[isalist] Re: NetBios Name Server - Denied
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 22 Oct 2012 19:38:05 +0000
The fact that you see NBNS broadcasts from your VPN clients under these
circumstances tells me that they're not resolving the target host names via DNS
(or WINS, for that matter).
Without going into the deep, dark mysteries of Windows name resolution, the
basic name resolution process uses DNS, then WINS, and finally, NBNS Bcst.
You need to make sure that:
1. your DHCP client names are being properly registered and updated in
your internal DNS structure
2. the VPN clients
a. are configured to use the internal DNS servers where the DHCP clients
register
b. use the proper DNS suffix for unqualified name resolution
If you can connect using fully-qualified names or by IP address, but fail to
connect using unqualified names, you've just proven the "unqualified name
resolution failure" part of the theory.
HTH,
Jim
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Tom Rogers
Sent: Monday, October 22, 2012 12:14
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] NetBios Name Server - Denied
Have an interesting problem on my TMG 2010 firewall. When I VPN in, the only
clients on my internal network that I can RDP to, are those with STATIC IP
Addresses. Any clients assigned a IP addr by DHCP, I cannot RDP connect to.
My TMG log throws the error "NetBios Name Server - Denied Connection"
Is this because I do not have the "DHCP Relay Agent" properly configured on the
TMG Server?
I am currently using static assigned IP addresses on my TMG Server to VPN
clients. Internal network is 192.168.1.x, VPN assigned is a pool of 10
addresses in the 192.168.100.x range.
I do have the article on properly setting up the "DHCP Relay Agent", if this is
my issue. Just wanted to make sure first. Yes, I'll do a TMG Config backup
first :)
This article was written for W2K3 and ISA 2004 but looks like I can I still
apply the principles to TMG 2010 and W2K8 R2.
Tom Rogers
Systems Administrator
Schneider Packaging Equipment
________________________________
This email and any files transmitted with it are
confidential and intended solely for the use of the
individual or entity to whom they are addressed.
If you have received this email in error please notify
the system manager. This message contains
confidential information and is intended only for the
individual named. If you are not the named addressee
you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately by e-mail
if you have received this e-mail by mistake and delete
this e-mail from your system. If you are not the
intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance
on the contents of this information is strictly prohibited.
P Please consider the environment before printing this email.
From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Stefaan Pouseele
Sent: Monday, October 15, 2012 12:05 PM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: Any more TMG upgrades?
Check out
http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx.
HTH,
Stefaan
From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore
Sent: maandag 15 oktober 2012 17:24
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] Any more TMG upgrades?
Can anyone tell me if there will be any more TMG version upgrades?
I ask because we are nearing the date where we have to renew our Software
Assurance on TMG, and I'm trying to decide if I should renew it or not. I'm
thinking "not," but I'd like to know for sure.
Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870
Helpdesk: 800-500-AFSC
Other related posts:
