• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 477
  • Last Modified:

DNS Exchange and VPN issue

I am running Exchange 2003 and a SonicWall Aventail EX-1600 VPN Appliance. My issue is with DNS. When users connect through the VPN and use Outlook, sometimes they cannot see the server "ServerName" because they are resolving the external IP address for ServerName.Domain.com, which is what we use for OWA which is "ServerName.Domain.com/Exchange" instead of the internal IP address. I was wondering if I could change the external pointer to reflect a slightly different server on the external side (ServerName-OWA.domain.com" so that it will not conflict with internal routing. Would I need to do something on the Exchange Server IIS as well? Any ideas would be helpful.

Thanks a bunch!
0
BHForum
Asked:
BHForum
  • 6
  • 6
1 Solution
 
Gary ColtharpSr. Systems EngineerCommented:
It would be better to use the Sonicwall configuration to force the clients to use the appropriate internal DNS server.
Is DHCP being handled by the Sonicwall, are you forwarding requests to a windows server or are you using a static pool?
0
 
BHForumAuthor Commented:
I have two DNS entries for the exchange server. One for the internal IP which all internal users see, and one for the external. If I delete the record for the external IP, the VPN users see the exchange server without a problem, but that record comes back before long.

Sonicwall suggested that the way things are setup are correct as best practices, and that the issue lies somewhere within local DNS.

The sonicwall has a pool of addresses to give to VPN users.
0
 
BHForumAuthor Commented:
Sorry if I'm all over the place. Getting ill and trying really hard to concentrate.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
puschkinCommented:
you can use the host-datei on the externl clients...

exchange.internaldomain.local   192.168.0.10
exchange   192.168.0.10

0
 
puschkinCommented:
or you must give the internal DNS Server with the VPN connection to the clients...
0
 
BHForumAuthor Commented:
puschkin: Sorry...not understanding your first comment. As for the second, clients are using Internal DNS. However, internal DNS also has the record for the external IP address, and I am unable to remove the item permanently.
0
 
puschkinCommented:
the hosts datei is the first node, who asked for name resolving.
when you the 2 eintrie in the host datei insert - then the client not ask you dns servers for this adress - he gos direktly to your server....

check:
c:\windows\system32\drivers\etc\hosts..... open with editor - then you can see ...

sorry im german - my bad english :-)
0
 
puschkinCommented:
hi,

have you new infos for us?
0
 
BHForumAuthor Commented:
I apologize for not responding earlier. I was out sick for some time.

I understand now what you are suggesting, that I make an entry into the client hosts file for the exchange server. I will have to test this to be sure that it will take care of the entry during VPN sessions, but not interfere with OWA. I will test this over the next day or so and let you know how it goes.

Thank you.
0
 
puschkinCommented:
when your OWA adress si the same as you exchange internal - then we must check for other issue..... but the safty issue for the connection over vpn is the entry in the host.
we have many people outside by our customers... the link in the WLAN from our customers - then we have evtl. other DNS settings and so on..... therefore we have this settings used...
 
0
 
BHForumAuthor Commented:
puschkin: I added the entry into the hosts file and it seems to work. It is strange, I am setting up a new computer for this user. This computer, even directly on the network, is pinging the external IP address for email. I had to create that hosts entry in order to force it to look at the local address. There is something deeper here that I need to address. I'm just not sure what it is. For now, this has resolved the issue at hand, but it is a symptom and not the root cause. I thank you for the help.

0
 
BHForumAuthor Commented:
This resolved the symptom that I was getting. I need to look further for the root cause of the issue.
0
 
puschkinCommented:
is your internal an external domain the same?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now