Solved

SBS 2008 VPN DNS Issues

Posted on 2009-07-13
2
873 Views
Last Modified: 2012-06-21
I'm currently running a SBS 2008 Premium server with Windows XP Pro SP3 clients. I've encountered issues with the Microsoft VPN client since upgrading to SBS 2008. My clients are able to connect, authenticate, and get DHCP settings correctly. If servers are referred to by \\servername.domain.local\share it works great but if only \\servername\share is entered the VPN'd machines are unable to resolve it. Is this inherint within the design of SBS 2008 or is there something I can adjust to provide the ability of resolving by just the servername?
0
Comment
Question by:Danstr1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Accepted Solution

by:
AdoBeebo earned 500 total points
ID: 24841989
This is a guess, but are your VPN clients going into a different subnet to the rest of the domain? Are they pulling down 192.168.1.1/24 IP addresses? This IP range is provided by Networking and Remote Access. I haven't peered into the defaults of SBS08 but I do know that the DHCP service provided by N&RA is limited compared to the full blown DHCP service that will be handing out IPs to internal clients.
Can you check that it is the SBS08 server providing DHCP services from its own DHCP service, or if it is the limited DHCP service that comes with Networking and Remote Access Role. Check to see if DHCP leases are being provided to a logged in VPN client from the main scope, and verify the DNS settings are correct within the scope.
You can certainly help your aim of single name resolution by setting up a GlobalNameZone which is populated with CNAME values. If the GNZ is included in the same DNS as is specified for clients in the DHCP scope they use you should find name resolution a little bit smarter.
Setup GNZ
From CMD:
dnscmd.exe ServerNameHere /config /enableglobalnamessupport 1
In DNS Management
Create a new Forward Lookup Zone called "GlobalNames", AD integrated, replicate forest-wide.
Populate this zone with CNAME values e.g.
"SBS08" = "SBS08.domain.local"
"Proxy" = "ISA06.domain.local"
etc
0
 

Author Comment

by:Danstr1
ID: 24843250
The DHCP all checked out. DHCP was coming correctly from the server including the DNS settings. I proceeded to create the GlobalNameZone as you recommended. I am now able to connect to those machines I entered the CNAME values for. Thanks!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question