SBS 2003 VPN name resolution issue

[MobileTechie]

I have a client VPNing into their SBS 2003 using the server's own VPN system. This works OK however there is one small issue - they cannot get to a share by typing in the name, only by using IP. E.g. they cannot get to it by \\sbs2003\datashare but can by say \\10.0.0.1\datashare.

In the VPN client's IPv4 settings I have set the remote server as the DNS server and WINS server and added theirdomain.local as the prefix for the connection. This is working apparently since the VPN connection is identified by Windows 7 as theirdomain.local and if I ping sbs2003 I get the correct IP address returned. I've tried using the FQDN but this makes no difference.

It's no big deal as they only access one main share which can be mapped with the IP and once in it they can browse around normally. But I'd like to know what is amiss here?

 

[YeOldeStonecat]

Are you using the servers internal IP address on the DNS and WINS setup of the dial up adapter?
'course there's always the poor mans WINS approach...lmhosts files.

I forget if there was another thread from re: SBS and its VPN...but I'd see if the client would be better served by using RWW to their workstation. I'd not be fond of...(rather..I flat out would not do it)...exposing PPTP VPN ports through a firewall to a DC.

 

[MobileTechie]

Are you using the servers internal IP address on the DNS and WINS setup of the dial up adapter?
'course there's always the poor mans WINS approach...lmhosts files.

I forget if there was another thread from re: SBS and its VPN...but I'd see if the client would be better served by using RWW to their workstation. I'd not be fond of...(rather..I flat out would not do it)...exposing PPTP VPN ports through a firewall to a DC.

Yes I've set up the DNS and WINS as described. No RWW is not applicable here.

 

[Frank]

Go into rrasmgmt.msc. install a DHCP relay agent.

 

[MobileTechie]

Go into rrasmgmt.msc. install a DHCP relay agent.

Why will that help with name resolution?

 

[Frank]

I don't remember, but It works. I've had the same issue. Try it.

Sorry for not giving a good explanation. I'm currently on-site and don't really have time.

 

[onetech4all]

Re:

Once VPNed in, what are the IP settings the client is getting from the DHCP server? I would start with that.

 

[MobileTechie]

I don't remember, but It works. I've had the same issue. Try it.

Sorry for not giving a good explanation. I'm currently on-site and don't really have time.

Fair enough I just can't fathom why but then computers can be like that!

I can see why it would work if I hadn't already manually set the DNS and WINS server addresses at the client end because it would assist in getting that info, via DHCP, to the client. But since I have, I can't see that it will change anything.

 

[TLE]

What version of SBS is this MT? 2003, just spotted that.

Out of interest, how many NICS are installed?

You could always add it to the hosts file, as a work around.

 

[MobileTechie]

Once VPNed in, what are the IP settings the client is getting from the DHCP server? I would start with that.

They get:

The connection-specific suffix (I set that manually at the client end)
A preferred IP address on the remote network - dished out by SBS
Subnet mast of 255.255.255.255 - dished out by SBS
DNS Server is the SBS server (I set that manually at the client end)
WINs Server is the SBS server (I set that manually at the client end)

The thing that I can't work out is why when I ping the server by name it gets resolved both to the correct IP and its FQDN (implying that DNS and the connection suffix are working) but I can't use the name or FQDN in Windows Explorer/Computer to get to the folders. It's not a problem that needs solving as mapping the drive using the IP is fine but it means I don't understand what is happening. I suspect this is expected behaviour but I just don't know why. Maybe is a WINS thing?

 

[TLE]

I don't have the WINS or DNS specified on my VPN connections, I just let the client PC automatically detect them from SBS.

How about running a netmon trace on the NIC to see whats going on?

 

[MobileTechie]

What version of SBS is this MT? 2003, just spotted that.

Out of interest, how many NICS are installed?

You could always add it to the hosts file, as a work around.

Yeah it's not a problem at all because using the IP is perfectly fine. All they need is single mapped drive so that works AOK. I just want to know WHY it's like this.

Two NICs but only one enabled.

 

[YeOldeStonecat]

Ah....was hoping it was the Windows firewall service on the server...but you just mentioned 1x NIC enabled...so it cannot be, as with Server 03, the windows firewall service cannot start unless there are 2 or more NICs present to the OS.

I'm trying to remember tricks I did back when I setup PPTP VPN on servers/networks....that was back in the NT 4 days. I've used it often since then for myself..but only to PPTP into a router to access stuff at a clients site using RDP once inside.

*Netbios over IP enabled on both the server and the dial up adapter on the client side?

*"Use remote gateway" option set on the dial up adapter?

At best, I remember resolution through PPTP being flakey, inconsistent. LMHosts was used a lot back then. Of course, resources on the LAN you're trying to access will need to be static IPs.

 

[onetech4all]

Re:

Could it be related to the broadcast IP address of 255.255.255.255?

 

[MobileTechie]

I'm not sure what you mean? 255.255.255.255 is the subnet maslk, not the broadcast address. Unless you mean that because of that mask there is no broadcast address?

The mask of these type of VPN client IP is always 255.255.255.255 - it's setting up a 1-to-1 connection. It's effectively a subnet of 1 computer. Likewise the default gateway is 0.0.0.0

So yeah I guess the lack of broadcast over the PPTP connection would affect name resolution. So maybe this is just expected behaviour for this type of VPN?

 

[onetech4all]

Re:

I've setup VPN for several of my clients. Never had the issue, but then I don't dished out 255.255.255.255 as a subnet mask. I though 255.255.255.255 was also a broadcast IP address.

 

[TLE]

MT is correct, This is by design because the connection is point to point, the client will be assigned a mask of 255.255.255.255 by the VPN server.

You are also correct on stating that 255.255.255.255 is also a broadcast address. But it's a special broadcast address for a 0.0.0.0 network.

 

[MobileTechie]

You're right in that 255.255.255.255 is the limited broadcast address but I don't see how that is relevant here unless you know can explain different? It's not a routable address anyway so its only of use to broadcast locally.

These Windows Server VPNs act different to router-to-router/lan-to-lan ones. Only the PC with the VPN client is connected, not the other computers on its local lan. E.g. laptops on the same home network cannot access the server. That's what the 255.255.255.255 mask accomplishes - a single host network.

EDIT: this was posted before TLE's response.