Solved

DNS & shares not available over VPN

Posted on 2011-02-13
7
1,260 Views
Last Modified: 2012-05-11
I have 3 sites;
Site A has sbs2011 server, 2003 Server, subnet x.x.20.x
Site B has Server 2003 server, subnet x.x.10.x
Site C has no server, subnet x.x.30.x
Site A & B are connected by VPN - Mutitech routers.
Site B & C are connected by VPN (site C has a D-Link Router)
Site A & C are connected by VPN
All servers have DNS enabled.

From PC at Site C, using nslookup, I can resolve names from DNS server in Site B, however if I use the DNS servers in site A, DNS resolution fails (times out). I can ping the all servers by IP address and as the PC has its primary DNS server in site B, can ping all servers by name and name.domain.lan.
At site C the D-Link router gives out IP address and the domain suffix for the domain.
The PC's are Domain Joined.

Also, on the site C PC, I can not get to http:\\companyweb (hosted on the SBS Server in site A), however can get to https:\\sbs\owa and https:\\sbs (RWW site).  Nor can I get to or view any server shares off the servers in Site A, although I can get to server shares in site C.

As far as I can tell the VPN configuration between Site C & A (link with issues) is the same as the VPN configuration between site C & B. (Also there are not a lot of options on these lower end routers to limit traffic)

The AD configeration has two sites configured Site A & Site B.  All funtionallity is avaible between site A & B.

I am suspecting it is a security issue on the SBS server (recently added to the network), as the VPN configuration look the same and there is full functionality between site C & B.

Any help with this would be appreciated.
0
Comment
Question by:bmcollis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34885268
You say the SBS 2011 server was recently added.   So the SBS Server should be the Authoritative DNS server for the domain....how was the SBS 2011 server added?  As a migration with the existing network or a new install?
0
 

Author Comment

by:bmcollis
ID: 34885272
Thanks for the quick response.

As a migration.
How can I tell if it is the Authoritative DNS server and would this stop it responding to DNS queries from another subnet.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34885301
Are there DNS servers in the other sites?   Were they also Domain Controllers?

On the SBS server > All programs > Administrative Tools > DNS
Then Expand Forward Lookup Zones
Expand _msdcs.domainname.local
Click on _msdcs.domainname.local
On the right you should see a record called Start of Authority...does it point to your SBS 2011 server?
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:bmcollis
ID: 34885572
There is no DNS in site C, howerver the server 2003 box in site B and the server 2003 & sbs 2011 boxes in site A have DNS funtionallity.

On the SBS Server
From your instructions above,
Expand Forward Lookup Zones
Expand DomainName.lan
Epand/click on _msdcs - there is no SOA reocrd in this folder, although there are 3 CName records pointing to the 3 servers, however instead of an IP address it is "unique number" (I think there is aproper name for this but don't know what it is).

If I click on DomainName.lan, there is a SOA in there.
The properties of that indicate the primary server is the SBS box.
The "Name Servers" tab list the 3 servers with there IP address.

If I go to the server in Site B the DNS looks the same except for the SOA record in DomainName.lan,
the Primary server is the server in Site B, and the Name Server Tab shows the 3 servers.

Note: all 3 servers are DC's.

Replication between the DNS seems to be working as I added a reversie lookup zone for site C (x.x.30.x) to the DNS server on the SBS box and it replciated to the other servers.

 
0
 

Author Comment

by:bmcollis
ID: 34885707
Hi CrisHanna,

I would liek to thank you for helping out.
I beleived that as these are basic routers and things worked from Site B to A and from Site C to B, then things shoudl work from Site C to A.
I broke down and installed NetMon on the SBS server in site A, and found that no DNS traffic was coming through.  Althought some other traffic web (OWA) and ping was.
Looked at the Router/Firewall in Site A (Mutitech) and found that there was a packet filter accepting traffic from Site B.
Added one to accept traffic from Site C and now all OK.
So from Site C I can do DNS lookups against the SBS server and view shares on that server.  Also the Companyweb site now displays (althought it is tellme my login does not have access rights - differnet issue).

So again, I would liek to thank you for your help, and I would like to award you some points for helpping out, but apprently I can either assign you all or nothing and I don't think I can reduce the points on the question to then assign you all.

Have a great day.
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 500 total points
ID: 34887455
If you feel it appropriate to reduce the number of points awarded...you can do so by choosing a grade other than A, when mark the response as helpful
0
 

Author Closing Comment

by:bmcollis
ID: 34888771
Thank you CrisHanna for your timly response to my question/coments in a timly manner.  

I beleive you would have been there until this problme was solved, had I not solved it my self.

Therfore the grade selected here is not an indication of how you responded put rather a way to award you some points to show my apprication for you timly responses.  I thank you for that and hope you will be about the next time I get stuck.

Thank You
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Changing a SBS 2011 Server to TLS 6 49
Sonicwall VPN and DHCP Setup 10 95
roaming profiles windows server 2016 8 219
SSL VPN and open two factor authentication 3 82
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question