Solved

VPN User Unable to Access Shares via Server Name, But Can Via IP Address

Posted on 2008-10-21
87
709 Views
Last Modified: 2008-12-31
Hello everyone, new user here :)

I'm an admin for a small business and lately have been scratching my head at two things...

First off, we use Windows Small Business Server 2003 Standard Edition.
We have VPN setup and it works otherwise perfectly fine, no infrastructure issues, etc (well I could use a new server but thats besides the point :) ).

But on to the issues..

# 1 -A user who works primarily from home now, used to have their notebook setup being joined to our domain, we'll call it contoso.local  .  Over the weekend, they experienced issues connecting to his home workgroup and changed the comp settings back to a workgroup.  Now when connecting to work via VPN, though it lets him in and all, he can't access shares on the network that he has privs too via server name...e.g. \\sbs\data .  Instead it tells him he doesn't have the privs, but then if I go and access it via IP address directly, e.g. \\192.168.x.x\data it lets him in without any issues!  Mind boggling!  
I've tried including and exlcuding the domain when having him login to vpn but I'm scratching my head on this one!  Gateway use on the server end is enabled for this user btw.

# 2 - Sometimes when users connect via VPN (in this case gateway use is disabled on the server end), they cannot resolve server names, but can access those servers via IP address. I've had then flush and register their DNS, etc but nothing seems to help...what would cause this?

Thanks for any tips and help you can give!
0
Comment
Question by:MilleniumFalcon
  • 48
  • 14
  • 13
  • +3
87 Comments
 
LVL 11

Assisted Solution

by:miqrogroove
miqrogroove earned 20 total points
Comment Utility
It sounds like client computer isn't configured to use the remote WINS server.  You'll need a good understanding of the name resolution process, which is typically to query the Computer Browser service, and fail over to DNS.  If the client is configured to use local or broadband name servers, then you wont get the VPN names to resolve in any case.
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
the problem seems to be a WINS problem they don't receive the wins server when connecting by VPN.

DFo you use WINS in your LAN, is it correctly configured (in the DHCP option)

Is your DNS config also correct (DNS server must be yourSBS server

Regards
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
DNS is set correctly, but as far as DHCP what should I be looking at specifically?
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Also I'm more interested in issue # 1 at this point :) # 2 can wait :)
0
 
LVL 11

Expert Comment

by:miqrogroove
Comment Utility
Here are some tips from the web, your milage may vary:

Like WINS, the client must be assigned the DNS server IP address. This can be done manually on the client, or assigned through DHCP by the RRAS server. Once again if using DHCP, the RRAS server will not supply the DNS address from the DHCP scope options. The DNS server IP must be assigned to the RRAS server's network adapter, and it will then be inherited by the VPN client when it connects.
On the VPN client's network adapter, under TCP/IP properties, advanced, DNS, you also need to add the domain DNS suffix, such as MyDomain.local in the "DNS suffix for this connection" box.
0
 
LVL 11

Expert Comment

by:miqrogroove
Comment Utility
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Thanks :thumbsup: that will take care of issue # 2, but what about # 1?
0
 
LVL 11

Expert Comment

by:miqrogroove
Comment Utility
Issue #1 is more than likely being caused by issue #2.  I wouldn't attempt troubleshooting both at the same time.  ;)
0
 
LVL 11

Expert Comment

by:miqrogroove
Comment Utility
Also FYI, the client could have different credentials saved based on the two paths.  The best way to confirm this is to ask the user to browse to the Desktop in an explorer window, right click on My Computer, select Map Network Drive, and specifically click where it says "Connect using a different user name".
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Hmm, I can confirm off hand that the credentials are identical, so I know that shouldn't be the issue.  I'll have to read into the other items later and give 'em a try.
0
 
LVL 11

Expert Comment

by:miqrogroove
Comment Utility
> I can confirm off hand

There is really no way to confirm that 'off hand' ;)  If there is a name resolution problem and the client isn't joining the domain, then for all we know the client is transmitting "guest"/"" as the credential set based on its local GPO settings.
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
when on the laptop conencted with vpn you run nslookup and type the server name, do you receive the correct IP address?

what are the result of ping Netbios_name, ping IP address?

0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Confirming off hand, meaning I checked that out already.

As I said before I can map and connect via IP address of the server, but NOT the server name.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
@butor69, I'll have to check that later.
0
 
LVL 11

Expert Comment

by:miqrogroove
Comment Utility
You'll have to at least confirm that the server name and server FQDN are causing the same problem, to eliminate WINS issues as the cause.  If we can narrow it down to a DNS resolution problem we might kill two birds with one stone.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Ok, so just to confirm the attack plan here for after hours (hard to do much during the day, especially when it comes to 'adjusting' things ;) )....

1. Re-confirm that the right credentials are being given by trying to map a network drive and try with the correct username and password.  Might  as well give it a try again, can't hurt!!

2 - On same workstation, when connected via VPN, run nslookup <servername>, record IP address.

3 - On same workstation ping Netbios_name, ping IP address

4 - On the VPN client's network adapter, under TCP/IP properties, advanced, DNS,  add the domain DNS suffix, such as MyDomain.local in the "DNS suffix for this connection" box.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Also, decided to poke around the R&RA settings...

Currently, things are set up as a Remote Access Server, with Windows Authentication for all around security, IP routing enabled, Allow IP based remote access and demand dial connections is enabled, using a static addy pool of 31 addresses, and broadcast name resolution is also enabled.

 RAS is also able to select the adapter.  

All PPP options are enabled.

How can I verify that the DNS server IP *is* assigned to the RRAS server's network adapter, I mean I'm assuming it is considering both NICS in the server are static and all of the DNS info is pre-populated.
0
 
LVL 11

Expert Comment

by:miqrogroove
Comment Utility
Step 4 first, then step 2.  Then run nslookup against the FQDN.  If you are not getting expected results then run ipconfig /all

I would move on to netbios, wins, and file sharing issues after DNS is working fully as expected.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Hi again.

Doing some work remotely here from my own workstation just yeilded some oddball results..at least for the NS lookup...

I applied step # 4 above first, and then left the VPN connection default (using the gateway via vpn, etc).

Here is what I got for the nslookup on the server... (does this for the others too..)  We do have a primary and secondary DNS server as well.


c:\Program Files\Microsoft Visual Studio 9.0\VC>nslookup <servername>
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.x.x

Name:    <servername>.contoso.local
Address:  192.168.x.x


c:\Program Files\Microsoft Visual Studio 9.0\VC>
0
 
LVL 11

Expert Comment

by:miqrogroove
Comment Utility
That means nslookup connected to a DNS server with missing PTR records.
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
no reverse zone for 192.168.x.x
0
 
LVL 5

Expert Comment

by:dcsdave
Comment Utility
I used to have the same issues and used the following tool to create a VPN disk and it works every time.
http://technet.microsoft.com/en-us/library/cc739464.aspx
0
 

Author Comment

by:MilleniumFalcon
Comment Utility

C:\Documents and Settings\user>nslookup server
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.x.x

*** UnKnown can't find server: Server failed

C:\Documents and Settings\user>
--
ping test works fine!!!


C:\Documents and Settings\user>ping server

Pinging server.contoso.local [192.168.x.x] with 32 bytes of data:

Reply from 192.168.x.x: bytes=32 time<1ms TTL=128
Reply from 192.168.x.x: bytes=32 time<1ms TTL=128
Reply from 192.168.x.x: bytes=32 time<1ms TTL=128
Reply from 192.168.x.x: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.x.x:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\user>
---
After an ipconfig /registerdns was run after the above two tests...look what happend!


C:\Documents and Settings\user>nslookup server
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Can't find server name for address 192.168.x.x2: Non-existent domain
*** Can't find server name for address 192.168.x.x: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.x.x

Name:    server.contoso.local
Address:  192.168.x.x


C:\Documents and Settings\user>
-------

Now, when trying to access \\server\ I get a message indicating server is not accessible, etc etc.
Trying via IP address now doesn't work either.

This morning, the shortcuts I had created for the user using the IP addresses of the servers stopped working and would only let him in via direct server name! A few minutes after that, it stopped working and now i can't get to the main server...this is all so strange!

Now, mapping a folder to the network with the users credentials on the main server won't work either!
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Ok, I went back into DNS and noted that in the reverse zone there were no pointers to the servers...which was odd.

We did have a bit of a crash where group policies were eatten, DNS and DHCP reset itself to default, and even VPN reset to default...so we rebuilt everything again but maybe forgot a few things.

Anyhow, I put in the PTR records for our three servers and for each of their nics (dual nics in each) so hopefully that will solve the missing PTR issue.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
And actually, there we go.

When I ran an nslookup on our mains erver, I got no issues!
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
2 Nics? so Netbios on the two NICS or do you use failover?
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
The only failover is from the primary server to the secondary server with DNS should I have to reboot it or shut it down, etc.

Beyond that, the NICS are used to sorta seperate traffic and add in an extra place where I can move traffic in an out of (especially for backups).  
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Ok, so while nslookup servername works internally, it still doesn't seem to work when connected via VPN from outside, even when including the domain.local in the VPN settings and such.

What's my next step in the diagnostic process?
0
 
LVL 5

Expert Comment

by:dcsdave
Comment Utility
You might try adding a hosts entry on the remote PC.  C:\Windows\System32\Drivers\etc\  Open with notepad.  Enter the IP address right below the last entry then hit "Tab" then enter the "Server Name"
Save and exit.  A couple times I had Spybot running on the PC and I couldn't save the Hosts file back to the original location so  I just copied it to the desktop changed the entry and copied it back and that worked.

Hope that helps.
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
when the notebook is connected with vpn, does it receive the right DNS entries?

If no, then your VPN server is not right configured.
If you have the right DNS server (the internal ones) and that nslookup doesn't work , can you ping the ip address  of the DNS server?
there is maybe a filtering on the IP (firewall, ...)
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
DNS settings appear to be correct, however I'd still like to double check things on this end while I'm here and doing maintenance on the servers tonight.

As I'm still new to the Routing and Remote Access scene (practice makes perfect!), what settings specifically am I looking for?
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Hello everyone.

NSlookup, again, is still failing exeternally when connected via VPN.
Internally it's working great again.

Can someone please point me to where I should be looking next, under what options, settings, etc, to rectify this?

The issue is still apparent and annoying, and I'd like to get it fixed once and for all!

Thanks!
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
I have a few questions so I can get an idea of the issues...

1) What SBS server configuration are you using -- one NIC, two NIC, ISA, etc?
2) Do you have NetBIOS enabled on the NICs?
3) What kind of PCs are accessing the SBS server -- XP and/or Vista?
4) What VPN solution is in place -- a gateway-to-gateway tunnel or are you using SBS' VPN Server and allowing client VPNs sessions?
5) If using a VPN client, which VPN client are your external users using?
6) Are you using a hardware router? If so, what ports do you have opened/forwarded on your router?
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
1) What SBS server configuration are you using -- two nics, no ISA

2) Do you have NetBIOS enabled on the NICs? - Yes.  NEtbios settings are set to default for both NICS.

3) What kind of PCs are accessing the SBS server -- XP and/or Vista? - Primarily XP, a few Vista

4) What VPN solution is in place -- a gateway-to-gateway tunnel or are you using SBS' VPN Server and allowing client VPNs sessions? - SBS's VPN server (Routing and Remote Access)

5) If using a VPN client, which VPN client are your external users using? - Window's VPN client on all accounts

6) Are you using a hardware router? If so, what ports do you have opened/forwarded on your router?
Yes, our primary connection to the world is a Linksys router.  Firewall, SPI,DoS,Block WAN Request,MRemote Management, Multicast Passthrough all enabled

MTU is auto.

For the VPN, PPTP is allowed as a passthrough.
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
Even though you have PPTP passthrough enabled, you need to read over this article/blog for additional ports that are required when VPN is concerned.

http://msmvps.com/blogs/bradley/archive/2005/01/21/33537.aspx

---

Also, have you applied the Vista & Outlook 2007 Update to the SBS server as well?

Windows Small Business Server 2003: Windows Vista and Outlook 2007 compatibility update
http://support.microsoft.com/kb/926505
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Hi there.

Other ports are enabled, for OWA access via https (443), along with SMTP and IMAP, but why would I need to enable anything like IPSec if PPTP is in use only with the VPN?

"Windows Small Business Server 2003: Windows Vista and Outlook 2007 compatibility update" is installed already as well.
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
Even though you have PPTP pass-through enabled (this is commonly called GRE or Protocol 47) on the router, ports 500 & 1723 also needs to be forwarded to the SBS server.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Well, just went back to the router and ensured 500 (IPSec is opened to the server) along with 1723 (which already is) are open, so after this, if NSlookup fails and the same issues apply externally with the VPN, where do I go from there?
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
Please post the ipconfig /all from the SBS server and from one of the client PC's using VPN when connected.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
From SBS Server:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBSSERVER
   Primary Dns Suffix  . . . . . . . : CONTOSO.LOCAL
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.60
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Secondary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-12-3F-6D-D7-62
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.x2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.x.x
   DNS Servers . . . . . . . . . . . : 192.168.x.x
   Primary WINS Server . . . . . . . : 192.168.73.4

Ethernet adapter Primary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-10-18-0A-F2-17
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.x
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.73.1
   DNS Servers . . . . . . . . . . . : 192.168.x.x
   Primary WINS Server . . . . . . . : 192.168.x.x

C:\Documents and Settings\Administrator>


From a client over VPN:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\eweihrauch>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : homeserver
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Description . . . . . . . . . . . : TAP-Win32 Adapter V8
   Physical Address. . . . . . . . . : 00-FF-5C-68-01-8A

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-0C-76-14-A2-9F
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1

PPP adapter assuretec:

   Connection-specific DNS Suffix  . : CONTOSO.LOCAL
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.x.64
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.x.x
   Primary WINS Server . . . . . . . : 192.168.x.x

C:\Documents and Settings\eweihrauch>
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
Can you repost w/o sanitizing the internal network IPs? I am trying to confirm that the internal IPs are correctly set for WINS, Gateway, DNS, NICs, etc.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
For security reasons I'd really rather not.

How badly do you really need them?
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
As long as you don't mind the domain being sanitized (not that it should be needed)

SErver:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBSServer
   Primary Dns Suffix  . . . . . . . : CONTOSO.LOCAL
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.60
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Secondary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-12-3F-6D-D7-62
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.73.1
   DNS Servers . . . . . . . . . . . : 192.168.73.4
   Primary WINS Server . . . . . . . : 192.168.73.4

Ethernet adapter Primary LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-10-18-0A-F2-17
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.73.1
   DNS Servers . . . . . . . . . . . : 192.168.73.4
   Primary WINS Server . . . . . . . : 192.168.73.4

C:\Documents and Settings\Administrator>
----

Client:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\eweihrauch>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : homeserver
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : CONTOSO.LOCAL

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Description . . . . . . . . . . . : TAP-Win32 Adapter V8
   Physical Address. . . . . . . . . : 00-FF-5C-68-01-8A

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-0C-76-14-A2-9F
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1

PPP adapter assuretec:

   Connection-specific DNS Suffix  . : CONTOSO.LOCAL
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.73.66
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.73.4
   Primary WINS Server . . . . . . . : 192.168.73.4

C:\Documents and Settings\eweihrauch>
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 29

Expert Comment

by:Michael W
Comment Utility
From all of the PCs [local and VPN connected] and SBS Server too, run:
'ipconfig /flushdns' and 'ipconfig /registerdns'

---

One other thing I recommend is running the SBS Best Practices Analyzer on the SBS server to see if there are any underlying issues.

Description of the Windows Small Business Server 2003 Best Practices Analyzer tool
http://support.microsoft.com/?kbid=940439
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Hi, those settings were after the DNS was flushed and re-registered.
Makes no difference.

As for the SBS best practices, I'll check it out again.  Its already installed and I've previously used it along with the one for Exchange to fix a # of issues.

However, beyond this, what else should I look at?
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
About the only thing I can think of is possibly re-running the RRAS and CEIEW wizards again, as these handle all of your network configurations.

You stated in the past that you had suffered a server crash that caused damage to the group policies and DNS and VPN were reset to default. I just help wondering if something else might be underlying as a result of that crash.
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
One other possibility might be a netmask issue with the VPN...

Please post a 'route print' from both the SBS server and a connected VPN client.
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
When I was looking over the client ipconfig output, I noticed the following 'WINS Proxy Enabled'. This might be the culprit that is causing the problem.

How to Disable NetBT Proxy on Incoming Connections
http://support.microsoft.com/kb/319848
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Well the biggest issue is I'm getting dual errors with the best practices wizard of:
"The DNS client is not configured to point only to the internal IP address of the server"

Beyond that its just a few trivial things like the /3G switch not being supported (though I took it out a while back??), and something about a non default OMA setting which is fine since thats working wtihout an issue.

Ok, dumb question, as I've personally never ran through the CEIEW wizard befiore (SBS was in place long before I got here), what are the impacts on running this during the day?  I'm assuming I shouldn't since it will most likely cause some issues temporarily or for a unspecified ammount of time whilst it completes, right?
--

For route print:

From the server (note 73.1 is the Linksys)

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 12 3f 6d d7 62 ...... Broadcom NetXtreme Gigabit Ethernet
0x10004 ...00 10 18 0a f2 17 ...... Broadcom NetXtreme Gigabit Ethernet
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.73.1     192.168.73.4     10
          0.0.0.0          0.0.0.0     192.168.73.1     192.168.73.2     10
    24.147.217.25  255.255.255.255     192.168.73.1     192.168.73.2     10
    71.181.61.195  255.255.255.255     192.168.73.1     192.168.73.2     10
    71.243.45.188  255.255.255.255     192.168.73.1     192.168.73.2     10
     92.1.186.134  255.255.255.255     192.168.73.1     192.168.73.2     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     192.168.73.0    255.255.255.0     192.168.73.2     192.168.73.2     10
     192.168.73.0    255.255.255.0     192.168.73.4     192.168.73.4     10
     192.168.73.2  255.255.255.255        127.0.0.1        127.0.0.1     10
     192.168.73.4  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.73.60  255.255.255.255        127.0.0.1        127.0.0.1     50
    192.168.73.62  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.63  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.65  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.66  255.255.255.255    192.168.73.60    192.168.73.60      1
    192.168.73.68  255.255.255.255    192.168.73.60    192.168.73.60      1
   192.168.73.255  255.255.255.255     192.168.73.2     192.168.73.2     10
   192.168.73.255  255.255.255.255     192.168.73.4     192.168.73.4     10
        224.0.0.0        240.0.0.0     192.168.73.2     192.168.73.2     10
        224.0.0.0        240.0.0.0     192.168.73.4     192.168.73.4     10
  255.255.255.255  255.255.255.255     192.168.73.2     192.168.73.2      1
  255.255.255.255  255.255.255.255     192.168.73.4     192.168.73.4      1
Default Gateway:      192.168.73.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\Administrator>
-------

From a client:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\eweihrauch>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff 5c 68 01 8a ...... TAP-Win32 Adapter V8
0x10003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10004 ...00 0c 76 14 a2 9f ...... NVIDIA nForce Networking Controller
0x60005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100     21
          0.0.0.0          0.0.0.0    192.168.73.60    192.168.73.67      1
    69.95.155.106  255.255.255.255      192.168.0.1    192.168.0.100     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.0.0    255.255.255.0    192.168.0.100    192.168.0.100     20
    192.168.0.100  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.0.200  255.255.255.255        127.0.0.1        127.0.0.1     50
    192.168.0.255  255.255.255.255    192.168.0.100    192.168.0.100     20
    192.168.73.67  255.255.255.255        127.0.0.1        127.0.0.1     50
   192.168.73.255  255.255.255.255    192.168.73.67    192.168.73.67     50
        224.0.0.0        240.0.0.0    192.168.0.100    192.168.0.100     20
        224.0.0.0        240.0.0.0    192.168.73.67    192.168.73.67      1
  255.255.255.255  255.255.255.255    192.168.0.100    192.168.0.100      1
  255.255.255.255  255.255.255.255    192.168.0.200                2      1
  255.255.255.255  255.255.255.255    192.168.73.67    192.168.73.67      1
Default Gateway:     192.168.73.60
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\eweihrauch>

So where to start then I guess..disable NetBT Proxy, or re-run the CEIEW wiz?
The RRAS wiz was re-run not long ago after that crash, would it be necessary to re-run that after CEIEW as well?
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
I recommend re-running the CEIEW first before disabling the NetBT Proxy.

Just remember, if you run the CEIEW wizard, just make sure you're doing it from the box itself and not via a terminal session as it resets the network ports.

0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Will do.

Just to clarify though, will this greatly interrupt any net traffic internally?
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
Yes -- it will cause a network outage as it is being utilized as a network gateway.

I recommend running the CEIEW after-hours or during an outage window where you aren't having a lot of incoming and outgoing traffic.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Ah well, won't be today then :)
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Actually, how long does it take?
If 15mins or less I could just do it at EOB today and get it done with.
I know some people stay late even on a day like today (Fri + Halloween) so I always try to plan maintenance on days where people will mostly be out and a bit later as not to disrupt too much.
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
I As I already said, I don't understand why you have two nics, on the same subnet using both Netbios.
Thsi can give a lot of problems mainly name resolution. If you want to have backup network card, use load balancing or something like that. I'm sure that your problem come from the two Netbios enabled NICs.

Please disable one of them and see what happens.

Regards
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
I have to agree with butor69 as well for the added NIC card...

Although it is common to use two NICs to separate traffic for Windows setup for things like having a heartbeat network (i.e. High Availability, fail-over) or for sending streams to a different infrastructure (i.e. a backup or NAS/SAN environment) -- but each of these solutions should be on a different VLAN and not on the same subnet.

Now if you had the two NICs 'teamed', then that would be a different story entirely as it would utilize two different switches to make the network addressing faster and much more functional.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
The reason that there is a second NIC is for segregating normal traffic from backup traffic.
We have 2+ terrabytes of info being backed up in full every weekend, and incrementals every night.
With a 10/100 network in place, its too damn slow otherwise, so I created a gigabit backbone using secodary nics and funnel the backups through them.

During the day it's only used for about 1 other user who needs the gigabit speeds due to the # of files going back and forth.

Replacing networking equipment at this point, as we're a small biz, isn't an option, so I have to work with what i've got.
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
If yourBackup software use netbios name to make backup you don't separate the traffic at all.

If it use IP address you can disable netbios on the backup card.

If you want really separate them , create another IP range for your backup and Yes you can enable netbios on it.


0
 

Author Comment

by:MilleniumFalcon
Comment Utility
It's just as easy to disable the netbios on the secondary nics.

0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Ok, so I've disabled netbios on all secondary nics, turned off the chimney stacks (BUE related stuff), popped in another gig of ram to max out the main server (unrelated), and re-ran through the wizard to reset some things (which broke IIS but luckily I was able to restore it from a previous state save).

nslookup still fails over VPN, and I noticed, even with specifying options on the client end, the gateway address is still 0.0.0.0 , now what?
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
cough *bump*

I noticed that when connected to VPN if I do an nslookup server.contoso.local it's sucessful, but not if I do nslookup server .

Still, thoughts are most welcome at this point!
0
 

Expert Comment

by:Tonyc92007
Comment Utility
Just a thought after reading through..you have a default gateway on server both NICS. should only have 1 default gateway. Flush reconnect retry
if no help
I would try for a temporary status anyway, disable the secondary card and try again.


0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Disabling the secondary nic is not an option at this point.
Additionally, this issue existed long before I enabled the secondary nics as it were.
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
What about the DNS suffix  of your VPN clinet if nslookyp server  FQDN works, and nslookup server doesn't work. That means that your DNS suffix doesn't match the DNS suffix of your domain.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
How would I fix that then?
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
In the TCP parameters of your client , you can add DNS suffix
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Actually I've done that already, for example added contoso.local since the domain is effectively contoso.local .
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Ka-bump!
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
can you do an ipconfig /all?
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Results are the same as whats already pasted above ^^^^
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
FYI this is really only happening on workstations that have NOT been joined to the domain.  Even with the contoso.local appended to the vpn settings.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
I'd like to put this entire issue to rest this week if I could.
I appreciate all the help thus far but right now it looks like I'm running in circles.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Anyone!?!?

Secondary nic on primary server has been disabled which makes no difference for any user connected on a workstation to the VPN thats not already in the domain.

I'd greatly appreciate some feedback here.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
One thing I'm noticing, at least on my remote, home PC, is that the NIC I have there is set to be static (as it's a server).

My default gateway @ home is 192.168.0.1

When connected to VPN, and trying NSlookup, its failing since it cant find the domain contoso.local, and looks like it is defaulting to the 192.168.0.1
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
when you do nslookup , type the command set d2, it will set the mode to dubug so we can maybe have more details

Do you have any Firewall or antivirus on your client?


0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Erich Weihrauch>nslookup contoso
Server:  contoso.local
Address:  192.168.73.4

*** contoso.local can't find contoso: Server failed

C:\Users\Erich Weihrauch>nslookup contoso.local
Server:  contoso.local
Address:  192.168.73.4

Name:    contoso.local
Address:  192.168.73.4


C:\Users\Erich Weihrauch>nslookup contoso
Server:  contoso.local
Address:  192.168.73.4

*** contoso.local can't find contoso: Server failed

C:\Users\Erich Weihrauch>nslookup contoso set d2
Usage:
   nslookup [-opt ...]             # interactive mode using default server
   nslookup [-opt ...] - server    # interactive mode using 'server'
   nslookup [-opt ...] host        # just look up 'host' using default server
   nslookup [-opt ...] host server # just look up 'host' using 'server'

C:\Users\Erich Weihrauch>nslookup set d2
*** Can't find server address for 'd2':
Server:  contoso.local
Address:  192.168.73.4

*** contoso.local can't find set: Server failed

C:\Users\Erich Weihrauch>dpnslookup set contoso d2
'dpnslookup' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Erich Weihrauch>dpnslookup set d2 contoso
'dpnslookup' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Erich Weihrauch>nslookup
Default Server:  contoso.local
Address:  192.168.73.4

> set d2
> contoso
Server:  contoso.local
Address:  192.168.73.4

------------
SendRequest(), len 23
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = A, class = IN

------------
------------
Got answer (23 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = SERVFAIL
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = A, class = IN

------------
------------
SendRequest(), len 23
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = AAAA, class = IN

------------
------------
Got answer (23 bytes):
    HEADER:
        opcode = QUERY, id = 3, rcode = SERVFAIL
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso, type = AAAA, class = IN

------------
*** contoso.local can't find contoso: Server failed
> contoso.local
Server:  contoso.local
Address:  192.168.73.4

------------
SendRequest(), len 33
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso.local, type = A, class = IN

------------
------------
Got answer (49 bytes):
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso.local, type = A, class = IN
    ANSWERS:
    ->  contoso.local
        type = A, class = IN, dlen = 4
        internet address = 192.168.73.4
        ttl = 3600 (1 hour)

------------
------------
SendRequest(), len 33
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        contoso.local, type = AAAA, class = IN

------------
------------
Got answer (79 bytes):
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        contoso.local, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  contoso.local
        type = SOA, class = IN, dlen = 34
        ttl = 3600 (1 hour)
        primary name server = contoso.local
        responsible mail addr = hostmaster
        serial  = 14451
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
Name:    contoso.local
Address:  192.168.73.4

>
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
bump
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
what I don't understand is your server name
 contoso.local I assume that it's name.domain.local ?




0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Yes.
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Happy Turkey Week!

BUMP!
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Anyone?

Honestly I'd really like to solve this issue already.
All the necessary info should be in this whole issue, along with logs etc.....
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
I think the better way to analyze your problem is to connect by VPN and see if the problem is the same with our PC
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
I'm sorry but that is NOT a possibility.  Besides, the problem will be the same.  I have PC's joined to the domain, and a # of personal workstations @ home not associated with the domain that act exactly the same.

Bottom line is, if the information above is not suffice to solve the problem then I will close this issue as it's going down the toilet faster than an unwanted pregnancy on prom night.
0
 
LVL 29

Expert Comment

by:Michael W
Comment Utility
One other option, though it's a bit of a long shot...

Have you applied/installed Windows Server 2003 Service Pack 2 (SP2)? As part of the Win2k3 SP2 release, there is a Windows Server 2003 Scalable Networking Pack (SNP) embedded within it. On a computer that has a TCP/IP Offload-enabled network adapter, you may experience many network-related problems.

The SNP feature was to offload the processing of network packets from the CPU to the Network card.  This has caused more issues than helping the network enhancements. And this is a major issue if the network card is a Broadcom network card -- which is the most widely installed NIC on all servers.

An update to turn off default SNP features is available for Windows Server 2003-based and Small Business Server 2003-based computers
http://support.microsoft.com/kb/948496
0
 

Author Comment

by:MilleniumFalcon
Comment Utility
Hello.

Yes, SP2 is installed.
Turning the features on and off made no impact.
0
 
LVL 1

Expert Comment

by:butor69
Comment Utility
Do you have any antivirus/firewall installed on your computers (even if it's disabled)?
0
 

Accepted Solution

by:
MilleniumFalcon earned 0 total points
Comment Utility
Yes, and it's been tested prior and post installation with no varying results.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Screen Mirroring 7 37
Funa@india.com 6 391
8 partitions?!  Really? 8 96
Can't Decide: Office 365 Premium or Status Quo 7 56
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now