Remote user with DNS problem

Discussion in 'DNS Server' started by John, Mar 1, 2010.

  1. John

    John Guest

    I have a remote user that connects to my VPN server who cannot access
    another server that contains an application (MS CRM) without using that
    server's IP address. I had her flush the DNS cache, but that didn't help.

    The DNS client is running on the server that she is trying to access. This
    is a Windows 2008 server. Is there something I can do where she can use the
    name of the server instead of the IP address to access it?

    Thanks,

    John
     
    John, Mar 1, 2010
    #1
    1. Advertisements

  2. The DUN Connectiod on the users machine needs the correct LAN DNS added to
    the TCP/IP specs. WINS is a good idea too. There is no way for the user's
    machine to "automatically know" the Names and IPs of the machines on the LAN
    otherwise.

    This is a common problem if the VPN user is not granted the TCP/IP specs by
    a *true* DHCP Server.
     
    Phillip Windell, Mar 1, 2010
    #2
    1. Advertisements

  3. John

    John Guest

    Thanks for getting back to me. I had the user check her TCP/IP settings in
    her VPN connectoid. She has the domain controller IP address in the DNS and
    WINS tabs. Is there another place to check either on the client PC or the
    server?

    Thanks,

    John
     
    John, Mar 1, 2010
    #3
  4. Are you saying it works when they are internal, but not when they are connectec via VPN?

    How are they typing in the URL when they are in the office and when they are connected via a VPN? Which style below? I used 'crm' as an example subweb.
    http://servername/crm
    http://servername.yourInternalDomainName.local/crm


    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MVP-DS, MCT], Mar 2, 2010
    #4
  5. John

    John Guest

    No, they are never here. They are in a remote office. It may work when
    they are here, but I won't know that until someone shows up.

    They can access CRM by typing the local IP address of the server that
    contains the application. As long as they are connected to the VPN.

    They cannot access CRM by typing http://servername

    I haven't tried your second example. I'll have her try that next.

    I thought it might be a firewall issue as I wasn't able to ping her when she
    was connected to the VPN. I had her turn off her Windows firewall and I was
    able to ping her through the VPN. She however, wasn't able to connect to
    CRM with just the server name.

    Thanks for your help. I'll post what happens when she tries
    http://servername.yourInternalDomainName.local/crm

    John
    Are you saying it works when they are internal, but not when they are
    connectec via VPN?

    How are they typing in the URL when they are in the office and when they are
    connected via a VPN? Which style below? I used 'crm' as an example subweb.
    http://servername/crm
    http://servername.yourInternalDomainName.local/crm


    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among
    responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
    MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please
    contact Microsoft PSS directly. Please check http://support.microsoft.com
    for regional support phone numbers.
     
    John, Mar 2, 2010
    #5
  6. Don't use http://servername
    Use: http://servername.yourInternalDomainName.local

    "Servername" will only work if WINS is working correctly,...if WINS isn't
    working correctly (there can be other influences effecting that). Use the
    FQDN so that DNS can handle it.

    *Never* use IP#s. They are not simpler,..they are not better,...they are
    not less trouble. They are actually more trouble if a proxy ever gets
    involved.
    Always use names,...if there is a resolution problem that is not an excuse
    to use IP#s,...if there is a resolution problem then solve the resolution
    problem.

    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Mar 2, 2010
    #6
  7. John

    John Guest

    The user reported that using http://servername.yourInternalDomainName.local
    did work, but was slow. I told her to try again later since it could be a
    network traffic issue.

    I was wondering if a hosts file on her computer would help the application
    find the server?

    John
     
    John, Mar 2, 2010
    #7
  8. DNS already is. The Host file is not going to do anything different. Host
    files are a management nightmare anyway.


    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Mar 2, 2010
    #8

  9. Just as I thought. Phillip nailed it. You are not using WINS. Hosts files, as Phillip said, are superfluous. That's what DNS is for. It's a hostname database, so why use hosts files?

    As suggested, if they want to connect by the servername, and not by the FQDN (the longer one), then you MUST use WINS. WINS provides a NetBIOS (the computername) to IP address database. Note, the hostname and the computername are the same, however during lookups, if using a singlename to lookup, such as apparently what your users are used to doing, it will look at WINS for a lookup. If not found, it will look at FQDN devolution. However, that's a brief overview, and there's more to it. Basically, for what you want to do, you need WINS.

    To setup WINS, in summary:

    1. Add/Remove, click on Windows Components.
    2. Add WINS
    3. Point the server to itself to use WINS (TCP/IP, Advanced, WINS tab).
    4.Change the DHCP scope to add scope options:
    044 - The WINS server IP address
    046 - "0x8" (without the quotes - this defines the node type)
    5. If the VPN server has its own DHCP, consult your docus on how to add a WINS server IP address

    Here are a couple of links that should help you set it up.

    WINS server role: Configuring a WINS server: GeneralJan 21, 2005 ... WINS server role: Configuring a WINS server ... In a large network, you may need to add the WINS server role to additional servers in order ...
    http://technet.microsoft.com/en-us/library/cc780091(WS.10).aspx

    How to setup winsConfigure and manage WINS serve ... How to enable WINS automatic partner configuration ... How to setup Primary and Secondary WINS Server ...
    www.howtonetworking.com/Windows/wins0.htm

    I hope that helps.

    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 3, 2010
    #9
  10. John

    John Guest

    I have finally heard back from the user and the consultant regarding this
    issue. Apparently, the FQDN will not allow CRM to be integrated into
    Outlook. The consultant wants me to setup a friendly name to access this
    server. He sent me a link about setting up a DNS entry. The link:
    http://www.simongibson.com/intranet/dns2003/

    This tutorial looks fairly simple. I am wondering what problems I can run
    into if I set this up wrong? If I make a mistake, can I just delete what I
    made? Will an incorrect setup cause network problems elsewhere?

    John





    Just as I thought. Phillip nailed it. You are not using WINS. Hosts files,
    as Phillip said, are superfluous. That's what DNS is for. It's a hostname
    database, so why use hosts files?

    As suggested, if they want to connect by the servername, and not by the FQDN
    (the longer one), then you MUST use WINS. WINS provides a NetBIOS (the
    computername) to IP address database. Note, the hostname and the
    computername are the same, however during lookups, if using a singlename to
    lookup, such as apparently what your users are used to doing, it will look
    at WINS for a lookup. If not found, it will look at FQDN devolution.
    However, that's a brief overview, and there's more to it. Basically, for
    what you want to do, you need WINS.

    To setup WINS, in summary:

    1. Add/Remove, click on Windows Components.
    2. Add WINS
    3. Point the server to itself to use WINS (TCP/IP, Advanced, WINS tab).
    4.Change the DHCP scope to add scope options:
    044 - The WINS server IP address
    046 - "0x8" (without the quotes - this defines the node type)
    5. If the VPN server has its own DHCP, consult your docus on how to add a
    WINS server IP address

    Here are a couple of links that should help you set it up.

    WINS server role: Configuring a WINS server: GeneralJan 21, 2005 ... WINS
    server role: Configuring a WINS server ... In a large network, you may need
    to add the WINS server role to additional servers in order ...
    http://technet.microsoft.com/en-us/library/cc780091(WS.10).aspx

    How to setup winsConfigure and manage WINS serve ... How to enable WINS
    automatic partner configuration ... How to setup Primary and Secondary WINS
    Server ...
    www.howtonetworking.com/Windows/wins0.htm

    I hope that helps.

    Ace
     
    John, Mar 22, 2010
    #10

  11. You've posted a tutorial on how to install DNS and a number of other items. Are you creating another zone, or just creating a hostname?

    Even if you create an additional hostname in DNS, keep in mind, the zone name will be suffixed. This means that if I create a new hostname called 'ace' (without the quotes) under your zone, which let's say is called 'domain.com' (without the quotes), then when you go to resolve it, the client side resolver will take the hostname and suffix it to the Search Suffix, which would be called 'domain.com,' and create an FQDN, then resolve it. So I don't know what the consultant is referring to. If he is saying the FQDN doesn't work, then why is he telling you to create a "friendly" hostname under the zone, which will become an FQDN anyway??

    What Phillip and I were saying, is when you try to access a webserver internally by a single name, such as http://servername or http://friendlyname, and you don't want it to be an FQDN, then you need NetBIOS resolution support. Across a VPN, this is only possible using WINS. You could also use an LMHOSTS file, but there is a bit more to it with an LMHOSTS file, understanding how it works, besides needing to copy it on every remote user's machines. WINS is the simplest way to get what you are trying to do, especially if Outlook/CRM is looking for a NetBIOS name.

    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 23, 2010
    #11
  12. John

    John Guest

    I created a forward lookup group after going through the tutorial that the
    consultant gave me. Its FQDN is crm.companycrm.com. When I do an nslookup
    on it, I get the IP address of the CRM server: 192.168.1.205, which is what
    I got when I did an nslookup on the CRM server's name. I haven't heard back
    from the user if this worked, but it looks like I just created another name
    for the same server.

    I haven't gotten through the WINS link yet, but we do use lmhosts files on
    VPN clients computers. If I could add to the lmhosts file to make this
    work, then that would be a suitable option. There are only 5 people in this
    office that use CRM.

    John


    You've posted a tutorial on how to install DNS and a number of other items.
    Are you creating another zone, or just creating a hostname?

    Even if you create an additional hostname in DNS, keep in mind, the zone
    name will be suffixed. This means that if I create a new hostname called
    'ace' (without the quotes) under your zone, which let's say is called
    'domain.com' (without the quotes), then when you go to resolve it, the
    client side resolver will take the hostname and suffix it to the Search
    Suffix, which would be called 'domain.com,' and create an FQDN, then resolve
    it. So I don't know what the consultant is referring to. If he is saying the
    FQDN doesn't work, then why is he telling you to create a "friendly"
    hostname under the zone, which will become an FQDN anyway??

    What Phillip and I were saying, is when you try to access a webserver
    internally by a single name, such as http://servername or
    http://friendlyname, and you don't want it to be an FQDN, then you need
    NetBIOS resolution support. Across a VPN, this is only possible using WINS.
    You could also use an LMHOSTS file, but there is a bit more to it with an
    LMHOSTS file, understanding how it works, besides needing to copy it on
    every remote user's machines. WINS is the simplest way to get what you are
    trying to do, especially if Outlook/CRM is looking for a NetBIOS name.

    Ace
     
    John, Mar 25, 2010
    #12
  13. I'm glad you found a resolution, assumingly if it works for them.

    Just my personal, technical opinion, I believe lmhosts files are legacy and not needed. WINS is similar to DNS but supports NetBIOS single names. It's an answer to centralizing lmhosts files, so to speak. Creating the crm hostname in DNS, creates an FQDN. However, if the CRM server uses NetBIOS support, then it won't work, and would need NetBIOS support. In WINS, I would simply create a static entry called CRM, and give it the IP. The fact that internal and VPN clients have the WINS address configured, they will resolve it as a NetBIOS name. You wouldn't have to touch any laptop, whether physically, remotely or UNC to update an lmhosts file. You simply create the record once in WINS and walk away.

    Just my two cents.

    Ace
     
    Ace Fekay [MVP-DS, MCT], Mar 27, 2010
    #13
  14. John

    John Guest

    I heard back from the user. The crm.companyname.com didn't work as I
    suspected. So, I tried having them configure over the Internet. I'm still
    waiting for the results on that.

    In regards to WINS. I already have WINS installed on my server with the
    settings you listed in a previous post. The WINS service is running. In
    WINS, I am able to see the name of the computer of the user who is trying to
    configure her computer.

    Is there more configuring on the server or the client that I need to do?

    Thanks again,

    John

    I'm glad you found a resolution, assumingly if it works for them.

    Just my personal, technical opinion, I believe lmhosts files are legacy and
    not needed. WINS is similar to DNS but supports NetBIOS single names. It's
    an answer to centralizing lmhosts files, so to speak. Creating the crm
    hostname in DNS, creates an FQDN. However, if the CRM server uses NetBIOS
    support, then it won't work, and would need NetBIOS support. In WINS, I
    would simply create a static entry called CRM, and give it the IP. The fact
    that internal and VPN clients have the WINS address configured, they will
    resolve it as a NetBIOS name. You wouldn't have to touch any laptop, whether
    physically, remotely or UNC to update an lmhosts file. You simply create the
    record once in WINS and walk away.

    Just my two cents.

    Ace
     
    John, Mar 30, 2010
    #14
  15. John

    John Guest

    It's fixed.

    After reading more about WINS, I went into my PDC and looked up some client
    computers in WINS and was able to find them easily. However, my CRM server
    wasn't found, but my Great Plains server was. I checked the TCP/IP
    properties on the GP server and under the WINS tab was the address for the
    PDC. I checked the CRM server and it didn't have an address under the WINS
    tab, so I added it.

    I had one of my remote users try configuring CRM and they were succesful!

    Thanks for all the help.

    John
     
    John, Mar 30, 2010
    #15
  16. You are welcome!

    I was going to post back about how easy WINS is. There really isn't much to it, as you've found out. Just install it, and set it in DHCP or statically in machines with a static IP configuration. That's pretty much it! All Windows machine will automatically register.

    Also of note, if you have more than one WINS, which you can use, you can take the two WINS machines and make them replication partners. They will share their databases with each other. You then set the two WINS IPs on all machines. However, on the WINS server themselves, they must only point to themselves. This is because they use an 'Ownership" attribute of all records. This way in a replication partnership scenario, each knows of each other's records.

    If you have the one, nothing to worry about... :)



    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MVP-DS, MCT], Mar 31, 2010
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.