Link to home
Start Free TrialLog in
Avatar of Jason Johanknecht
Jason JohanknechtFlag for United States of America

asked on

Netmotion VPN software breaks connection with domain

Netmotion VPN software was updated last week Wed.  Since then any computer with that software installed cannot communicate with the domain controller and shares.  They can access the SQL database though.  Removing the software (NetMotion) fixes that problem.  However the Netmotion VPN is needed to access another remote server (Which I have no control over).  The IT for that server is not available to address this issue until tomorrow, but they will be calling NetMotion tech support as they don't have any idea as to why this would be.  Making things worse is the tech for the NetMotion VPN leaves for vacation tomorrow morning.  He is going to send me the installer software to install the latest version instead of allowing the update to install from old version.  I have nothing to do with the NetMotion VPN software and am not responsible for ever installing it before.  Looking for advice or a possible solution in case he cannot resolve quickly before his vacation starts.

Avatar of Rob Williams
Rob Williams
Flag of Canada image

If you can access the SQL database, that implies routing is OK.  I have seen VPNs change the DNS server and thus 'break' DNS.  Can you ping the resource by IP, but by name fails?
Avatar of Jason Johanknecht

ASKER

When I disable the VPN software I can ping the server.  When the VPN is running, DNS points to incorrect IP address, but I can ping by IP (The actual IP).  I am waiting for the installer to be sent to us.  A clean install of the program is the only thing planned at this point.  Since the tech in charge of this software (Only person that can call NetMotion) is on vacation starting today.  Reminder: We have no control of this software or support of the VPN software.
Can you try statically setting the DNS server in the NIC configuration?
Another option since it is not routing is to add the server name to the Hosts file.  I did a blog article several years ago as to using hosts and lmhosts files
LMHosts | LAN-Tech Network Management 
We installed the new NetMotion client, and configured the IP address (for the VPN) provided... We cannot even connect to the VPN.  That support person is on vacation, and we are hoping he will respond.
Yes, I could absolutely set a HOST file to point to the DC.  Currently this computer is even worse off than before, so I am not making any more changes until the person in control of the VPN responds.
Just heard from the person in control of the VPN and he said we need to connect to his domain over the VPN.  Is that why my domain stops working?  Can you be connected to 2 domains at once?
You can but DNS becomes an Issue.  You can add multiple DNS servers in the advanced NIC configuration. Or better you can configure forward look up zones on your DNS server.  However if the VPN software forces the default DNS server IP you might  be best to use the host file for local connection.
NetMotion tech support was willing to talk to me just now.  They only forward domain information for authentication and feel server is misconfigured (Policy) on the VPN host side.  He said, their software can restrict all internet use except the VPN.  So the issues we are having could be an attempt to prevent some activity that (VPN host) did not intend.  The tech in charge of that server is coming back late morning to work with me.  I will update after that.  Thanks Rob for all your effort on this.
>>" their software can restrict all internet use except the VPN "
This is a common security policy and almost standard.  In order to access local resources and VPN split tunneling needs to be enabled.  It sounds to me as if spit tunneling is enabled where you can ping by IP.  Without it you would not be able to do so.  Sounds like DNS issue to me.
My VPN hosted sites all allow internet access from the local gateway, not across the VPN.  That would eat up unnecessary bandwidth at the host location.  I do not run them VPN services to provide security.  Do you typically run everything through the VPN?
Running nslookup shows my DNS server, but responds incorrectly when connected to the VPN.... responds correctly when disconnected from VPN.  I don't understand what is happening in that instance.

Sounds like the VPN is changing your DNS settings.
Try from a command line running    ipconfig  /all    first without the VPN and then with the VPN connected and compare the DNS server IPs.
ASKER CERTIFIED SOLUTION
Avatar of Jason Johanknecht
Jason Johanknecht
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial