Single domain with multiple remote offices: can't access resources by host name

I have 2 Cisco ASA-5510's setup with site-to-site VPN.  Site A has the following subnet: 10.13.0.0/16 and Site B has the following subnet: 10.113.0.0/16. When connected to site A, I can ping machines by IP address on site B and vice-versa.  I can also ping the remote location by FQDN but not by host name. Similarly, I can access shared resources on the remote site by IP address or FQDN but not by host name.

Both sites are part of the same Active Directory domain.  AD replication is working properly; I can create a user in site A and see the new user on site B's domain controller almost immediately and vice-versa.  Domain controllers at each site have the DNS role installed and each has A records for all hosts on the domain including those on the remote site.

As an added twist, everything works as expected when I'm logged in to the Domain Controller: I can access all shared resources on the remote site from the local DC by IP *and* by host name.

I'm sure I'm missing something very basic here--any thoughts?

Thanks--Steve
SteveVAsked:
Who is Participating?
 
lruiz52Commented:
Try adding your domain name (ex. Domain.local) to the DNS suffixes list on your clients. check link below.

http://www.simpledns.com/kb.aspx?kbid=1231


on your ASA, if its handling DCHP check if you have the setting below, if not add it.

dhcpd domain domain.local
0
 
Neil RussellTechnical Development LeadCommented:
What handles your DHCP? It sounds very very much like a DNS issue.  What DNS server address is being issued to your client workstations?

Can you paste a copy of the result of
IPCONFIG /ALL

from both a server and a workstation on each site?
0
 
Neil RussellTechnical Development LeadCommented:
Oh and do you have AD Sites configured correctly in ADS&S
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
DarinTCHSenior CyberSecurity EngineerCommented:
flush and rebuild local DNS on PC /Server

any hosts file?

are u sure DNS is replicating properly
0
 
SteveVAuthor Commented:
DHCP is handled by the Cisco ASA5510's at each location.  Result of ipconfig /all is as follows:

SITE A Workstation:

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
   Physical Address. . . . . . . . . : BC-77-37-C1-CD-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.13.3.129(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Thursday, January 17, 2013 3:44:41 PM
   Lease Expires . . . . . . . . . . : Thursday, January 17, 2013 7:44:40 PM
   Default Gateway . . . . . . . . . : 10.13.1.1
   DHCP Server . . . . . . . . . . . : 10.13.1.1
   DNS Servers . . . . . . . . . . . : 10.13.1.30
                                       10.13.1.31
   NetBIOS over Tcpip. . . . . . . . : Enabled


SITE A Server (DC):

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #43
   Physical Address. . . . . . . . . : 00-1E-C9-DF-CA-76
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::71d5:9bb6:5a8e:3516%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.13.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.13.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251666121
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EB-E4-C6-00-1E-C9-DF-CA-76
   DNS Servers . . . . . . . . . . . : 10.13.1.32
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


SITE B WorkStation:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1F-16-D1-24-4A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::304e:4509:fe96:ce4f%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.113.1.55(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.113.1.1
   DHCPv6 IAID . . . . . . . . . . . : 134225686
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-BF-52-53-00-1F-16-D1-24-4A

   DNS Servers . . . . . . . . . . . : 10.113.1.30

   NetBIOS over Tcpip. . . . . . . . : Enabled



SITE B Server (DC):

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #43
   Physical Address. . . . . . . . . : 00-1E-4F-34-74-29
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8df8:1b83:83a5:a073%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.113.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.113.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251665999
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-7F-BB-6B-00-1E-4F-34-74-29
   DNS Servers . . . . . . . . . . . : ::1
                                       10.13.1.30
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window

Oh and do you have AD Sites configured correctly in ADS&S

Hmm, I haven't done anything in AD Sites--Under "Sites" I only have the "Default-First-Site-Name" site.  Servers for both sites are listed in the "Servers" node.  The "Subnets" note is empty. And the "Inter-Site Transports" node contains an "IP" node with a "DEFAULTTIPSITELINK" entry and an empty "SNMP" node.

Thanks -- Steve
0
 
Neil RussellTechnical Development LeadCommented:
Are you intentionally using IPV6 and ALL your hardware is capable and configured for it?
If not i would dissable everywhere.

I would also go ahead and configure your two sites correctly in ADS&S and assign the two different subnets to the correct sites.
0
 
SteveVAuthor Commented:
I generally disable IPV6 on all machines.  On the Site B Workstation it's enabled as an oversight.  On the servers, which are both Windows Server 2012 boxes, the Windows Best Pratices Analyser complains about IPV6 being disabled and recommends against it.  I got tired of looking at the BPA warnings and finally enabled it.

I'll have a look at Active Directory Sites and Services--anything I need to be mindful of here or is it pretty straightforward?

Thanks -- Steve
0
 
Leon FesterSenior Solutions ArchitectCommented:
I have to disagree with the recommendation to disable IPv6. Although it's not the topic of discussion here, have a read through these links for more information.
http://social.technet.microsoft.com/Forums/en-US/ipv6/thread/067666e1-1170-44af-a6a5-738ad86a1bc2
http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspx

This does look like a DNS suffix issue as mentioned by lruiz52
Looking at your IPCONFIG /ALL results, I notice that there is no information listed for "Connection-specific DNS Suffix" or "DNS Suffix Search List"

Read more about Configuring a DNS suffix search list and specifically short name resolution part
http://technet.microsoft.com/en-us/library/cc778792(v=ws.10).aspx

In order to fix this make sure you set option 015 on your DHCP server with the DNS domain name

Oh yeah, and have a look at Workstation B's configuration, it lists the DNS server as 10.113.1.30 while the other servers list 10.13.1.x addresses.
May be an error in your DHCP scope options as well.
0
 
SteveVAuthor Commented:
Adding the FQDN to the ASA's DHCP settings solved the problem.  Thanks to all of you for the excellent suggestions.

--Steve
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.