Direct Access - Changing WAN address, get DNS error
I have Direct Access solution up and running for a year now. When changing the WAN addresses on the external interface. DNS Server shows error when starting DA Monitor:
The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be
temporarily unavailable, or may be incorrectly configured. 2002:c1d6:6664:1:0:5efe:192.168.3.10.100
DAMonitor.log reports: DnsValidateServerArray subStatus: I have not changed any firewall settings. Any idea what could be wrong here?
Kind regards,
Katrin
February 21st, 2011 4:04am
If you've updated the WAN address, have you also updated the DNS records pointing to that interface so your clients can reach the new destination? If the server is NAT'd, have you updated the firewalls config to direct the external IP via NAT to the serves
internal IP?
These two might be useful :
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/a7720ea4-1bbf-41d2-8a64-53babf632530/
http://technet.microsoft.com/en-us/library/ee624058%28WS.10%29.aspx
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2011 7:59am
Hi!
Here is the DNS error that occures on DA server when starting DA Monitor:
The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 2002:c1d6:6664:1:0:5efe:192.168.3.100
Kind regards,
February 22nd, 2011 7:37am
Hi!
The A record in the internet DNS server is changed. It's the internal DNS DA Monitor reports error on.
Katrin
Free Windows Admin Tool Kit Click here and download it now
February 22nd, 2011 7:38am
Hi!
I have now found the solution:
First change the WAN addresses. The ISATAP address changes now. Restart the internal DNS server which DA is using. Run nslokup InternalDNSdomainname. Then you will se two ipv6 addresses. Depending on the scavering schedule on your DNS server the old
ISATAP address still exists i DNS for the DNS server. You have to remove the old (same as parent folder) record. When running nslookup InternalDNSdomainname you will not see the OLD ISATAP address. Run the DA Wizard and check that the new IPv6 address is appearing
when internal domain is selcted.
Restart other resource servers which are used through DA.
Kind regards,
Katrin
March 6th, 2011 6:35am