Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Name resolution problem with Windows 2008R2 servers over vpn

Posted on 2013-01-28
8
Medium Priority
?
634 Views
Last Modified: 2013-01-30
Hello, I have a bizarre problem that I hope you can help with.  I have two Windows Server 2008R2 servers linked over a VPN.  Both are domain controllers, and are configured as two different sites in Active Directory.  They are both using themselves as the DNS server and the other as the secondary dns server. DNS, Active Directory, and DFS replication seems to be working between the sites, at first.  

My problem is that it seems that all name resolution between the servers  for anything useful goes away after a period of a couple hours.  I can still ping the servers from each other by name and nslookup returns proper results when this happens, but nothing else seems to work as expected between the sites.  When i try to connect by name, I get an RPC error when I try to browse the remote file shares on either server, I cannot connect via RDP, and i get an access denied error when i try to remotely manage a remote computer with the administrative tools.  

If i try to connect to the file shares or RDP using the IP address, it works fine.  It also works fine if a client computer tries to access via name.  The DNS entries for both servers appear fine, and  I have even added entries to the HOSTS file with no improvement.  I have also tried using the other server for DNS but that did not help either.

When I restart the server at one site, all is well again and appears to work fine for a while.   I can access everything just fine as expected at this point, file browsing, RDP,  and replication works, but then it breaks again after a few hours.  The connection at one site uses a flakey DSL line that has intermittent issues throughout the day.  We are getting a fiber line installed next month, but have to suffer with the DSL until then.  I  am not sure if that would cause this behavior.  It definitely seems like a name resolution issue, but this happens even with static HOSTS file entries.   NETBIOS over TCPIP is disabled as well.  

Please let me know if you have any thoughts on this issue.  Thank you in advance for your assistance.
0
Comment
Question by:eljasbo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 1

Accepted Solution

by:
swiftny earned 2000 total points
ID: 38827586
I would try adding a line to LMHOSTS file (remove the .sam when you are done). Syntax is similar to HOSTS but gives you ability to preload resolutions, and some DC stuff as well. I had similar issues, and HOSTS didn't do much but LMHOSTS did the trick.
0
 
LVL 2

Author Comment

by:eljasbo
ID: 38827595
I will try that, thank you.  Hopefully it will fix the issue.  i will know in a couple of hours.
0
 
LVL 1

Expert Comment

by:colinharris
ID: 38827677
This to me sounds like the VPN is timing out? Is the link being used when the link seems to die?

How is ports/protocols handled over the link? Might be work adding firewall rules if you are using windows firewall or double checking your routing between the sites.

Also, do you use WINS?

Ollie
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 2

Author Comment

by:eljasbo
ID: 38828073
Thank you for your response.  I did create windows firewall rules already on both sites to allow the other site.  The access rules on the firewalls allow all site to site traffic as well.  That did not seem to help, though.  

The VPN may indeed be timing out or be having some connectivity issues, but it seems to be reconnecting as expected, and is connected every time i check on it when this happens.  One site is connected via an awful DSL connection, so I certainly am not ruling that out as a possibility.  The clients have been using remote desktop applications over the link fine as well when this issue happens.  Also, I can still connect over the vpn to the other machine via ip address, and other users at each site have no problem connecting to the remote servers over the vpn, so i believe the vpn to be fine.  

I do think it is really bizarre the problem clears up for a bit when i restart one server, and the issue only happens when the servers try to talk with each other.  Restarting DNS server and client services do not help at that point.  Also, clients are not affected at all that i can tell.  I really dont know why it can resolve properly just after a server restart but then  stops after a bit.  

I am not using WINS server and NETBIOS over TCPIP is disabled.    

I just went to test this again to see if it was working still, but their flakey DSL has gone down completely for now so i cannot do further testing until it gets back up.   The provider is working on it, but this is the 3rd time it has gone down for considerable time in the past week.  This problem I am experiencing may be directly related.  I dont know why it doesnt seem to affect the users though.  Ugh.  I cant wait until the fiber line is installed next week and the DSL is gone.  Everything was working proper until about 15 minutes ago, though.   I will update you more once the connection comes back up and i can do more testing.  

Thank you again for all your help.
0
 
LVL 1

Assisted Solution

by:swiftny
swiftny earned 2000 total points
ID: 38828095
I would enable NetBIOS over TCP as well.
0
 
LVL 2

Author Comment

by:eljasbo
ID: 38828393
I will enable NETBIOS over TCPIP it when the link comes back up and see if that helps.  However,   I thought the trend since Windows 2000 was to move away from netbios/WINS  and use dns for resolution because of the security issues and chattiness related to the netbios.  Also, the NETBIOS broadcasts are not routed and should not pass over the VPN.  Other networks i manage seem to work fine without the netbios.  I am interested in hearing other's thoughts on NETBIOS/WINS as well.
0
 
LVL 1

Expert Comment

by:colinharris
ID: 38828433
Other than making sure the ports, as stated here (http://technet.microsoft.com/en-us/library/dd197515(v=ws.10).aspx), are fully open over the VPN, not really sure what this could be.

Have you been through the event logs, more specifically the DNS logs?

Ollie
0
 
LVL 2

Author Comment

by:eljasbo
ID: 38837999
There was nothing exciting in the DNS logs.  all appeared to be fine there.  The circuit has been up now for more than a day, and I am happy to say that i am able to perform the tasks i was previously unable to do after a whole day.  i do think swiftny's suggestions helped it out.  I really think the root cause of this problem is related to the flakey internet connection.  The suggestions swiftny made do seem to make this problem go away.  Thank you all for your help!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question