Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DNS Exchange and VPN issue

Posted on 2011-10-27
13
Medium Priority
?
472 Views
Last Modified: 2012-05-12
I am running Exchange 2003 and a SonicWall Aventail EX-1600 VPN Appliance. My issue is with DNS. When users connect through the VPN and use Outlook, sometimes they cannot see the server "ServerName" because they are resolving the external IP address for ServerName.Domain.com, which is what we use for OWA which is "ServerName.Domain.com/Exchange" instead of the internal IP address. I was wondering if I could change the external pointer to reflect a slightly different server on the external side (ServerName-OWA.domain.com" so that it will not conflict with internal routing. Would I need to do something on the Exchange Server IIS as well? Any ideas would be helpful.

Thanks a bunch!
0
Comment
Question by:BHForum
  • 6
  • 6
13 Comments
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 37039092
It would be better to use the Sonicwall configuration to force the clients to use the appropriate internal DNS server.
Is DHCP being handled by the Sonicwall, are you forwarding requests to a windows server or are you using a static pool?
0
 

Author Comment

by:BHForum
ID: 37040116
I have two DNS entries for the exchange server. One for the internal IP which all internal users see, and one for the external. If I delete the record for the external IP, the VPN users see the exchange server without a problem, but that record comes back before long.

Sonicwall suggested that the way things are setup are correct as best practices, and that the issue lies somewhere within local DNS.

The sonicwall has a pool of addresses to give to VPN users.
0
 

Author Comment

by:BHForum
ID: 37040122
Sorry if I'm all over the place. Getting ill and trying really hard to concentrate.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 2

Expert Comment

by:puschkin
ID: 37043866
you can use the host-datei on the externl clients...

exchange.internaldomain.local   192.168.0.10
exchange   192.168.0.10

0
 
LVL 2

Expert Comment

by:puschkin
ID: 37043876
or you must give the internal DNS Server with the VPN connection to the clients...
0
 

Author Comment

by:BHForum
ID: 37045400
puschkin: Sorry...not understanding your first comment. As for the second, clients are using Internal DNS. However, internal DNS also has the record for the external IP address, and I am unable to remove the item permanently.
0
 
LVL 2

Accepted Solution

by:
puschkin earned 2000 total points
ID: 37047297
the hosts datei is the first node, who asked for name resolving.
when you the 2 eintrie in the host datei insert - then the client not ask you dns servers for this adress - he gos direktly to your server....

check:
c:\windows\system32\drivers\etc\hosts..... open with editor - then you can see ...

sorry im german - my bad english :-)
0
 
LVL 2

Expert Comment

by:puschkin
ID: 37079450
hi,

have you new infos for us?
0
 

Author Comment

by:BHForum
ID: 37079684
I apologize for not responding earlier. I was out sick for some time.

I understand now what you are suggesting, that I make an entry into the client hosts file for the exchange server. I will have to test this to be sure that it will take care of the entry during VPN sessions, but not interfere with OWA. I will test this over the next day or so and let you know how it goes.

Thank you.
0
 
LVL 2

Expert Comment

by:puschkin
ID: 37079708
when your OWA adress si the same as you exchange internal - then we must check for other issue..... but the safty issue for the connection over vpn is the entry in the host.
we have many people outside by our customers... the link in the WLAN from our customers - then we have evtl. other DNS settings and so on..... therefore we have this settings used...
 
0
 

Author Comment

by:BHForum
ID: 37110828
puschkin: I added the entry into the hosts file and it seems to work. It is strange, I am setting up a new computer for this user. This computer, even directly on the network, is pinging the external IP address for email. I had to create that hosts entry in order to force it to look at the local address. There is something deeper here that I need to address. I'm just not sure what it is. For now, this has resolved the issue at hand, but it is a symptom and not the root cause. I thank you for the help.

0
 

Author Closing Comment

by:BHForum
ID: 37110832
This resolved the symptom that I was getting. I need to look further for the root cause of the issue.
0
 
LVL 2

Expert Comment

by:puschkin
ID: 37117047
is your internal an external domain the same?
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I came across an unsolved Outlook issue and here is my solution.
In this post, we will learn to set up the Group Naming policy and will see how it is going to impact the Display Name and the Email addresses of the Group.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Suggested Courses
Course of the Month13 days, 19 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question