none
VPN PPTP shows duplicate DNS/WINS settings and fails to work

    Question

  • Our VPN randomly works about 50% of the time.  I am not sure what the issue is but yesterday I copied out the ipconfig of two connections, one of which worked and one of which didn't.  The connection that did not work is pulling duplicate DNS and WINS entries from somewhere.  The VPN is configured to only use one adapter so it shouldn't be switching that.  Any ideas what is going on ?  Is it because the machine is already on the domain?

     

    WORKING 

    Windows IP Configuration
    
    
    
            Host Name . . . . . . . . . . . . : dupo1
    
            Primary Dns Suffix  . . . . . . . : company.non
    
            Node Type . . . . . . . . . . . . : Hybrid
    
            IP Routing Enabled. . . . . . . . : No
    
            WINS Proxy Enabled. . . . . . . . : No
    
            DNS Suffix Search List. . . . . . : company.non
    
    
    
    Ethernet adapter Local Area Connection 2:
    
    
    
            Media State . . . . . . . . . . . : Media disconnected
    
            Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
    
            Physical Address. . . . . . . . . : 00-11-43-C8-39-42
    
    
    
    Ethernet adapter Wireless Network Connection:
    
    
    
            Connection-specific DNS Suffix  . : 
    
            Description . . . . . . . . . . . : Sierra Wireless HSPA Network Adapter
    
            Physical Address. . . . . . . . . : 00-A0-D5-FF-FF-A9
    
            Dhcp Enabled. . . . . . . . . . . : Yes
    
            Autoconfiguration Enabled . . . . : Yes
    
            IP Address. . . . . . . . . . . . : 10.46.207.150
    
            Subnet Mask . . . . . . . . . . . : 255.255.255.255
    
            Default Gateway . . . . . . . . . : 10.46.207.150
    
            DHCP Server . . . . . . . . . . . : 10.46.207.253
    
            DNS Servers . . . . . . . . . . . : 172.26.38.1
    
                                                172.26.38.2
    
            Lease Obtained. . . . . . . . . . : Thursday, December 08, 2011 3:01:46 PM
    
            Lease Expires . . . . . . . . . . : Sunday, December 11, 2011 3:01:46 PM
    
    
    
    PPP adapter Company:
    
    
    
            Connection-specific DNS Suffix  . : 
    
            Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    
            Physical Address. . . . . . . . . : 00-53-45-00-00-00
    
            Dhcp Enabled. . . . . . . . . . . : No
    
            IP Address. . . . . . . . . . . . : 192.168.60.213
    
            Subnet Mask . . . . . . . . . . . : 255.255.255.255
    
            Default Gateway . . . . . . . . . : 192.168.60.213
    
            DNS Servers . . . . . . . . . . . : 192.168.60.10
    
                                                192.168.60.16
    
            Primary WINS Server . . . . . . . : 192.168.60.43
    
            Secondary WINS Server . . . . . . : 192.168.60.10


    NOT WORKING

    Windows IP Configuration
    
    
    
            Host Name . . . . . . . . . . . . : dupo1
    
            Primary Dns Suffix  . . . . . . . : company.non
    
            Node Type . . . . . . . . . . . . : Hybrid
    
            IP Routing Enabled. . . . . . . . : No
    
            WINS Proxy Enabled. . . . . . . . : No
    
            DNS Suffix Search List. . . . . . : company.non
    
                                                company.non
    
    
    
    Ethernet adapter Local Area Connection 2:
    
    
    
            Media State . . . . . . . . . . . : Media disconnected
    
            Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
    
            Physical Address. . . . . . . . . : 00-11-43-C8-39-42
    
    
    
    Ethernet adapter Wireless Network Connection:
    
    
    
            Connection-specific DNS Suffix  . : 
    
            Description . . . . . . . . . . . : Sierra Wireless HSPA Network Adapter
    
            Physical Address. . . . . . . . . : 00-A0-D5-FF-FF-A9
    
            Dhcp Enabled. . . . . . . . . . . : Yes
    
            Autoconfiguration Enabled . . . . : Yes
    
            IP Address. . . . . . . . . . . . : 10.35.69.70
    
            Subnet Mask . . . . . . . . . . . : 255.255.255.255
    
            Default Gateway . . . . . . . . . : 10.35.69.70
    
            DHCP Server . . . . . . . . . . . : 10.35.69.253
    
            DNS Servers . . . . . . . . . . . : 172.26.38.1
    
                                                172.26.38.2
    
            Lease Obtained. . . . . . . . . . : Thursday, December 08, 2011 3:18:17 PM
    
            Lease Expires . . . . . . . . . . : Sunday, December 11, 2011 3:18:17 PM
    
    
    
    PPP adapter Company:
    
    
    
            Connection-specific DNS Suffix  . : company.non
    
            Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    
            Physical Address. . . . . . . . . : 00-53-45-00-00-00
    
            Dhcp Enabled. . . . . . . . . . . : No
    
            IP Address. . . . . . . . . . . . : 192.168.60.217
    
            Subnet Mask . . . . . . . . . . . : 255.255.255.255
    
            Default Gateway . . . . . . . . . : 192.168.60.217
    
            DNS Servers . . . . . . . . . . . : 192.168.60.10
    
                                                192.168.60.16
    
                                                192.168.60.10
    
                                                192.168.60.16
    
            Primary WINS Server . . . . . . . : 192.168.60.43
    
            Secondary WINS Server . . . . . . : 192.168.60.10
    
                                                192.168.60.10
    


    Friday, December 09, 2011 6:38 PM

All replies

  • Hi,

    Check your GPO settings and also in the adapter where VPN is not working, have you specify different settings then on the one that is working. Think of like Default Gateway usage or fixed IP/DNS settings.

     


    Best regards, Mark Scholman. |
    Infrastructure Engineer
    Follow me on Twitter
    My Blog:TechMark's Blog

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Sunday, December 11, 2011 8:43 PM
  • Hi,

     

    Thanks for posting here.

     

    Before we go any further, please let us know the following information:

    1. Did your VPN server is also a DC or DNS/WINS server?

    2. What is the symptom with “NOT WORKING” VPN connection?

    3. How did we set RRAS to assign address for VPN client? And is there any particular default gateway setting for the PPP adapter?  

     

    Please note that install a Routing and Remote Access server on DC or DNS/WINS server is not recommend, this can cause weird name resolution problem. In order to troubleshoot, please verify the DHCP options setting and the VPN adapter attributes setting. Make sure there is no conflict between them. In addition, if only some particular clients have this issue, you may consider an upgrade for network driver on them, to see if it helps.

     

    The following are some articles may help to narrow down the issue:

     

    Understanding DHCP IP address Assignment for RAS Clients

    http://support.microsoft.com/kb/160699

     

    You Cannot Connect to the Internet After You Connect to a VPN Server

    http://support.microsoft.com/kb/317025

     

    Name resolution and connectivity issues on a RRAS server that also runs DNS or WINS

    http://support.microsoft.com/kb/292822

     

     

    Best Regards,

    Aiden

    Monday, December 12, 2011 9:28 AM
    Moderator
  • What I can add, and first, I agree with Aiden that multihomed DCs iwth RRAS on them, are extremely problematic, one point I would like to make is that bt default, a RRAS server, if set to use DHCP for IP distribution, will provide DNS and WINS configuration from the RRAS server NIC(s) itself. To make it work so it only gets it from the DHCP server Options (such as 006, 044, 046, etc), you must configure a DHCP relay Agent in RRAS, even if DHCP is itself.

    Also, in the RRAS properties, if you have it set to provide Option configuration (DNS, etc), from the RRAS NIC, and you have a DHCP relay agent, that may be causing this, too.

     

    FYI, from the looks of the "non-working" ipconfig, I can see a duplicate Search Suffix. That's indicating to me that it's getting DHCP Option 015 appliled. So it seemse that one is getting DHCP options. However, the first one you posted is not.

     

    You only have one RRAS server, correct?

    If it is multihomed, or for some other reason, the DHCP relay agent could be failing and it's falling back to providing option data from the RRAS server itself.

     

    In addition to the info Aiden asked for, if you can also provide us with an ipconfig /all of the RRAS server, and let us know if it's a DC or SBS box, as well as any event log errors, that may help us to evaluate and hopefully diagnose it.

    Or also as Aiden said, it could simply be a client side driver. You would be surprised that it sometimes comes down to a faulty or corrupt driver, or even stack.

    Here are some additional links that may help:

    IP Address Assignment
    http://technet.microsoft.com/en-us/library/dd469712(WS.10).aspx

    Configuring the DHCP Relay Agent to Support VPN Client TCP/IP Addressing Options
    http://www.isaserver.org/img/upl/vpnkitbeta2/dhcprelay.htm

    Thread Discussion: DNS DHCP option 006 not being applied to VPN clients via RRAS
    This is a good discusion with specifics about how an IP config is passed to a RRAS client and DHCP relay agents
    http://www.petri.co.il/forums/showthread.php?t=35748

     

     

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Tuesday, December 13, 2011 2:53 AM
  • Thank you for the help.  It seems like I still have several issues to untangle.

     

    We currently have two computers with RRAS set up.  One is a DC which was previously configured to be the VPN.  I have been trying to undo this and move the VPN to a different server, however when disabling RRAS on the DC it causes problems on the network.  I think this is because several connections on the network are using that DC as a default gateway.

     

    Here is the ipconfig of the two RRAS servers.

     

    This is the one I would like to be the working VPN.

     

     

    Windows IP Configuration

     

     

     

       Host Name . . . . . . . . . . . . : cl17

     

       Primary Dns Suffix  . . . . . . . : company.non

     

       Node Type . . . . . . . . . . . . : Unknown

     

       IP Routing Enabled. . . . . . . . : Yes

     

       WINS Proxy Enabled. . . . . . . . : Yes

     

       DNS Suffix Search List. . . . . . : company.non

     

     

     

    PPP adapter RAS Server (Dial In) Interface:

     

     

     

       Connection-specific DNS Suffix  . : 

     

       Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

     

       Physical Address. . . . . . . . . : 00-53-45-00-00-00

     

       DHCP Enabled. . . . . . . . . . . : No

     

       IP Address. . . . . . . . . . . . : 192.168.60.210

     

       Subnet Mask . . . . . . . . . . . : 255.255.255.255

     

       Default Gateway . . . . . . . . . : 

     

     

     

    Ethernet adapter Internet:

     

     

     

       Connection-specific DNS Suffix  . : 

     

       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)

     

       Physical Address. . . . . . . . . : 00-18-8B-3D-28-01

     

       DHCP Enabled. . . . . . . . . . . : No

     

       IP Address. . . . . . . . . . . . : 192.168.60.43

     

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

     

       Default Gateway . . . . . . . . . : 192.168.60.254

     

       DNS Servers . . . . . . . . . . . : 192.168.60.10

     

                                           192.168.60.16

     

       Primary WINS Server . . . . . . . : 192.168.60.10

     

     

     

    Ethernet adapter Intranet:

     

     

     

       Connection-specific DNS Suffix  . : 

     

       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2

     

       Physical Address. . . . . . . . . : 00-18-8B-3D-28-03

     

       DHCP Enabled. . . . . . . . . . . : No

     

       IP Address. . . . . . . . . . . . : 192.168.60.32

     

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

     

       Default Gateway . . . . . . . . . : 192.168.60.254

     

       DNS Servers . . . . . . . . . . . : 192.168.60.10

     

                                           192.168.60.16

     

       Primary WINS Server . . . . . . . : 192.168.60.10

     

       NetBIOS over Tcpip. . . . . . . . : Disabled

     

    ---------------------------------------------------------------------------------------

    This is the DC with RRAS still active, that was previously the VPN.

     

     

    Windows IP Configuration

     

       Host Name . . . . . . . . . . . . : SERVER2

       Primary Dns Suffix  . . . . . . . : company.non

       Node Type . . . . . . . . . . . . : Hybrid

       IP Routing Enabled. . . . . . . . : Yes

       WINS Proxy Enabled. . . . . . . . : No

       DNS Suffix Search List. . . . . . : company.non

     

    Ethernet adapter Local Area Connection 3:

     

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #3

       Physical Address. . . . . . . . . : 00-26-B9-62-71-74

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       Link-local IPv6 Address . . . . . : fe80::59af:9dd3:861:ad65%12(Preferred) 

       IPv4 Address. . . . . . . . . . . : 192.168.60.10(Preferred) 

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : 0.0.0.0

                                           192.168.60.254

       DHCPv6 IAID . . . . . . . . . . . : 369108665

       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-EC-56-7D-00-26-B9-62-71-78

       DNS Servers . . . . . . . . . . . : 192.168.60.16

                                           192.168.60.10

       Primary WINS Server . . . . . . . : 192.168.60.10

       NetBIOS over Tcpip. . . . . . . . : Enabled

     

    Ethernet adapter Local Area Connection:

     

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)

       Physical Address. . . . . . . . . : 00-26-B9-62-71-78

       DHCP Enabled. . . . . . . . . . . : Yes

       Autoconfiguration Enabled . . . . : Yes

     

    Tunnel adapter isatap.{A7C53D6B-34F9-4224-9B29-98F3149BA2B0}:

     

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

     

    Tunnel adapter isatap.{87EF496C-1B52-4667-AF84-C3675D6F0733}:

     

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

     

    Tunnel adapter Local Area Connection* 13:

     

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . : 

       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

     

    Tuesday, December 13, 2011 4:27 PM
  • Hi,

     

    Thanks for the detailed information.

     

    How are things going? Have you solved this issue? After analyze the output information, I found there is a 0.0.0.0 default gateway on your DC. Generally, this route is not manually configured by user, and it can confuse your network traffic. So please run the following command to delete this route:

     

    route delete 0.0.0.0 mask 0.0.0.0

     

    Then, reset 192.168.60.254 as default gateway, to see if this helps. Meanwhile, please ensure that only one NIC was enabled and the RRAS was disabled on the DC. If you have any update or concern, feel free to let us know.

     

    Best Regards,

    Aiden

    Thursday, December 15, 2011 1:42 AM
    Moderator