RE: Additional DC DNS Question

Hi Jim,

Thanks for posting here.

From the description, I understand the issue is that vpn client cannot ping
the other DC's NETBIOS name,but vpn client can ping SBS server's NETBIOS
name. If I am off base, and DNS name are all working fine over VPN.Please
don't hesitate to let me know.

Let us refer to the following steps to troubleshoot the issue:

I.Go to other DC,enable NETBIOS over Tcp/ip and close windows firewall and
other third party firewall

II.If issue persists,go to SBS server,open WINS management console from the
Administrative Tools.

1.Right click the Server\Active Registrations, select Display Records.
2.click FIND NOW button.
3.Check the right panel to see if there is a netbios records in the WINS
database with the other DC's NETBIOS name. Generally, there should be two
records with type [00h] workstation, and [20h] file server.

If there is no such record registered, let's do the following:

1.Go to the other DC, open command prompt, type IPCONFIG/ALL to see if
Primary WINS Server address is configured.
2.If it is not configured and if the W2k member server is using static IP
address, please open the TCP/IP properties of the LAN NIC, click the
Advanced button, go to WINS tab to add the SBS 2003 as the WINS Server.
Make sure that "enable netbios over TCP/IP" is enabled.
3.If the the other DC is using dynamic IP address, please go to SBS Server,
open DHCP management console, expand the scope, select Scope Options to see
if 044 WINS/NBNS Servers is listed with the SBS Server IP address. If it is
not there, right click the Scope Options, select Configure Options, locate
the option 044, input the SBS Server's IP address.
4.On the other DC, type "Nbtstat -an" to see if the other DC is registered.
NOTE: there should be two records, [00], and [20]. If they are not there,
restart the other DC to see if it is registered. You need also check the
WINS database based on the steps above to see if it is registered. If they
are still not registered, please register it manually as following:
a.Open WINS console. Right click Active Registration and select New Static
Mapping.
b.Input the computer name and IP address, select Unique in the Type
dropdown list.

you can also check if vpn client is registered in the WINS database.

Then check again to see if the issue is fixed.

There is another possible cause that there are some firewall applications
installed on the other DC which prevent the computers from registering
itself in the WINS database and it also prevents the client responding the
Netbios name resolution via broadcast. So, please check the other DC to
make sure that there is no Firewall blocking the network communication.

III.Meanwhile, I suggest that you write a LMHOSTS (NOT LMHOSTS.SAM) file to
include the following Netbios mapping on the XP client(VPN client)

Note: The format is <IP of the other DC's internal NIC> <Netbios name of
the other DC>

For example: 192.168.16.8 MyDC

More information: 314108 How to Write an LMHOSTS File for Domain Validation
and Other Name - http://support.microsoft.com/?id=314108


IV.add the DNS suffix (yourdomain.local) to the connection properties of
the vpn client. To do so:

Go to TCP/ip properties of NIC,click advanced,DNS tab,DNS suffix on this
connection:type your domain name such as yourdomain.local


Anyway,step II is to resolve NETBIOS name via WINS server. step III is to
resolve NETBIOS name via lmhosts file.

By default,WINS is higher priority than lmhosts file.

More useful information:

NetBIOS over TCP/IP Name Resolution and WINS
http://support.microsoft.com/kb/119493/en-us


I appreciate your time. I am happy to be of assistance and look forward to
your reply.

Have a nice day!

Best regards,

Jacky Luo (MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
====================================================
PLEASE NOTE: The partner managed newsgroups are provided to
assist with break/fix issues and simple how to questions.
We also love to hear your product feedback! Let us know what you think by
posting

from the web interface: Partner Feedback
from your newsreader: microsoft.private.directaccess.partnerfeedback.

We look forward to hearing from you!
====================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from this issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
====================================================

.