?
Solved

DNS and DC issues

Posted on 2014-03-05
11
Medium Priority
?
173 Views
Last Modified: 2014-03-16
This is my issue:  I have a 2 domain controllers, NSCA-DC and NSCA-Files.  NSCA-DC is a VM in hypervisor and is my primary DC.  Additionally they are both my DNS servers.  DNS is resolving for my internal network with no problems.  When people VPN in from outside our network my internal server’s names are not resolved.   My router is managed by our ISP, but connected to it is a Cisco ASA that is used as a VPN concentrator.  I can control its settings.
Also I cannot connect to my primary-DC through RDP but I can PING it and it does have access to the internet.  When I open RDP I can connect for credentials, but then it will not establish a connection using either the server name or its IP address.
0
Comment
Question by:David Newcomb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39906818
What's your internal subnet? Is it 192.168.1.0/24?
0
 

Author Comment

by:David Newcomb
ID: 39906822
10.0.0.0/24
0
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39906846
Are you using Windows RRAS?  Here is a quote from a technet article I found that seems similar to the issue you're describing:

1.Open Server Manager
2.Network Policy and Access Services
3.Routing and Remote Access
4.IPv4
5.NAT
6.Right mouse, New Interface
7.Choose a NIC (in my case the options were 'Local Area Connection 3' and 'Internal', so I went with the first one)
8. Uncheck the box "Enable security on the selected interface by setting uip Basic Firewall," otherwise if a VPN user connects, no one in the network will be able to access the VPN server for files, resources, etc, and especially detrimental if it is a DC, which is part of the reason we recommend RRAS not be on a DC and be on a separate server.
9.On the NAT tab, selected "Public Interface connected to the internet"
10.Ticked "Enable NAT on this interface"
11.Click OK
12.All done - now test your VPN connection from the client

Article Source
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 

Author Comment

by:David Newcomb
ID: 39906925
I am not using RRAS.  USers VPN in using the Cisco VPN Client and the ASA passes them into the network.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39910120
If your clients are not getting an IP inside your LAN they will never get to see your servers, they must get an IP from your LAN and a DNS from your LAN to be able to resolve your LAN Names.

Your VPN Concentrator should assign an IP and DNS server on your LAN to each authorized connection.

I have the following which applies for a Cisco VPN 3000 but may give an idea: http://www.cisco.com/c/en/us/support/docs/security/vpn-3000-series-concentrators/26405-dns-split-dynam.html
0
 

Author Comment

by:David Newcomb
ID: 39917453
So, in the ASA I need to setup DHCP for outside?
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39917733
Like I said before, I don't know which system you are using but the link I send you, should help you find the steps for yours.
0
 

Author Comment

by:David Newcomb
ID: 39917741
I have an ASA 5505, ASA version 8.2(2)  I should have put that in earlier.  It is connected to a router managed by our SIP and the ASA only handles VPN traffic.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39917919
0
 

Accepted Solution

by:
David Newcomb earned 0 total points
ID: 39921641
I was able to resolve the issue by updating the DNS settings in Cisco ADSM group policies under VPN Remote Users config.
0
 

Author Closing Comment

by:David Newcomb
ID: 39932354
Thanks for all the assistance, I learned a great deal.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question