VPN DNS Issue

cbd1012
cbd1012 used Ask the Experts™
on
Greetings,

I just finished a swing migration from 2003 to 2011 and i am having a problem. People who vpn in to the network cant reach computers and shares by their names , they can only reach them using IP address. Is there a setting that needs to be turned on?

Thanks in Advance
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Your VPN IP pool on SBS 2011 will need to be updated with the server details for your internal DNS servers.
Top Expert 2013

Commented:
SBS 2003 deployed the "connection manager" for VPN clients which had the DNS configurations already added. With SBS 2011 you use the built-in Windows client VPN and should manually add the SBS as the DNS server, and the DNS suffix, to the client configuration as per:
http://blog.lan-tech.ca/2011/05/14/vpn-client-name-resolution-2/

Author

Commented:
Hi jake,

I am more interested in your route as it is most similar to how it worked before. I never had to modify anything on the client end, what changes need to be made on the server to help with this?

Thanks
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Let me fire up an SBS2011 session and I'll have a nose around.

Author

Commented:
Thanks Jake i will be standing by
Top Expert 2013
Commented:
Agreed, from the server end is the correct solution, but may not be possible.
SBS 2003 had the Connection manager which SBS 2008/2011 do not have. That client was pre-configured with WINS, DNS, and domain suffix.
SBS 2008/2011 if properly configured, using the VPN wizard from the SBS console under Network | connectivity (not within RRAS), will create a DHCP relay which should assign the correct DNS server, but DHCP relays do not usually assign domain suffixes to VPN clients. You can verify buy connecting the client, running ipconfig /all and check the properties of the PPP adapter. WINS is not used anymore. If the client connects from a domain joined machine (suffix added by default), or if they use FQDN's when connecting to resources, such as server.yourdomain.local they do not need the domain suffix, but otherwise you usually have to manually add it.

Alternatively you can use CMAK (the Connection Manager Administration Kit) to create a deployable connection for end users.
http://www.windowsecurity.com/articles/Windows-Server-2008-Connection-Manager-Administration-Kit.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial