none
RRAS site to site PPTP DNS problem

    General discussion

  • I have vpn site to site (pptp) with two Windows Server 2003.

    Site A :

    Domain controller 1 - 192.168.2.2 (contoso.com)

    Domain controller 2 -192.168.2.3 (contoso.com)

    RRAS A - 192.168.2.8

    site B :

    Windows server 2008 - 192.168.1.2 gateway 192.168.1.1 DNS 192.168.2.2 - 192.168.2.3

    RRAS B - 192.168.1.1 DNS 192.168.2.2 - 192.168.2.3

    Site B clients can ping the clients from Site A

    Site A clients  can ping the clients from site B

    When I do a “nslookup contoso.com” from RRAS B its work

    But when I try nslookup  from Windows Server 2008 it fails to do the resolution "DNS request timed out.

     

    could you help me to resolve this problem, because Windows server 2008 must become domain controller for contoso.com

    Thank you

    • Changed type Tiger Li Thursday, May 24, 2012 9:25 AM
    Friday, May 18, 2012 8:31 PM

All replies

  • Hi Thomas,

    Thanks for posting here.

    What about other host in siteB subnet which has same network settings ? get same result ? According to the symptoms , this server seems has connectivity issue to remote DNS server , could you show us the route print result from this problematic Windows Server 2008 host here ? Besides , have we also verify the firewall inbound and outbound rules  on both side  ?

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Monday, May 21, 2012 8:54 AM
  • I believe it's a static route issue. Here are my notes on it. I hope you find them helpful.

    ================================
    ================================
    Configure VPN Tunnel using RRAS and no TMG, a demand dial VPN, Site to Site VPN, LAN to LAN, Router to Router, or whatever you want to call it, by any other name, it's the same - you want to connect to offices together securely.

    It's possible to create a site-to-site VPN using just RRAS but you have to be very careful with setting it up. The static routes which route traffic from one site to the other must bind properly to the demand-dial interfaces when the connection is made. You have to set this up manually. Only when this happens will the routing work between sites. Each site must have a static route to the other site through the VPN connection.

    The following link is an excellent write-up from a poster that had trouble with setting up a Site to Site L2TP VPN with two Windows 2008 server with a certificate from his own Certificate Authority. He finally got it working. He took the time to document and screenshot every step for anyone else that has problems setting it up.

    Step by Step - Site to Site or Router to Router VPN Server 2008 on SkyDrive:
    https://skydrive.live.com/P.mvc#!/view.aspx/Site%20to%20Site%20or%20Router%20to%20Router%20VPN%20Server%202008.docx?cid=e81114cae704d772&sc=documents

    Step-by-Step Guide for Setting Up a PPTP-based Site-to-Site VPN Connection in a Test Lab
    http://technet.microsoft.com/en-us/library/cc758271(WS.10).aspx

    Windows 2003 L2TP-based router-to-router VPN deployment
    http://technet.microsoft.com/en-us/library/cc778515(WS.10).aspx

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, May 21, 2012 6:01 PM