Solved

VPN Tunnel and DNS Not Working Together?

Posted on 2013-06-07
34
515 Views
Last Modified: 2013-06-12
We just connected two companies via VPN tunnel and we are trying to browse to each others server via the run command by doing: \\servername but it doesn't work. I tried adding the new DNS server's IP to the DNS list on the client's PC that I am trying to do this on and it still doesn't work. The only way I can get it to work is to type in the actual IP address and then it works...any ideas why I can just type in the server name?
0
Comment
Question by:itadminnek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 19
  • 12
  • 3
34 Comments
 
LVL 3

Expert Comment

by:Brandon
ID: 39229265
What router/device are you using?

i.e. sonicwall, cisco, etc.
0
 

Author Comment

by:itadminnek
ID: 39229274
Cisco...but I didn't setup the VPN tunnel nor do I know anything about it...out ISP set it up for us
0
 
LVL 3

Expert Comment

by:Brandon
ID: 39229295
itadminnek,

your netbios (computer names) routing is not enabled. While i could attach some how to links, I'm not a cisco expert and will let an expert help with that.

If you have support from your ISP you could ask them to enable the netbios routing over the vpn tunnel. shouldn't take to long.

Good luck and sorry I do not have the expertise to help you.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:itadminnek
ID: 39229426
I talked to my ISP and they say that there is nothing close...Netbios is enabled...but they came back and said that I need a WINS server to able to make this functional...does that make sense and how would I create a WINS server?
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 500 total points
ID: 39229475
It makes sense. WINS server remove the need for relying on NetBIOS broadcasts, which do not work over router (without additional features on the router).
Just install WINS on a server on each site. WINS will then collect all machines in the network it runs.
Then you'll have to provide each other's WINS server on ANY client (or distribute it with DHCP), so they can use it.

The reason why adding another DNS server does not help is simple: Only the first DNS server is queried. Only if it does not reply, which means it is not reachable, will other DNS servers be asked. Hence you will always have only a single active DNS server.

If you have your own DNS server locally, e.g. on a Windows Server machine, you can add static entries for the remote machine names there. Instead you can add IP addresses and hostnames into %SystemRoot%\system32\etc\drivers\lmhosts (again on each client).
0
 

Author Comment

by:itadminnek
ID: 39229482
Couldn't I just add the DNS IP address from the other company to my DNS forwarder list and it should be able to resolve then?
0
 
LVL 3

Expert Comment

by:Brandon
ID: 39229492
No, that does not make sense at all. I do not think they know what they are talking about. As long as you have DNS running correctly on the internal network, name resolution should work just fine across the vpn. I'm sure a cisco routing expert can help but it will require you to go into the configuration.
0
 

Author Comment

by:itadminnek
ID: 39229509
How do you setup a WINS server?
0
 

Author Comment

by:itadminnek
ID: 39229521
Or are there any other options that you guys can think of?
0
 

Author Comment

by:itadminnek
ID: 39229837
Okay so I tried to Add a Role on my 2008 Windows Server but WINS is not an option to add...any ideas why?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39229878
It is not a role but a feature.
DNS forwarding works if you use the full DNS name, not the NetBIOS name. A UNC path would then be:
   \\server.at.other.site\share
and the forwarder needs to be configured to forward .at.other.site requests.
0
 

Author Comment

by:itadminnek
ID: 39230001
So after I install the WINS feature on my server...Do I need to configure it or should it just start collecting information? Is installing the WINS feature going to mess up the DNS?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39232840
If you distribute the WINS server IP with DHCP, it should auto-populate very quickly. Else it relies on listening to NetBIOS broadcasts (IIRC).

I recommend to add WINS Forward Lookup to your internal DNS zone entry (Properties » WINS, check "WINS Forward Lookup" and enter the WINS server IP).
That way DNS is asking WINS, if nothing can be found.

And no, WINS does not interfere with DNS. Internally there is no difference for names, and else you use fully qualified domain names anyway.
0
 

Author Comment

by:itadminnek
ID: 39234730
Hi Qlemo,

I am new at the so maybe I don't understand but I added the WINS to the zone like you said and nothing is populating in WINS...am I doing something wrong?

Please advise!
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 500 total points
ID: 39235427
Reread some doc, and it seems that WINS is populated and maintained only if each client to register knows of the WINS server, that is:
You need to set the WINS server address up on each (local) client and server you want to reach, if you have static IP addresses (no DHCP).
With DHCP, set the WINS Server option, and option 046 WINS/NBT Node Type to h-node, in the DHCP Scope settings. If you then force taking over DHCP options with  ipconfig /renew  on a client, that client should be visible in WINS (and hence resolved), else you will have to wait for next automated renewal, which can last several days.
0
 

Author Comment

by:itadminnek
ID: 39235722
I tried changing the 046 Type to h-node but it wouldn't accept it...I currently have the WINS set for the IP address on DHCP but can't change the Node Type. It errors out and says "Enter a valid integer from 0 to 255 or 0 to 0xff"

Any ideas?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39235928
0x8 is H-Node. The description of the option should tell which integer corresponds to each node type.
However, that node type is not that important. It will only make sure DNS is asked first, and usually speed up name queries that way - at least with older OS, IIRC XP and above ask DNS first anyway.
0
 

Author Comment

by:itadminnek
ID: 39235946
Okay...I set those up and did a IP renew but there is still nothing showing up in the WINS screen...where should I be seeing the entries? Active Registrations?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39235997
Yes. You will have to search for something via the context menu - best for owner, then "All owners".
0
 

Author Comment

by:itadminnek
ID: 39236010
Okay I got it populated...would anything else have to be done or should I be able ping via computer name on the other side of the tunnel
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39236031
It should work now, as long as either the DNS or the WINS server of this site is asked for name resolution.

But: Reading your question again, you are trying to get access from both sites? Then you will have to set up a single WINS server only, which is responsible for both sites. Creating a secondary WINS server on the other site (doing replication) is an option, and if set up to be asked by the other site might speed up name resolution.
The important point is that BOTH sites are collected into one WINS server, and there are no name collisions.
0
 

Author Comment

by:itadminnek
ID: 39236057
Got it! Thanks!
0
 

Author Comment

by:itadminnek
ID: 39237847
Its still not working kind of...it works on my side but not on their side. I changed my DNS to point to their WINS, I changed my DCHP server options to look at their WINS server and my side does work. Our DNS names and not showing up in their WINS though...and when I try adding the WINS server from our side it errors out and says "Access is denied." Am I doing something wrong? Is the Replication Partners the way to go?

Let me know...thanks!
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39237950
and when I try adding the WINS server from our side it errors out and says "Access is denied."
Can you describe the steps you take for that?

But anyway, use one WINS server as the "master", and set up another one for replication. You can then put into DNS the local WINS server, to speed up name queries.
0
 

Author Comment

by:itadminnek
ID: 39237984
There is an option in the WINS window to Add another WINS server, so I added theirs and double clicked on it but it comes back with that error.

The other site already had a WINS server so I figured I would use theirs as the master and then I set up replication in their WINS to pull from our WINS but only a hand full of names showed up and even when I tried to ping those name I couldn't resolve them.

Any ideas? Am I missing something?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39238257
Did you set up each WINS server as replication partner in Push/Pull mode? That allows for faster notification about changes.

In the WINS window, adding a server allows to manage that server. It is not related to replication. You can't provide credentials, so your account needs to have admin access to the other server - if not, "Access is denied" is the result.
0
 

Author Comment

by:itadminnek
ID: 39238318
Okay that worked but now I am noticing that not all of my computer names are showing in our WINS thus not getting replicated...like all the server names are not showing up. The server name do exist in the our DNS though.

Any ideas?
0
 

Author Comment

by:itadminnek
ID: 39238717
Could it be because all the server has static IPs or doesn't that matter?
0
 

Author Comment

by:itadminnek
ID: 39239028
Yes...that's what it was...after I mapped the static IPs it works...thanks again for the help!
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39239447
Machines having static IPs (and hence not using DHCP) need to have set up WINS manually in their NIC's TCP/IP settings, to allow them to register in WINS. Or you create static WINS entries yourself, as you have done.
0
 

Author Comment

by:itadminnek
ID: 39241206
So are you saying that if I add the WINS IP address to the static IP servers that they will show up in the WINS?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39241447
Positive.
0
 

Author Comment

by:itadminnek
ID: 39242301
I have a Redhat server that is static and I cant add the WINS server to it so I added it to the WINS manually but it still doesn't work on the other side...is that normal? Would it work because its Redhat or doesn't it matter?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39242966
If the Redhat server does not provide Samba services, no NetBIOS will be used (and needed). I'm not positive whether Redhat and WINS should work together, but if you add a static entry it should work IMHO - I might be wrong with that, though.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Change Exchange 2010 Namespace 6 66
IIS Authentication Error 401 16 64
Cisco Anyconnect on MS Surface 12 43
Server 2008 R2 has no more space on C: (OS) drive 21 79
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

736 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question