Re: what happened to my post re KB830063 - Browsing over VPN?

From: Richard Prossor (richard.prossor_at_prossor.com)
Date: 04/20/04 

Date: Tue, 20 Apr 2004 12:18:48 +0100

yes

My setup is for all my own clients to log on to the domain as though they
were in the office (they do not log on to the local machine). This is the
dafault profile they use. If they are working remotely they log on to the
domain even though they are not connected. They then bring up the connection
when needed.

For testing purposes in the office, I disconnect my pc from the LAN and then
set up a VPN connection through an attached modem via Freeserve (ISP).

Regards

Richard

"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:%230WVaKsJEHA.1132@TK2MSFTNGP12.phx.gbl...
> Is that VPN-client part of the domain or not?
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
>
> "Richard Prossor" <richard.prossor@prossor.com> schreef in bericht
> news:c62psg$aqj$1$8300dec7@news.demon.co.uk...
> > Hi Marina
> >
> > here is my ipconfig /all having changed from static pool to dhcp. Note
> that
> > default gateway is the ip that has been assigned to the client
> >
> > Regards
> >
> > Richard
> >
> > Microsoft Windows 2000 [Version 5.00.2195]
> > (C) Copyright 1985-2000 Microsoft Corp.
> >
> > C:\WINNT\Profiles\RDIP>ipconfig /all
> >
> > Windows 2000 IP Configuration
> >
> > Host Name . . . . . . . . . . . . : dellrmyrz
> > Primary DNS Suffix . . . . . . . : prossorsnt.prossors.com
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : prossorsnt.prossors.com
> >
> > Ethernet adapter Local Area Connection:
> >
> > Media State . . . . . . . . . . . : Cable Disconnected
> > Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI
> TX
> > NIC
> > (3C905B-TX)
> > Physical Address. . . . . . . . . : 00-50-04-32-37-A6
> >
> > PPP adapter Prossornt (VPN):
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> > Physical Address. . . . . . . . . : 00-53-45-00-00-00
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.0.0.85
> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> > Default Gateway . . . . . . . . . : 192.0.0.85
> > DNS Servers . . . . . . . . . . . : 192.0.0.7
> > Primary WINS Server . . . . . . . : 192.0.0.7
> >
> > PPP adapter:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> > Physical Address. . . . . . . . . : 00-53-45-00-00-00
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 62.136.80.30
> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> > Default Gateway . . . . . . . . . : 62.136.80.30
> > DNS Servers . . . . . . . . . . . : 195.92.195.95
> > 195.92.195.94
> >
> > C:\WINNT\Profiles\RDIP>
> >
> > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> message
> > news:D4_gc.1551$%4.28994@typhoon.bart.nl...
> > > Richard,
> > >
> > > Please, forget about that 830063 article. You really do NOT want to
> enable
> > > netbios on your external nic. You're totally on your own if you
persist
> on
> > > that.
> > >
> > > You mentioned an ipconfig when vpn-ed in at your server. If everything
> > would
> > > be fine and assuming you are using DHCP to give IP's to rasclients,
the
> > > ipconfig should look something like this (if the internal serverIP
would
> > be
> > > 192.1.1.2):
> > >
> > > PPP adapter VPN:
> > > DHCP enabled: no
> > > IP-address: 192.1.1.67
> > > subnetmask: 255.255.255.255
> > > Default gateway:
> > > DNS: 192.1.1.2
> > > WINS: 192.1.1.2
> > >
> > > --
> > > Regards,
> > >
> > > Marina
> > > Microsoft SBS-MVP
> > >
> > > "Richard Prossor" <richard.prossor@prossor.com> schreef in bericht
> > > news:c607gk$sfc$1$830fa7a5@news.demon.co.uk...
> > > > Hi Marina
> > > >
> > > > I am assuming that since my SBS server is
> > > > prossornt01.prossorsnt.prossors.com, the domain name is
> > > > prossorsnt.prossors.com and its parent is prossors.com. Since you
> advise
> > > to
> > > > tick append parent suffixes both will appear.
> > > >
> > > > the drop down box in reverse look up zone properties - allow dynamic
> > > updates
> > > > gives me three choices: "No", "Yes" and "Only secure updates". I
have
> > > > changed it from "Only secure updates" to "Yes"
> > > >
> > > > Under forward look up zone is the container
"prossorsnt.prossors.com".
> > The
> > > > following are the only entries which do not specifically refer to an
> IP
> > > > address in solely numeric form.
> > > >
> > > > Name Type
> Data
> > > > WPAD CNAME
> > > > prossornt01.prossorsnt.prossors.com
> > > > (same as parent folder) NS
> > > > prossornt01.prossorsnt.prossors.com
> > > > (same as parent folder) SOA [4707],
> > > > prossornt01.prossorsnt.prossors.com., admin.
> > > > (same as parent folder) WINS
[192.0.0.7]
> > > > _udp
> > > > _tcp
> > > > _sites
> > > > _msdcs
> > > >
> > > > In addition I have three further entries for (same as parent folder)
> > > >
> > > > (same as parent folder) A
> 192.0.0.54
> > > > (same as parent folder) A
> 192.0.0.22
> > > > (same as parent folder) A
> 192.0.0.7
> > > >
> > > >
> > > > There is no change in the operation of my system - I still cannot
> browse
> > > > over VPN.
> > > >
> > > > Regards
> > > >
> > > > Richard
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> > > message
> > > > news:MOCgc.1508$%4.27397@typhoon.bart.nl...
> > > > > Hi Richard,
> > > > >
> > > > > It should not add 2 suffixes on your nic.
> > > > > I don't understand your changing dynamic updates to 'only secure'.
> > > > > About 15: delete all records that don't belong to your internal
> > > network.
> > > > If
> > > > > you delete an internal one, don't bother, they will be created
> > > > > automaticallly.
> > > > > If you see the dot-folder (just a single dot), then delete it.
> Restart
> > > > > DNS-server.
> > > > >
> > > > > --
> > > > > Regards,
> > > > >
> > > > > Marina
> > > > > Microsoft SBS-MVP
> > > > >
> > > > > "Richard" <richard.prossor@prossor.com> schreef in bericht
> > > > > news:c5un11$g3a$1@newsg1.svr.pol.co.uk...
> > > > > > Hi Marina
> > > > > >
> > > > > > thanks for all your help on this. I've followed the instructions
> you
> > > > sent
> > > > > > (by the way appending parent suffix adds back the second entry
> > showing
> > > > > > prossors.com on the internal nic) - the only changes I have had
to
> > > make
> > > > > are
> > > > > > adding WINS-R in reverse look up and changing Dynamic updates to
> > "yes"
> > > > > from
> > > > > > "only secure" in the same area.
> > > > > >
> > > > > > However I am unsure what you meant by:
> > > > > >
> > > > > > > 15.) Delete any record which is not on the local internal
> subnet.
> > If
> > > > > there
> > > > > > > is a folder with a dot "." listed then delete it. (note- This
> > > > indicates
> > > > > > to
> > > > > > > the server that it is the root server, which means do not go
> > beyond
> > > > this
> > > > > > > server for name resolution.)
> > > > > >
> > > > > > do you mean delete the folders which start with underscore?
> > > > > >
> > > > > > Regards
> > > > > >
> > > > > > Richard
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com>
wrote
> in
> > > > > message
> > > > > > news:5i%fc.1477$%4.26398@typhoon.bart.nl...
> > > > > > > You might have to check your DNS-configuration:
> > > > > > >
> > > > > > > Active Directory with DNS on the same server.
> > > > > > >
> > > > > > > TCP/IP settings
> > > > > > >
> > > > > > > Internal nic:
> > > > > > > 1.) Right click "My network places" and select Properties.
> > > > > > > 2.) For the LAN connection right click and select Properties.
> > > > > > > 3.) On the properties page double click TCP/IP.
> > > > > > > 4.) On the internal nic (when using 2 nics) the gateway should
> be
> > > > blank.
> > > > > > At
> > > > > > > the bottom of the protocols page select Preferred DNS Server
> > option
> > > > and
> > > > > > > enter the IP address for the server itself. Leave the
alternate
> > DNS
> > > > > server
> > > > > > > IP blank.
> > > > > > > 5.) On the DNS-tab, verify that the only DNS server is the
> servers
> > > > > > internal
> > > > > > > IP address. Make sure the "Append parent suffixes of the
primary
> > DNS
> > > > > > suffix"
> > > > > > > and "Register this connection's address in DNS" selection are
> > > checked.
> > > > > > > 6.) On the WINS-tab, verify that the WINS address is the
servers
> > > > > internal
> > > > > > IP
> > > > > > > address. Verify that "Enable LMHOSTS lookup" is checked and
that
> > > > "Enable
> > > > > > > NetBIOS over TCP/IP" is selected.
> > > > > > >
> > > > > > > External nic:
> > > > > > > 1.) Right click "My network places" and select Properties.
> > > > > > > 2.) For the WAN connection right click and select Properties.
> > > > > > > 3.) On the properties page double click TCP/IP.
> > > > > > > 4.) The IP should be in a different range from the internal
nic.
> > At
> > > > the
> > > > > > > bottom of the protocols page select Preferred DNS Server
option
> > and
> > > > > enter
> > > > > > > the IP address for the server itself. Leave the alternate DNS
> > server
> > > > IP
> > > > > > > blank.
> > > > > > > 5.) On the DNS-tab, verify that the only DNS server is the
> servers
> > > > > > internal
> > > > > > > IP address. Make sure the "Append parent suffixes of the
primary
> > DNS
> > > > > > suffix"
> > > > > > > and "Register this connection's address in DNS" selection are
> > > > unchecked.
> > > > > > > 6.) On the WINS-tab, verify that there are no WINS addresses
> > listed.
> > > > > > Verify
> > > > > > > that "Enable LMHOSTS lookup" is checked and that "Disable
> NetBIOS
> > > over
> > > > > > > TCP/IP" is selected. This will have the effect of allowing
only
> > the
> > > > > > internal
> > > > > > > nic to register with WINS. NetBIOS packets are blocked by
> internet
> > > > > > routers,
> > > > > > > so no NetBIOS over TCP/IP should be permitted on the external
> nic.
> > > > > > >
> > > > > > >
> > > > > > > DNS settings
> > > > > > >
> > > > > > > 1.) Open up the DNS console.
> > > > > > > 2.) Once opened, right click on the server in the right hand
> pane
> > > and
> > > > > > select
> > > > > > > Properties.
> > > > > > > 3.) On the Interfaces tab, set the server to listen only on
its
> > > > internal
> > > > > > IP
> > > > > > > Address.
> > > > > > > 4.) On the "Forwarders" tab, check the "Enable forwarders"
> > selection
> > > > at
> > > > > > the
> > > > > > > top.
> > > > > > > 5.) Add the ISP-DNS-numbers and click Apply. (note- In the
> TCP/IP
> > > > > > settings,
> > > > > > > we selected the choice for DNS to point to itself. If name
> > > resolution
> > > > > > > cannot be resolved then a request is made to the forwarders.
If
> > > > > > resolution
> > > > > > > cannot be made via the internal DNS and there are no
forwarders
> > > > listed,
> > > > > > then
> > > > > > > resolution will be made via the root hints.)
> > > > > > > 6.) On the Monitoring tab, select simple and recursive test
> types
> > > and
> > > > > > click
> > > > > > > the Test now button. Both types should pass. Uncheck test
types,
> > > click
> > > > > > > Apply, then click OK.
> > > > > > > 7.) Expand the containers beneath the servers name and click
on
> > the
> > > > > > Reverse
> > > > > > > lookup zone subnet. It should correspond to the network ID of
> the
> > > LAN
> > > > > with
> > > > > > > an "x" in the last octet. If one is not present, create a
> Reverse
> > > > lookup
> > > > > > > zone, type Active Directory Integrated.
> > > > > > > 8.) Verify that the server has a pointer record listed for its
> own
> > > IP.
> > > > > > > 9.) Bring up the properties of the Reverse Lookup Zone subnet.
> > > > > > > 10.) Click on the Name Servers tab. Verify that the nameserver
> is
> > > the
> > > > > > > servers FQDN with only the internal IP address listed.
> > > > > > > 11.) Click on the WINS-R tab. Enable WINS reverse lookup and
> enter
> > > the
> > > > > > > domainname.
> > > > > > > 12.) Click on the General tab and set "Allow dynamic updates?"
> to
> > > yes.
> > > > > > > 13.) Click Apply, clik OK.
> > > > > > > 14.) Click on the "Forward Lookup Zone" beneath the container
> > > Forward
> > > > > > Lookup
> > > > > > > Zones.
> > > > > > > 15.) Delete any record which is not on the local internal
> subnet.
> > If
> > > > > there
> > > > > > > is a folder with a dot "." listed then delete it. (note- This
> > > > indicates
> > > > > > to
> > > > > > > the server that it is the root server, which means do not go
> > beyond
> > > > this
> > > > > > > server for name resolution.)
> > > > > > > 16.) Bring up the properties of the Forward Lookup Zone.
> > > > > > > 17.) Click on the Name Servers tab. Verify that the nameserver
> is
> > > the
> > > > > > > servers FQDN with only the internal IP address listed.
> > > > > > > 18.) Click on the WINS-R tab. Enable WINS forward lookup and
> enter
> > > the
> > > > > > > servers internal IP address and click the Add button.
> > > > > > > 19.) Click on the General tab and set "Allow dynamic updates?"
> to
> > > yes.
> > > > > > > 20.) Click Apply, clik OK.
> > > > > > > 21.) Restart DNS-server.
> > > > > > >
> > > > > > > Open up a command prompt and type the following:
> > > > > > >
> > > > > > > 1.) At the prompt type "ipconfig /flushdns" and wait for the
> > > services
> > > > to
> > > > > > > flush.
> > > > > > > 2.) "ipconfig /registerdns" and wait for the services to
> register.
> > > > > > > 3.) net stop netlogon
> > > > > > > 4.) net start netlogon
> > > > > > >
> > > > > > > Once all of this is done, open the DNS console again. Expand
> the
> > > > > Forward
> > > > > > > lookup zones, then expand the domain folder. You should see
the
> > > > > > underscore
> > > > > > > folders below:
> > > > > > >
> > > > > > > _msdcs
> > > > > > > _sites
> > > > > > > _tcp
> > > > > > > _udp
> > > > > > >
> > > > > > > --
> > > > > > > Regards,
> > > > > > >
> > > > > > > Marina
> > > > > > > Microsoft SBS-MVP
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Loading