VPN name resolution issues

[chicagotech]

Hello Corey,

Thanks for posting here, and thanks for Robert's inputs.

From the description, I understand that you can establish the VPN
connection to the SBS Server. However, you cannot access the shares on the
SBS Server. If I am off base, please do let me know.

Based on my experience, there are several factors which may cause the
problem:

1. ISA 2000/Windows 2003 SP1 compatibility issue
2. IP addressing schema
3. Computer Browser services
4. NBT
5. WINS

Considering the current situation, I would like to provide you the
following suggestions:

1. There is a known issue when Windows 2003 SP1 is applied with ISA 2000
installed. If that is the case, the users could encounter the VPN issues.
If your ISA server is running Windows 2003 and has SP1 installed, please
apply the hotfix and registry modification described in the following KB
article:

897651 VPN clients can no longer access internal resources after you install
http://support.microsoft.com/?id=897651

2. Is the remote network using the same subnet address as the local
network? For example, both LAN's are using 192.168.16.0 as the internal
subnet address. The computer sends the IP packages according to the path
defined in the routing table. If the local and the remote network are using
the same IP subnet, the client computer would not send the packages through
the VPN interface. Instead, the traffic will go through the local NIC to
the local internal network. If that's the case, you will need to change
either your local network IP schema or the branch office side IP schema.

3. Please double-check the Computer Browser services on the server and
clients.

a. On the SBS Server, open Services in Administrative Tools.
b. Make sure that the "Computer Browser" service has been started and its
startup type is "Automatic".
c. On the client computers, make sure that the "Computer Browser" service
has been disabled.

4. Please make sure that the NBT has been properly configured on the Server
and the clients.

a. On the SBS Server, open Network Connections and open the properties for
the local connection.
b. Double-click Internet Protocol (TCP/IP) from the list and click Advanced.
c. Click WINS tab and make sure that "Enable NetBIOS over TCP/IP" has been
selected.
d. On the client computers, make sure that the "Default" or "Enable NetBIOS
over TCP/IP" has been selected.

5. Ensure Windows Internet name Service (WINS) is started on SBS, and
ensure the remote client set SBS internal IP as WINS server.

6. Please ensure you use the recommended steps to configure VPN on SBS.
Please perform the following steps to reconfigure the VPN on SBS:

1) Disable RRAS

a. Schedule a network down time.

b. Please open Routing and Remote Access console on SBS thru run command
"rrasmgmt.msc"

c. Right click the SBSname (local), select Disable Routing and Remote
Access console

2) Run CEICW on SBS

You have to rerun the CEICW to make sure your SBS 2003 server have right
network configuration. Go through the follow KB and Rerun CEICW again
carefully.

How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us

3) Run Remote Access wizard

a. On the Small Business Server 2003-based server, click To Do List in the
left pane of the Server Management console.

b. Under Network Tasks, click Configure Remote Access.

c. Click Next, click Enable Remote Access, click to select the VPN Access
check box, and then click Next.

d. Type the fully qualified public domain name (your public DNS name) of
your server, click Next, and then click Finish.

e. When the wizard is completed, click Close.

4) Then you can access RWW to download Connection Manager or copy the file
from SBS server c:\ ClientApps\Connection Manager\SBSPackage.exe. Please
save the sbspackage.exe file in VPN client computer. Then double-click
SBSPackage.exe to run it. After this file run the "connect to small
business server" will be created and you can use it to connect VPN to your
SBS server.

If we cannot resolve the issue after we perform the above steps, please
kindly help me collect some information for further investigation:

1. Does this problem occur on all remote VPN clients?

2. Is ISA installed on the SBS box? If so, which version is the ISA Server?

3. Once the VPN connection is established, please try the following test
and let me know the result:

a. Please ping the IP address of the SBS Server.
b. Please ping the server name of the SBS Server.
c. Please ping the IP address of the internal clients.
d. Please access shared folder on the internal client using
\\clientIP\shares
e. Please access shared folder on the SBS Server using \\sbsIP\shares

4. Once the VPN connection is established, run command "ipconfig /all >
c:\ipconfig_sbs.txt" and "route print > c:\route_sbs.txt" on SBS, send the
files c:\ipconfig_sbs.txt and c:\route_sbs.txt to me at
v-terliu@microsoft.com

5. Once the VPN connection is established, run command "ipconfig /all >
c:\ipconfig_client.txt" and "route print > c:\route_client.txt" on remote
client, send the files c:\ipconfig_client.txt and c:\route_client.txt to me
at v-terliu@microsoft.com

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/ne ... fault.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Corey" <czinn>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Re: VPN, mapped drives
| Date: Tue, 28 Aug 2007 17:24:44 -0400
| Organization: Posted via Supernews, http://www.supernews.com
| Message-ID: <13d94l3h3liaba4>
| References: <13d8hk8rgq51led>
<uFmVJ3Z6HHA>
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| X-RFC2646: Format=Flowed; Original
| X-Complaints-To: abuse@supernews.com
| Lines: 63
| Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed0
0.sul.t-online.de!t-online.de!news.glorb.com!sn-xt-sjc-04!sn-xt-sjc-01!sn-po
st-sjc-02!sn-post-sjc-01!supernews.com!corp.supernews.com!not-for-mail
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:59305
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Thanks for the response. I've looked into what you suggested, but I'm
still
| seeing the same behavior:
|
| - VPN connects, but can't browse to shared folders on server.
| - If I try to use a mapped drive that is already set up, I get the
| message, "The local device name is already in user. This connection has
not
| been restored."
| - If I go to Run and type \\servername\sharedfoldername (exact same
path
| as mapped drive above), I get the message, "The network path was not
found."
|
| I should note that this server only has one NIC, which I'm sure changes
the
| configuration for VPN access. I have setup a Forward Lookup Zone based on
| info I've found, but that didn't seem to help. I most likely don't have
it
| set up correctly, but I'm not sure what to do next. Any suggestions would
be
| appreciated. Let me know if you need more info.
|
| Thanks.
|
| Corey
|
|
| "Robert L [MVP - Networking]" <noreply> wrote in message
| news:uFmVJ3Z6HHA.484@TK2MSFTNGP06.phx.gbl...
| Sound like name resolution issue. You may want to enable WINS. Or this
| search result may help,
|
| Name resolution on VPNTo assign the DNS and WINS to a VPN client for name
| resolution, you should configure VPN server with the IP addresses of the
| appropriate DNS and WINS ...
| www.chicagotech.net/nameresolutionpnvpn.htm
|
|
| Bob Lin, MS-MVP, MCSE & CNE
| Networking, Internet, Routing, VPN Troubleshooting on
| http://www.ChicagoTech.net
| How to Setup Windows, Network, VPN & Remote Access on
| http://www.HowToNetworking.com
| "Corey" <czinn> wrote in message
| news:13d8hk8rgq51led@corp.supernews.com...
| I've gotten some good help here recently, so I thought I'd try again. I
| enabled remote access on our SBS 2003, and set the properties for a
| specific
| user to allow access for this user. This user has a laptop that is
| normally
| connected to our network, and can see the shared drives on the SBS
while
| on
| our network. When connecting through the VPN while not on our network,
the
| laptop appears to connect to the VPN ok, but the mapped drives are not
| available, and can not be accessed by going to run and typing
| \\servername\foldername, either.
|
| I don't have experience with setting up VPN's, so I'm sure there is
| something (or more than one thing!) that I am missing. Any suggestions
| would
| be appreciated!
|
| Thanks.
|
|
| Corey