none
SBS 2011e DNS settings over VPN RRS feed

  • Question

  • I have a laptop that is joined to an SBS 2011e network.

    Outside  of SBS, I have a VPN appliance (Openvpn).

    When I'm on the SBS network everything works fine. Also when I'm at a client's location, my internet connection is fine. When I connect to the VPN, I have access to my SBS machine, and all other network services either by machine name, or by an FQDN like machinename.domain.local. I see that the Lan Config Service works as expected (as described on SeanDaniel's blog).

    However, anything that's at the client's location, is NOT accesible via FQDN. For most things, like network shares, and RDP i can use the machine name and connect. However, when they have internal website or something else that requires an FQDN, it blows up.

    I have tried setting the DNS suffix on all the connections to the appropriate suffixes (mydomain.local on my VPN adapter and clientsdomain.com on the LAN).

    I posted a comment on Sean Daniel's site, but hoping the gurus here can suggest something


    www.VailFail.com if you suffer from Vail Fail Agita!
    Thursday, December 8, 2011 10:02 PM

Answers

  • Hi,

     

    Thanks for update.

     

    > I am on-site at the client's location now, and I disabled the Lan Config Service, and reset the DNS servers to be automatic. This seems to work.

     

    What is the LAN config Server ?

    Please level the interfaces(physical NIC and VPN interface ) to obtain network setting(include DNS server entry) automatically on client hosts.

    Meanwhile, please also include the domain name of your client’s network into the DNS suffix search list for physical interface on client . This could also be done by using group policy :

     

    DNS Client Name Resolution behavior in Windows Vista vs. Windows XP

    http://blogs.technet.com/b/networking/archive/2009/04/16/dns-client-name-resolution-behavior-in-windows-vista-vs-windows-xp.aspx

     

    Regards,

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, December 13, 2011 5:42 AM
  • Hi Tiger,

     

    It's the part of SBSe 2011 that changes the DNS server based on location, etc. Found about it on Sean Daniel's blog. Disabling the service solved my issue. I was away the last couple of days, and was even able to double VPN (one to my office, one to client's site) and everything worked as expected.

     

    Even over a high latency, very slow cell phone internet connection, SBS recognized the machine as on the network, and proceeded to back it up. I'll follow up on Sean's blog, to see what the advantage of manually setting SBS as the DNS server is, for curiousity.

    http://sbs.seandaniel.com/2011/06/basics-of-local-dns-for-small-business.html

    Friday, December 16, 2011 12:35 AM

All replies

  • It fails to connect to the clients FQDN resources only when you are VPN'ed to the SBSe, or fails all the time?
    /kj
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, December 8, 2011 10:09 PM
    Moderator
  • It fails to connect to the clients FQDN resources only when you are VPN'ed to the SBSe, or fails all the time?
    /kj
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    only after I VPN in - and even then not immediately... works OK until the Lan config client changes the dns server to the SBSe server's IP
    Friday, December 9, 2011 4:03 AM
  • Any reason you aren't using the VPN service of SBS?
    Russ
     ---
    Russell Grover - SBITS.Biz MCP, MCPS, MCNPS, SBSC (SBS-MVP Alumni)
    Remote Small Business Server/Computer Support - www.SBITS.Biz
    Redirect to Microsoft's SBS Public Forum - www.SBSrepair.com
    Redirect to Microsoft's SBS Essentials Support - www.SBSErepair.com

    Friday, December 9, 2011 5:15 AM
    Moderator
  • Hi,

     

    Thanks for posting here.

     

    Please also make sure we’ve set to use the internal SBS host as the DNS server for the virtual Openvpn interface on client when connects form external.

    Could please also post the results of command “ ipconfig /all “and “nslookup <FQDN of SBSe host>” from client when VPN connect is established.

     

    Regards,

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, December 9, 2011 5:21 AM
  •  

    Hi,

     

     

     

    Thanks for posting here.

     

    Please also make sure we’ve set to use the internal SBS host as the DNS server for the virtual Openvpn interface on client when connects form external.

    Could please also post the results of command “ ipconfig /all “and “nslookup <FQDN of SBSe host>” from client when VPN connect is established.

     

    Regards,

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Hi Tiger,

     

    I have my SBSe IP and the ISP/Router's gateway set as the IP (I did this in an attempt to try resolve this specific issue).

    This is my IPConfig info. I replaced my real domain and client's domain info ...

    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : MyMachine
       Primary Dns Suffix  . . . . . . . : mydomain.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : mydomain.local
                                           clients.com
    
    Ethernet adapter Local Area Connection 4: (THIS IS THE OPENVPN INTERFACE)
    
       Connection-specific DNS Suffix  . : mydomain.local
       Description . . . . . . . . . . . : TAP-Win32 Adapter OAS
       Physical Address. . . . . . . . . : 00-FF-02-4B-C5-FD
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::b994:d1ba:f26b:cc72%26(Preferred) 
       IPv4 Address. . . . . . . . . . . : 5.5.8.11(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.252.0
       Lease Obtained. . . . . . . . . . : Friday, December 09, 2011 9:31:13 AM
       Lease Expires . . . . . . . . . . : Saturday, December 08, 2012 9:31:13 AM
       Default Gateway . . . . . . . . . : 
       DHCP Server . . . . . . . . . . . : 5.5.11.254
       DHCPv6 IAID . . . . . . . . . . . : 687931138
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1E-A3-73-64-80-99-0E-2A-14
       DNS Servers . . . . . . . . . . . : 192.168.1.9
                                           192.168.1.1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Wireless LAN adapter Wireless Network Connection 2:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
       Physical Address. . . . . . . . . : 64-80-99-0E-2A-15
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . : clients.com
       Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connection
       Physical Address. . . . . . . . . : F0-DE-F1-4B-3C-AB
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::6db7:e1c3:5687:dbca%20(Preferred) 
       IPv4 Address. . . . . . . . . . . : 172.20.40.227(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.224.0
       Lease Obtained. . . . . . . . . . : Friday, December 09, 2011 9:28:13 AM
       Lease Expires . . . . . . . . . . : Saturday, December 17, 2011 9:28:11 AM
       Default Gateway . . . . . . . . . : 172.20.32.1
       DHCP Server . . . . . . . . . . . : 172.26.27.3
       DHCPv6 IAID . . . . . . . . . . . : 485547761
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1E-A3-73-64-80-99-0E-2A-14
       DNS Servers . . . . . . . . . . . : 192.168.1.9
       Primary WINS Server . . . . . . . : 172.26.29.211
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Wireless LAN adapter Wireless Network Connection: (I HAVE THE WIRLESS LAN DISABLED, BUT BEHAVIOR IS SAME)
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : clients.com
       Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6250 AGN
       Physical Address. . . . . . . . . : 64-80-99-0E-2A-14
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Ethernet adapter Bluetooth Network Connection:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
       Physical Address. . . . . . . . . : 88-9F-FA-EA-30-AB
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.mydomain.local:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : mydomain.local
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter Local Area Connection* 13:
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:889:2f7b:53eb:d71c(Preferred) 
       Link-local IPv6 Address . . . . . : fe80::889:2f7b:53eb:d71c%16(Preferred) 
       Default Gateway . . . . . . . . . : 
       NetBIOS over Tcpip. . . . . . . . : Disabled
    
    Tunnel adapter isatap.clients.com:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : clients.com
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.{40ACFFED-0117-4101-B142-6AF57B19BA23}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.{45829B68-23FB-4DD8-B184-1BF7BA8BC87B}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter 6TO4 Adapter:
    
       Connection-specific DNS Suffix  . : mydomain.local
       Description . . . . . . . . . . . : Microsoft 6to4 Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:505:80b::505:80b(Preferred) 
       Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
       DNS Servers . . . . . . . . . . . : 192.168.1.9
                                           192.168.1.1
       NetBIOS over Tcpip. . . . . . . . : Disabled
    
    


    NSlookup results

    Server:  SBSe.mydomain.local
    Address:  192.168.1.9
    
    Name:    SBSe.mydomain.local
    Address:  192.168.1.9
    


    @Russ

    I have a couple of (sorry) non-Windows client machines, and have an ESXi machine, which made deploying OVPN a breeze. Also - my understanding on the SBS vpn was that it only allows access to the server's resources, and doesn't handle anything that is outside of that.

     

    At least for now, I want this to work with OVPN. Using the SBS vpn didn't really occur to me until I started investigating this issue.

    Thanks everyone!

     

    Friday, December 9, 2011 2:51 PM
  • Hi,

     

    Thanks for posting here.

     

    I suspect system didn’t use the DNS server that we set for virtual OpenVPN interface when we query the FQDN. Not sure how OpenVPN client works but if we use Windows build-in VPN client, this issue usually will be resolved by modifying the interfaces binding order which will make system to first query with the DNS servers that we set on VPN interface for name resolution :

     

    http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/1cc5b647-6e51-482b-8998-ac5c3900938c

     

    Meanwhile, can you also show us the router table form clients when VPN was been established ? we can also try to use only the remote VPN server as the default gateway(default route) and see how is going.

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, December 12, 2011 5:42 AM
  • Hi Tiger,

     

    Thanks for the reply. I think my issues is the opposite of what you linked. When I'm at a client's site, and VPN into my company's network, I lose connectivity to the client's servers via FQDN. For something like RDP, I can just use hostname. But, that workaround falls apart when I need to access an internally accessible website on the client's end.

    I am on-site at the client's location now, and I disabled the Lan Config Service, and reset the DNS servers to be automatic. This seems to work. I can access my hosts, as well as the client's hosts via FQDN or just host name. I was also able to initiate a manual backup. I don't know what the result of this change would be when I'm back in my office. My router's settings have the right domain name configured, so I don't anticipate having an issue. I have to dig deeper, but I think there's even an option to specify another DNS server. We are on Verizon FiOS, and use their provided router for now. I'm toying with the idea of having Windows run the DHCP server as well, but haven't gotten around to setting that up just yet.

    Are there any side affects of disabling that Lan Config Service? My route table is below, incase this solution doesn't work.

    Thanks for your help!

    
    ===========================================================================
    Interface List
     26...00 ff 02 4b c5 fd ......TAP-Win32 Adapter OAS
     22...64 80 99 0e 2a 15 ......Microsoft Virtual WiFi Miniport Adapter
     20...f0 de f1 4b 3c ab ......Intel(R) 82577LM Gigabit Network Connection
     18...64 80 99 0e 2a 14 ......Intel(R) Centrino(R) Advanced-N 6250 AGN
     15...88 9f fa ea 30 ab ......Bluetooth Device (Personal Area Network)
      1...........................Software Loopback Interface 1
     16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
     21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
     25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
     27...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
     28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
     47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
    ===========================================================================
    
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      172.20.32.1    172.20.40.227     20
              5.5.0.0    255.255.240.0          5.5.8.1         5.5.8.14    101
              5.5.8.0    255.255.252.0         On-link          5.5.8.14    286
             5.5.8.14  255.255.255.255         On-link          5.5.8.14    286
           5.5.11.255  255.255.255.255         On-link          5.5.8.14    286
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
         172.17.28.10  255.255.255.255      172.20.32.1    172.20.40.227     20
         172.17.28.11  255.255.255.255      172.20.32.1    172.20.40.227     20
         172.17.28.82  255.255.255.255      172.20.32.1    172.20.40.227     20
          172.20.32.0    255.255.224.0         On-link     172.20.40.227    276
        172.20.40.227  255.255.255.255         On-link     172.20.40.227    276
        172.20.63.255  255.255.255.255         On-link     172.20.40.227    276
        172.20.169.11  255.255.255.255      172.20.32.1    172.20.40.227     20
          172.26.27.3  255.255.255.255      172.20.32.1    172.20.40.227     20
         172.26.27.10  255.255.255.255      172.20.32.1    172.20.40.227     20
         172.26.27.11  255.255.255.255      172.20.32.1    172.20.40.227     20
          192.168.1.0    255.255.255.0          5.5.8.1         5.5.8.14    101
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link     172.20.40.227    276
            224.0.0.0        240.0.0.0         On-link          5.5.8.14    286
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link     172.20.40.227    276
      255.255.255.255  255.255.255.255         On-link          5.5.8.14    286
    ===========================================================================
    Persistent Routes:
      None
    
    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
     27   1140 ::/0                     2002:c058:6301::c058:6301
      1    306 ::1/128                  On-link
     27   1040 2002::/16                On-link
     27    296 2002:505:80e::505:80e/128
                                        On-link
     20    276 fe80::/64                On-link
     26    286 fe80::/64                On-link
     20    276 fe80::6db7:e1c3:5687:dbca/128
                                        On-link
     26    286 fe80::b994:d1ba:f26b:cc72/128
                                        On-link
      1    306 ff00::/8                 On-link
     20    276 ff00::/8                 On-link
     26    286 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    
    

    Monday, December 12, 2011 2:45 PM
  • Hi,

     

    Thanks for update.

     

    > I am on-site at the client's location now, and I disabled the Lan Config Service, and reset the DNS servers to be automatic. This seems to work.

     

    What is the LAN config Server ?

    Please level the interfaces(physical NIC and VPN interface ) to obtain network setting(include DNS server entry) automatically on client hosts.

    Meanwhile, please also include the domain name of your client’s network into the DNS suffix search list for physical interface on client . This could also be done by using group policy :

     

    DNS Client Name Resolution behavior in Windows Vista vs. Windows XP

    http://blogs.technet.com/b/networking/archive/2009/04/16/dns-client-name-resolution-behavior-in-windows-vista-vs-windows-xp.aspx

     

    Regards,

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, December 13, 2011 5:42 AM
  • Hi,

    If there is any update on this issue, please feel free to let us know.

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact  tnmff@microsoft.com.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, December 14, 2011 3:05 AM
  • Hi Tiger,

     

    It's the part of SBSe 2011 that changes the DNS server based on location, etc. Found about it on Sean Daniel's blog. Disabling the service solved my issue. I was away the last couple of days, and was even able to double VPN (one to my office, one to client's site) and everything worked as expected.

     

    Even over a high latency, very slow cell phone internet connection, SBS recognized the machine as on the network, and proceeded to back it up. I'll follow up on Sean's blog, to see what the advantage of manually setting SBS as the DNS server is, for curiousity.

    http://sbs.seandaniel.com/2011/06/basics-of-local-dns-for-small-business.html

    Friday, December 16, 2011 12:35 AM