Solved

Single domain with multiple remote offices: can't access resources by host name

Posted on 2013-01-17
9
716 Views
Last Modified: 2013-01-18
I have 2 Cisco ASA-5510's setup with site-to-site VPN.  Site A has the following subnet: 10.13.0.0/16 and Site B has the following subnet: 10.113.0.0/16. When connected to site A, I can ping machines by IP address on site B and vice-versa.  I can also ping the remote location by FQDN but not by host name. Similarly, I can access shared resources on the remote site by IP address or FQDN but not by host name.

Both sites are part of the same Active Directory domain.  AD replication is working properly; I can create a user in site A and see the new user on site B's domain controller almost immediately and vice-versa.  Domain controllers at each site have the DNS role installed and each has A records for all hosts on the domain including those on the remote site.

As an added twist, everything works as expected when I'm logged in to the Domain Controller: I can access all shared resources on the remote site from the local DC by IP *and* by host name.

I'm sure I'm missing something very basic here--any thoughts?

Thanks--Steve
0
Comment
Question by:SteveV
9 Comments
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 200 total points
ID: 38789231
What handles your DHCP? It sounds very very much like a DNS issue.  What DNS server address is being issued to your client workstations?

Can you paste a copy of the result of
IPCONFIG /ALL

from both a server and a workstation on each site?
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 200 total points
ID: 38789233
Oh and do you have AD Sites configured correctly in ADS&S
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 38789353
flush and rebuild local DNS on PC /Server

any hosts file?

are u sure DNS is replicating properly
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:SteveV
ID: 38789391
DHCP is handled by the Cisco ASA5510's at each location.  Result of ipconfig /all is as follows:

SITE A Workstation:

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
   Physical Address. . . . . . . . . : BC-77-37-C1-CD-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.13.3.129(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Thursday, January 17, 2013 3:44:41 PM
   Lease Expires . . . . . . . . . . : Thursday, January 17, 2013 7:44:40 PM
   Default Gateway . . . . . . . . . : 10.13.1.1
   DHCP Server . . . . . . . . . . . : 10.13.1.1
   DNS Servers . . . . . . . . . . . : 10.13.1.30
                                       10.13.1.31
   NetBIOS over Tcpip. . . . . . . . : Enabled


SITE A Server (DC):

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #43
   Physical Address. . . . . . . . . : 00-1E-C9-DF-CA-76
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::71d5:9bb6:5a8e:3516%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.13.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.13.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251666121
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EB-E4-C6-00-1E-C9-DF-CA-76
   DNS Servers . . . . . . . . . . . : 10.13.1.32
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


SITE B WorkStation:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1F-16-D1-24-4A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::304e:4509:fe96:ce4f%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.113.1.55(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.113.1.1
   DHCPv6 IAID . . . . . . . . . . . : 134225686
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-BF-52-53-00-1F-16-D1-24-4A

   DNS Servers . . . . . . . . . . . : 10.113.1.30

   NetBIOS over Tcpip. . . . . . . . : Enabled



SITE B Server (DC):

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #43
   Physical Address. . . . . . . . . : 00-1E-4F-34-74-29
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8df8:1b83:83a5:a073%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.113.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.113.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251665999
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-7F-BB-6B-00-1E-4F-34-74-29
   DNS Servers . . . . . . . . . . . : ::1
                                       10.13.1.30
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window

Oh and do you have AD Sites configured correctly in ADS&S

Hmm, I haven't done anything in AD Sites--Under "Sites" I only have the "Default-First-Site-Name" site.  Servers for both sites are listed in the "Servers" node.  The "Subnets" note is empty. And the "Inter-Site Transports" node contains an "IP" node with a "DEFAULTTIPSITELINK" entry and an empty "SNMP" node.

Thanks -- Steve
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 38789430
Are you intentionally using IPV6 and ALL your hardware is capable and configured for it?
If not i would dissable everywhere.

I would also go ahead and configure your two sites correctly in ADS&S and assign the two different subnets to the correct sites.
0
 

Author Comment

by:SteveV
ID: 38789643
I generally disable IPV6 on all machines.  On the Site B Workstation it's enabled as an oversight.  On the servers, which are both Windows Server 2012 boxes, the Windows Best Pratices Analyser complains about IPV6 being disabled and recommends against it.  I got tired of looking at the BPA warnings and finally enabled it.

I'll have a look at Active Directory Sites and Services--anything I need to be mindful of here or is it pretty straightforward?

Thanks -- Steve
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 300 total points
ID: 38789727
Try adding your domain name (ex. Domain.local) to the DNS suffixes list on your clients. check link below.

http://www.simpledns.com/kb.aspx?kbid=1231


on your ASA, if its handling DCHP check if you have the setting below, if not add it.

dhcpd domain domain.local
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38791963
I have to disagree with the recommendation to disable IPv6. Although it's not the topic of discussion here, have a read through these links for more information.
http://social.technet.microsoft.com/Forums/en-US/ipv6/thread/067666e1-1170-44af-a6a5-738ad86a1bc2
http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspx

This does look like a DNS suffix issue as mentioned by lruiz52
Looking at your IPCONFIG /ALL results, I notice that there is no information listed for "Connection-specific DNS Suffix" or "DNS Suffix Search List"

Read more about Configuring a DNS suffix search list and specifically short name resolution part
http://technet.microsoft.com/en-us/library/cc778792(v=ws.10).aspx

In order to fix this make sure you set option 015 on your DHCP server with the DNS domain name

Oh yeah, and have a look at Workstation B's configuration, it lists the DNS server as 10.113.1.30 while the other servers list 10.13.1.x addresses.
May be an error in your DHCP scope options as well.
0
 

Author Closing Comment

by:SteveV
ID: 38793106
Adding the FQDN to the ASA's DHCP settings solved the problem.  Thanks to all of you for the excellent suggestions.

--Steve
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
A procedure for exporting installed hotfix details of remote computers using powershell
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question