Direct Access - Changing WAN address, get DNS error (Network Steve Forum)

Direct Access - Changing WAN address, get DNS error

I have Direct Access solution up and running for a year now. When changing the WAN addresses on the external interface. DNS Server shows error when starting DA Monitor: The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 2002:c1d6:6664:1:0:5efe:192.168.3.10.100 DAMonitor.log reports: DnsValidateServerArray subStatus: I have not changed any firewall settings. Any idea what could be wrong here? Kind regards, Katrin

February 21st, 2011 4:04am

If you've updated the WAN address, have you also updated the DNS records pointing to that interface so your clients can reach the new destination? If the server is NAT'd, have you updated the firewalls config to direct the external IP via NAT to the serves internal IP? These two might be useful : http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/a7720ea4-1bbf-41d2-8a64-53babf632530/ http://technet.microsoft.com/en-us/library/ee624058%28WS.10%29.aspx

Free Windows Admin Tool Kit Click here and download it now

February 21st, 2011 7:59am

Hi! Here is the DNS error that occures on DA server when starting DA Monitor: The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 2002:c1d6:6664:1:0:5efe:192.168.3.100 Kind regards,

February 22nd, 2011 7:37am

Hi! The A record in the internet DNS server is changed. It's the internal DNS DA Monitor reports error on. Katrin

Free Windows Admin Tool Kit Click here and download it now

February 22nd, 2011 7:38am

Hi! I have now found the solution: First change the WAN addresses. The ISATAP address changes now. Restart the internal DNS server which DA is using. Run nslokup InternalDNSdomainname. Then you will se two ipv6 addresses. Depending on the scavering schedule on your DNS server the old ISATAP address still exists i DNS for the DNS server. You have to remove the old (same as parent folder) record. When running nslookup InternalDNSdomainname you will not see the OLD ISATAP address. Run the DA Wizard and check that the new IPv6 address is appearing when internal domain is selcted. Restart other resource servers which are used through DA. Kind regards, Katrin

March 6th, 2011 6:35am

This topic is archived. No further replies will be accepted.