Re: Setting Up LMHost File? (DNS problem on VPN).

Andrew Staley <andrew@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
What sort of problems are we likely to encounter?

Performance and reliability.

This is the system
that we currently have in place, currently using a BT leased line.

The BT routers are configured to purely connect to the router this
side without touching the internet. All I'm looking to do is
essentially replace the BT routers with our own so we have control
over them, the line speeds etc will be slightly quicker on the
upload/download side, so should be a little better than what BT
provide. And a damn sight cheaper.
We have around 17 remote sites so using a DC for each would be
expensive,

Yep

and I can't see a benefit at the moment.

I can - having all those users authenticating across VPN links sounds like a
recipe for trouble. You can't do an awful lot of remote management & will
run into group policy issues. It's OK here and there for a handful of users
scattered around, but if you have an office with more than a couple of users
in it, it could get problematic.

Not to mention
that I have no where near the experience needed to make it work.

It's not too hard, really!

Currently this one remote office it being used as a test site to see
if it works.

I'd also suggest looking into Terminal Services in the main office so you
don't have to worry about this stuff much at all.


"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:eyBa8cxcIHA.484@xxxxxxxxxxxxxxxxxxxxxxx
Andrew Staley <andrew@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

(Pardon my rudely jumping in)

There is just one domain.

That's good.

The headoffice has the only DC, which is
also the DNS server.

That's not so good. Each of your offices should have a DC (and
DNS/DHCP/GC),
set up in its own AD site/subnet. Your remote clients should not be
authenticating to a DC on the other side of a VPN connection - it's
going to
cause tons of problems over time. The DCs in the remote offices
don't have to be fancy high-end PCs.

The headoffice is on 192.168.1.0, the remote
office is on 192.168.19.0. Both firewalls are setup as
192.168.x.250, and have the subnet listed for each side.

The remote site is on a standard ADSL line with static a IP and I've
configured the Firewall/Router to take it's settings from the ISP,
which includes the DNS.

On the WAN interface, fine. But if you mean internally, your remote
firewalls run DHCP which dishes out something other than the
AD-integrated DNS IP, then you'll have problems.

The remote network is configured with static
IP's,

Not necessary, and a bit of a pain if you're expected to do any kind
of central administration.

and the default gateway points to the router. The DNS settings
are then set as 192.168.1.xx.

Ah.

Note - there is absolutely no need to mask your private IP addresses
like this, and it will only confuse matters.

"Bill Grant" <not.available@online> wrote in message
news:uihIeztcIHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
That makes a big difference. With a site to site VPN, you should
really be using the same techniques as you use on any other routed
network. Are all the machines in the same domain? Do you have a DC
in each site? If you want to have Netbios name resolution you will
need to have
all machines using the same WINS server (or if you have WINS set up
in each site, you need to set them to replicate).

We really need a lot more info about the setup. Is there one
domain or two? Do you have a DC and/or DNS server in each site, or
just one? "Andrew Staley"
<andrew@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:2E2877EB-8638-4C63-A487-05F9966909CE@xxxxxxxxxxxxxxxx
The VPN connection is not on the client machine, I'm not using the
Server 2003 VPN facility. The VPN connection is being done
through the two firewalls as a Site to Site. The network setup
is Server 2003 with XP clients.

I had on my test machine the DNS server address setup, is it
possible as the machine wasn't registered that any DNS query was
refused? Before I setup the lmhosts file every time I tired to
register the machine on the network it failed with DC not found,
after the lmhosts file it registered no problem and resolved my
problem. Sorry if this is a bit vague, but a lot of this is new
to me and I
have no one in the company to point me in the direction with this
type of thing. I've been chucked in at the deep end so to speak,
and find I have to rely on any information I can find on the
internet. Fortunately the company I work for are happy for me to
go on courses to improve my knowledge with the networks and
servers, so I'll be arranging those within the net few months.

"Bill Grant" <not.available@online> wrote in message
news:Oc91pdtcIHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
You put the DNS suffix in the connection properties of the VPN
connection on the client machine.

Are you running an NT domain? If not, using DNS is a better
arrangement for name resolution. W2k and later do not use the
Netbios name of the domain for domain logon.

"Andrew Staley" <andrew@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:E19CCA12-CF1C-46D7-BAA2-0B67B180AC06@xxxxxxxxxxxxxxxx
Thank you for the reply. Where would I manually code the DNS
suffix in? For the moment I have a workaround in place which was
to create a lmhosts file listing the Doamin Master Browser, as
soon as this was applied I could ping by name. Which I'm
guessing is doing the same thing as I specified #DOM:MY_DOMAIN.
One this was done I could then registert the machine on the
domain and even worked as expected. "Bill Grant"
<not.available@online> wrote in message
news:eJ4$oEpcIHA.5900@xxxxxxxxxxxxxxxxxxxxxxx
LMHOSTS really has no relationship to DNS. DNS knows nothing
about Netbios names and the computer browser service. LMHOSTS
is used with the Netbios naming service. The name server for
this is WINS. The static file for DNS-style names is called
HOSTS. The remote user should be able to use the DNS service on
your LAN. It should get the DNS server address as part of the
VPN setup negotiation. Check if the client can resolve a LAN
machine using its FQDN (eg servername.mydomain.lcl). If this
works, DNS is working correctly. All you need to resolve names
using just the machin name is to manually lcode your DNS
suffix into the connection properties of the client. Then when
you try to resolve servername, the DNS suffix mydomain.lcl
will be added to the query and it should work. "Andrew Staley"
<andrew@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:8E92FD6E-E251-4805-83D7-0D79DDB6BE75@xxxxxxxxxxxxxxxx
I've not long taken a carrer change into IT, having always had
an interest in computing. So I have a resonable grasp on
computers, but still have a lot to learn about servers and
networking it seems. So I appolgise for the long winded post.

Currently we have several remote offices connected to our
domain on a private network setup by BT, after several bad
incidences with BT we have decided to look at ditching them
and setting up our own VPN system into the domain.

As things would have it, we are moving one of the remote
offices and decided now would be a good time to trail the idea
to see if it is workable and what sort of pitfuls we might
full into. So I've got a VPN setup between the remote office
and our head
office. Which is setup;

Remote Computer>Router/ADSL Modem (Netgear
FVS318)>Internet>Router>Firewall (Prodigy P100)>Internal
Network. Remote computer is on 192.168.30.0, internal network
is on 192.168.1.0.

From the remote computer I can ping the servers via IP
address, so the VPN is up and running. But I can't ping them
via name (I.E Srv1), now I know this is a DNS issue, but I
don't know how to resolve it. One suggestion that was made
on another forum is to setup a LMHosts file with the details.

My question is, when I setup a LMHosts file is it enough just
to enter;

192.168.1.100 Srv1 #PRE #DOM:DOMAIN_NAME

Or do I also need to enter the NetBIOS hex codes as well for
the Master Browser and DC?

Thanks in advance, AStaley.



.

Relevant Pages

  • Re: How to configure for Two different IP subnets
    ... Active Directory will go haywire in a setup like that. ... AD integrates with the local DNS, so you cannot use the DNS at your ISP ... With Server 2003 Standard ... for its internal interface (ie the VPN endpoint). ...
    (microsoft.public.windows.server.networking)
  • Re: Setting Up LMHost File? (DNS problem on VPN).
    ... also the DNS server. ... The DCs in the remote offices don't have ... which includes the DNS. ... We really need a lot more info about the setup. ...
    (microsoft.public.windows.server.networking)
  • Re: Setting Up LMHost File? (DNS problem on VPN).
    ... We have around 17 remote sites so using a DC for each would be expensive, and I can't see a benefit at the moment. ... also the DNS server. ... which includes the DNS. ... We really need a lot more info about the setup. ...
    (microsoft.public.windows.server.networking)
  • Re: DNS Forward lookup problem - now having problems with a period
    ... How did you set the replication scopes in the zone's properties in DNS on ... > each DNS server? ... to the remote 10.0.2.3 server, which runs on cable (we are working on ...
    (microsoft.public.windows.server.dns)
  • Re: Domain Controller Down
    ... I am guessing you are correct about the 'tweaking', as this was setup a long ... I don't know enough about how to setup DNS, but it looks to me like there is ... The Domain Name System name recommendations for Small Business Server 2000 ... Ethernet adapter Local Area Connection: ...
    (microsoft.public.backoffice.smallbiz2000)