Solved

VPN Tunnel and DNS Not Working Together?

Posted on 2013-06-07
34
507 Views
Last Modified: 2013-06-12
We just connected two companies via VPN tunnel and we are trying to browse to each others server via the run command by doing: \\servername but it doesn't work. I tried adding the new DNS server's IP to the DNS list on the client's PC that I am trying to do this on and it still doesn't work. The only way I can get it to work is to type in the actual IP address and then it works...any ideas why I can just type in the server name?
0
Comment
Question by:itadminnek
  • 19
  • 12
  • 3
34 Comments
 
LVL 3

Expert Comment

by:Brandon
Comment Utility
What router/device are you using?

i.e. sonicwall, cisco, etc.
0
 

Author Comment

by:itadminnek
Comment Utility
Cisco...but I didn't setup the VPN tunnel nor do I know anything about it...out ISP set it up for us
0
 
LVL 3

Expert Comment

by:Brandon
Comment Utility
itadminnek,

your netbios (computer names) routing is not enabled. While i could attach some how to links, I'm not a cisco expert and will let an expert help with that.

If you have support from your ISP you could ask them to enable the netbios routing over the vpn tunnel. shouldn't take to long.

Good luck and sorry I do not have the expertise to help you.
0
 

Author Comment

by:itadminnek
Comment Utility
I talked to my ISP and they say that there is nothing close...Netbios is enabled...but they came back and said that I need a WINS server to able to make this functional...does that make sense and how would I create a WINS server?
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 500 total points
Comment Utility
It makes sense. WINS server remove the need for relying on NetBIOS broadcasts, which do not work over router (without additional features on the router).
Just install WINS on a server on each site. WINS will then collect all machines in the network it runs.
Then you'll have to provide each other's WINS server on ANY client (or distribute it with DHCP), so they can use it.

The reason why adding another DNS server does not help is simple: Only the first DNS server is queried. Only if it does not reply, which means it is not reachable, will other DNS servers be asked. Hence you will always have only a single active DNS server.

If you have your own DNS server locally, e.g. on a Windows Server machine, you can add static entries for the remote machine names there. Instead you can add IP addresses and hostnames into %SystemRoot%\system32\etc\drivers\lmhosts (again on each client).
0
 

Author Comment

by:itadminnek
Comment Utility
Couldn't I just add the DNS IP address from the other company to my DNS forwarder list and it should be able to resolve then?
0
 
LVL 3

Expert Comment

by:Brandon
Comment Utility
No, that does not make sense at all. I do not think they know what they are talking about. As long as you have DNS running correctly on the internal network, name resolution should work just fine across the vpn. I'm sure a cisco routing expert can help but it will require you to go into the configuration.
0
 

Author Comment

by:itadminnek
Comment Utility
How do you setup a WINS server?
0
 

Author Comment

by:itadminnek
Comment Utility
Or are there any other options that you guys can think of?
0
 

Author Comment

by:itadminnek
Comment Utility
Okay so I tried to Add a Role on my 2008 Windows Server but WINS is not an option to add...any ideas why?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
It is not a role but a feature.
DNS forwarding works if you use the full DNS name, not the NetBIOS name. A UNC path would then be:
   \\server.at.other.site\share
and the forwarder needs to be configured to forward .at.other.site requests.
0
 

Author Comment

by:itadminnek
Comment Utility
So after I install the WINS feature on my server...Do I need to configure it or should it just start collecting information? Is installing the WINS feature going to mess up the DNS?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
If you distribute the WINS server IP with DHCP, it should auto-populate very quickly. Else it relies on listening to NetBIOS broadcasts (IIRC).

I recommend to add WINS Forward Lookup to your internal DNS zone entry (Properties » WINS, check "WINS Forward Lookup" and enter the WINS server IP).
That way DNS is asking WINS, if nothing can be found.

And no, WINS does not interfere with DNS. Internally there is no difference for names, and else you use fully qualified domain names anyway.
0
 

Author Comment

by:itadminnek
Comment Utility
Hi Qlemo,

I am new at the so maybe I don't understand but I added the WINS to the zone like you said and nothing is populating in WINS...am I doing something wrong?

Please advise!
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 500 total points
Comment Utility
Reread some doc, and it seems that WINS is populated and maintained only if each client to register knows of the WINS server, that is:
You need to set the WINS server address up on each (local) client and server you want to reach, if you have static IP addresses (no DHCP).
With DHCP, set the WINS Server option, and option 046 WINS/NBT Node Type to h-node, in the DHCP Scope settings. If you then force taking over DHCP options with  ipconfig /renew  on a client, that client should be visible in WINS (and hence resolved), else you will have to wait for next automated renewal, which can last several days.
0
 

Author Comment

by:itadminnek
Comment Utility
I tried changing the 046 Type to h-node but it wouldn't accept it...I currently have the WINS set for the IP address on DHCP but can't change the Node Type. It errors out and says "Enter a valid integer from 0 to 255 or 0 to 0xff"

Any ideas?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
0x8 is H-Node. The description of the option should tell which integer corresponds to each node type.
However, that node type is not that important. It will only make sure DNS is asked first, and usually speed up name queries that way - at least with older OS, IIRC XP and above ask DNS first anyway.
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 

Author Comment

by:itadminnek
Comment Utility
Okay...I set those up and did a IP renew but there is still nothing showing up in the WINS screen...where should I be seeing the entries? Active Registrations?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Yes. You will have to search for something via the context menu - best for owner, then "All owners".
0
 

Author Comment

by:itadminnek
Comment Utility
Okay I got it populated...would anything else have to be done or should I be able ping via computer name on the other side of the tunnel
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
Comment Utility
It should work now, as long as either the DNS or the WINS server of this site is asked for name resolution.

But: Reading your question again, you are trying to get access from both sites? Then you will have to set up a single WINS server only, which is responsible for both sites. Creating a secondary WINS server on the other site (doing replication) is an option, and if set up to be asked by the other site might speed up name resolution.
The important point is that BOTH sites are collected into one WINS server, and there are no name collisions.
0
 

Author Comment

by:itadminnek
Comment Utility
Got it! Thanks!
0
 

Author Comment

by:itadminnek
Comment Utility
Its still not working kind of...it works on my side but not on their side. I changed my DNS to point to their WINS, I changed my DCHP server options to look at their WINS server and my side does work. Our DNS names and not showing up in their WINS though...and when I try adding the WINS server from our side it errors out and says "Access is denied." Am I doing something wrong? Is the Replication Partners the way to go?

Let me know...thanks!
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
and when I try adding the WINS server from our side it errors out and says "Access is denied."
Can you describe the steps you take for that?

But anyway, use one WINS server as the "master", and set up another one for replication. You can then put into DNS the local WINS server, to speed up name queries.
0
 

Author Comment

by:itadminnek
Comment Utility
There is an option in the WINS window to Add another WINS server, so I added theirs and double clicked on it but it comes back with that error.

The other site already had a WINS server so I figured I would use theirs as the master and then I set up replication in their WINS to pull from our WINS but only a hand full of names showed up and even when I tried to ping those name I couldn't resolve them.

Any ideas? Am I missing something?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Did you set up each WINS server as replication partner in Push/Pull mode? That allows for faster notification about changes.

In the WINS window, adding a server allows to manage that server. It is not related to replication. You can't provide credentials, so your account needs to have admin access to the other server - if not, "Access is denied" is the result.
0
 

Author Comment

by:itadminnek
Comment Utility
Okay that worked but now I am noticing that not all of my computer names are showing in our WINS thus not getting replicated...like all the server names are not showing up. The server name do exist in the our DNS though.

Any ideas?
0
 

Author Comment

by:itadminnek
Comment Utility
Could it be because all the server has static IPs or doesn't that matter?
0
 

Author Comment

by:itadminnek
Comment Utility
Yes...that's what it was...after I mapped the static IPs it works...thanks again for the help!
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Machines having static IPs (and hence not using DHCP) need to have set up WINS manually in their NIC's TCP/IP settings, to allow them to register in WINS. Or you create static WINS entries yourself, as you have done.
0
 

Author Comment

by:itadminnek
Comment Utility
So are you saying that if I add the WINS IP address to the static IP servers that they will show up in the WINS?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Positive.
0
 

Author Comment

by:itadminnek
Comment Utility
I have a Redhat server that is static and I cant add the WINS server to it so I added it to the WINS manually but it still doesn't work on the other side...is that normal? Would it work because its Redhat or doesn't it matter?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
If the Redhat server does not provide Samba services, no NetBIOS will be used (and needed). I'm not positive whether Redhat and WINS should work together, but if you add a static entry it should work IMHO - I might be wrong with that, though.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now