), along with SMTP and IMAP, but why would I need to enable anything like IPSec if PPTP is in use only with the VPN?

"Windows Small Business Server 2003: Windows Vista and Outlook 2007 compatibility update" is installed already as well.
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22851438
Even though you have PPTP pass-through enabled (this is commonly called GRE or Protocol 47) on the router, ports 500 & 1723 also needs to be forwarded to the SBS server.
0
 

Author Comment

by:MilleniumFalcon
ID: 22851507
Well, just went back to the router and ensured 500 (IPSec is opened to the server) along with 1723 (which already is) are open, so after this, if NSlookup fails and the same issues apply externally with the VPN, where do I go from there?
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22852148
Please post the ipconfig /all from the SBS server and from one of the client PC's using VPN when connected.
0
 

Author Comment

by:MilleniumFalcon
ID: 22852366
From SBS Server:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBSSERVER
   Primary Dns Suffix  . . . . . . . : CONTOSO.LOCAL
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.60
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Secondary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-12-3F-6D-D7-62
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.x2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.x.x
   DNS Servers . . . . . . . . . . . : 192.168.x.x
   Primary WINS Server . . . . . . . : 192.168.73.4

Ethernet adapter Primary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-10-18-0A-F2-17
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.x
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.73.1
   DNS Servers . . . . . . . . . . . : 192.168.x.x
   Primary WINS Server . . . . . . . : 192.168.x.x

C:\Documents and Settings\Administrator>


From a client over VPN:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\eweihrauch>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : homeserver
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Description . . . . . . . . . . . : TAP-Win32 Adapter V8
   Physical Address. . . . . . . . . : 00-FF-5C-68-01-8A

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-0C-76-14-A2-9F
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1

PPP adapter assuretec:

   Connection-specific DNS Suffix  . : CONTOSO.LOCAL
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.64
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.x.x
   Primary WINS Server . . . . . . . : 192.168.x.x

C:\Documents and Settings\eweihrauch>
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22852396
Can you repost w/o sanitizing the internal network IPs? I am trying to confirm that the internal IPs are correctly set for WINS, Gateway, DNS, NICs, etc.
0
 

Author Comment

by:MilleniumFalcon
ID: 22852424
For security reasons I'd really rather not.

How badly do you really need them?
0
 

Author Comment

by:MilleniumFalcon
ID: 22852478
As long as you don't mind the domain being sanitized (not that it should be needed)

SErver:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBSServer
   Primary Dns Suffix  . . . . . . . : CONTOSO.LOCAL
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.60
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Secondary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-12-3F-6D-D7-62
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.73.1
   DNS Servers . . . . . . . . . . . : 192.168.73.4
   Primary WINS Server . . . . . . . : 192.168.73.4

Ethernet adapter Primary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-10-18-0A-F2-17
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.73.1
   DNS Servers . . . . . . . . . . . : 192.168.73.4
   Primary WINS Server . . . . . . . : 192.168.73.4

C:\Documents and Settings\Administrator>
----

Client:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\eweihrauch>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : homeserver
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Description . . . . . . . . . . . : TAP-Win32 Adapter V8
   Physical Address. . . . . . . . . : 00-FF-5C-68-01-8A

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-0C-76-14-A2-9F
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1

PPP adapter assuretec:

   Connection-specific DNS Suffix  . : CONTOSO.LOCAL
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.66
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.73.4
   Primary WINS Server . . . . . . . : 192.168.73.4

C:\Documents and Settings\eweihrauch>
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22853017
From all of the PCs [local and VPN connected] and SBS Server too, run:
'ipconfig /flushdns' and 'ipconfig /registerdns'

---

One other thing I recommend is running the SBS Best Practices Analyzer on the SBS server to see if there are any underlying issues.

Description of the Windows Small Business Server 2003 Best Practices Analyzer tool
http://support.microsoft.com/?kbid=940439
0
 

Author Comment

by:MilleniumFalcon
ID: 22853030
Hi, those settings were after the DNS was flushed and re-registered.
Makes no difference.

As for the SBS best practices, I'll check it out again.  Its already installed and I've previously used it along with the one for Exchange to fix a # of issues.

However, beyond this, what else should I look at?
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22853151
About the only thing I can think of is possibly re-running the RRAS and CEIEW wizards again, as these handle all of your network configurations.

You stated in the past that you had suffered a server crash that caused damage to the group policies and DNS and VPN were reset to default. I just help wondering if something else might be underlying as a result of that crash.
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22853208
One other possibility might be a netmask issue with the VPN...

Please post a 'route print' from both the SBS server and a connected VPN client.
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22853263
When I was looking over the client ipconfig output, I noticed the following 'WINS Proxy Enabled'. This might be the culprit that is causing the problem.

How to Disable NetBT Proxy on Incoming Connections
http://support.microsoft.com/kb/319848
0
 

Author Comment

by:MilleniumFalcon
ID: 22853285
Well the biggest issue is I'm getting dual errors with the best practices wizard of:
"The DNS client is not configured to point only to the internal IP address of the server"

Beyond that its just a few trivial things like the /3G switch not being supported (though I took it out a while back??), and something about a non default OMA setting which is fine since thats working wtihout an issue.

Ok, dumb question, as I've personally never ran through the CEIEW wizard befiore (SBS was in place long before I got here), what are the impacts on running this during the day?  I'm assuming I shouldn't since it will most likely cause some issues temporarily or for a unspecified ammount of time whilst it completes, right?
--

For route print:

From the server (note 73.1 is the Linksys)

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 12 3f 6d d7 62 ...... Broadcom NetXtreme Gigabit Ethernet
0x10004 ...00 10 18 0a f2 17 ...... Broadcom NetXtreme Gigabit Ethernet
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.73.1     192.168.73.4     10
          0.0.0.0          0.0.0.0     192.168.73.1     192.168.73.2     10
    24.147.217.25  255.255.255.255     192.168.73.1     192.168.73.2     10
    71.181.61.195  255.255.255.255     192.168.73.1     192.168.73.2     10
    71.243.45.188  255.255.255.255     192.168.73.1     192.168.73.2     10
     92.1.186.134  255.255.255.255     192.168.73.1     192.168.73.2     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     192.168.73.0    255.255.255.0     192.168.73.2     192.168.73.2     10
     192.168.73.0    255.255.255.0     192.168.73.4     192.168.73.4     10
     192.168.73.2  255.255.255.255        127.0.0.1        127.0.0.1     10
     192.168.73.4  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.73.60  255.255.255.255        127.0.0.1        127.0.0.1     50
    192.168.73.62  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.63  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.65  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.66  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.68  255.255.255.255    192.168.73.60    192.168.73.60      1
   192.168.73.255  255.255.255.255     192.168.73.2     192.168.73.2     10
   192.168.73.255  255.255.255.255     192.168.73.4     192.168.73.4     10
        224.0.0.0        240.0.0.0     192.168.73.2     192.168.73.2     10
        224.0.0.0        240.0.0.0     192.168.73.4     192.168.73.4     10
  255.255.255.255  255.255.255.255     192.168.73.2     192.168.73.2      1
  255.255.255.255  255.255.255.255     192.168.73.4     192.168.73.4      1
Default Gateway:      192.168.73.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\Administrator>
-------

From a client:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\eweihrauch>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff 5c 68 01 8a ...... TAP-Win32 Adapter V8
0x10003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10004 ...00 0c 76 14 a2 9f ...... NVIDIA nForce Networking Controller
0x60005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100     21
          0.0.0.0          0.0.0.0    192.168.73.60    192.168.73.67      1
    69.95.155.106  255.255.255.255      192.168.0.1    192.168.0.100     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.0.0    255.255.255.0    192.168.0.100    192.168.0.100     20
    192.168.0.100  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.0.200  255.255.255.255        127.0.0.1        127.0.0.1     50
    192.168.0.255  255.255.255.255    192.168.0.100    192.168.0.100     20
    192.168.73.67  255.255.255.255        127.0.0.1        127.0.0.1     50
   192.168.73.255  255.255.255.255    192.168.73.67    192.168.73.67     50
        224.0.0.0        240.0.0.0    192.168.0.100    192.168.0.100     20
        224.0.0.0        240.0.0.0    192.168.73.67    192.168.73.67      1
  255.255.255.255  255.255.255.255    192.168.0.100    192.168.0.100      1
  255.255.255.255  255.255.255.255    192.168.0.200                2      1
  255.255.255.255  255.255.255.255    192.168.73.67    192.168.73.67      1
Default Gateway:     192.168.73.60
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\eweihrauch>

So where to start then I guess..disable NetBT Proxy, or re-run the CEIEW wiz?
The RRAS wiz was re-run not long ago after that crash, would it be necessary to re-run that after CEIEW as well?
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22853396
I recommend re-running the CEIEW first before disabling the NetBT Proxy.

Just remember, if you run the CEIEW wizard, just make sure you're doing it from the box itself and not via a terminal session as it resets the network ports.

0
 

Author Comment

by:MilleniumFalcon
ID: 22853406
Will do.

Just to clarify though, will this greatly interrupt any net traffic internally?
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22853533
Yes -- it will cause a network outage as it is being utilized as a network gateway.

I recommend running the CEIEW after-hours or during an outage window where you aren't having a lot of incoming and outgoing traffic.
0
 

Author Comment

by:MilleniumFalcon
ID: 22853538
Ah well, won't be today then :)
0
 

Author Comment

by:MilleniumFalcon
ID: 22853671
Actually, how long does it take?
If 15mins or less I could just do it at EOB today and get it done with.
I know some people stay late even on a day like today (Fri + Halloween) so I always try to plan maintenance on days where people will mostly be out and a bit later as not to disrupt too much.
0
 
LVL 1

Expert Comment

by:butor69
ID: 22854632
I As I already said, I don't understand why you have two nics, on the same subnet using both Netbios.
Thsi can give a lot of problems mainly name resolution. If you want to have backup network card, use load balancing or something like that. I'm sure that your problem come from the two Netbios enabled NICs.

Please disable one of them and see what happens.

Regards
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 22855193
I have to agree with butor69 as well for the added NIC card...

Although it is common to use two NICs to separate traffic for Windows setup for things like having a heartbeat network (i.e. High Availability, fail-over) or for sending streams to a different infrastructure (i.e. a backup or NAS/SAN environment) -- but each of these solutions should be on a different VLAN and not on the same subnet.

Now if you had the two NICs 'teamed', then that would be a different story entirely as it would utilize two different switches to make the network addressing faster and much more functional.
0
 

Author Comment

by:MilleniumFalcon
ID: 22857490
The reason that there is a second NIC is for segregating normal traffic from backup traffic.
We have 2+ terrabytes of info being backed up in full every weekend, and incrementals every night.
With a 10/100 network in place, its too damn slow otherwise, so I created a gigabit backbone using secodary nics and funnel the backups through them.

During the day it's only used for about 1 other user who needs the gigabit speeds due to the # of files going back and forth.

Replacing networking equipment at this point, as we're a small biz, isn't an option, so I have to work with what i've got.
0
 
LVL 1

Expert Comment

by:butor69
ID: 22860721
If yourBackup software use netbios name to make backup you don't separate the traffic at all.

If it use IP address you can disable netbios on the backup card.

If you want really separate them , create another IP range for your backup and Yes you can enable netbios on it.


0
 

Author Comment

by:MilleniumFalcon
ID: 22867113
It's just as easy to disable the netbios on the secondary nics.

0
 

Author Comment

by:MilleniumFalcon
ID: 22894912
Ok, so I've disabled netbios on all secondary nics, turned off the chimney stacks (BUE related stuff), popped in another gig of ram to max out the main server (unrelated), and re-ran through the wizard to reset some things (which broke IIS but luckily I was able to restore it from a previous state save).

nslookup still fails over VPN, and I noticed, even with specifying options on the client end, the gateway address is still 0.0.0.0 , now what?
0
 

Author Comment

by:MilleniumFalcon
ID: 22922368
cough *bump*

I noticed that when connected to VPN if I do an nslookup server.contoso.local it's sucessful, but not if I do nslookup server .

Still, thoughts are most welcome at this point!
0
 

Expert Comment

by:Tonyc92007
ID: 22927484
Just a thought after reading through..you have a default gateway on server both NICS. should only have 1 default gateway. Flush reconnect retry
if no help
I would try for a temporary status anyway, disable the secondary card and try again.


0
 

Author Comment

by:MilleniumFalcon
ID: 22932645
Disabling the secondary nic is not an option at this point.
Additionally, this issue existed long before I enabled the secondary nics as it were.
0
 
LVL 1

Expert Comment

by:butor69
ID: 22933913
What about the DNS suffix  of your VPN clinet if nslookyp server  FQDN works, and nslookup server doesn't work. That means that your DNS suffix doesn't match the DNS suffix of your domain.
0
 

Author Comment

by:MilleniumFalcon
ID: 22933939
How would I fix that then?
0
 
LVL 1

Expert Comment

by:butor69
ID: 22934068
In the TCP parameters of your client , you can add DNS suffix
0
 

Author Comment

by:MilleniumFalcon
ID: 22934199
Actually I've done that already, for example added contoso.local since the domain is effectively contoso.local .
0
 

Author Comment

by:MilleniumFalcon
ID: 22952878
Ka-bump!
0
 
LVL 1

Expert Comment

by:butor69
ID: 22954219
can you do an ipconfig /all?
0
 

Author Comment

by:MilleniumFalcon
ID: 22962187
Results are the same as whats already pasted above ^^^^
0
 

Author Comment

by:MilleniumFalcon
ID: 22962196
FYI this is really only happening on workstations that have NOT been joined to the domain.  Even with the contoso.local appended to the vpn settings.
0
 

Author Comment

by:MilleniumFalcon
ID: 22975671
I'd like to put this entire issue to rest this week if I could.
I appreciate all the help thus far but right now it looks like I'm running in circles.
0
 

Author Comment

by:MilleniumFalcon
ID: 22997162
Anyone!?!?

Secondary nic on primary server has been disabled which makes no difference for any user connected on a workstation to the VPN thats not already in the domain.

I'd greatly appreciate some feedback here.
0
 

Author Comment

by:MilleniumFalcon
ID: 22997216
One thing I'm noticing, at least on my remote, home PC, is that the NIC I have there is set to be static (as it's a server).

My default gateway @ home is 192.168.0.1

When connected to VPN, and trying NSlookup, its failing since it cant find the domain contoso.local, and looks like it is defaulting to the 192.168.0.1
0
 
LVL 1

Expert Comment

by:butor69
ID: 22999550
when you do nslookup , type the command set d2, it will set the mode to dubug so we can maybe have more details

Do you have any Firewall or antivirus on your client?


0
 

Author Comment

by:MilleniumFalcon
ID: 23000106
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Erich Weihrauch>nslookup contoso
Server:  contoso.local
Address:  192.168.73.4

*** contoso.local can't find contoso: Server failed

C:\Users\Erich Weihrauch>nslookup contoso.local
Server:  contoso.local
Address:  192.168.73.4

Name:    contoso.local
Address:  192.168.73.4


C:\Users\Erich Weihrauch>nslookup contoso
Server:  contoso.local
Address:  192.168.73.4

*** contoso.local can't find contoso: Server failed

C:\Users\Erich Weihrauch>nslookup contoso set d2
Usage:
   nslookup [-opt ...]             # interactive mode using default server
   nslookup [-opt ...] - server    # interactive mode using 'server'
   nslookup [-opt ...] host        # just look up 'host' using default server
   nslookup [-opt ...] host server # just look up 'host' using 'server'

C:\Users\Erich Weihrauch>nslookup set d2
*** Can't find server address for 'd2':
Server:  contoso.local
Address:  192.168.73.4

*** contoso.local can't find set: Server failed

C:\Users\Erich Weihrauch>dpnslookup set contoso d2
'dpnslookup' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Erich Weihrauch>dpnslookup set d2 contoso
'dpnslookup' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Erich Weihrauch>nslookup
Default Server:  contoso.local
Address:  192.168.73.4

> set d2
> contoso
Server:  contoso.local
Address:  192.168.73.4

------------
SendRequest(), len 23
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = A, class = IN

------------
------------
Got answer (23 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = SERVFAIL
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = A, class = IN

------------
------------
SendRequest(), len 23
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = AAAA, class = IN

------------
------------
Got answer (23 bytes):
    HEADER:
        opcode = QUERY, id = 3, rcode = SERVFAIL
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = AAAA, class = IN

------------
*** contoso.local can't find contoso: Server failed
> contoso.local
Server:  contoso.local
Address:  192.168.73.4

------------
SendRequest(), len 33
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso.local, type = A, class = IN

------------
------------
Got answer (49 bytes):
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso.local, type = A, class = IN
    ANSWERS:
    ->  contoso.local
        type = A, class = IN, dlen = 4
        internet address = 192.168.73.4
        ttl = 3600 (1 hour)

------------
------------
SendRequest(), len 33
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso.local, type = AAAA, class = IN

------------
------------
Got answer (79 bytes):
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        contoso.local, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  contoso.local
        type = SOA, class = IN, dlen = 34
        ttl = 3600 (1 hour)
        primary name server = contoso.local
        responsible mail addr = hostmaster
        serial  = 14451
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
Name:    contoso.local
Address:  192.168.73.4

>
0
 

Author Comment

by:MilleniumFalcon
ID: 23014445
bump
0
 
LVL 1

Expert Comment

by:butor69
ID: 23018071
what I don't understand is your server name
 contoso.local I assume that it's name.domain.local ?




0
 

Author Comment

by:MilleniumFalcon
ID: 23025165
Yes.
0
 

Author Comment

by:MilleniumFalcon
ID: 23034661
Happy Turkey Week!

BUMP!
0
 

Author Comment

by:MilleniumFalcon
ID: 23068847
Anyone?

Honestly I'd really like to solve this issue already.
All the necessary info should be in this whole issue, along with logs etc.....
0
 
LVL 1

Expert Comment

by:butor69
ID: 23073567
I think the better way to analyze your problem is to connect by VPN and see if the problem is the same with our PC
0
 

Author Comment

by:MilleniumFalcon
ID: 23076909
I'm sorry but that is NOT a possibility.  Besides, the problem will be the same.  I have PC's joined to the domain, and a # of personal workstations @ home not associated with the domain that act exactly the same.

Bottom line is, if the information above is not suffice to solve the problem then I will close this issue as it's going down the toilet faster than an unwanted pregnancy on prom night.
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 23099884
One other option, though it's a bit of a long shot...

Have you applied/installed Windows Server 2003 Service Pack 2 (SP2)? As part of the Win2k3 SP2 release, there is a Windows Server 2003 Scalable Networking Pack (SNP) embedded within it. On a computer that has a TCP/IP Offload-enabled network adapter, you may experience many network-related problems.

The SNP feature was to offload the processing of network packets from the CPU to the Network card.  This has caused more issues than helping the network enhancements. And this is a major issue if the network card is a Broadcom network card -- which is the most widely installed NIC on all servers.

An update to turn off default SNP features is available for Windows Server 2003-based and Small Business Server 2003-based computers
http://support.microsoft.com/kb/948496
0
 

Author Comment

by:MilleniumFalcon
ID: 23121403
Hello.

Yes, SP2 is installed.
Turning the features on and off made no impact.
0
 
LVL 1

Expert Comment

by:butor69
ID: 23122926
Do you have any antivirus/firewall installed on your computers (even if it's disabled)?
0
 

Accepted Solution

by:
MilleniumFalcon earned 0 total points
ID: 23122942
Yes, and it's been tested prior and post installation with no varying results.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
aws pricing 2 60
NAT Public IP through a VPN 17 68
Windows Services - Run a Program Grey Out 3 54
VPN Server config in Modem 5 21
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question