Solved

Single domain with multiple remote offices: can't access resources by host name

Posted on 2013-01-17
9
701 Views
Last Modified: 2013-01-18
I have 2 Cisco ASA-5510's setup with site-to-site VPN.  Site A has the following subnet: 10.13.0.0/16 and Site B has the following subnet: 10.113.0.0/16. When connected to site A, I can ping machines by IP address on site B and vice-versa.  I can also ping the remote location by FQDN but not by host name. Similarly, I can access shared resources on the remote site by IP address or FQDN but not by host name.

Both sites are part of the same Active Directory domain.  AD replication is working properly; I can create a user in site A and see the new user on site B's domain controller almost immediately and vice-versa.  Domain controllers at each site have the DNS role installed and each has A records for all hosts on the domain including those on the remote site.

As an added twist, everything works as expected when I'm logged in to the Domain Controller: I can access all shared resources on the remote site from the local DC by IP *and* by host name.

I'm sure I'm missing something very basic here--any thoughts?

Thanks--Steve
0
Comment
Question by:SteveV
9 Comments
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 200 total points
ID: 38789231
What handles your DHCP? It sounds very very much like a DNS issue.  What DNS server address is being issued to your client workstations?

Can you paste a copy of the result of
IPCONFIG /ALL

from both a server and a workstation on each site?
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 200 total points
ID: 38789233
Oh and do you have AD Sites configured correctly in ADS&S
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 38789353
flush and rebuild local DNS on PC /Server

any hosts file?

are u sure DNS is replicating properly
0
 

Author Comment

by:SteveV
ID: 38789391
DHCP is handled by the Cisco ASA5510's at each location.  Result of ipconfig /all is as follows:

SITE A Workstation:

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
   Physical Address. . . . . . . . . : BC-77-37-C1-CD-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.13.3.129(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Thursday, January 17, 2013 3:44:41 PM
   Lease Expires . . . . . . . . . . : Thursday, January 17, 2013 7:44:40 PM
   Default Gateway . . . . . . . . . : 10.13.1.1
   DHCP Server . . . . . . . . . . . : 10.13.1.1
   DNS Servers . . . . . . . . . . . : 10.13.1.30
                                       10.13.1.31
   NetBIOS over Tcpip. . . . . . . . : Enabled


SITE A Server (DC):

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #43
   Physical Address. . . . . . . . . : 00-1E-C9-DF-CA-76
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::71d5:9bb6:5a8e:3516%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.13.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.13.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251666121
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EB-E4-C6-00-1E-C9-DF-CA-76
   DNS Servers . . . . . . . . . . . : 10.13.1.32
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


SITE B WorkStation:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1F-16-D1-24-4A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::304e:4509:fe96:ce4f%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.113.1.55(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.113.1.1
   DHCPv6 IAID . . . . . . . . . . . : 134225686
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-BF-52-53-00-1F-16-D1-24-4A

   DNS Servers . . . . . . . . . . . : 10.113.1.30

   NetBIOS over Tcpip. . . . . . . . : Enabled



SITE B Server (DC):

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #43
   Physical Address. . . . . . . . . : 00-1E-4F-34-74-29
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8df8:1b83:83a5:a073%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.113.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.113.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251665999
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-7F-BB-6B-00-1E-4F-34-74-29
   DNS Servers . . . . . . . . . . . : ::1
                                       10.13.1.30
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window

Oh and do you have AD Sites configured correctly in ADS&S

Hmm, I haven't done anything in AD Sites--Under "Sites" I only have the "Default-First-Site-Name" site.  Servers for both sites are listed in the "Servers" node.  The "Subnets" note is empty. And the "Inter-Site Transports" node contains an "IP" node with a "DEFAULTTIPSITELINK" entry and an empty "SNMP" node.

Thanks -- Steve
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 37

Expert Comment

by:Neil Russell
ID: 38789430
Are you intentionally using IPV6 and ALL your hardware is capable and configured for it?
If not i would dissable everywhere.

I would also go ahead and configure your two sites correctly in ADS&S and assign the two different subnets to the correct sites.
0
 

Author Comment

by:SteveV
ID: 38789643
I generally disable IPV6 on all machines.  On the Site B Workstation it's enabled as an oversight.  On the servers, which are both Windows Server 2012 boxes, the Windows Best Pratices Analyser complains about IPV6 being disabled and recommends against it.  I got tired of looking at the BPA warnings and finally enabled it.

I'll have a look at Active Directory Sites and Services--anything I need to be mindful of here or is it pretty straightforward?

Thanks -- Steve
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 300 total points
ID: 38789727
Try adding your domain name (ex. Domain.local) to the DNS suffixes list on your clients. check link below.

http://www.simpledns.com/kb.aspx?kbid=1231


on your ASA, if its handling DCHP check if you have the setting below, if not add it.

dhcpd domain domain.local
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38791963
I have to disagree with the recommendation to disable IPv6. Although it's not the topic of discussion here, have a read through these links for more information.
http://social.technet.microsoft.com/Forums/en-US/ipv6/thread/067666e1-1170-44af-a6a5-738ad86a1bc2
http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspx

This does look like a DNS suffix issue as mentioned by lruiz52
Looking at your IPCONFIG /ALL results, I notice that there is no information listed for "Connection-specific DNS Suffix" or "DNS Suffix Search List"

Read more about Configuring a DNS suffix search list and specifically short name resolution part
http://technet.microsoft.com/en-us/library/cc778792(v=ws.10).aspx

In order to fix this make sure you set option 015 on your DHCP server with the DNS domain name

Oh yeah, and have a look at Workstation B's configuration, it lists the DNS server as 10.113.1.30 while the other servers list 10.13.1.x addresses.
May be an error in your DHCP scope options as well.
0
 

Author Closing Comment

by:SteveV
ID: 38793106
Adding the FQDN to the ASA's DHCP settings solved the problem.  Thanks to all of you for the excellent suggestions.

--Steve
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now