Solved

Name resolution problem with Windows 2008R2 servers over vpn

Posted on 2013-01-28
8
582 Views
Last Modified: 2013-01-30
Hello, I have a bizarre problem that I hope you can help with.  I have two Windows Server 2008R2 servers linked over a VPN.  Both are domain controllers, and are configured as two different sites in Active Directory.  They are both using themselves as the DNS server and the other as the secondary dns server. DNS, Active Directory, and DFS replication seems to be working between the sites, at first.  

My problem is that it seems that all name resolution between the servers  for anything useful goes away after a period of a couple hours.  I can still ping the servers from each other by name and nslookup returns proper results when this happens, but nothing else seems to work as expected between the sites.  When i try to connect by name, I get an RPC error when I try to browse the remote file shares on either server, I cannot connect via RDP, and i get an access denied error when i try to remotely manage a remote computer with the administrative tools.  

If i try to connect to the file shares or RDP using the IP address, it works fine.  It also works fine if a client computer tries to access via name.  The DNS entries for both servers appear fine, and  I have even added entries to the HOSTS file with no improvement.  I have also tried using the other server for DNS but that did not help either.

When I restart the server at one site, all is well again and appears to work fine for a while.   I can access everything just fine as expected at this point, file browsing, RDP,  and replication works, but then it breaks again after a few hours.  The connection at one site uses a flakey DSL line that has intermittent issues throughout the day.  We are getting a fiber line installed next month, but have to suffer with the DSL until then.  I  am not sure if that would cause this behavior.  It definitely seems like a name resolution issue, but this happens even with static HOSTS file entries.   NETBIOS over TCPIP is disabled as well.  

Please let me know if you have any thoughts on this issue.  Thank you in advance for your assistance.
0
Comment
Question by:eljasbo
  • 4
  • 2
  • 2
8 Comments
 
LVL 1

Accepted Solution

by:
swiftny earned 500 total points
Comment Utility
I would try adding a line to LMHOSTS file (remove the .sam when you are done). Syntax is similar to HOSTS but gives you ability to preload resolutions, and some DC stuff as well. I had similar issues, and HOSTS didn't do much but LMHOSTS did the trick.
0
 
LVL 2

Author Comment

by:eljasbo
Comment Utility
I will try that, thank you.  Hopefully it will fix the issue.  i will know in a couple of hours.
0
 
LVL 1

Expert Comment

by:colinharris
Comment Utility
This to me sounds like the VPN is timing out? Is the link being used when the link seems to die?

How is ports/protocols handled over the link? Might be work adding firewall rules if you are using windows firewall or double checking your routing between the sites.

Also, do you use WINS?

Ollie
0
 
LVL 2

Author Comment

by:eljasbo
Comment Utility
Thank you for your response.  I did create windows firewall rules already on both sites to allow the other site.  The access rules on the firewalls allow all site to site traffic as well.  That did not seem to help, though.  

The VPN may indeed be timing out or be having some connectivity issues, but it seems to be reconnecting as expected, and is connected every time i check on it when this happens.  One site is connected via an awful DSL connection, so I certainly am not ruling that out as a possibility.  The clients have been using remote desktop applications over the link fine as well when this issue happens.  Also, I can still connect over the vpn to the other machine via ip address, and other users at each site have no problem connecting to the remote servers over the vpn, so i believe the vpn to be fine.  

I do think it is really bizarre the problem clears up for a bit when i restart one server, and the issue only happens when the servers try to talk with each other.  Restarting DNS server and client services do not help at that point.  Also, clients are not affected at all that i can tell.  I really dont know why it can resolve properly just after a server restart but then  stops after a bit.  

I am not using WINS server and NETBIOS over TCPIP is disabled.    

I just went to test this again to see if it was working still, but their flakey DSL has gone down completely for now so i cannot do further testing until it gets back up.   The provider is working on it, but this is the 3rd time it has gone down for considerable time in the past week.  This problem I am experiencing may be directly related.  I dont know why it doesnt seem to affect the users though.  Ugh.  I cant wait until the fiber line is installed next week and the DSL is gone.  Everything was working proper until about 15 minutes ago, though.   I will update you more once the connection comes back up and i can do more testing.  

Thank you again for all your help.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Assisted Solution

by:swiftny
swiftny earned 500 total points
Comment Utility
I would enable NetBIOS over TCP as well.
0
 
LVL 2

Author Comment

by:eljasbo
Comment Utility
I will enable NETBIOS over TCPIP it when the link comes back up and see if that helps.  However,   I thought the trend since Windows 2000 was to move away from netbios/WINS  and use dns for resolution because of the security issues and chattiness related to the netbios.  Also, the NETBIOS broadcasts are not routed and should not pass over the VPN.  Other networks i manage seem to work fine without the netbios.  I am interested in hearing other's thoughts on NETBIOS/WINS as well.
0
 
LVL 1

Expert Comment

by:colinharris
Comment Utility
Other than making sure the ports, as stated here (http://technet.microsoft.com/en-us/library/dd197515(v=ws.10).aspx), are fully open over the VPN, not really sure what this could be.

Have you been through the event logs, more specifically the DNS logs?

Ollie
0
 
LVL 2

Author Comment

by:eljasbo
Comment Utility
There was nothing exciting in the DNS logs.  all appeared to be fine there.  The circuit has been up now for more than a day, and I am happy to say that i am able to perform the tasks i was previously unable to do after a whole day.  i do think swiftny's suggestions helped it out.  I really think the root cause of this problem is related to the flakey internet connection.  The suggestions swiftny made do seem to make this problem go away.  Thank you all for your help!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now