DNS problem when client is from VPN  
Author Message
donbarbituo





PostPosted: Wed Nov 09 09:11:20 PST 2005 Top

SBS >> DNS problem when client is from VPN

Hi,

having some unusual problems and would appreciate some tips on where to start.

Basically, all seems fine with DNS from our subnet. All use DHCP.
Domain clients are registered in the DNS when logged in.
Non Domain clients register only in Reverse Lookup.
(Am not sure if this is what should really happen).

Problems start now with a few users attached via a VPN from an external
router.
The last two blocks of subnet ip are different to ours, their local DHCP is
set with Domain controller as IP as primary DNS - but - it seems that their
IP will not register in the DNS at all.

Any ideas?
Is SBS somehow limiting the DNS reg to only our main subnet?

This is basically step one to a major problem experienced.
A computer which was a domain member started to go very slow on logins from
other end of VPN. Then, userenv errors etc etc. Had to remove it from the
domain and could not rejoin at all.

Appreciate any help.

Information Technology290  
 
 
JamesSanford





PostPosted: Wed Nov 09 09:11:20 PST 2005 Top

SBS >> DNS problem when client is from VPN If the subnet of the other machines are the same, I've seen that prevent it
from working... I'm sure the microsoft guru's have better info, but I thought
it might be something to check...



> Hi,
>
> having some unusual problems and would appreciate some tips on where to start.
>
> Basically, all seems fine with DNS from our subnet. All use DHCP.
> Domain clients are registered in the DNS when logged in.
> Non Domain clients register only in Reverse Lookup.
> (Am not sure if this is what should really happen).
>
> Problems start now with a few users attached via a VPN from an external
> router.
> The last two blocks of subnet ip are different to ours, their local DHCP is
> set with Domain controller as IP as primary DNS - but - it seems that their
> IP will not register in the DNS at all.
>
> Any ideas?
> Is SBS somehow limiting the DNS reg to only our main subnet?
>
> This is basically step one to a major problem experienced.
> A computer which was a domain member started to go very slow on logins from
> other end of VPN. Then, userenv errors etc etc. Had to remove it from the
> domain and could not rejoin at all.
>
> Appreciate any help.
>
 
 
v-edtian





PostPosted: Wed Nov 09 23:51:18 PST 2005 Top

SBS >> DNS problem when client is from VPN Hi:
Thanks for posting here.

From the description, I understand that the IP address of the remote VPN
client is not registered in the DNS Server on the SBS box. If I have
misunderstood, please do let me know.

On one of the VPN client, run "Ipconfig /all" to make sure that the Primary
DNS suffix is correct and the Preferred DNS server is pointing to the
correct DNS server that you want to register.

Then locate the network connection properties, double click Internet
Protocol (TCP/IP), click Advanced button, click DNS tab, make sure that the
"Register this connection addresses in DNS" option is enabled. Restart the
DNS client service.

Here, I suggest you check if you can manually register it. To do so, please
use the following command.

Ipconfig /flushdns

Then run:
ipconfig /registerdns

If it works, please check if you enable dynamic update to DNS in the DHCP
server. To check it, please follow the steps below.

1. Open the Administrative Tools->DHCP console.

2. Right-click the Server name and select Properties.

3. Click the DNS server and select the dynamic update to DNS settings.
More information:

Windows 2000 Enables DDNS Registration by Default
http://support.microsoft.com/default.aspx?scid=KB;EN-US;251370

Name resolution and connectivity issues on a Routing and Remote Access
Server that also runs DNS or WINS
http://support.microsoft.com/default.aspx?scid=KB;EN-US;292822

Please also make sure that if you have a router at the SBS end, the DNS
update request was not blocked by the hardware router.

Regarding the second problem, would you please send the event logs on the

a further investigation on these log files.

Hope the above information helps.
Have a nice day!

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: DNS problem when client is from VPN
| thread-index: AcXlSU4n76nA1sPMTcyp6oDmjT9NwA==
| X-WBNR-Posting-Host: 217.91.34.149

| Subject: DNS problem when client is from VPN
| Date: Wed, 9 Nov 2005 08:19:05 -0800
| Lines: 25

| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:220480
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi,
|
| having some unusual problems and would appreciate some tips on where to
start.
|
| Basically, all seems fine with DNS from our subnet. All use DHCP.
| Domain clients are registered in the DNS when logged in.
| Non Domain clients register only in Reverse Lookup.
| (Am not sure if this is what should really happen).
|
| Problems start now with a few users attached via a VPN from an external
| router.
| The last two blocks of subnet ip are different to ours, their local DHCP
is
| set with Domain controller as IP as primary DNS - but - it seems that
their
| IP will not register in the DNS at all.
|
| Any ideas?
| Is SBS somehow limiting the DNS reg to only our main subnet?
|
| This is basically step one to a major problem experienced.
| A computer which was a domain member started to go very slow on logins
from
| other end of VPN. Then, userenv errors etc etc. Had to remove it from the
| domain and could not rejoin at all.
|
| Appreciate any help.
|
|

 
 
KenT





PostPosted: Mon Nov 14 06:41:10 PST 2005 Top

SBS >> DNS problem when client is from VPN Edward,

thanks for your help with this.
At the moment am a bit stuck for time - but will check as per your
suggestions and get back to you asap.

Ken



> Hi:
> Thanks for posting here.
>
> From the description, I understand that the IP address of the remote VPN
> client is not registered in the DNS Server on the SBS box. If I have
> misunderstood, please do let me know.
>
> On one of the VPN client, run "Ipconfig /all" to make sure that the Primary
> DNS suffix is correct and the Preferred DNS server is pointing to the
> correct DNS server that you want to register.
>
> Then locate the network connection properties, double click Internet
> Protocol (TCP/IP), click Advanced button, click DNS tab, make sure that the
> "Register this connection addresses in DNS" option is enabled. Restart the
> DNS client service.
>
> Here, I suggest you check if you can manually register it. To do so, please
> use the following command.
>
> Ipconfig /flushdns
>
> Then run:
> ipconfig /registerdns
>
> If it works, please check if you enable dynamic update to DNS in the DHCP
> server. To check it, please follow the steps below.
>
> 1. Open the Administrative Tools->DHCP console.
>
> 2. Right-click the Server name and select Properties.
>
> 3. Click the DNS server and select the dynamic update to DNS settings.
> More information:
>
> Windows 2000 Enables DDNS Registration by Default
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;251370
>
> Name resolution and connectivity issues on a Routing and Remote Access
> Server that also runs DNS or WINS
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;292822
>
> Please also make sure that if you have a router at the SBS end, the DNS
> update request was not blocked by the hardware router.
>
> Regarding the second problem, would you please send the event logs on the

> a further investigation on these log files.
>
> Hope the above information helps.
> Have a nice day!
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | Thread-Topic: DNS problem when client is from VPN
> | thread-index: AcXlSU4n76nA1sPMTcyp6oDmjT9NwA==
> | X-WBNR-Posting-Host: 217.91.34.149

> | Subject: DNS problem when client is from VPN
> | Date: Wed, 9 Nov 2005 08:19:05 -0800
> | Lines: 25

> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:220480
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Hi,
> |
> | having some unusual problems and would appreciate some tips on where to
> start.
> |
> | Basically, all seems fine with DNS from our subnet. All use DHCP.
> | Domain clients are registered in the DNS when logged in.
> | Non Domain clients register only in Reverse Lookup.
> | (Am not sure if this is what should really happen).
> |
> | Problems start now with a few users attached via a VPN from an external
> | router.
> | The last two blocks of subnet ip are different to ours, their local DHCP
> is
> | set with Domain controller as IP as primary DNS - but - it seems that
> their
> | IP will not register in the DNS at all.
> |
> | Any ideas?
> | Is SBS somehow limiting the DNS reg to only our main subnet?
> |
> | This is basically step one to a major problem experienced.
> | A computer which was a domain member started to go very slow on logins
> from
> | other end of VPN. Then, userenv errors etc etc. Had to remove it from the
> | domain and could not rejoin at all.
> |
> | Appreciate any help.
> |
> |
>
>
 
 
v-edtian





PostPosted: Tue Nov 15 00:04:10 PST 2005 Top

SBS >> DNS problem when client is from VPN Hi:
Thanks for your update.

Look forward to hearing how it goes.

Have a nice day!

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: DNS problem when client is from VPN
| thread-index: AcXpKXQhOYA3iTtOSHqJwBCxgc6xtg==
| X-WBNR-Posting-Host: 217.91.34.149



| Subject: RE: DNS problem when client is from VPN
| Date: Mon, 14 Nov 2005 06:41:10 -0800
| Lines: 147

| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:222049
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Edward,
|
| thanks for your help with this.
| At the moment am a bit stuck for time - but will check as per your
| suggestions and get back to you asap.
|
| Ken
|

|
| > Hi:
| > Thanks for posting here.
| >
| > From the description, I understand that the IP address of the remote
VPN
| > client is not registered in the DNS Server on the SBS box. If I have
| > misunderstood, please do let me know.
| >
| > On one of the VPN client, run "Ipconfig /all" to make sure that the
Primary
| > DNS suffix is correct and the Preferred DNS server is pointing to the
| > correct DNS server that you want to register.
| >
| > Then locate the network connection properties, double click Internet
| > Protocol (TCP/IP), click Advanced button, click DNS tab, make sure that
the
| > "Register this connection addresses in DNS" option is enabled. Restart
the
| > DNS client service.
| >
| > Here, I suggest you check if you can manually register it. To do so,
please
| > use the following command.
| >
| > Ipconfig /flushdns
| >
| > Then run:
| > ipconfig /registerdns
| >
| > If it works, please check if you enable dynamic update to DNS in the
DHCP
| > server. To check it, please follow the steps below.
| >
| > 1. Open the Administrative Tools->DHCP console.
| >
| > 2. Right-click the Server name and select Properties.
| >
| > 3. Click the DNS server and select the dynamic update to DNS settings.
| > More information:
| >
| > Windows 2000 Enables DDNS Registration by Default
| > http://support.microsoft.com/default.aspx?scid=KB;EN-US;251370
| >
| > Name resolution and connectivity issues on a Routing and Remote Access
| > Server that also runs DNS or WINS
| > http://support.microsoft.com/default.aspx?scid=KB;EN-US;292822
| >
| > Please also make sure that if you have a router at the SBS end, the DNS
| > update request was not blocked by the hardware router.
| >
| > Regarding the second problem, would you please send the event logs on
the

perform
| > a further investigation on these log files.
| >
| > Hope the above information helps.
| > Have a nice day!
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: DNS problem when client is from VPN
| > | thread-index: AcXlSU4n76nA1sPMTcyp6oDmjT9NwA==
| > | X-WBNR-Posting-Host: 217.91.34.149

| > | Subject: DNS problem when client is from VPN
| > | Date: Wed, 9 Nov 2005 08:19:05 -0800
| > | Lines: 25

| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:220480
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi,
| > |
| > | having some unusual problems and would appreciate some tips on where
to
| > start.
| > |
| > | Basically, all seems fine with DNS from our subnet. All use DHCP.
| > | Domain clients are registered in the DNS when logged in.
| > | Non Domain clients register only in Reverse Lookup.
| > | (Am not sure if this is what should really happen).
| > |
| > | Problems start now with a few users attached via a VPN from an
external
| > | router.
| > | The last two blocks of subnet ip are different to ours, their local
DHCP
| > is
| > | set with Domain controller as IP as primary DNS - but - it seems that
| > their
| > | IP will not register in the DNS at all.
| > |
| > | Any ideas?
| > | Is SBS somehow limiting the DNS reg to only our main subnet?
| > |
| > | This is basically step one to a major problem experienced.
| > | A computer which was a domain member started to go very slow on
logins
| > from
| > | other end of VPN. Then, userenv errors etc etc. Had to remove it from
the
| > | domain and could not rejoin at all.
| > |
| > | Appreciate any help.
| > |
| > |
| >
| >
|

 
 
KenT





PostPosted: Wed Nov 16 08:31:19 PST 2005 Top

SBS >> DNS problem when client is from VPN Edward,

further info that may help identify the problem and find a fix.

Only IP addresses given by our SBS DHCP Server are properly registered in
the DNS.
Have tried with a manually set IP with all settings ok - it did not register.

In DNS view - under our server - Forward Lookup Zone - I see a zone for our
domain (etcxyz.local).
When I check the general settings for this Zone I see that DNS Updates is
set to "Secure Only".
I tried changing this to Secure and Insecure - and after the change the
client with the manual IP registered in the Forward Lookup Zone. (Did not
register in reverse lookup though).

It seems that the problems lay in our DNS Setup.

Is it perhaps best to create new Zones for our our external subnets and set
these zones to somehow allow DNS registration?

I see also that the reverse lookup zone is nnn.nnn.nnn.x Subnet
We may need a new reverse lookup for the other subnets too?

Sorry to be so vague, am really no hit with MS DNS at all.

Appreciate any help.


PS : For external subnets the IP Address is either set manually or given
oper DHCP from the Router in use to buiold the VPN.






> Hi:
> Thanks for your update.
>
> Look forward to hearing how it goes.
>
> Have a nice day!
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | Thread-Topic: DNS problem when client is from VPN
> | thread-index: AcXpKXQhOYA3iTtOSHqJwBCxgc6xtg==
> | X-WBNR-Posting-Host: 217.91.34.149



> | Subject: RE: DNS problem when client is from VPN
> | Date: Mon, 14 Nov 2005 06:41:10 -0800
> | Lines: 147

> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:222049
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Edward,
> |
> | thanks for your help with this.
> | At the moment am a bit stuck for time - but will check as per your
> | suggestions and get back to you asap.
> |
> | Ken
> |

> |
> | > Hi:
> | > Thanks for posting here.
> | >
> | > From the description, I understand that the IP address of the remote
> VPN
> | > client is not registered in the DNS Server on the SBS box. If I have
> | > misunderstood, please do let me know.
> | >
> | > On one of the VPN client, run "Ipconfig /all" to make sure that the
> Primary
> | > DNS suffix is correct and the Preferred DNS server is pointing to the
> | > correct DNS server that you want to register.
> | >
> | > Then locate the network connection properties, double click Internet
> | > Protocol (TCP/IP), click Advanced button, click DNS tab, make sure that
> the
> | > "Register this connection addresses in DNS" option is enabled. Restart
> the
> | > DNS client service.
> | >
> | > Here, I suggest you check if you can manually register it. To do so,
> please
> | > use the following command.
> | >
> | > Ipconfig /flushdns
> | >
> | > Then run:
> | > ipconfig /registerdns
> | >
> | > If it works, please check if you enable dynamic update to DNS in the
> DHCP
> | > server. To check it, please follow the steps below.
> | >
> | > 1. Open the Administrative Tools->DHCP console.
> | >
> | > 2. Right-click the Server name and select Properties.
> | >
> | > 3. Click the DNS server and select the dynamic update to DNS settings.
> | > More information:
> | >
> | > Windows 2000 Enables DDNS Registration by Default
> | > http://support.microsoft.com/default.aspx?scid=KB;EN-US;251370
> | >
> | > Name resolution and connectivity issues on a Routing and Remote Access
> | > Server that also runs DNS or WINS
> | > http://support.microsoft.com/default.aspx?scid=KB;EN-US;292822
> | >
> | > Please also make sure that if you have a router at the SBS end, the DNS
> | > update request was not blocked by the hardware router.
> | >
> | > Regarding the second problem, would you please send the event logs on
> the

> perform
> | > a further investigation on these log files.
> | >
> | > Hope the above information helps.
> | > Have a nice day!
> | >
> | > Best Regards
> | > Edward Tian(MSFT)
> | > Microsoft CSS Online Newsgroup Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | > ======================================================
> | > This newsgroup only focuses on SBS technical issues. If you have issues
> | > regarding other Microsoft products, you'd better post in the
> corresponding
> | > newsgroups so that they can be resolved in an efficient and timely
> manner.
> | > You can locate the newsgroup here:
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | >
> | > When opening a new thread via the web interface, we recommend you check
> the
> | > "Notify me of replies" box to receive e-mail notifications when there
> are
> | > any updates in your thread. When responding to posts via your
> newsreader,
> | > please "Reply to Group" so that others may learn and benefit from your
> | > issue.
> | >
> | > Microsoft engineers can only focus on one issue per thread. Although we
> | > provide other information for your reference, we recommend you post
> | > different incidents in different threads to keep the thread clean. In
> doing
> | > so, it will ensure your issues are resolved in a timely manner.
> | >
> | > For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> | > check http://support.microsoft.com for regional support phone numbers.
> | >
> | > Any input or comments in this thread are highly appreciated.
> | > ======================================================
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> | >
> | > --------------------
> | > | Thread-Topic: DNS problem when client is from VPN
> | > | thread-index: AcXlSU4n76nA1sPMTcyp6oDmjT9NwA==
> | > | X-WBNR-Posting-Host: 217.91.34.149

> | > | Subject: DNS problem when client is from VPN
> | > | Date: Wed, 9 Nov 2005 08:19:05 -0800
> | > | Lines: 25

> | > | MIME-Version: 1.0
> | > | Content-Type: text/plain;
> | > | charset="Utf-8"
> | > | Content-Transfer-Encoding: 7bit
> | > | X-Newsreader: Microsoft CDO for Windows 2000
> | > | Content-Class: urn:content-classes:message
> | > | Importance: normal
> | > | Priority: normal
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | > | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:220480
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | Hi,
> | > |
> | > | having some unusual problems and would appreciate some tips on where
> to
> | > start.
> | > |
> | > | Basically, all seems fine with DNS from our subnet. All use DHCP.
> | > | Domain clients are registered in the DNS when logged in.
> | > | Non Domain clients register only in Reverse Lookup.
> | > | (Am not sure if this is what should really happen).
> | > |
> | > | Problems start now with a few users attached via a VPN from an
> external
> | > | router.
> | > | The last two blocks of subnet ip are different to ours, their local
> DHCP
> | > is
> | > | set with Domain controller as IP as primary DNS - but - it seems that
> | > their
> | > | IP will not register in the DNS at all.
> | > |
> | > | Any ideas?
> | > | Is SBS somehow limiting the DNS reg to only our main subnet?
> | > |
> | > | This is basically step one to a major problem experienced.
> | > | A computer which was a domain member started to go very slow on
> logins
> | > from
> | > | other end of VPN. Then, userenv errors etc etc. Had to remove it from
> the
> | > | domain and could not rejoin at all.
> | > |
> | > | Appreciate any help.
> | > |
> | > |
> | >
> | >
> |
>
>
 
 
v-edtian





PostPosted: Thu Nov 17 01:25:44 PST 2005 Top

SBS >> DNS problem when client is from VPN Hi Ken:
Thanks for the update.

Can I assume that after you change the type of the DNS Update from "Secure
Only" to "Secure and Insecure", the IP address of the client can be
registered in the Forward Lookup Zone?

If your external subnet is using the different IP schema, it's necessary to
build a new zone for these external subnets and allow the DNS registration.

Moreover, I think you don't need to create any Reverse lookup zone if no
reverse resolution is required.

Please let me know if you have further concerns.
Have a nice day!

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: DNS problem when client is from VPN
| thread-index: AcXqyyw4tTYEUKqmTHeuxkB1wFSNgQ==
| X-WBNR-Posting-Host: 217.91.34.149





| Subject: RE: DNS problem when client is from VPN
| Date: Wed, 16 Nov 2005 08:31:19 -0800
| Lines: 271

| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:222865
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Edward,
|
| further info that may help identify the problem and find a fix.
|
| Only IP addresses given by our SBS DHCP Server are properly registered in
| the DNS.
| Have tried with a manually set IP with all settings ok - it did not
register.
|
| In DNS view - under our server - Forward Lookup Zone - I see a zone for
our
| domain (etcxyz.local).
| When I check the general settings for this Zone I see that DNS Updates is
| set to "Secure Only".
| I tried changing this to Secure and Insecure - and after the change the
| client with the manual IP registered in the Forward Lookup Zone. (Did
not
| register in reverse lookup though).
|
| It seems that the problems lay in our DNS Setup.
|
| Is it perhaps best to create new Zones for our our external subnets and
set
| these zones to somehow allow DNS registration?
|
| I see also that the reverse lookup zone is nnn.nnn.nnn.x Subnet
| We may need a new reverse lookup for the other subnets too?
|
| Sorry to be so vague, am really no hit with MS DNS at all.
|
| Appreciate any help.
|
|
| PS : For external subnets the IP Address is either set manually or given
| oper DHCP from the Router in use to buiold the VPN.
|
|
|
|

|
| > Hi:
| > Thanks for your update.
| >
| > Look forward to hearing how it goes.
| >
| > Have a nice day!
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: DNS problem when client is from VPN
| > | thread-index: AcXpKXQhOYA3iTtOSHqJwBCxgc6xtg==
| > | X-WBNR-Posting-Host: 217.91.34.149



| > | Subject: RE: DNS problem when client is from VPN
| > | Date: Mon, 14 Nov 2005 06:41:10 -0800
| > | Lines: 147

| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:222049
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Edward,
| > |
| > | thanks for your help with this.
| > | At the moment am a bit stuck for time - but will check as per your
| > | suggestions and get back to you asap.
| > |
| > | Ken
| > |

| > |
| > | > Hi:
| > | > Thanks for posting here.
| > | >
| > | > From the description, I understand that the IP address of the
remote
| > VPN
| > | > client is not registered in the DNS Server on the SBS box. If I
have
| > | > misunderstood, please do let me know.
| > | >
| > | > On one of the VPN client, run "Ipconfig /all" to make sure that the
| > Primary
| > | > DNS suffix is correct and the Preferred DNS server is pointing to
the
| > | > correct DNS server that you want to register.
| > | >
| > | > Then locate the network connection properties, double click
Internet
| > | > Protocol (TCP/IP), click Advanced button, click DNS tab, make sure
that
| > the
| > | > "Register this connection addresses in DNS" option is enabled.
Restart
| > the
| > | > DNS client service.
| > | >
| > | > Here, I suggest you check if you can manually register it. To do
so,
| > please
| > | > use the following command.
| > | >
| > | > Ipconfig /flushdns
| > | >
| > | > Then run:
| > | > ipconfig /registerdns
| > | >
| > | > If it works, please check if you enable dynamic update to DNS in
the
| > DHCP
| > | > server. To check it, please follow the steps below.
| > | >
| > | > 1. Open the Administrative Tools->DHCP console.
| > | >
| > | > 2. Right-click the Server name and select Properties.
| > | >
| > | > 3. Click the DNS server and select the dynamic update to DNS
settings.
| > | > More information:
| > | >
| > | > Windows 2000 Enables DDNS Registration by Default
| > | > http://support.microsoft.com/default.aspx?scid=KB;EN-US;251370
| > | >
| > | > Name resolution and connectivity issues on a Routing and Remote
Access
| > | > Server that also runs DNS or WINS
| > | > http://support.microsoft.com/default.aspx?scid=KB;EN-US;292822
| > | >
| > | > Please also make sure that if you have a router at the SBS end, the
DNS
| > | > update request was not blocked by the hardware router.
| > | >
| > | > Regarding the second problem, would you please send the event logs
on
| > the

| > perform
| > | > a further investigation on these log files.
| > | >
| > | > Hope the above information helps.
| > | > Have a nice day!
| > | >
| > | > Best Regards
| > | > Edward Tian(MSFT)
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
check
| > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | > --------------------
| > | > | Thread-Topic: DNS problem when client is from VPN
| > | > | thread-index: AcXlSU4n76nA1sPMTcyp6oDmjT9NwA==
| > | > | X-WBNR-Posting-Host: 217.91.34.149

| > | > | Subject: DNS problem when client is from VPN
| > | > | Date: Wed, 9 Nov 2005 08:19:05 -0800
| > | > | Lines: 25

| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain;
| > | > | charset="Utf-8"
| > | > | Content-Transfer-Encoding: 7bit
| > | > | X-Newsreader: Microsoft CDO for Windows 2000
| > | > | Content-Class: urn:content-classes:message
| > | > | Importance: normal
| > | > | Priority: normal
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | > | Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.windows.server.sbs:220480
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | Hi,
| > | > |
| > | > | having some unusual problems and would appreciate some tips on
where
| > to
| > | > start.
| > | > |
| > | > | Basically, all seems fine with DNS from our subnet. All use DHCP.
| > | > | Domain clients are registered in the DNS when logged in.
| > | > | Non Domain clients register only in Reverse Lookup.
| > | > | (Am not sure if this is what should really happen).
| > | > |
| > | > | Problems start now with a few users attached via a VPN from an
| > external
| > | > | router.
| > | > | The last two blocks of subnet ip are different to ours, their
local
| > DHCP
| > | > is
| > | > | set with Domain controller as IP as primary DNS - but - it seems
that
| > | > their
| > | > | IP will not register in the DNS at all.
| > | > |
| > | > | Any ideas?
| > | > | Is SBS somehow limiting the DNS reg to only our main subnet?
| > | > |
| > | > | This is basically step one to a major problem experienced.
| > | > | A computer which was a domain member started to go very slow on
| > logins
| > | > from
| > | > | other end of VPN. Then, userenv errors etc etc. Had to remove it
from
| > the
| > | > | domain and could not rejoin at all.
| > | > |
| > | > | Appreciate any help.
| > | > |
| > | > |
| > | >
| > | >
| > |
| >
| >
|