Andrei,
Good question. When a VPN client, whether using the Windows client, or
a third party, such as a Cisco (legacy or SSLVPN), it will
automatically get bumped up as the first in the binding order, so it
will query the VPN DNS configuration. That is if all is left default,
nothing's been changed, etc. You can test it with an nslookup. It
should show the first DNS server in the VPN config.
IIRC, you can also look at the default binding order, whether a VPN is
installed or not, and it *should* show the RRAS connection as first,
then a wireless and/or hardwire connection.
If the defaults were changed, it could cause this issue. If the VPN
client is using an outside DNS, such as that the DHCP service in the
VPN config at the cloud side (whatever is being used as a VPN server),
is not configured to provide the DCs as the DNS address, will cause
it, too. If the DCs are multihomed, that is another factor, too!
I am leaning towards the latter being the issue, however it's just
conjecture until Jane can provide more specifics about how the VPN is
configured, the type of VPN service (Windows RRAS or third party
hardware), etc.
That was why I've asked for some ipconfigs. It would be really helpful
to see an ipconfig /all from the client while connected to the VPN, as
well as an ipconfig /all from one of the DCs at the cloud. You never
know, the problem can be deeper, especially if the DCs are
misconfigured.
Cheers!
Ace
On Mon, 3 May 2010 21:40:49 +0300, "Andrei Ungureanu"
<> wrote:
>Ace,
>Do you remember how the DNS servers are queried when the VPN is connected? I
>remember that I've seen that first is asked the DNS server set on the NIC
>and then the one from the VPN interface - and that's why you can have
>problems accessing DNS names over VPN that are also registered on the
>Internet (maybe this is the issue from our topic). Can be related to the
>network binding order?
>
>It was a while since I've troubleshoot VPN connections ... so I'm asking ...
>
>Andrei Ungureanu
>www.winadmins.net
>
>"Ace Fekay [MVP - Directory Services, MCT]" <>
>wrote in message news:...
>> Good point. When the VPN is connected, it should be using AD's DNS
>> addresses. The only problem I see with the same name public/private
>> (AD) DNS domain name, is if a logon was attempted without the VPN, and
>> it queried the external DNS servers on the internet, it would have
>> returned a NULL response (no such record), therefore I believe the
>> NULL response may be cached locally, and then if another logon was
>> attempted immediatelyafter the VPN connection was established and
>> *assuming* the AD DNS addresses are provided with the VPN DHCP config,
>> it may not send another query out until it expires from the client
>> cache.
>>
>> Maybe clearing the cache may help to prove or disprove this? Than
>> again, the VPN DHCP config may be incorrect as well, which at that
>> point it wouldn't work anyway.
>>
>> As you said, Andrei, best to wait to hear more details about the VPN.
>>
>> What would also help is to see an ipconfig /all of the VPN client
>> before the VPN is connected, and afterwards, as well as an ipconfig
>> /all of one of the DCs.
>>
>> Ace
>>
>>
>>
>> On Mon, 3 May 2010 11:27:18 +0300, "Andrei Ungureanu"
>> <> wrote:
>>
>>>I did not get your story 100% but I think you've said that you connect via
>>>a
>>>VPN connection to your environment. If so, is your AD domain name a public
>>>internet domain name? Actually I've answered myself. The domain
>>>joescomputersupportinc.com is registered on the internet so probably you
>>>are
>>>querying the DNS servers that hosts the internet zone, not the Active
>>>Directory.
>>>
>>>I am waiting for more details about the VPN setup as this and the DNS are
>>>the main problems.
>>>
>>>Regards,
>>>Andrei Ungureanu
>>>www.winadmins.net
>>>
>>>"stinsonj" <> wrote in message
>>>news:...
>>>>
>>>> Hello,
>>>>
>>>> My Os Is Windows Server 2008 R2 Enterprise
>>>> I have a Cloud Server (Windows Server 2008 R2 Enterprise)that I Pay
>>>> Monthly For and I Need to setup active directory on it so my remote
>>>> computers can login useing active directory but it seems i cant connect
>>>> to the domain controler. Get The Following Anwser:
>>>>
>>>> The following error occurred when DNS was queried for the service
>>>> location (SRV) resource record used to locate a domain controller for
>>>> domain remoteoffice.joescomputersupportinc.com:
>>>>
>>>> The error was: "DNS name does not exist."
>>>> (error code 0x0000232B RCODE_NAME_ERROR)
>>>>
>>>> The query was for the SRV record for
>>>> _ldap._tcp.dc._msdcs.remoteoffice.joescomputersupp ortinc.com
>>>>
>>>> Common causes of this error include the following:
>>>>
>>>> - The DNS SRV record is not registered in DNS.
>>>>
>>>> - One or more of the following zones do not include delegation to its
>>>> child zone:
>>>>
>>>> remoteoffice.joescomputersupportinc.com
>>>> joescomputersupportinc.com
>>>> com
>>>> (the root zone)
>>>>
>>>> And i tryed conencting via VPN and Just Regular Connection.
>>>>
>>>> Please HELP !
>>>>
>>>>
>>>> --
>>>> stinsonj
>>>> ------------------------------------------------------------------------
>>>> stinsonj's Profile: http://forums.techarena.in/members/215589.htm
>>>> View this thread:
>>>> http://forums.techarena.in/active-directory/1332899.htm
>>>>
>>>> http://forums.techarena.in
>>>>
Similar Threads
Linear Mode
