Solved

Single domain with multiple remote offices: can't access resources by host name

Posted on 2013-01-17
9
735 Views
Last Modified: 2013-01-18
I have 2 Cisco ASA-5510's setup with site-to-site VPN.  Site A has the following subnet: 10.13.0.0/16 and Site B has the following subnet: 10.113.0.0/16. When connected to site A, I can ping machines by IP address on site B and vice-versa.  I can also ping the remote location by FQDN but not by host name. Similarly, I can access shared resources on the remote site by IP address or FQDN but not by host name.

Both sites are part of the same Active Directory domain.  AD replication is working properly; I can create a user in site A and see the new user on site B's domain controller almost immediately and vice-versa.  Domain controllers at each site have the DNS role installed and each has A records for all hosts on the domain including those on the remote site.

As an added twist, everything works as expected when I'm logged in to the Domain Controller: I can access all shared resources on the remote site from the local DC by IP *and* by host name.

I'm sure I'm missing something very basic here--any thoughts?

Thanks--Steve
0
Comment
Question by:SteveV
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 200 total points
ID: 38789231
What handles your DHCP? It sounds very very much like a DNS issue.  What DNS server address is being issued to your client workstations?

Can you paste a copy of the result of
IPCONFIG /ALL

from both a server and a workstation on each site?
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 200 total points
ID: 38789233
Oh and do you have AD Sites configured correctly in ADS&S
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 38789353
flush and rebuild local DNS on PC /Server

any hosts file?

are u sure DNS is replicating properly
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:SteveV
ID: 38789391
DHCP is handled by the Cisco ASA5510's at each location.  Result of ipconfig /all is as follows:

SITE A Workstation:

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
   Physical Address. . . . . . . . . : BC-77-37-C1-CD-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.13.3.129(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Thursday, January 17, 2013 3:44:41 PM
   Lease Expires . . . . . . . . . . : Thursday, January 17, 2013 7:44:40 PM
   Default Gateway . . . . . . . . . : 10.13.1.1
   DHCP Server . . . . . . . . . . . : 10.13.1.1
   DNS Servers . . . . . . . . . . . : 10.13.1.30
                                       10.13.1.31
   NetBIOS over Tcpip. . . . . . . . : Enabled


SITE A Server (DC):

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #43
   Physical Address. . . . . . . . . : 00-1E-C9-DF-CA-76
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::71d5:9bb6:5a8e:3516%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.13.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.13.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251666121
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EB-E4-C6-00-1E-C9-DF-CA-76
   DNS Servers . . . . . . . . . . . : 10.13.1.32
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


SITE B WorkStation:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1F-16-D1-24-4A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::304e:4509:fe96:ce4f%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.113.1.55(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.113.1.1
   DHCPv6 IAID . . . . . . . . . . . : 134225686
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-BF-52-53-00-1F-16-D1-24-4A

   DNS Servers . . . . . . . . . . . : 10.113.1.30

   NetBIOS over Tcpip. . . . . . . . : Enabled



SITE B Server (DC):

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #43
   Physical Address. . . . . . . . . : 00-1E-4F-34-74-29
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8df8:1b83:83a5:a073%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.113.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.113.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251665999
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-7F-BB-6B-00-1E-4F-34-74-29
   DNS Servers . . . . . . . . . . . : ::1
                                       10.13.1.30
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window

Oh and do you have AD Sites configured correctly in ADS&S

Hmm, I haven't done anything in AD Sites--Under "Sites" I only have the "Default-First-Site-Name" site.  Servers for both sites are listed in the "Servers" node.  The "Subnets" note is empty. And the "Inter-Site Transports" node contains an "IP" node with a "DEFAULTTIPSITELINK" entry and an empty "SNMP" node.

Thanks -- Steve
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 38789430
Are you intentionally using IPV6 and ALL your hardware is capable and configured for it?
If not i would dissable everywhere.

I would also go ahead and configure your two sites correctly in ADS&S and assign the two different subnets to the correct sites.
0
 

Author Comment

by:SteveV
ID: 38789643
I generally disable IPV6 on all machines.  On the Site B Workstation it's enabled as an oversight.  On the servers, which are both Windows Server 2012 boxes, the Windows Best Pratices Analyser complains about IPV6 being disabled and recommends against it.  I got tired of looking at the BPA warnings and finally enabled it.

I'll have a look at Active Directory Sites and Services--anything I need to be mindful of here or is it pretty straightforward?

Thanks -- Steve
0
 
LVL 17

Accepted Solution

by:
lruiz52 earned 300 total points
ID: 38789727
Try adding your domain name (ex. Domain.local) to the DNS suffixes list on your clients. check link below.

http://www.simpledns.com/kb.aspx?kbid=1231


on your ASA, if its handling DCHP check if you have the setting below, if not add it.

dhcpd domain domain.local
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38791963
I have to disagree with the recommendation to disable IPv6. Although it's not the topic of discussion here, have a read through these links for more information.
http://social.technet.microsoft.com/Forums/en-US/ipv6/thread/067666e1-1170-44af-a6a5-738ad86a1bc2
http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspx

This does look like a DNS suffix issue as mentioned by lruiz52
Looking at your IPCONFIG /ALL results, I notice that there is no information listed for "Connection-specific DNS Suffix" or "DNS Suffix Search List"

Read more about Configuring a DNS suffix search list and specifically short name resolution part
http://technet.microsoft.com/en-us/library/cc778792(v=ws.10).aspx

In order to fix this make sure you set option 015 on your DHCP server with the DNS domain name

Oh yeah, and have a look at Workstation B's configuration, it lists the DNS server as 10.113.1.30 while the other servers list 10.13.1.x addresses.
May be an error in your DHCP scope options as well.
0
 

Author Closing Comment

by:SteveV
ID: 38793106
Adding the FQDN to the ASA's DHCP settings solved the problem.  Thanks to all of you for the excellent suggestions.

--Steve
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question