hosts file configuration for a vpn connection

Hi there,

Let me begin by describing my client's network setup. My client has two locations, shop and home.

At his shop there is a server running SBS 2008. The server is called Sunshineserver. Now that server is set as the domain controller and DNS server. It has an IP of 192.168.0.150. The server uses a router as a gateway, its IP is 192.168.0.1.

Now, at home there is one PC, and that PC uses a router as a gateway as well, It's IP is 192.168.1.1. This router has a VPN connection with the shop route. The PC at home uses the server at the shop as a domain controller.

I used to have the PC at home have a Manual DNS setting of 192.168.0.150 as Primary, and 192.168.1.1 as secondary. This was fine, except the internet was slow and unreliable. So instead I changed the DNS setting to only have 192.168.1.1 as it's primary. Then in the Hosts file I added this:

127.0.0.1       localhost

192.168.0.150       sunshineserver

192.168.0.150      sunshine.local

192.168.0.150 sunshinekserver.acculock.local

192.168.0.150 hostmaster.sunshine.local

This seemed to work fine, but after a short period of time I started getting this message "There are currently no logon servers available to service the logon request"

By the way, these are all static IP addresses.

My question is, what record do I need to add to the hosts file? Or, have I even gone about this the wrong way?
LVL 1
Corey HaeckerSupport ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick HobbsRETIREDCommented:
What kind of router and VPN client?
0
Corey HaeckerSupport ManagerAuthor Commented:
At home there is a linksys router with vpn. At the shop there is a fortigate 50b, which is a canadian made,commercial grade router. The two are connected by a vpn that uses ipsec
0
Corey HaeckerSupport ManagerAuthor Commented:
Please, does anyone have help for me? This issue is giving me a big headache.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

Rick HobbsRETIREDCommented:
If you add them to the hosts file, it should work perfectly.
0
Corey HaeckerSupport ManagerAuthor Commented:
Actually, I just figured it out. I needed to add the netbios name of the server to lmhosts. That did the trick. Thanks for trying to help.
0
Corey HaeckerSupport ManagerAuthor Commented:
The logon server actually resolves by netBios name, not DNS. Here is what I had to do:

Got to c:\windows\system32\drivers\etc\lmhosts.sam

I added this

192.168.0.150      SUNSHINESERVER      #PRE      #DOM:SUNSHINE

192.168.0.150      "SUNSHINE       \0x1b"      #PRE

saved it as lmhosts (without any extension)

and the problem was solved.
0
ChiefITCommented:
It's good you separated the LMhost from the duties of the Host files.

LMhost is for WINS and Netbios resolution. It's used to route Netbios broadcasts over a VPN connection or to basically route Netbios broadcasts. An alternative configuration is to configure a WINS server.

Host files are used for DNS. If you have a DNS server a Host file should never be configured. The reason is, DNS is routeable. This means it will go through a VPN tunnel, or outside the broadcast domain.

Configured Host files will interfere with DNS server resolution. So, all Host file edits should be deleted, or you may have DNS problems in the future.
0
Corey HaeckerSupport ManagerAuthor Commented:
Guess what, I thought this problem was solved, but my client is still getting windows domain logon screens when he is at home. You mentioned that i should not use the hosts file. What would you recommend I do then. I dont him to use 192.168.0.150 as a primary IP while he is at home, because then all dns resolution is being funneled through a vpn connection, which makes the intrenet slow. My reasoning maybe a little off here. Where am I wrong
0
ChiefITCommented:
First Off, you have to separate DNS and Netbios/WINS. Get it out of your mind they are related. They are very similar and also share the same structure and do many of the same things, but are two different protocols.

Netbios is a broadcast protocol and resides only on the broadcast domain. This means it will not route past the NAT router, over a VPN connection, to different VLANS, or across different subnets, UNLESS it has help. That help comes from either WINS or a configured LMHOST record.

There is a FANTASTIC article that explains all about the browser service.

Now, you are familiar with how a HOST file works. It is used to provide a DNS record if you don't have a DNS server. In this case you have a DNS server and DNS is routeable. So, let's leave DNS alone and delete all configured host files. Configured HOST records should ONLY be used if you don't have a DNS server, because DNS is routeable and all sites have a DNS server.

The way the browser service works is All computers broadcast out their information that they are sharing for files and printers. They also broadcast out thier operating system and whether they hold the FSMO roles. All of the OS information and role holder information is used to ELECT a domain master browser. (this is not a computer domain, it's a broadcast domain). YOU WANT a LMHOST connection between the domain master browser and all other site master browsers. If this user is at home alone, he is the site master browser. That will allow you to share the browselist between every site.

Here is that article. Now, it is an NT4 article, but the browser service has not changed a bit since NT4 on up through 2008 server, xp, 2000, w7, vista.

Learn about browser elections, the domain master and the WINS/WAN configuration of the browser services. Instead of WINS, you can use an LMhost record for every site master browser.

http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true

Here is an example:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23657415.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Corey HaeckerSupport ManagerAuthor Commented:
Thank you so much for the help and the info. I have read over the article, and learned alot of neat things. So do you think that I should setup the networks this way. I want to be specific so that i do not miss anything.


at Home:

Router:
IP Address: 192.168.1.1
DNS Settings: Obtained form ISP
IPSEC vpn connection to shop router (192.168.0.1)

PC 1 :

DNS Setting: Primary = 192.168.1.1

\HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Browser \Parameters\IsDomainMaster set to TRUE

NO Hosts file
LMHosts file as:

192.168.0.150      SUNSHINESERVER      #PRE      #DOM:SUNSHINE

192.168.0.150      "SUNSHINE       \0x1b"      #PRE


Laptop: (moves between shop and home)

Obtain DNS settings automatically
NO hosts file
NO lmhosts file
0
ChiefITCommented:
On remote sites and clients, do not set the domain master registry key to isdomainmaster TRUE. Only the PDCe of the main site. However, all sites need to maintain a browselist.

You can either configure LMHOST or make your DC a WINS server.

DNS from ISP, I think would be OK.

NO HOST files
LMHOST or WINS configured.
0
Corey HaeckerSupport ManagerAuthor Commented:
Ok. I will try that. Just to see if i am on the right track.

If I am at PC 1 at home, and I type in the cmd prompt "ping sunshineserver" how will that name get resolved? Is it from the browse list sent from the PDCe which is found through NetBIOS using LMHOSTS?

I used to think this was resolved only with the DNS server which is on the other side of the VPN, but i didn't want all DNS resolutions happening at the server, thus the hosts file.

Sorry if I am a little slow, I really appreciate the help!
0
ChiefITCommented:
If I am at PC 1 at home, and I type in the cmd prompt "ping sunshineserver" how will that name get resolved? Is it from the browse list sent from the PDCe which is found through NetBIOS using LMHOSTS?

through Netbios and LMHOST

servernam.domain.name is throught DNS resolution.

xxx.xxx.xxx.xxx is throught ARP
0
ChiefITCommented:
Or better yet:

computer name >>>to>>>IP address === Netbios
computername.domain.name>>to>>IPaddress==DNS
IPaddress>>>MAC address==ARP
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocols

From novice to tech pro — start learning today.