I've got a VPN server set up in my Active Directory on a remote network. (VPN Server is separate box from DNS/AD) When I dial into the network (client machine is not a member of the AD) the machine does not register its IP or Hostname in the DNS. I've played with all possible combinations of DHCP and RRAS-allocated IP pools, and none of them seem to cause my client to register. Is it because my client has to be a member of the domain? Are there some security settins I can tweak so that it can register its hostname/ip? I've looked in the event logs (System and Security) for the AD, DNS, DHCP, RRAS, and the client machine, and don't see anything relating to DNS Registration.
Here's the IPConfig on the client machine (once connected):
PPP adapter My VPN Name:
Connection-specific DNS Suffix . : mydomain.local
Description . . . . . . . . . . . : My VPN Name
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.22(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.52 <- DC1
192.168.1.53 <- DC2
NetBIOS over Tcpip. . . . . . . . : Enabled
Edit:
It looks like my clients are not recieving the DHCP Scoope Options. I found this great article in Microsoft's KB. So the problem here is that the VPN Server "pre-reserves" the DHCP addresses, but then you have to add the DHCP Relay Agent to relay the secondary request for scope options. My problem is that the DHCP Relay Agent isn't relaying to the local DHCP server (same box as the VPN/RRAS). I've configured the DHCP Relay Agent according to this KB, but it dosn't work for a local DHCP server. (I see the request count increasing, but no responses)
I was able to get everything working by specifying the DNS server and domain name in the VPN connection properties on the client. But am still unable to assign it (or the default gateway) dynamically via DHCP. The client also has to be a member of the remote domain.
-
Normally AD DNS zone updates are set to Secure Only. Since you are not using DHCP, DHCP will typically update DNS dynamically on behalf of the client. Try using ipconfig /registerdns and check the output of the command.
Eric Falsken : I've used DHCP with the /registerdns option. nothing in the local, DHCP, DNS, or RRAS event logs to indicate an error. I've also tried setting the DNS to allow insecure edits to the domain. Nothing in the event log to indicate a failure. (not even the security event log)From redknight
0 comments:
Post a Comment