Solved

SBS 2003 - when someone VPN, server gets additional IP and client application get confuses multiple IPs

Posted on 2010-09-08
12
348 Views
Last Modified: 2012-05-10
I have recently enabled Incoming VPN connections on SBS 2003. The problem is when the user dials in. The server gets an additional IP address fpr the VPN tunneling which is fine. But it also creates a another DNS record under the server name with the additional IP.

So for example: servername.domain.local

servername - 192.168.0.1
servername - 192.168.0.2

On the client workstations. The application querys the servername's DNS and gets the second IP address. But the server core applications are listening on the first IP address. This causes havok within the network.

How can we disable in a way that the VPN or DNS server does not create this additional record so it will only have one [A] record.

At the moment I'm deleting the host record manually and modifying the workstations hosts record.. but I can't do this everyday.

Thanks
0
Comment
Question by:CBM Corporate
  • 5
  • 5
  • 2
12 Comments
 
LVL 20

Expert Comment

by:wolfcamel
ID: 33633277
perhaps re-run the internet wizard on sbs,
the vpned workstation should get the dns record for the ip it connected with
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33633362
Uhh, this is internal to how the VPN works.  It needs those additional dns listings to route traffic back to the VPN clients.  However, those dns listings should have the VPN client's names, so what you are saying doesn't make sense.  

Try the following.  

First, make sure that the server's only using IP addresses that are needed.  Check the networking properties.

Second, if this is a multihomed computer (more than one network card), make sure you have your services listening on the correct IP address for the correct network card.

Third, make sure that the DNS entry is correct.  Actually go into your DNS server and remove extra entries.  You can also disable your network configuration from updating DNS also.  

Fourth, you could try setting up your services to listen on all ports so it wouldn't matter which one the client connected to.

Let me know if this helps.
0
 

Author Comment

by:CBM Corporate
ID: 33633395
There is no additional IP addresses configured with the primary adaptor. The second network card does not have an IP address and is disabled. (HP ML350 G5 server).

I just went into the DNS configuration and saw it was listening on all IP addresses. I will change it and select it only to listen on the primary IP address. See how it goes.

I wish I could enable the services to listen all. But not in this particular environment.

BTW, The actual client workstations are the actual workstations inside the network. Not the VPN clients.

Thanks
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 9

Expert Comment

by:rfportilla
ID: 33634314
ahh, I just caught something else.  I should read these posts twice.  THe VPN IP is an added IP.  Of course.

Another thing to try.  Is your software dependent on the DNS name?  What I mean is that if you can add a CName to your DNS and configure your clients to go to your Cname, that would work and is generally a better solution anyway.  That way if you ever have to change servers you can just repoint the CName and not have to adjust clients again.
0
 

Author Comment

by:CBM Corporate
ID: 33634372
When the VPN client dials in, it grabs the DHCP IP address ie: 192.168.1.100 (default gateway is off). In the server itself. The PPP RAS server adaptor gets assigned 192.168.1.87 which the DNS server creates servername -> 192.168.1.87 [A] record. So it's like a round robin thing.. when the client workstations query the servername, it returns 192.168.1.87 as the servername record instead of 192.168.1.125 :(

Server ipconfig

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   IP Address. . . . . . . . . . . . : 192.168.1.87
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   IP Address. . . . . . . . . . . . : 192.168.1.125 ** main IP address
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.3

If only I could prevent it from automatically creating the [A] record servername -> 192.168.1.87 so that the other workstations will only return servername -> 192.168.1.125

I just remotely logged in. Setting DNS to listen only on the primary IP didn't make any difference.. saw a servername -> 192.168.1.87 record.
0
 
LVL 20

Expert Comment

by:wolfcamel
ID: 33634719
it really shouldnt be doing this..have you rerun the internet wizard in sbs?
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33635026
Setting the server to only listen on the one IP doesn't have anything to do with it.  I think your best option is to use the CNAME.  I like that design best anyway.  Create a CNAME with an address like 192.168.1.201, give it a name like customapp.server.local (whatever your local server and domain are) and point your clients to that domain name.  Problem solved.  I like this solution best because, like I said before, if you upgrade that server or move those services, you can just update the DNS entry and have everyone point to the right place.

@Wolfcamel, I think this is by Microsoft design.  They create an IP for the virtual connection and insert a dns record at the same time.  It's just strange that the software isn't listening on all ports correctly.
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33635042
Darn, i'm not thinking.  You don't want a CNAME.  CNAME is for pointing to another domain, or an alias.  You want another A record pointing to 192.168.1.125 with a new name specific to your application.

0
 

Author Comment

by:CBM Corporate
ID: 33643172
The client workstation or application/Microsoft services will query the host name "servername" in this case. It will not query another hostname so creating a custom [A] record will not do anything.

Hmm I wonder if I can prioritize the lookup order for the second DNS entry. That may do the trick..

Thanks
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33655653
"The client workstation or application/Microsoft services will query the host name..."

You would have to reconfigure the client one time to point to the new a record.  I think it is worth doing one time to never have to do it again.  You don't even need to do it all at once, just create the record and transition a few at a time or create a policy to update the setting.
0
 

Accepted Solution

by:
CBM Corporate earned 0 total points
ID: 34331579
Still did not find a proper way. At the end I just modified all the workstations c:\windows\system32\drivers\etc\hosts file and added the server hostname and IP address.
0
 

Author Closing Comment

by:CBM Corporate
ID: 34376248
Still did not find a proper way. At the end I just modified all the workstations c:\windows\system32\drivers\etc\hosts file and added the server hostname and IP address.
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPV6 Issues 3 37
DNS Server 7 73
Computer Boot Up Time can be 30 minutes, please help with any recommendations? 10 99
SBS 2003 Windows 7 issues 7 42
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question