Primary DNS suffix dropping to secondary
Recently our web hosting company did a server migration and had to change our domain dns to point the A records to the new IP address: 174.xxx.xxx.xxx. After they did that, my users that VPN into the network started having an interesting problem. They can access the network, but when they try to run a program that calls up our SQL server by name, they are pointed back out to the changed IP address (174.xxx.xxx.xxx). If I try to ping the server while connected via VPN, it tries to resolve to our domain (mydomain.org) instead of the primary local domain (correctdomain.local). When I check the DNS settings on the NIC, I find: Append these suffixes (in order) mydomain.org correctdomain.local If I reorder them, I can connect otherwise the connection times out. The program in question has worked in the past without any issues. I dread the thought of having to touch every laptop in my organization to reorder these DNS suffixes. We are running server 2K3 and my DNS server is located on my domain controller in house. The only hosted server we have is a webserver. Any help is greatly appreciated.
June 30th, 2010 5:45pm

Hi, I would recommend using group policy to specify DNS search suffixes: http://technet.microsoft.com/en-us/library/bb847901.aspx Is there still an A record for the name pointing to the old IP address in the mydomain.org namespace? If not, does clearing the DNS cache: ipconfig /flushdns work for fixing the name resolution? -- Mike Burr
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2010 6:42pm

Thank you for your response Mike. I tried using group policy and did a gpudate but to no avail. I haven't found any A records pointing to the old IP address. I have noticed that, even if I set the order of suffixes on the laptop that remotes in, it still reverts back upon starting a new session. I'm truly stumped.
June 30th, 2010 8:51pm

Where are the VPN users getting their DHCP information from? this is typically where this kind of problem and solution would show itself. :-)
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2010 9:24pm

Our DHCP server issues all IP addresses. These laptops are joined to the Domain but are taken home at night so the users can VPN in. I'm not seeing anything unusual so far but perhaps you can point me in a direction to look. The users are able to VPN in and connect to mapped drives as well as Exchange via their Outlook. They simply can't use our database program that relies on a startup script located on our SQL server. I have cleared the DNS cache from my server as well as flushed the DNS from a laptop without success.
June 30th, 2010 11:26pm

Have a user that is connected via VPN do an ipconfig /all. See what the IP address is and see if you see that IP on your DHCP server being handed out to that client. VPN adapters wont show you the DHCP server IP address unfortunatly. So if the IP doesnt show up on your DHCP server then it's being given to the clients by something different. Most likely the firewall. You will have to check your firewall configuration to see who is handing out the DHCP address for the VPN profiles and if they are configured correctly for the DNS suffix list.
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2010 4:04pm

Here's an update that may clarify the problem: When I ping the server IP when I have VPNed in, it will resolve to the correct FQDN. When I ping the server name, it will resolve to our hosted Domain instead of our local domain. eg: ping 192.168.xxx.xxx = myserver.domain.local ping myserver = myserver.domain.org (note that I am not pinging via FQDN) at 173.145.xxx.xxx (webserver IP address)
July 1st, 2010 4:44pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics