?
Solved

SBS 2003 - when someone VPN, server gets additional IP and client application get confuses multiple IPs

Posted on 2010-09-08
12
Medium Priority
?
359 Views
Last Modified: 2012-05-10
I have recently enabled Incoming VPN connections on SBS 2003. The problem is when the user dials in. The server gets an additional IP address fpr the VPN tunneling which is fine. But it also creates a another DNS record under the server name with the additional IP.

So for example: servername.domain.local

servername - 192.168.0.1
servername - 192.168.0.2

On the client workstations. The application querys the servername's DNS and gets the second IP address. But the server core applications are listening on the first IP address. This causes havok within the network.

How can we disable in a way that the VPN or DNS server does not create this additional record so it will only have one [A] record.

At the moment I'm deleting the host record manually and modifying the workstations hosts record.. but I can't do this everyday.

Thanks
0
Comment
Question by:CBM Corporate
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
12 Comments
 
LVL 20

Expert Comment

by:wolfcamel
ID: 33633277
perhaps re-run the internet wizard on sbs,
the vpned workstation should get the dns record for the ip it connected with
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33633362
Uhh, this is internal to how the VPN works.  It needs those additional dns listings to route traffic back to the VPN clients.  However, those dns listings should have the VPN client's names, so what you are saying doesn't make sense.  

Try the following.  

First, make sure that the server's only using IP addresses that are needed.  Check the networking properties.

Second, if this is a multihomed computer (more than one network card), make sure you have your services listening on the correct IP address for the correct network card.

Third, make sure that the DNS entry is correct.  Actually go into your DNS server and remove extra entries.  You can also disable your network configuration from updating DNS also.  

Fourth, you could try setting up your services to listen on all ports so it wouldn't matter which one the client connected to.

Let me know if this helps.
0
 

Author Comment

by:CBM Corporate
ID: 33633395
There is no additional IP addresses configured with the primary adaptor. The second network card does not have an IP address and is disabled. (HP ML350 G5 server).

I just went into the DNS configuration and saw it was listening on all IP addresses. I will change it and select it only to listen on the primary IP address. See how it goes.

I wish I could enable the services to listen all. But not in this particular environment.

BTW, The actual client workstations are the actual workstations inside the network. Not the VPN clients.

Thanks
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:rfportilla
ID: 33634314
ahh, I just caught something else.  I should read these posts twice.  THe VPN IP is an added IP.  Of course.

Another thing to try.  Is your software dependent on the DNS name?  What I mean is that if you can add a CName to your DNS and configure your clients to go to your Cname, that would work and is generally a better solution anyway.  That way if you ever have to change servers you can just repoint the CName and not have to adjust clients again.
0
 

Author Comment

by:CBM Corporate
ID: 33634372
When the VPN client dials in, it grabs the DHCP IP address ie: 192.168.1.100 (default gateway is off). In the server itself. The PPP RAS server adaptor gets assigned 192.168.1.87 which the DNS server creates servername -> 192.168.1.87 [A] record. So it's like a round robin thing.. when the client workstations query the servername, it returns 192.168.1.87 as the servername record instead of 192.168.1.125 :(

Server ipconfig

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   IP Address. . . . . . . . . . . . : 192.168.1.87
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   IP Address. . . . . . . . . . . . : 192.168.1.125 ** main IP address
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.3

If only I could prevent it from automatically creating the [A] record servername -> 192.168.1.87 so that the other workstations will only return servername -> 192.168.1.125

I just remotely logged in. Setting DNS to listen only on the primary IP didn't make any difference.. saw a servername -> 192.168.1.87 record.
0
 
LVL 20

Expert Comment

by:wolfcamel
ID: 33634719
it really shouldnt be doing this..have you rerun the internet wizard in sbs?
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33635026
Setting the server to only listen on the one IP doesn't have anything to do with it.  I think your best option is to use the CNAME.  I like that design best anyway.  Create a CNAME with an address like 192.168.1.201, give it a name like customapp.server.local (whatever your local server and domain are) and point your clients to that domain name.  Problem solved.  I like this solution best because, like I said before, if you upgrade that server or move those services, you can just update the DNS entry and have everyone point to the right place.

@Wolfcamel, I think this is by Microsoft design.  They create an IP for the virtual connection and insert a dns record at the same time.  It's just strange that the software isn't listening on all ports correctly.
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33635042
Darn, i'm not thinking.  You don't want a CNAME.  CNAME is for pointing to another domain, or an alias.  You want another A record pointing to 192.168.1.125 with a new name specific to your application.

0
 

Author Comment

by:CBM Corporate
ID: 33643172
The client workstation or application/Microsoft services will query the host name "servername" in this case. It will not query another hostname so creating a custom [A] record will not do anything.

Hmm I wonder if I can prioritize the lookup order for the second DNS entry. That may do the trick..

Thanks
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33655653
"The client workstation or application/Microsoft services will query the host name..."

You would have to reconfigure the client one time to point to the new a record.  I think it is worth doing one time to never have to do it again.  You don't even need to do it all at once, just create the record and transition a few at a time or create a policy to update the setting.
0
 

Accepted Solution

by:
CBM Corporate earned 0 total points
ID: 34331579
Still did not find a proper way. At the end I just modified all the workstations c:\windows\system32\drivers\etc\hosts file and added the server hostname and IP address.
0
 

Author Closing Comment

by:CBM Corporate
ID: 34376248
Still did not find a proper way. At the end I just modified all the workstations c:\windows\system32\drivers\etc\hosts file and added the server hostname and IP address.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question