Re: what happened to my post re KB830063 - Browsing over VPN?

From: Richard Prossor (richard.prossor_at_prossor.com)
Date: 04/20/04 

Date: Tue, 20 Apr 2004 09:01:42 +0100

Hi Marina

I am trying to resolve the situation with the guidance from this newsgroup
first before going down any other route.

re the ipconfig you have posted - the obvious query is not the ip of the vpn
client but the fact that the default gateway is blank. I am sure that with
both dhcp and via static pool, my client gets a gateway of its own issued
ip.

Regards

Richard

"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:D4_gc.1551$%4.28994@typhoon.bart.nl...
> Richard,
>
> Please, forget about that 830063 article. You really do NOT want to enable
> netbios on your external nic. You're totally on your own if you persist on
> that.
>
> You mentioned an ipconfig when vpn-ed in at your server. If everything
would
> be fine and assuming you are using DHCP to give IP's to rasclients, the
> ipconfig should look something like this (if the internal serverIP would
be
> 192.1.1.2):
>
> PPP adapter VPN:
> DHCP enabled: no
> IP-address: 192.1.1.67
> subnetmask: 255.255.255.255
> Default gateway:
> DNS: 192.1.1.2
> WINS: 192.1.1.2
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
>
> "Richard Prossor" <richard.prossor@prossor.com> schreef in bericht
> news:c607gk$sfc$1$830fa7a5@news.demon.co.uk...
> > Hi Marina
> >
> > I am assuming that since my SBS server is
> > prossornt01.prossorsnt.prossors.com, the domain name is
> > prossorsnt.prossors.com and its parent is prossors.com. Since you advise
> to
> > tick append parent suffixes both will appear.
> >
> > the drop down box in reverse look up zone properties - allow dynamic
> updates
> > gives me three choices: "No", "Yes" and "Only secure updates". I have
> > changed it from "Only secure updates" to "Yes"
> >
> > Under forward look up zone is the container "prossorsnt.prossors.com".
The
> > following are the only entries which do not specifically refer to an IP
> > address in solely numeric form.
> >
> > Name Type Data
> > WPAD CNAME
> > prossornt01.prossorsnt.prossors.com
> > (same as parent folder) NS
> > prossornt01.prossorsnt.prossors.com
> > (same as parent folder) SOA [4707],
> > prossornt01.prossorsnt.prossors.com., admin.
> > (same as parent folder) WINS [192.0.0.7]
> > _udp
> > _tcp
> > _sites
> > _msdcs
> >
> > In addition I have three further entries for (same as parent folder)
> >
> > (same as parent folder) A 192.0.0.54
> > (same as parent folder) A 192.0.0.22
> > (same as parent folder) A 192.0.0.7
> >
> >
> > There is no change in the operation of my system - I still cannot browse
> > over VPN.
> >
> > Regards
> >
> > Richard
> >
> >
> >
> >
> >
> > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> message
> > news:MOCgc.1508$%4.27397@typhoon.bart.nl...
> > > Hi Richard,
> > >
> > > It should not add 2 suffixes on your nic.
> > > I don't understand your changing dynamic updates to 'only secure'.
> > > About 15: delete all records that don't belong to your internal
> network.
> > If
> > > you delete an internal one, don't bother, they will be created
> > > automaticallly.
> > > If you see the dot-folder (just a single dot), then delete it. Restart
> > > DNS-server.
> > >
> > > --
> > > Regards,
> > >
> > > Marina
> > > Microsoft SBS-MVP
> > >
> > > "Richard" <richard.prossor@prossor.com> schreef in bericht
> > > news:c5un11$g3a$1@newsg1.svr.pol.co.uk...
> > > > Hi Marina
> > > >
> > > > thanks for all your help on this. I've followed the instructions you
> > sent
> > > > (by the way appending parent suffix adds back the second entry
showing
> > > > prossors.com on the internal nic) - the only changes I have had to
> make
> > > are
> > > > adding WINS-R in reverse look up and changing Dynamic updates to
"yes"
> > > from
> > > > "only secure" in the same area.
> > > >
> > > > However I am unsure what you meant by:
> > > >
> > > > > 15.) Delete any record which is not on the local internal subnet.
If
> > > there
> > > > > is a folder with a dot "." listed then delete it. (note- This
> > indicates
> > > > to
> > > > > the server that it is the root server, which means do not go
beyond
> > this
> > > > > server for name resolution.)
> > > >
> > > > do you mean delete the folders which start with underscore?
> > > >
> > > > Regards
> > > >
> > > > Richard
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> > > message
> > > > news:5i%fc.1477$%4.26398@typhoon.bart.nl...
> > > > > You might have to check your DNS-configuration:
> > > > >
> > > > > Active Directory with DNS on the same server.
> > > > >
> > > > > TCP/IP settings
> > > > >
> > > > > Internal nic:
> > > > > 1.) Right click "My network places" and select Properties.
> > > > > 2.) For the LAN connection right click and select Properties.
> > > > > 3.) On the properties page double click TCP/IP.
> > > > > 4.) On the internal nic (when using 2 nics) the gateway should be
> > blank.
> > > > At
> > > > > the bottom of the protocols page select Preferred DNS Server
option
> > and
> > > > > enter the IP address for the server itself. Leave the alternate
DNS
> > > server
> > > > > IP blank.
> > > > > 5.) On the DNS-tab, verify that the only DNS server is the servers
> > > > internal
> > > > > IP address. Make sure the "Append parent suffixes of the primary
DNS
> > > > suffix"
> > > > > and "Register this connection's address in DNS" selection are
> checked.
> > > > > 6.) On the WINS-tab, verify that the WINS address is the servers
> > > internal
> > > > IP
> > > > > address. Verify that "Enable LMHOSTS lookup" is checked and that
> > "Enable
> > > > > NetBIOS over TCP/IP" is selected.
> > > > >
> > > > > External nic:
> > > > > 1.) Right click "My network places" and select Properties.
> > > > > 2.) For the WAN connection right click and select Properties.
> > > > > 3.) On the properties page double click TCP/IP.
> > > > > 4.) The IP should be in a different range from the internal nic.
At
> > the
> > > > > bottom of the protocols page select Preferred DNS Server option
and
> > > enter
> > > > > the IP address for the server itself. Leave the alternate DNS
server
> > IP
> > > > > blank.
> > > > > 5.) On the DNS-tab, verify that the only DNS server is the servers
> > > > internal
> > > > > IP address. Make sure the "Append parent suffixes of the primary
DNS
> > > > suffix"
> > > > > and "Register this connection's address in DNS" selection are
> > unchecked.
> > > > > 6.) On the WINS-tab, verify that there are no WINS addresses
listed.
> > > > Verify
> > > > > that "Enable LMHOSTS lookup" is checked and that "Disable NetBIOS
> over
> > > > > TCP/IP" is selected. This will have the effect of allowing only
the
> > > > internal
> > > > > nic to register with WINS. NetBIOS packets are blocked by internet
> > > > routers,
> > > > > so no NetBIOS over TCP/IP should be permitted on the external nic.
> > > > >
> > > > >
> > > > > DNS settings
> > > > >
> > > > > 1.) Open up the DNS console.
> > > > > 2.) Once opened, right click on the server in the right hand pane
> and
> > > > select
> > > > > Properties.
> > > > > 3.) On the Interfaces tab, set the server to listen only on its
> > internal
> > > > IP
> > > > > Address.
> > > > > 4.) On the "Forwarders" tab, check the "Enable forwarders"
selection
> > at
> > > > the
> > > > > top.
> > > > > 5.) Add the ISP-DNS-numbers and click Apply. (note- In the TCP/IP
> > > > settings,
> > > > > we selected the choice for DNS to point to itself. If name
> resolution
> > > > > cannot be resolved then a request is made to the forwarders. If
> > > > resolution
> > > > > cannot be made via the internal DNS and there are no forwarders
> > listed,
> > > > then
> > > > > resolution will be made via the root hints.)
> > > > > 6.) On the Monitoring tab, select simple and recursive test types
> and
> > > > click
> > > > > the Test now button. Both types should pass. Uncheck test types,
> click
> > > > > Apply, then click OK.
> > > > > 7.) Expand the containers beneath the servers name and click on
the
> > > > Reverse
> > > > > lookup zone subnet. It should correspond to the network ID of the
> LAN
> > > with
> > > > > an "x" in the last octet. If one is not present, create a Reverse
> > lookup
> > > > > zone, type Active Directory Integrated.
> > > > > 8.) Verify that the server has a pointer record listed for its own
> IP.
> > > > > 9.) Bring up the properties of the Reverse Lookup Zone subnet.
> > > > > 10.) Click on the Name Servers tab. Verify that the nameserver is
> the
> > > > > servers FQDN with only the internal IP address listed.
> > > > > 11.) Click on the WINS-R tab. Enable WINS reverse lookup and enter
> the
> > > > > domainname.
> > > > > 12.) Click on the General tab and set "Allow dynamic updates?" to
> yes.
> > > > > 13.) Click Apply, clik OK.
> > > > > 14.) Click on the "Forward Lookup Zone" beneath the container
> Forward
> > > > Lookup
> > > > > Zones.
> > > > > 15.) Delete any record which is not on the local internal subnet.
If
> > > there
> > > > > is a folder with a dot "." listed then delete it. (note- This
> > indicates
> > > > to
> > > > > the server that it is the root server, which means do not go
beyond
> > this
> > > > > server for name resolution.)
> > > > > 16.) Bring up the properties of the Forward Lookup Zone.
> > > > > 17.) Click on the Name Servers tab. Verify that the nameserver is
> the
> > > > > servers FQDN with only the internal IP address listed.
> > > > > 18.) Click on the WINS-R tab. Enable WINS forward lookup and enter
> the
> > > > > servers internal IP address and click the Add button.
> > > > > 19.) Click on the General tab and set "Allow dynamic updates?" to
> yes.
> > > > > 20.) Click Apply, clik OK.
> > > > > 21.) Restart DNS-server.
> > > > >
> > > > > Open up a command prompt and type the following:
> > > > >
> > > > > 1.) At the prompt type "ipconfig /flushdns" and wait for the
> services
> > to
> > > > > flush.
> > > > > 2.) "ipconfig /registerdns" and wait for the services to register.
> > > > > 3.) net stop netlogon
> > > > > 4.) net start netlogon
> > > > >
> > > > > Once all of this is done, open the DNS console again. Expand the
> > > Forward
> > > > > lookup zones, then expand the domain folder. You should see the
> > > > underscore
> > > > > folders below:
> > > > >
> > > > > _msdcs
> > > > > _sites
> > > > > _tcp
> > > > > _udp
> > > > >
> > > > > --
> > > > > Regards,
> > > > >
> > > > > Marina
> > > > > Microsoft SBS-MVP
> > >
> > >
> >
> >
>
>

Loading