The fact that you see NBNS broadcasts from your VPN clients under these circumstances tells me that they're not resolving the target host names via DNS (or WINS, for that matter). Without going into the deep, dark mysteries of Windows name resolution, the basic name resolution process uses DNS, then WINS, and finally, NBNS Bcst. You need to make sure that: 1. your DHCP client names are being properly registered and updated in your internal DNS structure 2. the VPN clients a. are configured to use the internal DNS servers where the DHCP clients register b. use the proper DNS suffix for unqualified name resolution If you can connect using fully-qualified names or by IP address, but fail to connect using unqualified names, you've just proven the "unqualified name resolution failure" part of the theory. HTH, Jim From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers Sent: Monday, October 22, 2012 12:14 To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] NetBios Name Server - Denied Have an interesting problem on my TMG 2010 firewall. When I VPN in, the only clients on my internal network that I can RDP to, are those with STATIC IP Addresses. Any clients assigned a IP addr by DHCP, I cannot RDP connect to. My TMG log throws the error "NetBios Name Server - Denied Connection" Is this because I do not have the "DHCP Relay Agent" properly configured on the TMG Server? I am currently using static assigned IP addresses on my TMG Server to VPN clients. Internal network is 192.168.1.x, VPN assigned is a pool of 10 addresses in the 192.168.100.x range. I do have the article on properly setting up the "DHCP Relay Agent", if this is my issue. Just wanted to make sure first. Yes, I'll do a TMG Config backup first :) This article was written for W2K3 and ISA 2004 but looks like I can I still apply the principles to TMG 2010 and W2K8 R2. Tom Rogers Systems Administrator Schneider Packaging Equipment ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. P Please consider the environment before printing this email. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Stefaan Pouseele Sent: Monday, October 15, 2012 12:05 PM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: Any more TMG upgrades? Check out http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx. HTH, Stefaan From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: maandag 15 oktober 2012 17:24 To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Any more TMG upgrades? Can anyone tell me if there will be any more TMG version upgrades? I ask because we are nearing the date where we have to renew our Software Assurance on TMG, and I'm trying to decide if I should renew it or not. I'm thinking "not," but I'd like to know for sure. Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Helpdesk: 800-500-AFSC