Re: Urgent Please
- From: "Jmnts" <jmnts@xxxxxxxxxxx>
- Date: Mon, 10 Apr 2006 15:32:55 +0100
Hi Robert and Bill and thank you for your time.
Finally I convinced my client to place to separate routers to serve Vpn
requests.
Hi Bill
I'm aware of the problems related to the use of a Dc with Rras. But the gold
here was to solve this problems. That's why I posted the problem in this
newsgroup in the first place. I thought that you "RRAS-Gurus" come up with
some solution, and in fact the Robert indicated me the link for starting up
the resolution for this type of problem "
http://www.howtonetworking.com/casestudy/rraswithdcdnswins1.htm ". In my
case it still not working, but i'm going to set up a lab to try to resolve
this situation, and then i'll come up with the results here.
Any way thanks for you both for your time.
--
Best Regards
Systems Administrator
MCSA + Exchange
"Bill Grant" <not.available@online> wrote in message
news:uk6N$TEXGHA.3972@xxxxxxxxxxxxxxxxxxxxxxx
As Robert said in the original post, using a DC as a router is not a
good idea. Using it as the host of a site-to-site VPN link is an even
worse idea.
The main problem is that the server becomes mulihomed. This fouls up
the name resolution and browsing. This was a big problem in NT and you
still have the same problems with Netbios names in in W2k/W2k3 . In
addition, the use of dynamic registration in DNS means that you also have
similar problems with DNS names, since more than one interface (and
therefore more than one IP) registers the machine's name.
The fix for Netbios problems is still much the same as in NT. You need
to disable Netbios over TCP/IP on all interfaces except the private LAN
NIC. If you are using WINS, you need to then check for (and remove) any
stored references to the "wrong" IP addresses attached to the server's
name. Disabling Netbios over TCP/IP on the "internal" RRAS interface can
have some bad effects in particular cases. This is discussed in KB830063 .
The situation with DNS is similar. In some cases you can get around the
problem simply by setting your DNS server to listen only on its LAN
interface. If this doesn't work, you need to prevent the RAS interface
from registering in DNS as described in KB292822.
Network browsing uses broadcasts and the computer browser service. This
will not work across a WAN without WINS (just as it will not work in a
routed network without WINS). You can have all machines in both sites
registering with a single WINS server. If you have a WINS server in each
site, you will need to set them up to replicate for the browser service
(and Netbios name resolution)to work properly across the link.
Jmnts wrote:
yes it is a great article but didn't worked in my case....
any more ideas??
(just one thing that i couldn't change, at some point the article
says: if the domain is a gc create a record... under msdcs.gc folder,
is strange because this folder ( msdcs\GC) isn't available on one of
the servers (DC2) and this server is a gc!!! I only have the GC
folder on the 1st created dns domain that belong to the DC1?? the
ForestDnsZones are only visible also on the first domain!!! I believe
that is the normal behavior isn't it?? i checked in other different
domains and i saw the same thing - Only the first domain (root) is
the only that has the folder for _MSDCS.GC, _MSDCS.Domains and the
ForestDnsZones. The other domains only have under _msdcs, the pdc
folder and dc folder. another interesting thing is that only the root
domain has the Guids under _msdcs for all existent domains in the
forest).
.
- References:
- Urgent Please
- From: Jmnts
- Re: Urgent Please
- From: Bill Grant
- Urgent Please
- Prev by Date: Re: External to Internal NAT Question
- Next by Date: re: Setup VPN Tunneling To Use L2TP instead of PPTP?
- Previous by thread: Re: Urgent Please
- Next by thread: Re: Remove Everyone Group?
- Index(es):
Relevant Pages
|
