[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

hosts file configuration for a vpn connection

Posted on 2010-03-31
14
Medium Priority
?
1,441 Views
Last Modified: 2012-05-09
Hi there,

Let me begin by describing my client's network setup. My client has two locations, shop and home.

At his shop there is a server running SBS 2008. The server is called Sunshineserver. Now that server is set as the domain controller and DNS server. It has an IP of 192.168.0.150. The server uses a router as a gateway, its IP is 192.168.0.1.

Now, at home there is one PC, and that PC uses a router as a gateway as well, It's IP is 192.168.1.1. This router has a VPN connection with the shop route. The PC at home uses the server at the shop as a domain controller.

I used to have the PC at home have a Manual DNS setting of 192.168.0.150 as Primary, and 192.168.1.1 as secondary. This was fine, except the internet was slow and unreliable. So instead I changed the DNS setting to only have 192.168.1.1 as it's primary. Then in the Hosts file I added this:

127.0.0.1       localhost

192.168.0.150       sunshineserver

192.168.0.150      sunshine.local

192.168.0.150 sunshinekserver.acculock.local

192.168.0.150 hostmaster.sunshine.local

This seemed to work fine, but after a short period of time I started getting this message "There are currently no logon servers available to service the logon request"

By the way, these are all static IP addresses.

My question is, what record do I need to add to the hosts file? Or, have I even gone about this the wrong way?
0
Comment
Question by:Corey Haecker
  • 7
  • 5
  • 2
14 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 29275680
What kind of router and VPN client?
0
 
LVL 1

Author Comment

by:Corey Haecker
ID: 29284681
At home there is a linksys router with vpn. At the shop there is a fortigate 50b, which is a canadian made,commercial grade router. The two are connected by a vpn that uses ipsec
0
 
LVL 1

Author Comment

by:Corey Haecker
ID: 29338504
Please, does anyone have help for me? This issue is giving me a big headache.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 29376038
If you add them to the hosts file, it should work perfectly.
0
 
LVL 1

Author Comment

by:Corey Haecker
ID: 29377431
Actually, I just figured it out. I needed to add the netbios name of the server to lmhosts. That did the trick. Thanks for trying to help.
0
 
LVL 1

Author Comment

by:Corey Haecker
ID: 29487092
The logon server actually resolves by netBios name, not DNS. Here is what I had to do:

Got to c:\windows\system32\drivers\etc\lmhosts.sam

I added this

192.168.0.150      SUNSHINESERVER      #PRE      #DOM:SUNSHINE

192.168.0.150      "SUNSHINE       \0x1b"      #PRE

saved it as lmhosts (without any extension)

and the problem was solved.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 29710752
It's good you separated the LMhost from the duties of the Host files.

LMhost is for WINS and Netbios resolution. It's used to route Netbios broadcasts over a VPN connection or to basically route Netbios broadcasts. An alternative configuration is to configure a WINS server.

Host files are used for DNS. If you have a DNS server a Host file should never be configured. The reason is, DNS is routeable. This means it will go through a VPN tunnel, or outside the broadcast domain.

Configured Host files will interfere with DNS server resolution. So, all Host file edits should be deleted, or you may have DNS problems in the future.
0
 
LVL 1

Author Comment

by:Corey Haecker
ID: 29862259
Guess what, I thought this problem was solved, but my client is still getting windows domain logon screens when he is at home. You mentioned that i should not use the hosts file. What would you recommend I do then. I dont him to use 192.168.0.150 as a primary IP while he is at home, because then all dns resolution is being funneled through a vpn connection, which makes the intrenet slow. My reasoning maybe a little off here. Where am I wrong
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 2000 total points
ID: 29872070
First Off, you have to separate DNS and Netbios/WINS. Get it out of your mind they are related. They are very similar and also share the same structure and do many of the same things, but are two different protocols.

Netbios is a broadcast protocol and resides only on the broadcast domain. This means it will not route past the NAT router, over a VPN connection, to different VLANS, or across different subnets, UNLESS it has help. That help comes from either WINS or a configured LMHOST record.

There is a FANTASTIC article that explains all about the browser service.

Now, you are familiar with how a HOST file works. It is used to provide a DNS record if you don't have a DNS server. In this case you have a DNS server and DNS is routeable. So, let's leave DNS alone and delete all configured host files. Configured HOST records should ONLY be used if you don't have a DNS server, because DNS is routeable and all sites have a DNS server.

The way the browser service works is All computers broadcast out their information that they are sharing for files and printers. They also broadcast out thier operating system and whether they hold the FSMO roles. All of the OS information and role holder information is used to ELECT a domain master browser. (this is not a computer domain, it's a broadcast domain). YOU WANT a LMHOST connection between the domain master browser and all other site master browsers. If this user is at home alone, he is the site master browser. That will allow you to share the browselist between every site.

Here is that article. Now, it is an NT4 article, but the browser service has not changed a bit since NT4 on up through 2008 server, xp, 2000, w7, vista.

Learn about browser elections, the domain master and the WINS/WAN configuration of the browser services. Instead of WINS, you can use an LMhost record for every site master browser.

http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true

Here is an example:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23657415.html
0
 
LVL 1

Author Comment

by:Corey Haecker
ID: 30043982
Thank you so much for the help and the info. I have read over the article, and learned alot of neat things. So do you think that I should setup the networks this way. I want to be specific so that i do not miss anything.


at Home:

Router:
IP Address: 192.168.1.1
DNS Settings: Obtained form ISP
IPSEC vpn connection to shop router (192.168.0.1)

PC 1 :

DNS Setting: Primary = 192.168.1.1

\HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Browser \Parameters\IsDomainMaster set to TRUE

NO Hosts file
LMHosts file as:

192.168.0.150      SUNSHINESERVER      #PRE      #DOM:SUNSHINE

192.168.0.150      "SUNSHINE       \0x1b"      #PRE


Laptop: (moves between shop and home)

Obtain DNS settings automatically
NO hosts file
NO lmhosts file
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 30055211
On remote sites and clients, do not set the domain master registry key to isdomainmaster TRUE. Only the PDCe of the main site. However, all sites need to maintain a browselist.

You can either configure LMHOST or make your DC a WINS server.

DNS from ISP, I think would be OK.

NO HOST files
LMHOST or WINS configured.
0
 
LVL 1

Author Comment

by:Corey Haecker
ID: 30057294
Ok. I will try that. Just to see if i am on the right track.

If I am at PC 1 at home, and I type in the cmd prompt "ping sunshineserver" how will that name get resolved? Is it from the browse list sent from the PDCe which is found through NetBIOS using LMHOSTS?

I used to think this was resolved only with the DNS server which is on the other side of the VPN, but i didn't want all DNS resolutions happening at the server, thus the hosts file.

Sorry if I am a little slow, I really appreciate the help!
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 30645785
If I am at PC 1 at home, and I type in the cmd prompt "ping sunshineserver" how will that name get resolved? Is it from the browse list sent from the PDCe which is found through NetBIOS using LMHOSTS?

through Netbios and LMHOST

servernam.domain.name is throught DNS resolution.

xxx.xxx.xxx.xxx is throught ARP
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 30645872
Or better yet:

computer name >>>to>>>IP address === Netbios
computername.domain.name>>to>>IPaddress==DNS
IPaddress>>>MAC address==ARP
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
There may be issues when you are trying to access Outlook or send & receive emails or due to Outlook crash which leads to corrupt or damaged PST file. To eliminate the corruption from your PST file, you need to repair the corrupt Outlook PST file. U…
Suggested Courses
Course of the Month11 days, 2 hours left to enroll

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question