Persistent VPN name resolution problem

[Jerry Paquette]

Let me try this again with a bit more precision in the hope that someone
can help me.

At home I have two computers (both recent, high-end P4s) running XP pro.
Connection is DSL and the two home computers (laptop wireless) run
through a LinkSys BEFW1134 router (non-VPN=one VPN connection at a time
only) At the other end my office computer is configured as a Win2K
(SP4) server and is a subdomain of a large academic domain. Clients can
connect to VPN without problem. No problem with mapping back from host
to clients once VPN connection is established. I cannot, however, ping
or use terminal server by machine name directly to clients connected to
VPN although connection works fine by ip# if I look it up manually in WINS.

My server is assigning ip#s in the 172.xx.xx.xx range. The home router
is assigning ip#s starting with 192.168.1.100. Now the problem is that
if I ping on the home machine name ping tries to use the router rather
than server-assigned ips and, of course, nothing happens as below.

Pinging client_name.my_subdomain_name.next_level_subdomain
name.domain_name.ca [192.168.1.100] with

Request timed out.
Request timed out.
Request timed out.
Request timed out.

I thought that if the ip#s being assigned by the VPN host were different
from those assigned by the router this shouldn't happen!

Does anyone know what's going on here and how to fix it? I've spent a
lot of time ferreting through various related postings on Google but
none seem to get to the heart of this particular problem.

Thank you for any help.

 

[Jerry Paquette]

PS--Client machines have my WINS server address set in the TCP/IP setup
for VPN but not for the NIC. In any case WINS is getting the correct
address assigned by my server.

 

[Jerry Paquette]

Finally, simply putting my server at the top of the TCP/IP DNS list on
the server solved the problem!

 

[Jerry Paquette]

Good grief--it worked fine--for about 20 minutes. Now the problem is
back again!!!!

 

[Jerry Paquette]

Okay--I'm quite sure I've got it now. Server ip at top of list on both
server and client DNS list and use actual DNS server numbers (rather
than obtain DNS server address automatically) on client and server
TCP/IP NIC setups and everything works the way it should!

 

[Jerry Paquette]

NO--it works for a while with the new settings--even for several VPN
connects and disconnects--and then it stops--same as before!

 

[Joe Mine]

Jerry,
Have you had a look at Microsoft article 292822 - Name Resolution
and Connectivity Issues on Windows 2000 Domain with Routing and Remote
Access and DNS installed.
That's the root of your problem.

 

[Jerry Paquette]

I finally found the solution to this problem last night and I am posting
this to try to spare anyone else the difficulty I've had in arriving at
a solution. On the DNS tab of TCP/IP properties>advanced is a "Register
this connection's addresses in DNS." By default this box is checked.
It apparently places the fully qualified domain name of the client XP
machine in the DCHP cache of the server--and it appears that (at least
with Win2k SP4 the cache is searched before WINS). Unchecking the box
on the XP clients eliminates the problem. Ping and winsock apps like
terminal server work fine from server to client over a VPN using just
the client NetBios machine name once this box is unchecked.

I hope this eventually helps someone else.

 

[Bill Grant]

It is also a good idea to modify the DNS server so that it only listens
on the LAN interface.

 

[Jerry Paquette]

Thank you!