Remote desktop connection can't find computer...
My users at a remote site are continually getting this error. Sometimes it goes away quickly while others it doesn't. They say they still have access to the network drives so i'm not sure what's going on. The sites are connected via VPN through a SonicWall firewall.
ts1-prob.png
ts1-prob.png
jorlando66
try using the fully qualified domain name does that work? for example ts1.yourdomain.com
Typically DNS does not work thru VPN - try connecting using the actual ip address of the end computer you are trying to control.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is something that works fine with my other site. I'll ask that they try typing in the IP.
ASKER
digitap, the server is obviously a static IP. The SonicWall is the DNS server this site but the other site has a 2003 server for it's DNS.
Yes, site to site via SonicWall firewalls.
Yes, site to site via SonicWall firewalls.
DNS will work through vpn if it is set up properly.
ASKER
Like I said, it still works... just randomly gets this error. It can get this error for half an hour and then be fine... could be five minutes then it's fine. Random.
I agree with jorlando66...DNS will work across a VPN...what you might consider is using the 2003 DNS server in place of the remote site's sonicwall as primary DNS. Use the sonicwall as the secondary. The only caveat to be aware of is the latency across the VPN. If the 2003 DNS server responds too slowly, then the workstations will default to the secondary which is the sonicwall. Shouldn't be a problem as this is what you are using now.
you might consider checking the log files and see if the sonicwall appliances are dropping the VPN. Confirm speed/duplex setting (auto by default) on the WAN interface. 100MB/Full, 10MB/Half, etc. You might also consider reviewing an article I wrote on properly configuring the MTU of the WAN interface. If set incorrectly, can cause a sonicwall to drop packets preventing VPN connections from staying connected.https://www.experts-exchange.com/viewArticle.jsp?aid=3110
ASKER
I don't see any VPN tunnel connections dropped.
The MTU was one thing I was wondering about because it was affecting my main site. I'll look into all your suggestions and get back to you. Thanks.
The MTU was one thing I was wondering about because it was affecting my main site. I'll look into all your suggestions and get back to you. Thanks.
ASKER
I corrected the MTU though it seems it wasn't far off. ISP has been switched since I've been here. Still pretty new to the company.
Typing in the actual IP address worked perfectly. Under Network --> Settings, the DNS servers are set to external DNS servers (the ones we use for our web hosting I believe). I had set the first one to our main site's DNS server. I just switched it back to the two external ones first and the internal DNS to last. I am a bit confused though as these are two completely different types of DNS servers. What is supposed to go where? There is also Dynamic DNS with nothing setup.
Typing in the actual IP address worked perfectly. Under Network --> Settings, the DNS servers are set to external DNS servers (the ones we use for our web hosting I believe). I had set the first one to our main site's DNS server. I just switched it back to the two external ones first and the internal DNS to last. I am a bit confused though as these are two completely different types of DNS servers. What is supposed to go where? There is also Dynamic DNS with nothing setup.
disregard dynamic dns as it doesn't apply to what you're currently working on. look at the dhcp scope configuration for your internal hosts on the sonicwall. what dns server ip is it handing out? an internal or external one? if external, change it to the internal ip and remove all other entries. if it's already internal, remove the external entries leaving only the internal ip.
do these workstations authenticate to the domain across the vpn?
ASKER
Okay, I made sure it's only the internal DNS server.
Yes, each site is authenticated through our main site.
Yes, each site is authenticated through our main site.
If you are only typing in the server name(ts1) and not the FQDN (ts1.mydomain.local) then you are using WINS(netbios) to resolve this name. If your WINS server is not configured correctly, you won't resolve the name and you will receive this error as it isn't using DNS. Try verifying your WINS configuration is correct, use the IP, or use the FQDN and that should fix your problem.
WINS won't resolve over the VPN without an IP Helper. If you have clients authenticating to the domain, you really need a DC at this remote site. Things would go a lot smoother for you.
Regarding the IP Helper, here's a sonicwall KB article that can help you configure that.
http://www.sonicwall.com/downloads/ip_helper.pdf
Regarding the IP Helper, here's a sonicwall KB article that can help you configure that.
http://www.sonicwall.com/downloads/ip_helper.pdf
ASKER
Yes, I've been after them for a server at this site as well as a new backup server. Unfortunately I get nothing. Thanks for the link.
ASKER
Unfortunately IP Helper isn't an option with the SonicWall at this location. Thanks for the information to back up my statements of needing a server even further.
Check your dns and make sure forwarders are set up to external dns sources. No external dns server address should be handed out to client.
Check netbios settings for the servers themselves.
Under server's lan connection make sure register suffix is checked under dns
Make sure append primary and parent suffix is checked
under wins make sure enable netbios from dhcp is checked
You could put the server information in the hosts file, but I personally hate hard coding IP information in case the server IP changes.
The hosts file is generally located at:
C:\Windows\System32\driver
Windows folder can change based on OS.
In there, you'd enter the server name(ts1) and then the IP it should map to. There is an example in the hosts file.
The hosts file is generally located at:
C:\Windows\System32\driver
Windows folder can change based on OS.
In there, you'd enter the server name(ts1) and then the IP it should map to. There is an example in the hosts file.
WINS isnt routable. You would need the helper, but check the dns settings none the less.
IP Helper may not be a part of the standard OS on the sonicwall. I think you have enough information here to "patch" your current issue. Obviously, as you already know, a local domain controller is the obvious long term solution.
Solutions by the other experts:
- Hosts file entries. http:#a33628124
- FQDN http:#a33620799
- Manually configured suffix http:#a33626812
- Primary DNS being the remote, internal DNS server http:#a33620906
Solutions by the other experts:
- Hosts file entries. http:#a33628124
- FQDN http:#a33620799
- Manually configured suffix http:#a33626812
- Primary DNS being the remote, internal DNS server http:#a33620906
Lets get more Information:
When the user is not able to reach the TS1 server have them go to DOS and PING TS1 . My guess is they are not able to resolve it (the Public DNS server has no idea who TS1 is) or they get an incorrect IP (your ISP will provide a Search Server IP to redirect you to, some ISPs do this)
I would look at the config of the Sonicwall.
You will need to configure the DHCP settings to pass out your AD DNS server IPs to the clients, not the IP of the Sonicwall. This will make sure they are able to Resolve the correct IP, but will require your VPN to be up in order to broswe the internet.
If your Sonicwall happens to have an AD DNS server defined in it its local config [or you are passing out both an ISP DNS and an AD DNS to the clients] (which would explain why it sometimes works), then you could just make sure that it Only has AD DNS servers defined in it (either in the Firewall system setting or the DHCP server settings). I would not think Sonicwall would use a DNS server over a VPN tunnel, but it could happen.
David
When the user is not able to reach the TS1 server have them go to DOS and PING TS1 . My guess is they are not able to resolve it (the Public DNS server has no idea who TS1 is) or they get an incorrect IP (your ISP will provide a Search Server IP to redirect you to, some ISPs do this)
I would look at the config of the Sonicwall.
You will need to configure the DHCP settings to pass out your AD DNS server IPs to the clients, not the IP of the Sonicwall. This will make sure they are able to Resolve the correct IP, but will require your VPN to be up in order to broswe the internet.
If your Sonicwall happens to have an AD DNS server defined in it its local config [or you are passing out both an ISP DNS and an AD DNS to the clients] (which would explain why it sometimes works), then you could just make sure that it Only has AD DNS servers defined in it (either in the Firewall system setting or the DHCP server settings). I would not think Sonicwall would use a DNS server over a VPN tunnel, but it could happen.
David
thanks for the points!
ASKER
I'm just going to have them use the IP until I can get a server there. This further weighs in on my side in argument that we need one. Thanks for all the replies.
Your welcome! Hope you win your server!