locked
internal and external domain name are identical. now what? RRS feed

  • Question

  • ok guys,
    follow issue;

    my internal domain name is domain.com , which is essentially the same as the external name.
    I want to deploy DirectAccess. changing the internal domain name is not feasable because of Exchange 2010 & OCS Deployments which do not support domain name changes.

    so DIrectaccess is deployed, policies have been deployed and the internal DNS domain is then mapped to the direct access adapter.
    in the hosts file, I've added the outside URL of the CRL revocation list server, and the outside URL of the Directaccess server, with the correct IPv4 addresses.

    I now have Directaccess working.

    here;s the pickle;

    my www.domain.com has to be resolvable by the client. I added a www A record in my internal DNS so my VPN clients could access the www page. I have approx 25 external web pages listed on my domain name, which have been added to both the external and the internal DNS zone. so with or without VPN, clients can access the webpage.

    now Directaccess has claimed the domain.com zone, and when I'm connected thru directaccess, and i ping www.domain.com, I get an IPV6 response.. now my client cannot access the web page anymore.
    is there a solution to this?
    Thursday, February 25, 2010 2:31 PM

Answers

  • I just fixed this morning for my Test Configuration.

    1. Open Microsoft Forefront Unified Access Gateway Management
    2. Go to DirectAccess Configuration
    3. Go to Infrastructure Servers, click Edit.
    4. Hit Next one time to Advance to the "DNS Suffixes" page.
    5. Double click the grid to bring up the "Name Resolution Servers used by DirectAccess" page.
    6. Enter in www.domain.com and select the option "Do Not use an internal DNS server for this specified server or suffix"
    7. Click OK, then Next, Finish to exit the wizard.
    8. Go to File Menu and click save.
    9. Finally click the button to Generate Policies.
    10. Update group policy (gpupdate /force) on one of your test machines and give it a try.
    Thursday, February 25, 2010 5:10 PM

All replies

  • I just fixed this morning for my Test Configuration.

    1. Open Microsoft Forefront Unified Access Gateway Management
    2. Go to DirectAccess Configuration
    3. Go to Infrastructure Servers, click Edit.
    4. Hit Next one time to Advance to the "DNS Suffixes" page.
    5. Double click the grid to bring up the "Name Resolution Servers used by DirectAccess" page.
    6. Enter in www.domain.com and select the option "Do Not use an internal DNS server for this specified server or suffix"
    7. Click OK, then Next, Finish to exit the wizard.
    8. Go to File Menu and click save.
    9. Finally click the button to Generate Policies.
    10. Update group policy (gpupdate /force) on one of your test machines and give it a try.
    Thursday, February 25, 2010 5:10 PM
  • I just fixed this morning for my Test Configuration.

    1. Open Microsoft Forefront Unified Access Gateway Management
    2. Go to DirectAccess Configuration
    3. Go to Infrastructure Servers, click Edit.
    4. Hit Next one time to Advance to the "DNS Suffixes" page.
    5. Double click the grid to bring up the "Name Resolution Servers used by DirectAccess" page.
    6. Enter in www.domain.com and select the option "Do Not use an internal DNS server for this specified server or suffix"
    7. Click OK, then Next, Finish to exit the wizard.
    8. Go to File Menu and click save.
    9. Finally click the button to Generate Policies.
    10. Update group policy (gpupdate /force) on one of your test machines and give it a try.

    this is simply brilliant! I feel so dumb for not thinking of this myself..

    thank you!
    Thursday, February 25, 2010 5:35 PM
  • I'm configuring a Direct Access Server, but my internal domain is "a.com.mx", the external can be out.a.com.mx? or how can I handled this Direct Access Server to the DA Clients on internet can access internal resources for example "x.a.com.mx"?
    Tuesday, September 24, 2013 7:47 PM
  • You have to use NRPT to define which addresses are meant to be used from intranet / internet.

    http://technet.microsoft.com/nl-nl/library/ee382323(v=ws.10).aspx

    Wednesday, September 25, 2013 5:18 AM