Solved

Name resolution problem with Windows 2008R2 servers over vpn

Posted on 2013-01-28
8
599 Views
Last Modified: 2013-01-30
Hello, I have a bizarre problem that I hope you can help with.  I have two Windows Server 2008R2 servers linked over a VPN.  Both are domain controllers, and are configured as two different sites in Active Directory.  They are both using themselves as the DNS server and the other as the secondary dns server. DNS, Active Directory, and DFS replication seems to be working between the sites, at first.  

My problem is that it seems that all name resolution between the servers  for anything useful goes away after a period of a couple hours.  I can still ping the servers from each other by name and nslookup returns proper results when this happens, but nothing else seems to work as expected between the sites.  When i try to connect by name, I get an RPC error when I try to browse the remote file shares on either server, I cannot connect via RDP, and i get an access denied error when i try to remotely manage a remote computer with the administrative tools.  

If i try to connect to the file shares or RDP using the IP address, it works fine.  It also works fine if a client computer tries to access via name.  The DNS entries for both servers appear fine, and  I have even added entries to the HOSTS file with no improvement.  I have also tried using the other server for DNS but that did not help either.

When I restart the server at one site, all is well again and appears to work fine for a while.   I can access everything just fine as expected at this point, file browsing, RDP,  and replication works, but then it breaks again after a few hours.  The connection at one site uses a flakey DSL line that has intermittent issues throughout the day.  We are getting a fiber line installed next month, but have to suffer with the DSL until then.  I  am not sure if that would cause this behavior.  It definitely seems like a name resolution issue, but this happens even with static HOSTS file entries.   NETBIOS over TCPIP is disabled as well.  

Please let me know if you have any thoughts on this issue.  Thank you in advance for your assistance.
0
Comment
Question by:eljasbo
  • 4
  • 2
  • 2
8 Comments
 
LVL 1

Accepted Solution

by:
swiftny earned 500 total points
ID: 38827586
I would try adding a line to LMHOSTS file (remove the .sam when you are done). Syntax is similar to HOSTS but gives you ability to preload resolutions, and some DC stuff as well. I had similar issues, and HOSTS didn't do much but LMHOSTS did the trick.
0
 
LVL 2

Author Comment

by:eljasbo
ID: 38827595
I will try that, thank you.  Hopefully it will fix the issue.  i will know in a couple of hours.
0
 
LVL 1

Expert Comment

by:colinharris
ID: 38827677
This to me sounds like the VPN is timing out? Is the link being used when the link seems to die?

How is ports/protocols handled over the link? Might be work adding firewall rules if you are using windows firewall or double checking your routing between the sites.

Also, do you use WINS?

Ollie
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 2

Author Comment

by:eljasbo
ID: 38828073
Thank you for your response.  I did create windows firewall rules already on both sites to allow the other site.  The access rules on the firewalls allow all site to site traffic as well.  That did not seem to help, though.  

The VPN may indeed be timing out or be having some connectivity issues, but it seems to be reconnecting as expected, and is connected every time i check on it when this happens.  One site is connected via an awful DSL connection, so I certainly am not ruling that out as a possibility.  The clients have been using remote desktop applications over the link fine as well when this issue happens.  Also, I can still connect over the vpn to the other machine via ip address, and other users at each site have no problem connecting to the remote servers over the vpn, so i believe the vpn to be fine.  

I do think it is really bizarre the problem clears up for a bit when i restart one server, and the issue only happens when the servers try to talk with each other.  Restarting DNS server and client services do not help at that point.  Also, clients are not affected at all that i can tell.  I really dont know why it can resolve properly just after a server restart but then  stops after a bit.  

I am not using WINS server and NETBIOS over TCPIP is disabled.    

I just went to test this again to see if it was working still, but their flakey DSL has gone down completely for now so i cannot do further testing until it gets back up.   The provider is working on it, but this is the 3rd time it has gone down for considerable time in the past week.  This problem I am experiencing may be directly related.  I dont know why it doesnt seem to affect the users though.  Ugh.  I cant wait until the fiber line is installed next week and the DSL is gone.  Everything was working proper until about 15 minutes ago, though.   I will update you more once the connection comes back up and i can do more testing.  

Thank you again for all your help.
0
 
LVL 1

Assisted Solution

by:swiftny
swiftny earned 500 total points
ID: 38828095
I would enable NetBIOS over TCP as well.
0
 
LVL 2

Author Comment

by:eljasbo
ID: 38828393
I will enable NETBIOS over TCPIP it when the link comes back up and see if that helps.  However,   I thought the trend since Windows 2000 was to move away from netbios/WINS  and use dns for resolution because of the security issues and chattiness related to the netbios.  Also, the NETBIOS broadcasts are not routed and should not pass over the VPN.  Other networks i manage seem to work fine without the netbios.  I am interested in hearing other's thoughts on NETBIOS/WINS as well.
0
 
LVL 1

Expert Comment

by:colinharris
ID: 38828433
Other than making sure the ports, as stated here (http://technet.microsoft.com/en-us/library/dd197515(v=ws.10).aspx), are fully open over the VPN, not really sure what this could be.

Have you been through the event logs, more specifically the DNS logs?

Ollie
0
 
LVL 2

Author Comment

by:eljasbo
ID: 38837999
There was nothing exciting in the DNS logs.  all appeared to be fine there.  The circuit has been up now for more than a day, and I am happy to say that i am able to perform the tasks i was previously unable to do after a whole day.  i do think swiftny's suggestions helped it out.  I really think the root cause of this problem is related to the flakey internet connection.  The suggestions swiftny made do seem to make this problem go away.  Thank you all for your help!
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question