Re: VPN generates Internal Network logon problem

Crina,
Thank you for the response. I have verified the settings, however I have not
made the requested steps until clarification.
Previously I tried without success Steps C,D, and F. I did not do Step B
since I did not find any domain.local under the MicrosoftDNS and since
deleting domain.local from the main tree is rather radical I wanted
clarification.


See In-Line Responses
Allan

""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:76niBHXqGHA.5740@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Allan,

Thank you for posting in SBS newsgroup.

I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!

From your description, I understand the issue to be: the internal net
logon
turns slow after someone VPN to SBS. After a rebooting, the issue
disappears. However there are 4004 and 4015 DNS errors in the event log.
If
I have misunderstood your concerns, please do not hesitate to let me know.

As I know, 4004 and 4015 could be caused by various network
mis-configurations. I would suggest using the CEICW to default the network
configuration.

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

In addition, you could check the following settings to confirm network
configuration. Regarding the slow logon issue, please make sure the
clients
are pointing to only the SBS server.

For 2 NICs on SBS:
**** Yes

On SBS server:

External NIC:
IP: assigned by your ISP or your hardware router *****Hardware router
address
Gateway: your ISP or your Hardware router IP *****Hardware router IP
DNS: SBS INTERNAL NIC IP as the only entry ***** Internal NIC only

Internal NIC:
IP: Fixed IP ***** Fixed IP
Gateway: None *****None
DNS: SBS INTERNAL NIC IP as the only entry ****Internal NIC IP Only

In the DNS console (dnsmgmt.msc), right click your ServerName and click
properties. In the Forwarders tab, your ISP DNS server IP should be
inputted there. ****Dns Addresses Verfied

On workstation inside your SBS local subnet

IP: Assigned by DHCP on SBS *****DHCP
Gateway: SBS internal NIC IP *****From DHCP
DNS: SBS INTERNAL NIC IP as the only entry ********DNS Obtained
Automatically

Also the events 4004 and 4015 may be logged if the DNS zone information is
corrupted. Let's perform these steps:

A. Open Active Directory Users and Computers, click View, Advanced.
*******OK
B. Expand domain.local -> System -> MicrosoftDNS and delete domain.local.
*******There is no domain.local under MicrosoftDNS !!!! See Attachment


C. Open the DNS console, expand Forward Lookup Zones.
D. Click _msdcs.domain.local and delete the Alias for
sbsserver.domain.local (the long GUID entry).

NOTE: If the _msdcs folder is missing under domain.local, please create a
new delegation: Right-click domain.local, select new, then delegation,
click next on the wizard, under delegated domain, type in _msdcs and click
next, click Add and browse to the server's A record under Forward Lookup
Zones, domain.local, click OK and Finish.

F. Run these commands:

ipconfig /flushdns
ipconfig /registerdns

net stop netlogon
net start netlogon

net stop dns
net start dns

And then check if the events 4015 and 4004 are still being logged.

I appreciate your time and look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
| From: "Allan Sabiski" <allans*nospam*@ics-limited.com>
| Subject: VPN generates Internal Network logon problem
| Date: Fri, 14 Jul 2006 16:59:56 -0400
| Lines: 24
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
| Message-ID: <uJXH3h4pGHA.4368@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: 66.153.88.130
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:281488
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| We have a SBS2003 premium with ISA 2004.
|
| Most times, whenever someone logs in and out via VPN, existing
connections
| seem to be fine, however, when a client logs in after the VPN
connection,
| then the NETLOGON process (and all other authentication) is painfully
slow.
| DHCP seems to also sometimes fail to generate a DHCP address to the
client.
|
| When the problem exists, there are no error messages reported at the
server,
| the server health status seems to be fine.
|
| The problem is cleared by rebooting the server and clients. This does
seem
| to show some DNS error records. 4004 Unable to complete directory
service
| enumeration and 4015 DNS server encountered a critical error from the
Active
| Directory extended error 51.
|
| Under normal circumstances without using VPN there seem to be no errors
and
| everything runs normal.
|
| Any ideas where to start looking ?
|
| Thanx
| Allan
|
|
|




.

Relevant Pages

  • RE: exchange server cannot mount mailbox store
    ... What's the exact detailed DNS Events ... Type desired internal IP address of your SBS server. ... it will delete the reverse lookup zone if the zone no longer ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003 - Cannot restore GPO following Article 888943
    ... I note that the DC and DNS are still working, ... >Microsoft CSS Online Newsgroup Support ... >| forwarders on the SBS server DNS. ...
    (microsoft.public.windows.server.sbs)
  • Re: For Microsoft Partners and Customers Who Cant Download or Access
    ... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
    (microsoft.public.dotnet.general)
  • RE: Strange Printing Problem. Any ideas?
    ... As I know, the issue may be caused by DNS resolution, we can try to check ... your ISP DNS server IP should be ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: Accessing local website from the internet
    ... Anyone that knocks Microsoft or thier staff are ... be required because the A Record on the local DNS would resolve it. ... > Regarding _msdcs.Clubsoftware.itaustralia.info, by default, SBS DNS Forward ... > root domain of a new Active Directory forest is created on a Windows Server ...
    (microsoft.public.windows.server.sbs)