Solved

Single domain with multiple remote offices: can't access resources by host name

Posted on 2013-01-17
9
709 Views
Last Modified: 2013-01-18
I have 2 Cisco ASA-5510's setup with site-to-site VPN.  Site A has the following subnet: 10.13.0.0/16 and Site B has the following subnet: 10.113.0.0/16. When connected to site A, I can ping machines by IP address on site B and vice-versa.  I can also ping the remote location by FQDN but not by host name. Similarly, I can access shared resources on the remote site by IP address or FQDN but not by host name.

Both sites are part of the same Active Directory domain.  AD replication is working properly; I can create a user in site A and see the new user on site B's domain controller almost immediately and vice-versa.  Domain controllers at each site have the DNS role installed and each has A records for all hosts on the domain including those on the remote site.

As an added twist, everything works as expected when I'm logged in to the Domain Controller: I can access all shared resources on the remote site from the local DC by IP *and* by host name.

I'm sure I'm missing something very basic here--any thoughts?

Thanks--Steve
0
Comment
Question by:SteveV
9 Comments
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 200 total points
ID: 38789231
What handles your DHCP? It sounds very very much like a DNS issue.  What DNS server address is being issued to your client workstations?

Can you paste a copy of the result of
IPCONFIG /ALL

from both a server and a workstation on each site?
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 200 total points
ID: 38789233
Oh and do you have AD Sites configured correctly in ADS&S
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 38789353
flush and rebuild local DNS on PC /Server

any hosts file?

are u sure DNS is replicating properly
0
 

Author Comment

by:SteveV
ID: 38789391
DHCP is handled by the Cisco ASA5510's at each location.  Result of ipconfig /all is as follows:

SITE A Workstation:

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
   Physical Address. . . . . . . . . : BC-77-37-C1-CD-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.13.3.129(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Thursday, January 17, 2013 3:44:41 PM
   Lease Expires . . . . . . . . . . : Thursday, January 17, 2013 7:44:40 PM
   Default Gateway . . . . . . . . . : 10.13.1.1
   DHCP Server . . . . . . . . . . . : 10.13.1.1
   DNS Servers . . . . . . . . . . . : 10.13.1.30
                                       10.13.1.31
   NetBIOS over Tcpip. . . . . . . . : Enabled


SITE A Server (DC):

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #43
   Physical Address. . . . . . . . . : 00-1E-C9-DF-CA-76
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::71d5:9bb6:5a8e:3516%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.13.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.13.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251666121
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EB-E4-C6-00-1E-C9-DF-CA-76
   DNS Servers . . . . . . . . . . . : 10.13.1.32
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


SITE B WorkStation:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1F-16-D1-24-4A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::304e:4509:fe96:ce4f%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.113.1.55(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.113.1.1
   DHCPv6 IAID . . . . . . . . . . . : 134225686
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-BF-52-53-00-1F-16-D1-24-4A

   DNS Servers . . . . . . . . . . . : 10.113.1.30

   NetBIOS over Tcpip. . . . . . . . : Enabled



SITE B Server (DC):

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #43
   Physical Address. . . . . . . . . : 00-1E-4F-34-74-29
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8df8:1b83:83a5:a073%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.113.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.113.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251665999
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-7F-BB-6B-00-1E-4F-34-74-29
   DNS Servers . . . . . . . . . . . : ::1
                                       10.13.1.30
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window

Oh and do you have AD Sites configured correctly in ADS&S

Hmm, I haven't done anything in AD Sites--Under "Sites" I only have the "Default-First-Site-Name" site.  Servers for both sites are listed in the "Servers" node.  The "Subnets" note is empty. And the "Inter-Site Transports" node contains an "IP" node with a "DEFAULTTIPSITELINK" entry and an empty "SNMP" node.

Thanks -- Steve
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 37

Expert Comment

by:Neil Russell
ID: 38789430
Are you intentionally using IPV6 and ALL your hardware is capable and configured for it?
If not i would dissable everywhere.

I would also go ahead and configure your two sites correctly in ADS&S and assign the two different subnets to the correct sites.
0
 

Author Comment

by:SteveV
ID: 38789643
I generally disable IPV6 on all machines.  On the Site B Workstation it's enabled as an oversight.  On the servers, which are both Windows Server 2012 boxes, the Windows Best Pratices Analyser complains about IPV6 being disabled and recommends against it.  I got tired of looking at the BPA warnings and finally enabled it.

I'll have a look at Active Directory Sites and Services--anything I need to be mindful of here or is it pretty straightforward?

Thanks -- Steve
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 300 total points
ID: 38789727
Try adding your domain name (ex. Domain.local) to the DNS suffixes list on your clients. check link below.

http://www.simpledns.com/kb.aspx?kbid=1231


on your ASA, if its handling DCHP check if you have the setting below, if not add it.

dhcpd domain domain.local
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38791963
I have to disagree with the recommendation to disable IPv6. Although it's not the topic of discussion here, have a read through these links for more information.
http://social.technet.microsoft.com/Forums/en-US/ipv6/thread/067666e1-1170-44af-a6a5-738ad86a1bc2
http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspx

This does look like a DNS suffix issue as mentioned by lruiz52
Looking at your IPCONFIG /ALL results, I notice that there is no information listed for "Connection-specific DNS Suffix" or "DNS Suffix Search List"

Read more about Configuring a DNS suffix search list and specifically short name resolution part
http://technet.microsoft.com/en-us/library/cc778792(v=ws.10).aspx

In order to fix this make sure you set option 015 on your DHCP server with the DNS domain name

Oh yeah, and have a look at Workstation B's configuration, it lists the DNS server as 10.113.1.30 while the other servers list 10.13.1.x addresses.
May be an error in your DHCP scope options as well.
0
 

Author Closing Comment

by:SteveV
ID: 38793106
Adding the FQDN to the ASA's DHCP settings solved the problem.  Thanks to all of you for the excellent suggestions.

--Steve
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now