[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

While connected to the vpn, internal names are not being resolved...sometimes?

Posted on 2011-04-27
11
Medium Priority
?
6,298 Views
Last Modified: 2012-05-11
Hello,
 This usually only happens with laptops that use different ISP connections while they are travelling. Mine does it once in awhile but I usually flush the dns. I've been reading a lot of posts on here regarding vpn and dns issues but I'm still trying to pinpoint where the problem resides.
Firewall: Fortigate
O/S: Windows 7
Problem: Internal names cannot be resolved
The Fortigate is setup to dish out DNS IP's to the incoming connection. Once connected I can ping the internal IP's. Internal server names cannot be resolved. ie Bringing up an internal webpage using http://myserver/default.aspx won't work but replacing 'myserver' with the IP works fine.
This seems to happen on certain cable ISP's. Rogers is a nasty one for doing this but Bell you would have no problem with. Do cable providers do something so that they force you to always use their DNS servers first? Is there a way to force my internal DNS servers to be used while connecting through the VPN? This is a pain!!

Thank all,
BW
0
Comment
Question by:bwinkworth
  • 6
  • 5
11 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 35477765
When you are connected to the VPN, run 'nslookup' from the command line.   The nslookup should return the IP of the current DNS server you are using.    Is it the VPN's assigned Dns  or your own?    If it is your own, check to see if DNS is set statically in your Adapter IPv4 settings.   If it is, then the VPN's assigned DNS are not being applied, hence no resolution.  

That's my 1st thought anyway.

0
 

Author Comment

by:bwinkworth
ID: 35490469
Thanks MikeKane. I did some testing at home on my laptop (wireless) because I can reproduce the problem with it. On my desktop at home I have no problems remoting in to my computer here at work using the machine name.
When I connected to the vpn with my laptop I attempted to remote to my machine and got the 'Remote desktop can't find the computer "machinename".' error message. So I did an nslookup and it reported back the IP of the DNS server of my internal network at work which is what the Fortinet firewall does. When I did an ipconfig /displaydns it showed the FQDN of my 2 DNS servers and their IP's but other server names displayed 'Name does not exist' How can it kind of work but then not really? This has been eating at me for some time.

Thanks fella,
BW
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 35491820
When you try the connection, are you using just the name (i.e. "server"), or the fqdn (i.e. "server.domain.com").     The fqdn would use dns, just name might be using WINS which could be pointing to an incorrect box.  

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:bwinkworth
ID: 35491854
I'm using just the name of my desktop @ work. I went into the advanced properties of TCP/IP and on the DNS tab I put in the suffix of our domain so I'm going to try the connection again tonight and I'll let you know what happens.

BW
0
 

Author Comment

by:bwinkworth
ID: 35504237
Ok so Friday night I tried it with the suffix in the advanced properties DNS tab of the fortissl adapter (vpn adapter), logged into the vpn and remoted into my machine on the first attempt. I shut the laptop down for the night and tried it again on Saturday and it failed. This is all happening on wireless so I think tonight I'm going to wire in the laptop and see what happens and turn off the wireless. I just don't get it. ipconfig /displaydns shows all the right info. The 2 domain controllers show up but it did show the name of my computer in the list but it said 'Name does not exist' which is why I'm assuming it can't find my machine. It can ping it by IP but not by name.

BW
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 1600 total points
ID: 35513951
Run an NSLookup while on VPN.  Make sure you are on the right dns server then enter the FQDN for the machine you want.    Do you get an IP back or an unknown?     Is the IP correct?

IF it's unknown, then check that an A record exists in your Zone for this machine.  

 
0
 

Author Comment

by:bwinkworth
ID: 35515953
Thanks Mike. I'll test that out tonight.

BW
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 35689688
Any Luck?
0
 

Author Comment

by:bwinkworth
ID: 35689728
I tried last night. No problems. Got into my machine relatively quickly. Tried again this morning before I came into work...no problems. I can't break it again lol. The only thing I've done is put that suffix in a few days ago and it worked fine one day then didn't the next but I have rebooted. I'm taking home a freshly imaged laptop tonight and that will be my ultimate test. The nslookup last night reported my 2 dns servers as usual and then I typed in the FQDN of my machine at work and it reports back with the proper IP. Tonight will be my final test I guess.

BW
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 35690263
OK then, good luck.
0
 

Author Closing Comment

by:bwinkworth
ID: 35697474
Well I had no problems with a newly imaged laptop. I really don't understand why some laptops work without the suffix and others you need to put it in. Oh well I'll close this off and thanks for the help Mike.

BW
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question