Solved

Name resolution problem with Windows 2008R2 servers over vpn

Posted on 2013-01-28
8
593 Views
Last Modified: 2013-01-30
Hello, I have a bizarre problem that I hope you can help with.  I have two Windows Server 2008R2 servers linked over a VPN.  Both are domain controllers, and are configured as two different sites in Active Directory.  They are both using themselves as the DNS server and the other as the secondary dns server. DNS, Active Directory, and DFS replication seems to be working between the sites, at first.  

My problem is that it seems that all name resolution between the servers  for anything useful goes away after a period of a couple hours.  I can still ping the servers from each other by name and nslookup returns proper results when this happens, but nothing else seems to work as expected between the sites.  When i try to connect by name, I get an RPC error when I try to browse the remote file shares on either server, I cannot connect via RDP, and i get an access denied error when i try to remotely manage a remote computer with the administrative tools.  

If i try to connect to the file shares or RDP using the IP address, it works fine.  It also works fine if a client computer tries to access via name.  The DNS entries for both servers appear fine, and  I have even added entries to the HOSTS file with no improvement.  I have also tried using the other server for DNS but that did not help either.

When I restart the server at one site, all is well again and appears to work fine for a while.   I can access everything just fine as expected at this point, file browsing, RDP,  and replication works, but then it breaks again after a few hours.  The connection at one site uses a flakey DSL line that has intermittent issues throughout the day.  We are getting a fiber line installed next month, but have to suffer with the DSL until then.  I  am not sure if that would cause this behavior.  It definitely seems like a name resolution issue, but this happens even with static HOSTS file entries.   NETBIOS over TCPIP is disabled as well.  

Please let me know if you have any thoughts on this issue.  Thank you in advance for your assistance.
0
Comment
Question by:eljasbo
  • 4
  • 2
  • 2
8 Comments
 
LVL 1

Accepted Solution

by:
swiftny earned 500 total points
ID: 38827586
I would try adding a line to LMHOSTS file (remove the .sam when you are done). Syntax is similar to HOSTS but gives you ability to preload resolutions, and some DC stuff as well. I had similar issues, and HOSTS didn't do much but LMHOSTS did the trick.
0
 
LVL 2

Author Comment

by:eljasbo
ID: 38827595
I will try that, thank you.  Hopefully it will fix the issue.  i will know in a couple of hours.
0
 
LVL 1

Expert Comment

by:colinharris
ID: 38827677
This to me sounds like the VPN is timing out? Is the link being used when the link seems to die?

How is ports/protocols handled over the link? Might be work adding firewall rules if you are using windows firewall or double checking your routing between the sites.

Also, do you use WINS?

Ollie
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Author Comment

by:eljasbo
ID: 38828073
Thank you for your response.  I did create windows firewall rules already on both sites to allow the other site.  The access rules on the firewalls allow all site to site traffic as well.  That did not seem to help, though.  

The VPN may indeed be timing out or be having some connectivity issues, but it seems to be reconnecting as expected, and is connected every time i check on it when this happens.  One site is connected via an awful DSL connection, so I certainly am not ruling that out as a possibility.  The clients have been using remote desktop applications over the link fine as well when this issue happens.  Also, I can still connect over the vpn to the other machine via ip address, and other users at each site have no problem connecting to the remote servers over the vpn, so i believe the vpn to be fine.  

I do think it is really bizarre the problem clears up for a bit when i restart one server, and the issue only happens when the servers try to talk with each other.  Restarting DNS server and client services do not help at that point.  Also, clients are not affected at all that i can tell.  I really dont know why it can resolve properly just after a server restart but then  stops after a bit.  

I am not using WINS server and NETBIOS over TCPIP is disabled.    

I just went to test this again to see if it was working still, but their flakey DSL has gone down completely for now so i cannot do further testing until it gets back up.   The provider is working on it, but this is the 3rd time it has gone down for considerable time in the past week.  This problem I am experiencing may be directly related.  I dont know why it doesnt seem to affect the users though.  Ugh.  I cant wait until the fiber line is installed next week and the DSL is gone.  Everything was working proper until about 15 minutes ago, though.   I will update you more once the connection comes back up and i can do more testing.  

Thank you again for all your help.
0
 
LVL 1

Assisted Solution

by:swiftny
swiftny earned 500 total points
ID: 38828095
I would enable NetBIOS over TCP as well.
0
 
LVL 2

Author Comment

by:eljasbo
ID: 38828393
I will enable NETBIOS over TCPIP it when the link comes back up and see if that helps.  However,   I thought the trend since Windows 2000 was to move away from netbios/WINS  and use dns for resolution because of the security issues and chattiness related to the netbios.  Also, the NETBIOS broadcasts are not routed and should not pass over the VPN.  Other networks i manage seem to work fine without the netbios.  I am interested in hearing other's thoughts on NETBIOS/WINS as well.
0
 
LVL 1

Expert Comment

by:colinharris
ID: 38828433
Other than making sure the ports, as stated here (http://technet.microsoft.com/en-us/library/dd197515(v=ws.10).aspx), are fully open over the VPN, not really sure what this could be.

Have you been through the event logs, more specifically the DNS logs?

Ollie
0
 
LVL 2

Author Comment

by:eljasbo
ID: 38837999
There was nothing exciting in the DNS logs.  all appeared to be fine there.  The circuit has been up now for more than a day, and I am happy to say that i am able to perform the tasks i was previously unable to do after a whole day.  i do think swiftny's suggestions helped it out.  I really think the root cause of this problem is related to the flakey internet connection.  The suggestions swiftny made do seem to make this problem go away.  Thank you all for your help!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now