• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1265
  • Last Modified:

DNS & shares not available over VPN

I have 3 sites;
Site A has sbs2011 server, 2003 Server, subnet x.x.20.x
Site B has Server 2003 server, subnet x.x.10.x
Site C has no server, subnet x.x.30.x
Site A & B are connected by VPN - Mutitech routers.
Site B & C are connected by VPN (site C has a D-Link Router)
Site A & C are connected by VPN
All servers have DNS enabled.

From PC at Site C, using nslookup, I can resolve names from DNS server in Site B, however if I use the DNS servers in site A, DNS resolution fails (times out). I can ping the all servers by IP address and as the PC has its primary DNS server in site B, can ping all servers by name and name.domain.lan.
At site C the D-Link router gives out IP address and the domain suffix for the domain.
The PC's are Domain Joined.

Also, on the site C PC, I can not get to http:\\companyweb (hosted on the SBS Server in site A), however can get to https:\\sbs\owa and https:\\sbs (RWW site).  Nor can I get to or view any server shares off the servers in Site A, although I can get to server shares in site C.

As far as I can tell the VPN configuration between Site C & A (link with issues) is the same as the VPN configuration between site C & B. (Also there are not a lot of options on these lower end routers to limit traffic)

The AD configeration has two sites configured Site A & Site B.  All funtionallity is avaible between site A & B.

I am suspecting it is a security issue on the SBS server (recently added to the network), as the VPN configuration look the same and there is full functionality between site C & B.

Any help with this would be appreciated.
  • 4
  • 3
1 Solution
Cris HannaCommented:
You say the SBS 2011 server was recently added.   So the SBS Server should be the Authoritative DNS server for the domain....how was the SBS 2011 server added?  As a migration with the existing network or a new install?
bmcollisAuthor Commented:
Thanks for the quick response.

As a migration.
How can I tell if it is the Authoritative DNS server and would this stop it responding to DNS queries from another subnet.
Cris HannaCommented:
Are there DNS servers in the other sites?   Were they also Domain Controllers?

On the SBS server > All programs > Administrative Tools > DNS
Then Expand Forward Lookup Zones
Expand _msdcs.domainname.local
Click on _msdcs.domainname.local
On the right you should see a record called Start of Authority...does it point to your SBS 2011 server?
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

bmcollisAuthor Commented:
There is no DNS in site C, howerver the server 2003 box in site B and the server 2003 & sbs 2011 boxes in site A have DNS funtionallity.

On the SBS Server
From your instructions above,
Expand Forward Lookup Zones
Expand DomainName.lan
Epand/click on _msdcs - there is no SOA reocrd in this folder, although there are 3 CName records pointing to the 3 servers, however instead of an IP address it is "unique number" (I think there is aproper name for this but don't know what it is).

If I click on DomainName.lan, there is a SOA in there.
The properties of that indicate the primary server is the SBS box.
The "Name Servers" tab list the 3 servers with there IP address.

If I go to the server in Site B the DNS looks the same except for the SOA record in DomainName.lan,
the Primary server is the server in Site B, and the Name Server Tab shows the 3 servers.

Note: all 3 servers are DC's.

Replication between the DNS seems to be working as I added a reversie lookup zone for site C (x.x.30.x) to the DNS server on the SBS box and it replciated to the other servers.

bmcollisAuthor Commented:
Hi CrisHanna,

I would liek to thank you for helping out.
I beleived that as these are basic routers and things worked from Site B to A and from Site C to B, then things shoudl work from Site C to A.
I broke down and installed NetMon on the SBS server in site A, and found that no DNS traffic was coming through.  Althought some other traffic web (OWA) and ping was.
Looked at the Router/Firewall in Site A (Mutitech) and found that there was a packet filter accepting traffic from Site B.
Added one to accept traffic from Site C and now all OK.
So from Site C I can do DNS lookups against the SBS server and view shares on that server.  Also the Companyweb site now displays (althought it is tellme my login does not have access rights - differnet issue).

So again, I would liek to thank you for your help, and I would like to award you some points for helpping out, but apprently I can either assign you all or nothing and I don't think I can reduce the points on the question to then assign you all.

Have a great day.
Cris HannaCommented:
If you feel it appropriate to reduce the number of points awarded...you can do so by choosing a grade other than A, when mark the response as helpful
bmcollisAuthor Commented:
Thank you CrisHanna for your timly response to my question/coments in a timly manner.  

I beleive you would have been there until this problme was solved, had I not solved it my self.

Therfore the grade selected here is not an indication of how you responded put rather a way to award you some points to show my apprication for you timly responses.  I thank you for that and hope you will be about the next time I get stuck.

Thank You
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now