[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 876
  • Last Modified:

Can't access VPN, OWA, POP3, iPhone Sync Internaly

Hi, have a situation which is doing my head in where when any PC/Laptop /iPhone is connected to the domain internally either hard wired or via a wireless connection can't access the VPN, OWA, POP3 or sync the iPhone where as it all works perfectly from outside the domain using an internet source to connect in.

Now I've tried a Forward Lookup Zone with no luck, well I believe I did it right anyway. I am thinking this is a DNS issue, so having two totally different domains setup in two different locations and the other working fine I have compared the DNS zones and cannot find any differences in the way any of it is set up.

Anybody got any ideas for me to try?

Cheers, Darren.
0
dazcoates
Asked:
dazcoates
  • 11
  • 5
  • 2
1 Solution
 
ThorinOCommented:
Do you have internal DNS records for all of the things you listed? For example if you access OWA with webmail.domain.com/owa is there an internal A record for webmail in a domain.com zone?
0
 
dazcoatesAuthor Commented:
We access OWA with mail.domainname.com.au/exchange

0
 
ThorinOCommented:
Are you configuring all these devices externally first and when they come internally they don't work? Or do you also have problems with new systems that have only been configured internally?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
dazcoatesAuthor Commented:
Could port triggering have something to do with it?
0
 
dazcoatesAuthor Commented:
ThorinO, this is for all devices, new and existing.
0
 
Rob WilliamsCommented:
You don't need port triggering.

Are these devices pointing to the external domain name? Most routers will not allow hair-pinning (connecting to the external interface of a router from the internal network.
You need to add a forward look up zone for your external domain. If you ran the "set up my internet address" wizard it should have done this for you.

As a test can you connect to the VPN if you specify the LAN IP of the server?
0
 
dazcoatesAuthor Commented:
Yes for both VPN and OWA if I run the internal IP
0
 
Rob WilliamsCommented:
Sounds like you are missing the forward lookup zone for your external domain name.
Did you run the "set up my internet address" wizard?
   If you have deployed the self signed certificate to anyone do not rerun, at least not yet.
In the DNS management console if you expand the server name, then froward lookup zones do you have a 'folder' with your external domain name? ( the default would be remote.YourDomain.zyz)
0
 
dazcoatesAuthor Commented:
All I have in the forward lookup zone area is: 'domainname.local'

Within that Zone I have the following:

_msdcs            
_sites            
_tcp            
_udp            
DomainDnsZones            
ForestDnsZones            
(same as parent folder)      Start of Authority (SOA)      [156], server.domainname., hostmaster.
(same as parent folder)      Name Server (NS)      server.domainname.local.
(same as parent folder)      Host (A)      192.168.x.x
companyweb      Alias (CNAME)      server.domainname.local.
EDI      Host (A)      192.168.x.x
User1       Host (A)      192.168.x.x
User2      Host (A)      192.168.x.x
User3      Host (A)      192.168.x.x
User4      Host (A)      192.168.3.49
User5      Host (A)      192.168.3.26
publishing      Host (A)      192.168.x.x
server      Host (A)      192.168.x.x


0
 
dazcoatesAuthor Commented:
The above is pretty much all I have in the Forward DNS Zone of the other network I administer and it all works OK. I have no Zone for the external domain name there either?
0
 
dazcoatesAuthor Commented:
Just further to this I have since also checked the forward zones on my sbs server at home and again no mention of any external domain name. I can sync my iPhone over exchange internally there as well.

???? About to give up!
0
 
Rob WilliamsCommented:
Firstly I should should have asked is this SBS 2003 or 2008?

If SBS 2008, under Forward Lookup Zones there should be
_msdcs.mydomain.loca
mydomain.local
remote.YourPublicDomainName.abc    (remote is the default but could be something else)

If SBS 2003 you probably do not have the last one but need to manually add it
SBS 2008 will automatically create it with the "set up your internet address" wizard as per the following link
http://blogs.technet.com/b/sbs/archive/2008/10/15/introducing-the-internet-address-management-wizard-part-1-of-3.aspx
However the wizard also creates a self signed certificate. If you use a 3rd party certificate that doesn't matter, but if you are currently using the self-signed certificate on mobile devices and you re-run the wizard you will need to install the updated certificate
0
 
dazcoatesAuthor Commented:
SBS 2003
0
 
dazcoatesAuthor Commented:
So I need to add 'remote.mydomain.com.au' as a zone, no A record or anything?
0
 
dazcoatesAuthor Commented:
I added the above zone and still no connection!
0
 
Rob WilliamsCommented:
You need to set up "split-dns" which allows the SBS to resolve the external domain name using a new forward lookup zone you will create.
The zone will be whatever the Fully Qualified Domain Name of your site is. remote.xyx.xyz is the default for SBS 2008 but you have to use the name you use to connect to your SBS when off site.
Then follow these instructions:
http://www.mattgibson.ca/2008/07/13/setting-up-split-split-dns-with-windows-sbs-2003-dns-services-easily/
0
 
dazcoatesAuthor Commented:
Ok the penny's finally dropped, I have an understanding of the forward zone and how to use it. As we have a 3rd party host our domain I had to go on their site and create an A record called owa and point it to our external IP. Then on the server created a forward lookup zone called mydomain.com.au and then within that zone an A record called owa and point it the the internal server IP. Yes Rob I know you where saying that all along but I just couldn't get my head round creating a forward on the server and that will fix it, I needed to create an A record at the domain hosting level as well. This allows the user to use both owa.mydomain.com.au inside and outside the domain. BINGO!

Thanks Rob, I learnt some valuable stuff here with this issue.

Cheers, Daz.
0
 
Rob WilliamsCommented:
:-)
Glad to hear you were able to get it up and running.

>>"As we have a 3rd party host our domain I had to go on their site "
Sorry I didn't mention that part as I assumed that was already in place. Any FQDN related to your domain needs a public DNS record created with whomever manages DNS for your domain. (www.yourdomain.com, ftp.yourdomain.com, mail.yourdomain.com, remote.yourdomain.com, etc)
 
Thanks dazcoates
Cheers!
--Rob
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 11
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now