Hi

I have a 2 Dcs (one in each office) with rras vpn enabled that connect to
each other.
I'm having some problems related to network browsing, files transfer, etc.

1dc = 192.168.2.254 (nic) - Vpn PPP adap = 192.168.3.99
2dc = 192.168.3.254 (nic) - Vpn PPP adap = 192.168.2.99

I realise that the problem is that for example i try to browse network
domains it fails because is going to the PPP address (192.168.3.99 or
192.1682.99) instead of the 192.168.2.254 or 192.168.3.254.
If i try to dns zone transfer i have to allow on 192.168.3.99 (instead of
192.168.3.254)
It seems that on remote locations it only recognize the ip of the PPP
address. There Is any way to force resolution on the nic address of each
server?


--
Best Regards
Systems Administrator
MCSA + Exchange

Using DC as RRAS server you may have this name resolution and connectivity issue. What you may do is disable WINS and DNS register on PPTP. this link may help,

Name resolution on VPN Can't ping VPN client by name Connection issues on DC, ISA, DNS and WINS server as VPN server How to assign DNS and WINS on VPN client manually ...
www.chicagotech.net/nameresolutionpnvpn.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Jmnts" <jmnts@hotmail.com> wrote in message news:O0fX8QwWGHA.3332@TK2MSFTNGP02.phx.gbl...
Hi

I have a 2 Dcs (one in each office) with rras vpn enabled that connect to
each other.
I'm having some problems related to network browsing, files transfer, etc.

1dc = 192.168.2.254 (nic) - Vpn PPP adap = 192.168.3.99
2dc = 192.168.3.254 (nic) - Vpn PPP adap = 192.168.2.99

I realise that the problem is that for example i try to browse network
domains it fails because is going to the PPP address (192.168.3.99 or
192.1682.99) instead of the 192.168.2.254 or 192.168.3.254.
If i try to dns zone transfer i have to allow on 192.168.3.99 (instead of
192.168.3.254)
It seems that on remote locations it only recognize the ip of the PPP
address. There Is any way to force resolution on the nic address of each
server?


--
Best Regards
Systems Administrator
MCSA + Exchange

yes it is a great article but didn't worked in my case....
any more ideas??

(just one thing that i couldn't change, at some point the article says: if the domain is a gc create a record... under msdcs.gc folder, is strange because this folder ( msdcs\GC) isn't available on one of the servers (DC2) and this server is a gc!!! I only have the GC folder on the 1st created dns domain that belong to the DC1?? the ForestDnsZones are only visible also on the first domain!!! I believe that is the normal behavior isn't it?? i checked in other different domains and i saw the same thing - Only the first domain (root) is the only that has the folder for _MSDCS.GC, _MSDCS.Domains and the ForestDnsZones. The other domains only have under _msdcs, the pdc folder and dc folder. another interesting thing is that only the root domain has the Guids under _msdcs for all existent domains in the forest).


--
Best Regards
Systems Administrator
MCSA + Exchange



"Robert L [MS-MVP]" <noreply@hotmail.com> wrote in message news:%23M1yzrzWGHA.3672@TK2MSFTNGP02.phx.gbl...
Using DC as RRAS server you may have this name resolution and connectivity issue. What you may do is disable WINS and DNS register on PPTP. this link may help,

Name resolution on VPN Can't ping VPN client by name Connection issues on DC, ISA, DNS and WINS server as VPN server How to assign DNS and WINS on VPN client manually ...
www.chicagotech.net/nameresolutionpnvpn.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Jmnts" <jmnts@hotmail.com> wrote in message news:O0fX8QwWGHA.3332@TK2MSFTNGP02.phx.gbl...
Hi

I have a 2 Dcs (one in each office) with rras vpn enabled that connect to
each other.
I'm having some problems related to network browsing, files transfer, etc.

1dc = 192.168.2.254 (nic) - Vpn PPP adap = 192.168.3.99
2dc = 192.168.3.254 (nic) - Vpn PPP adap = 192.168.2.99

I realise that the problem is that for example i try to browse network
domains it fails because is going to the PPP address (192.168.3.99 or
192.1682.99) instead of the 192.168.2.254 or 192.168.3.254.
If i try to dns zone transfer i have to allow on 192.168.3.99 (instead of
192.168.3.254)
It seems that on remote locations it only recognize the ip of the PPP
address. There Is any way to force resolution on the nic address of each
server?


--
Best Regards
Systems Administrator
MCSA + Exchange

As Robert said in the original post, using a DC as a router is not a
good idea. Using it as the host of a site-to-site VPN link is an even worse
idea.

The main problem is that the server becomes mulihomed. This fouls up the
name resolution and browsing. This was a big problem in NT and you still
have the same problems with Netbios names in in W2k/W2k3 . In addition, the
use of dynamic registration in DNS means that you also have similar problems
with DNS names, since more than one interface (and therefore more than one
IP) registers the machine's name.

The fix for Netbios problems is still much the same as in NT. You need
to disable Netbios over TCP/IP on all interfaces except the private LAN NIC.
If you are using WINS, you need to then check for (and remove) any stored
references to the "wrong" IP addresses attached to the server's name.
Disabling Netbios over TCP/IP on the "internal" RRAS interface can have some
bad effects in particular cases. This is discussed in KB830063 .

The situation with DNS is similar. In some cases you can get around the
problem simply by setting your DNS server to listen only on its LAN
interface. If this doesn't work, you need to prevent the RAS interface from
registering in DNS as described in KB292822.

Network browsing uses broadcasts and the computer browser service. This
will not work across a WAN without WINS (just as it will not work in a
routed network without WINS). You can have all machines in both sites
registering with a single WINS server. If you have a WINS server in each
site, you will need to set them up to replicate for the browser service (and
Netbios name resolution)to work properly across the link.

Jmnts wrote:
> yes it is a great article but didn't worked in my case....
> any more ideas??
>
> (just one thing that i couldn't change, at some point the article
> says: if the domain is a gc create a record... under msdcs.gc folder,
> is strange because this folder ( msdcs\GC) isn't available on one of
> the servers (DC2) and this server is a gc!!! I only have the GC
> folder on the 1st created dns domain that belong to the DC1?? the
> ForestDnsZones are only visible also on the first domain!!! I believe
> that is the normal behavior isn't it?? i checked in other different
> domains and i saw the same thing - Only the first domain (root) is
> the only that has the folder for _MSDCS.GC, _MSDCS.Domains and the
> ForestDnsZones. The other domains only have under _msdcs, the pdc
> folder and dc folder. another interesting thing is that only the root
> domain has the Guids under _msdcs for all existent domains in the
> forest).

Bill,

Thank you for the details.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Bill Grant" <not.available@online> wrote in message news:uk6N$TEXGHA.3972@TK2MSFTNGP02.phx.gbl...
As Robert said in the original post, using a DC as a router is not a
good idea. Using it as the host of a site-to-site VPN link is an even worse
idea.

The main problem is that the server becomes mulihomed. This fouls up the
name resolution and browsing. This was a big problem in NT and you still
have the same problems with Netbios names in in W2k/W2k3 . In addition, the
use of dynamic registration in DNS means that you also have similar problems
with DNS names, since more than one interface (and therefore more than one
IP) registers the machine's name.

The fix for Netbios problems is still much the same as in NT. You need
to disable Netbios over TCP/IP on all interfaces except the private LAN NIC.
If you are using WINS, you need to then check for (and remove) any stored
references to the "wrong" IP addresses attached to the server's name.
Disabling Netbios over TCP/IP on the "internal" RRAS interface can have some
bad effects in particular cases. This is discussed in KB830063 .

The situation with DNS is similar. In some cases you can get around the
problem simply by setting your DNS server to listen only on its LAN
interface. If this doesn't work, you need to prevent the RAS interface from
registering in DNS as described in KB292822.

Network browsing uses broadcasts and the computer browser service. This
will not work across a WAN without WINS (just as it will not work in a
routed network without WINS). You can have all machines in both sites
registering with a single WINS server. If you have a WINS server in each
site, you will need to set them up to replicate for the browser service (and
Netbios name resolution)to work properly across the link.

Jmnts wrote:
> yes it is a great article but didn't worked in my case....
> any more ideas??
>
> (just one thing that i couldn't change, at some point the article
> says: if the domain is a gc create a record... under msdcs.gc folder,
> is strange because this folder ( msdcs\GC) isn't available on one of
> the servers (DC2) and this server is a gc!!! I only have the GC
> folder on the 1st created dns domain that belong to the DC1?? the
> ForestDnsZones are only visible also on the first domain!!! I believe
> that is the normal behavior isn't it?? i checked in other different
> domains and i saw the same thing - Only the first domain (root) is
> the only that has the folder for _MSDCS.GC, _MSDCS.Domains and the
> ForestDnsZones. The other domains only have under _msdcs, the pdc
> folder and dc folder. another interesting thing is that only the root
> domain has the Guids under _msdcs for all existent domains in the
> forest).

Hi Robert and Bill and thank you for your time.

Finally I convinced my client to place to separate routers to serve Vpn
requests.

Hi Bill

I'm aware of the problems related to the use of a Dc with Rras. But the gold
here was to solve this problems. That's why I posted the problem in this
newsgroup in the first place. I thought that you "RRAS-Gurus" come up with
some solution, and in fact the Robert indicated me the link for starting up
the resolution for this type of problem "
http://www.howtonetworking.com/casestudy/rraswithdcdnswins1.htm ". In my
case it still not working, but i'm going to set up a lab to try to resolve
this situation, and then i'll come up with the results here.

Any way thanks for you both for your time.



--
Best Regards
Systems Administrator
MCSA + Exchange



"Bill Grant" <not.available@online> wrote in message
news:uk6N$TEXGHA.3972@TK2MSFTNGP02.phx.gbl...
> As Robert said in the original post, using a DC as a router is not a
> good idea. Using it as the host of a site-to-site VPN link is an even
> worse idea.
>
> The main problem is that the server becomes mulihomed. This fouls up
> the name resolution and browsing. This was a big problem in NT and you
> still have the same problems with Netbios names in in W2k/W2k3 . In
> addition, the use of dynamic registration in DNS means that you also have
> similar problems with DNS names, since more than one interface (and
> therefore more than one IP) registers the machine's name.
>
> The fix for Netbios problems is still much the same as in NT. You need
> to disable Netbios over TCP/IP on all interfaces except the private LAN
> NIC. If you are using WINS, you need to then check for (and remove) any
> stored references to the "wrong" IP addresses attached to the server's
> name. Disabling Netbios over TCP/IP on the "internal" RRAS interface can
> have some bad effects in particular cases. This is discussed in KB830063 .
>
> The situation with DNS is similar. In some cases you can get around the
> problem simply by setting your DNS server to listen only on its LAN
> interface. If this doesn't work, you need to prevent the RAS interface
> from registering in DNS as described in KB292822.
>
> Network browsing uses broadcasts and the computer browser service. This
> will not work across a WAN without WINS (just as it will not work in a
> routed network without WINS). You can have all machines in both sites
> registering with a single WINS server. If you have a WINS server in each
> site, you will need to set them up to replicate for the browser service
> (and Netbios name resolution)to work properly across the link.
>
> Jmnts wrote:
>> yes it is a great article but didn't worked in my case....
>> any more ideas??
>>
>> (just one thing that i couldn't change, at some point the article
>> says: if the domain is a gc create a record... under msdcs.gc folder,
>> is strange because this folder ( msdcs\GC) isn't available on one of
>> the servers (DC2) and this server is a gc!!! I only have the GC
>> folder on the 1st created dns domain that belong to the DC1?? the
>> ForestDnsZones are only visible also on the first domain!!! I believe
>> that is the normal behavior isn't it?? i checked in other different
>> domains and i saw the same thing - Only the first domain (root) is
>> the only that has the folder for _MSDCS.GC, _MSDCS.Domains and the
>> ForestDnsZones. The other domains only have under _msdcs, the pdc
>> folder and dc folder. another interesting thing is that only the root
>> domain has the Guids under _msdcs for all existent domains in the
>> forest).
>
>