?
Solved

VPN Tunnel and DNS Not Working Together?

Posted on 2013-06-07
34
Medium Priority
?
517 Views
Last Modified: 2013-06-12
We just connected two companies via VPN tunnel and we are trying to browse to each others server via the run command by doing: \\servername but it doesn't work. I tried adding the new DNS server's IP to the DNS list on the client's PC that I am trying to do this on and it still doesn't work. The only way I can get it to work is to type in the actual IP address and then it works...any ideas why I can just type in the server name?
0
Comment
Question by:itadminnek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 19
  • 12
  • 3
34 Comments
 
LVL 3

Expert Comment

by:Brandon
ID: 39229265
What router/device are you using?

i.e. sonicwall, cisco, etc.
0
 

Author Comment

by:itadminnek
ID: 39229274
Cisco...but I didn't setup the VPN tunnel nor do I know anything about it...out ISP set it up for us
0
 
LVL 3

Expert Comment

by:Brandon
ID: 39229295
itadminnek,

your netbios (computer names) routing is not enabled. While i could attach some how to links, I'm not a cisco expert and will let an expert help with that.

If you have support from your ISP you could ask them to enable the netbios routing over the vpn tunnel. shouldn't take to long.

Good luck and sorry I do not have the expertise to help you.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:itadminnek
ID: 39229426
I talked to my ISP and they say that there is nothing close...Netbios is enabled...but they came back and said that I need a WINS server to able to make this functional...does that make sense and how would I create a WINS server?
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 2000 total points
ID: 39229475
It makes sense. WINS server remove the need for relying on NetBIOS broadcasts, which do not work over router (without additional features on the router).
Just install WINS on a server on each site. WINS will then collect all machines in the network it runs.
Then you'll have to provide each other's WINS server on ANY client (or distribute it with DHCP), so they can use it.

The reason why adding another DNS server does not help is simple: Only the first DNS server is queried. Only if it does not reply, which means it is not reachable, will other DNS servers be asked. Hence you will always have only a single active DNS server.

If you have your own DNS server locally, e.g. on a Windows Server machine, you can add static entries for the remote machine names there. Instead you can add IP addresses and hostnames into %SystemRoot%\system32\etc\drivers\lmhosts (again on each client).
0
 

Author Comment

by:itadminnek
ID: 39229482
Couldn't I just add the DNS IP address from the other company to my DNS forwarder list and it should be able to resolve then?
0
 
LVL 3

Expert Comment

by:Brandon
ID: 39229492
No, that does not make sense at all. I do not think they know what they are talking about. As long as you have DNS running correctly on the internal network, name resolution should work just fine across the vpn. I'm sure a cisco routing expert can help but it will require you to go into the configuration.
0
 

Author Comment

by:itadminnek
ID: 39229509
How do you setup a WINS server?
0
 

Author Comment

by:itadminnek
ID: 39229521
Or are there any other options that you guys can think of?
0
 

Author Comment

by:itadminnek
ID: 39229837
Okay so I tried to Add a Role on my 2008 Windows Server but WINS is not an option to add...any ideas why?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39229878
It is not a role but a feature.
DNS forwarding works if you use the full DNS name, not the NetBIOS name. A UNC path would then be:
   \\server.at.other.site\share
and the forwarder needs to be configured to forward .at.other.site requests.
0
 

Author Comment

by:itadminnek
ID: 39230001
So after I install the WINS feature on my server...Do I need to configure it or should it just start collecting information? Is installing the WINS feature going to mess up the DNS?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39232840
If you distribute the WINS server IP with DHCP, it should auto-populate very quickly. Else it relies on listening to NetBIOS broadcasts (IIRC).

I recommend to add WINS Forward Lookup to your internal DNS zone entry (Properties » WINS, check "WINS Forward Lookup" and enter the WINS server IP).
That way DNS is asking WINS, if nothing can be found.

And no, WINS does not interfere with DNS. Internally there is no difference for names, and else you use fully qualified domain names anyway.
0
 

Author Comment

by:itadminnek
ID: 39234730
Hi Qlemo,

I am new at the so maybe I don't understand but I added the WINS to the zone like you said and nothing is populating in WINS...am I doing something wrong?

Please advise!
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 2000 total points
ID: 39235427
Reread some doc, and it seems that WINS is populated and maintained only if each client to register knows of the WINS server, that is:
You need to set the WINS server address up on each (local) client and server you want to reach, if you have static IP addresses (no DHCP).
With DHCP, set the WINS Server option, and option 046 WINS/NBT Node Type to h-node, in the DHCP Scope settings. If you then force taking over DHCP options with  ipconfig /renew  on a client, that client should be visible in WINS (and hence resolved), else you will have to wait for next automated renewal, which can last several days.
0
 

Author Comment

by:itadminnek
ID: 39235722
I tried changing the 046 Type to h-node but it wouldn't accept it...I currently have the WINS set for the IP address on DHCP but can't change the Node Type. It errors out and says "Enter a valid integer from 0 to 255 or 0 to 0xff"

Any ideas?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39235928
0x8 is H-Node. The description of the option should tell which integer corresponds to each node type.
However, that node type is not that important. It will only make sure DNS is asked first, and usually speed up name queries that way - at least with older OS, IIRC XP and above ask DNS first anyway.
0
 

Author Comment

by:itadminnek
ID: 39235946
Okay...I set those up and did a IP renew but there is still nothing showing up in the WINS screen...where should I be seeing the entries? Active Registrations?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39235997
Yes. You will have to search for something via the context menu - best for owner, then "All owners".
0
 

Author Comment

by:itadminnek
ID: 39236010
Okay I got it populated...would anything else have to be done or should I be able ping via computer name on the other side of the tunnel
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 39236031
It should work now, as long as either the DNS or the WINS server of this site is asked for name resolution.

But: Reading your question again, you are trying to get access from both sites? Then you will have to set up a single WINS server only, which is responsible for both sites. Creating a secondary WINS server on the other site (doing replication) is an option, and if set up to be asked by the other site might speed up name resolution.
The important point is that BOTH sites are collected into one WINS server, and there are no name collisions.
0
 

Author Comment

by:itadminnek
ID: 39236057
Got it! Thanks!
0
 

Author Comment

by:itadminnek
ID: 39237847
Its still not working kind of...it works on my side but not on their side. I changed my DNS to point to their WINS, I changed my DCHP server options to look at their WINS server and my side does work. Our DNS names and not showing up in their WINS though...and when I try adding the WINS server from our side it errors out and says "Access is denied." Am I doing something wrong? Is the Replication Partners the way to go?

Let me know...thanks!
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39237950
and when I try adding the WINS server from our side it errors out and says "Access is denied."
Can you describe the steps you take for that?

But anyway, use one WINS server as the "master", and set up another one for replication. You can then put into DNS the local WINS server, to speed up name queries.
0
 

Author Comment

by:itadminnek
ID: 39237984
There is an option in the WINS window to Add another WINS server, so I added theirs and double clicked on it but it comes back with that error.

The other site already had a WINS server so I figured I would use theirs as the master and then I set up replication in their WINS to pull from our WINS but only a hand full of names showed up and even when I tried to ping those name I couldn't resolve them.

Any ideas? Am I missing something?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39238257
Did you set up each WINS server as replication partner in Push/Pull mode? That allows for faster notification about changes.

In the WINS window, adding a server allows to manage that server. It is not related to replication. You can't provide credentials, so your account needs to have admin access to the other server - if not, "Access is denied" is the result.
0
 

Author Comment

by:itadminnek
ID: 39238318
Okay that worked but now I am noticing that not all of my computer names are showing in our WINS thus not getting replicated...like all the server names are not showing up. The server name do exist in the our DNS though.

Any ideas?
0
 

Author Comment

by:itadminnek
ID: 39238717
Could it be because all the server has static IPs or doesn't that matter?
0
 

Author Comment

by:itadminnek
ID: 39239028
Yes...that's what it was...after I mapped the static IPs it works...thanks again for the help!
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39239447
Machines having static IPs (and hence not using DHCP) need to have set up WINS manually in their NIC's TCP/IP settings, to allow them to register in WINS. Or you create static WINS entries yourself, as you have done.
0
 

Author Comment

by:itadminnek
ID: 39241206
So are you saying that if I add the WINS IP address to the static IP servers that they will show up in the WINS?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39241447
Positive.
0
 

Author Comment

by:itadminnek
ID: 39242301
I have a Redhat server that is static and I cant add the WINS server to it so I added it to the WINS manually but it still doesn't work on the other side...is that normal? Would it work because its Redhat or doesn't it matter?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39242966
If the Redhat server does not provide Samba services, no NetBIOS will be used (and needed). I'm not positive whether Redhat and WINS should work together, but if you add a static entry it should work IMHO - I might be wrong with that, though.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question