VPN Disconnects internet

I have several VPN related problems.  The first is that I have a software VPN setup on an XP Pro machine that uses the standard VPN client in XP and connects to a 2003 server.  When the client machine connects I cannot access the internet.  The Local Area Network Connection says it is still connected though.  I just have one app that needs to use the vpn and everything else needs to still use the regular LAN connection.

The second problem is that I can only ping computers in the remote LAN by ip and not by dns name.  The the client app that uses the vpn accesses a database on the remote LAN and cannot find it unless I manually configure it using the IP of the target machine.  It used to automatically detect the dns name of the app server and the database that it needs to connect to.  Therefore I am assuming that the problem is a result of not being able to use dns for the remote LAN over the VPN.
willmarpleAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ChiefITCommented:
DHCP, Netbios, DNS and the default gateway have to be configured correctly on a machine that is multihomed:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23806816.html

Please read the DHCP portion of the article and read followup comments that explains how to take care of DNS, Netbios and the default gateway.
0
willmarpleAuthor Commented:
I only have one NIC in the server.  I know that this is not recommended but will it work reasonably well?
0
willmarpleAuthor Commented:
Also, DHCP is being handled by the router in the remote LAN containing the servers.  Do I need to switch DHCP over to the Domain Controller?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

willmarpleAuthor Commented:
Ok, I'm wrong.  There is no DHCP server at all on the remote LAN with the servers.  There are only 4 computers on the LAN and all are set up with static IP addresses.  I can't really apply the DHCP portion of your article to my situation, but do you think all of the DNS and Netbios stuff will resolve the issue?
0
Kieran_BurnsCommented:
Are you using a VPN router to allow inbound connections or using Routing and Remote Access (RRAS) on the Windows Server?
As far as 'net access is concerned you need to configure IE correctly:
Tools, options, connections
then you'll see a connection in the Dial up and Virtual Private connection settings section, edit this:
fill in the Proxy settings as you have them set within your normal IE config and you'll find it works
Incidentally, you'll also find a way of assigning static IP addresses if you want to bypass the whole DHCP method (the latter IS  the recommended way though)
If you go to the netywork settings of your VPN (dial-up) connection, you can edit the TCP/IP properties and change it from assign automatically (DHCP) to static.
This would mean that you would need to manage each private IP assigned.
0
djpazzaCommented:
Make sure that you havent got 'Use remote gateway' check under vpn properties -network - tcp/ip  - properties - advanced

then how about adding an entry for the remote ipaddress asan entry in the host file on the xp pc.

%SystemRoot%\system32\drivers\etc\hosts

open in notepad and add an entry e.g

192.168.10.2       servername
0
ChiefITCommented:
Yes, DNS, netbios and the gateway are important to get right when connecting through a VPN. In your case, especially the gateway.
0
willmarpleAuthor Commented:
Thanks for all of the input guys.  I'm using Routing and Remote Access.  I've got a lot of remote clients accessing this vpn, so a solution targeting the client would not be optimal.  I would like to be able to ge the vpn server set up (we had it working this way before our server crashed) so that everything works again without messing with the client machines.

Chief IT, the problem I'm having is that I can't do a ping with dns or nslookup.  A lot of the stuff in your articles involves setting this up on a server with two nic cards (e.g. Outside ip and internal ip).  It also involves making sure that the connections do not register with the dns server.  I apologize for my lack of understanding in this area, but how would this help me to use dns to communicate with that network?  I guess I basically need a little more explanation on why you set up dns, netbios and the gateway so that I can understand how to implement your solution in my specific scenario.  Requesting noob friendly instructions please : ).
0
ChiefITCommented:
Under the VPN properties, you should be able to prevent this from using netbios by disabling netbios over tcp/ip and also file and print sharing. Also make sure the gateway is not configured on the VPN connection side. To do this:

Right click on the VPN connection>> Properties>>networking tab>>TCP/IP>> Properties>>Advanced>> and
1) click on the wins tab and disable netbios over TCP/IP also disable LMHOST lookup
2) disable use default gateway on remote network
3) If this is a DHCP server, prevent it from supplying DHCP as it stated in the above article
4) Click apply and OK out of that so you save your settings.

5) now go back to where you saw the TCP/IP protocol and disable file and print sharing on your VPN connection
++++++++++++++++++++++++++++++
Then, if you are unable to use NSlookup, your preferred DNS server may be off for this server. I would like to give you an aritcle I wrote that will help you find the DNS discrepancy and fix it. This is the basics of how a DNS query works:

http://www.experts-exchange.com/articles/Networking/Protocols/DNS/DNS-Troubleshooting-made-easy.html

A number of things could be getting in the way of DNS pings or NSlookup. Most likely if this is the only issue, you may be looking at the preferred DNS server. You will find that on configuring the NIC card, by:
right click your nic connection>>properties>>tcp/ip>>properties>>advanced button>> and

1)On the DNS tab Make sure your preferred DNS server is your DNS server, NOT an outside server
2) also on the DNS tab make sure it appends the DNS suffix is enabled
3) also on the DNS tav make sure it is set to register this DNS suffix is enabled
4) on the WINS tab make sure LMHOST lookup is disabled
5) also on the WINS tab enable netbios over TCP/IP
6) click apply and OK out of that to save your settings

7) go back to where you saw the TCP/IP protocol and make sure file and print sharing is installed so that you populate My network places.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ChiefITCommented:
after is all said and done:

reboot
0
willmarpleAuthor Commented:
I will give this a try on Monday.  Thanks so much ChiefIT for the great instructions.
0
willmarpleAuthor Commented:
I still haven't solved this issue, but ChiefIT has done his due diligence in providing valuable information.  I don't want to someone to feel like I'm just being a jerk or purposefully dragging out the issue.
0
willmarpleAuthor Commented:
ChiefIT, I have been messing around with Routing And Remote Access on the server in question.  I have lost my configuration tab in the properties of the internal connection in the rra mmc under IP Routing>General.  In the main viewing pane it also says the connection is unavailable.  How do I unscrew this up?
0
ChiefITCommented:
The VPN uses RRAS to route netbios packets to and from remote clients. If you go to the command prompt and type IPconfig /all, you will probably find that where it says WINS proxy, it will say yes. Without a WINS server, your netbios packets will not route to remote clients. Also, that connection may be trying to support internet when a VPN client is connected to it.

So, when you connect via VPN, you may be asking the server to provide netbios translation when it doesn't have a WINS server. Then, your VPN client may be trying to contact the internet through the server, while routed through the server on an RRAS connection. Both might knock down internet access when the VPN connection is made.

If you don't have a WINS server, you may consider disabling the WINS proxy:
http://support.microsoft.com/kb/319848

How to enable/disable internet connection sharing:
http://support.microsoft.com/kb/314066

http://www.colorado.edu/CNS/vpn/ics.html


How to unhose your RRAS connection settings:
http://support.microsoft.com/kb/323415

Let me know how this works for you.
0
willmarpleAuthor Commented:
My first concern in unhosing RRAS.  I have tried disabling and reconfiguring the server.  I have even disabled, deleted the server in the mmc, rebooted then reconfigured and the problem is still there.  Do you know how I can get a clean slate with this thing?  Maybe clearing a registry entry or something executed from the command line that isn't available through the mmc?
0
ChiefITCommented:
You can delete the VPN connection. That should stop RRAS.

Then recreate the VPN connection.

The link above should tell you the settings of your RRAS. RRAS is used to route over the server. I am thinking it is not necessary to route over the server.

Uninstalling and reinstalling RAS:
http://support.microsoft.com/kb/280314
0
willmarpleAuthor Commented:
Thanks Chief,

Unfortunately this is still not doing it.  As soon as I re-enable RAS the problem interface is still there.  I have attached a screenshot of what I am talking about so maybe you can get a better feel for what's going on.

I have tried disabling and re-configuring RAS in the mmc, and also completely removing the remote access server role and re-adding it.  I think I have either effected this "internal" interface in some other area of the server, or I need to manually uninstall RAS and reinstall it.  I'm really hosed up with this thing and I've got to get it working again so I definitely appreciate the help.

RAS-error.png
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.