SBS 2011 RAS IP in DNS
Dear experts, we have SBS 2011 server with "Remote access" role. Let's call it MyServer
The server has static IP: 192.168.0.1 configured on NIC. In DNS, I can see static A record with this IP for MyServer. There is no DHCP lease for this IP since the IP is static.
That's OK till now.
But: There is DHCP lease for "MyServer" with another IP (192.168.0.52) from DHCP range, unique ID is "RAS".
It also creates DNS record for MyServer - 192.168.0.52
When I ping form client to MyServer, i get answer from RAS IP 192.168.0.52.
I should get answer from static IP 192.168.0.2 instead of 0.52, right?
My DHCP is configured as on attached picture.
Regards,
Jarda
DHCP_settings.png
The server has static IP: 192.168.0.1 configured on NIC. In DNS, I can see static A record with this IP for MyServer. There is no DHCP lease for this IP since the IP is static.
That's OK till now.
But: There is DHCP lease for "MyServer" with another IP (192.168.0.52) from DHCP range, unique ID is "RAS".
It also creates DNS record for MyServer - 192.168.0.52
When I ping form client to MyServer, i get answer from RAS IP 192.168.0.52.
I should get answer from static IP 192.168.0.2 instead of 0.52, right?
My DHCP is configured as on attached picture.
Regards,
Jarda
DHCP_settings.png
David Johnson, CD
no you will get the .52 address not the .1 address, they really should be in separate subnets though.
ASKER
Hi David,
Since it's SBS server, I did all configurations via SBS wizards from SBS console.
Now I can see 6 RAS IP addresses in my DHCP server. Each of these 6 leases has "MyServer.domain.local" as a name.
When I connect to VPN from outside of LAN, I get one of RAS IP addresses (for example 192.168.1.78), but the address hasn't A record in DNS.
This is how the VPN works and this is good I think.
I asked why I found static A record for MyServer. IP address was one of RAS.
You also stated that I should have servers static IP (192.168.0.2) and RAS IP in different subnet, am I right? But why and how I achieve this?
Regards,
Jarda
Since it's SBS server, I did all configurations via SBS wizards from SBS console.
Now I can see 6 RAS IP addresses in my DHCP server. Each of these 6 leases has "MyServer.domain.local" as a name.
When I connect to VPN from outside of LAN, I get one of RAS IP addresses (for example 192.168.1.78), but the address hasn't A record in DNS.
This is how the VPN works and this is good I think.
I asked why I found static A record for MyServer. IP address was one of RAS.
You also stated that I should have servers static IP (192.168.0.2) and RAS IP in different subnet, am I right? But why and how I achieve this?
Regards,
Jarda
My question is, why did you modify your DHCP configuration that way? The SBS Wizard configures your DHCP Server correctly for working in an SBS Environment.
Uncheck the Dynamic Updates option on the DHCP Server and restart the DHCP Server Service.
Then, disable the VPN using the Configure a Virtual Private Network Wizard and run it again to enable it correctly.
This should clear up the DNS entries you are seeing.
Jeff
TechSoEasy
Uncheck the Dynamic Updates option on the DHCP Server and restart the DHCP Server Service.
Then, disable the VPN using the Configure a Virtual Private Network Wizard and run it again to enable it correctly.
This should clear up the DNS entries you are seeing.
Jeff
TechSoEasy
ASKER
Hi Jeff,
Thanks for suggestion. I'm aware that configuring SBS server out of the wizards is a bad idea.
I tried to prevent DNS mess when we rename some domain computer.
ID: 4
Source: Microsoft-Windows-Security
Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server NB-Name-1$. The target name used was cifs/NB-Name-2.domain.loca
Regards,
Jarda
Thanks for suggestion. I'm aware that configuring SBS server out of the wizards is a bad idea.
I tried to prevent DNS mess when we rename some domain computer.
ID: 4
Source: Microsoft-Windows-Security
Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server NB-Name-1$. The target name used was cifs/NB-Name-2.domain.loca
Regards,
Jarda
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, Jeff.
Jarda
Jarda