Solved

DNS & shares not available over VPN

Posted on 2011-02-13
7
1,261 Views
Last Modified: 2012-05-11
I have 3 sites;
Site A has sbs2011 server, 2003 Server, subnet x.x.20.x
Site B has Server 2003 server, subnet x.x.10.x
Site C has no server, subnet x.x.30.x
Site A & B are connected by VPN - Mutitech routers.
Site B & C are connected by VPN (site C has a D-Link Router)
Site A & C are connected by VPN
All servers have DNS enabled.

From PC at Site C, using nslookup, I can resolve names from DNS server in Site B, however if I use the DNS servers in site A, DNS resolution fails (times out). I can ping the all servers by IP address and as the PC has its primary DNS server in site B, can ping all servers by name and name.domain.lan.
At site C the D-Link router gives out IP address and the domain suffix for the domain.
The PC's are Domain Joined.

Also, on the site C PC, I can not get to http:\\companyweb (hosted on the SBS Server in site A), however can get to https:\\sbs\owa and https:\\sbs (RWW site).  Nor can I get to or view any server shares off the servers in Site A, although I can get to server shares in site C.

As far as I can tell the VPN configuration between Site C & A (link with issues) is the same as the VPN configuration between site C & B. (Also there are not a lot of options on these lower end routers to limit traffic)

The AD configeration has two sites configured Site A & Site B.  All funtionallity is avaible between site A & B.

I am suspecting it is a security issue on the SBS server (recently added to the network), as the VPN configuration look the same and there is full functionality between site C & B.

Any help with this would be appreciated.
0
Comment
Question by:bmcollis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34885268
You say the SBS 2011 server was recently added.   So the SBS Server should be the Authoritative DNS server for the domain....how was the SBS 2011 server added?  As a migration with the existing network or a new install?
0
 

Author Comment

by:bmcollis
ID: 34885272
Thanks for the quick response.

As a migration.
How can I tell if it is the Authoritative DNS server and would this stop it responding to DNS queries from another subnet.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34885301
Are there DNS servers in the other sites?   Were they also Domain Controllers?

On the SBS server > All programs > Administrative Tools > DNS
Then Expand Forward Lookup Zones
Expand _msdcs.domainname.local
Click on _msdcs.domainname.local
On the right you should see a record called Start of Authority...does it point to your SBS 2011 server?
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:bmcollis
ID: 34885572
There is no DNS in site C, howerver the server 2003 box in site B and the server 2003 & sbs 2011 boxes in site A have DNS funtionallity.

On the SBS Server
From your instructions above,
Expand Forward Lookup Zones
Expand DomainName.lan
Epand/click on _msdcs - there is no SOA reocrd in this folder, although there are 3 CName records pointing to the 3 servers, however instead of an IP address it is "unique number" (I think there is aproper name for this but don't know what it is).

If I click on DomainName.lan, there is a SOA in there.
The properties of that indicate the primary server is the SBS box.
The "Name Servers" tab list the 3 servers with there IP address.

If I go to the server in Site B the DNS looks the same except for the SOA record in DomainName.lan,
the Primary server is the server in Site B, and the Name Server Tab shows the 3 servers.

Note: all 3 servers are DC's.

Replication between the DNS seems to be working as I added a reversie lookup zone for site C (x.x.30.x) to the DNS server on the SBS box and it replciated to the other servers.

 
0
 

Author Comment

by:bmcollis
ID: 34885707
Hi CrisHanna,

I would liek to thank you for helping out.
I beleived that as these are basic routers and things worked from Site B to A and from Site C to B, then things shoudl work from Site C to A.
I broke down and installed NetMon on the SBS server in site A, and found that no DNS traffic was coming through.  Althought some other traffic web (OWA) and ping was.
Looked at the Router/Firewall in Site A (Mutitech) and found that there was a packet filter accepting traffic from Site B.
Added one to accept traffic from Site C and now all OK.
So from Site C I can do DNS lookups against the SBS server and view shares on that server.  Also the Companyweb site now displays (althought it is tellme my login does not have access rights - differnet issue).

So again, I would liek to thank you for your help, and I would like to award you some points for helpping out, but apprently I can either assign you all or nothing and I don't think I can reduce the points on the question to then assign you all.

Have a great day.
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 500 total points
ID: 34887455
If you feel it appropriate to reduce the number of points awarded...you can do so by choosing a grade other than A, when mark the response as helpful
0
 

Author Closing Comment

by:bmcollis
ID: 34888771
Thank you CrisHanna for your timly response to my question/coments in a timly manner.  

I beleive you would have been there until this problme was solved, had I not solved it my self.

Therfore the grade selected here is not an indication of how you responded put rather a way to award you some points to show my apprication for you timly responses.  I thank you for that and hope you will be about the next time I get stuck.

Thank You
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question