Before I compose my pedantic response, I have to acknowledge the fact that
you said "connectoid." Only a bad ass such as yourself can get away with
any -oid reference on a Sunday night. I'm just you did not combine it with
"kernel mode data pump," or I may have wet myself.
Regarding the default NBT name lookup methods in Win2k, it is actually
different. Obviously the nbt cache is first- not withstanding that, if the
DHCP server did not set a node type for the client, or no WINS server is
explicitly set at the client, then b-node, or the broadcast method will be
used first, and then the lmhosts file lookup.
If a WINS server is configured by DHCP without specifically setting the node
type, or if the client has a WINS server set, the h-node will be used by
default. h-node will first directly query the WINS server, and then perform
a broadcast if necessary. The lmhosts file will be used after that.
These can be changed by registry setting at the client, which will set the
default regardless of any other default node type assignment, and even
overrides any DHCP node type assignment. This would be required if you have
no DHCP server node assignment, and you wish for the client to use m-node
(broadcast then WINS query) or p-node (WINS server only).
But of course, nbt name resolution sucks anyway.
t
http://www.ISAserver.org
What you have to remember is that since W2K, all 'normal' name resolution is handled thus:
if complex name, hand to DNS lookup local cache hosts file DNS server list (using domain name devolution)
if simple name or DNS lookup fails local NB name cache lmhosts file WINS server (if configured) WINS broadcast
Thus, it isn't "always" anything in particular, but it depends on the current configuration and especially in the case of VPN
connections, whether or not "use default gateway on remote network" is set in the connectoid.
If a DNS or WINS server is in the "local" net, then the client will use it if necessary (part of the DNS or WINS server list).
Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles!
----- Original Message ----- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, September 19, 2004 14:30
Subject: [isalist] RE: VPN Users having Issues connecting to internal resources
http://www.ISAserver.org
Hey guys,
I use daily a PPTP EAP-TLS connection to the office and have not experienced
that problem so far. The ISA 2000 SP2 is running on a fully patched Windows
2000 SP4 and the client is a Windows XP SP2. However, with the help of
Ethereal I've seen that occasionally the ISP DNS servers are tried instead
of the VPN assigned DNS servers, although without adverse effect.
HTH, Stefaan
-----Original Message----- From: Bryan D. Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx] Sent: zondag 19 september 2004 23:06 To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Users having Issues connecting to internal resources
http://www.ISAserver.org
So yeah that is what I have done as well.
Correct me if I am wrong - I always thought that when you are connected to vpn, that internal requests (same domain suffix) always went through your local dns. Is it all requests or just local domain requests, or does it actually try first on your ISP then if the DNS is not there it attempts local resolution through your VPN dns servers?
I ask because we did make some external DNS changes that has a wildcard entry sending all others to a specific address... but I was under the impression that VPN users used our internal DNS.
If the way it works is that it checks primary dns first then your VPN dns servers then this might be the source of our problem...
Thanks.
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Friday, September 17, 2004 10:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Users having Issues connecting to internal resources
http://www.ISAserver.org
Hi Bryan,
Normally this is not the case. However, I too have been plagued with this
problem since upgrading to SP2. I haven't worked out the issues yet, but I
have to get around it by keeping a shortcut to the HOSTS file on my desktop.
HTH, Tom
-----Original Message-----
From: Bryan D. Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, September 16, 2004 6:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN Users having Issues connecting to internal resources
http://www.ISAserver.org
It looks like to me that somehow when users are VPNd in they are still resolving DNS from their ISP DNS.
I am affected at home as well. When I ping an internal box via "ping tatl0s11" it adds the suffix and then tries to ping via the internet.
I had to create a host file entry to get my firewall client to reach isa.
I am not sure what has happened. Nothing changed that I can recall... event logs look normal. Rebooted client boxes, reset routers, etc.
Any thoughts as to where to start looking are appreciated.
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
