Search

December 2006
M T W T F S S
« Nov   Jan »
 123
45678910
11121314151617
18192021222324
25262728293031

Remote Access Problem

December 12th, 2006 by

From: =?Utf-8?B?S2VtY28=?= <Kemco@discussions.microsoft.com>
Subject: Remote Access Problem
Date: Fri, 11 Aug 2006 13:31:02 -0700
Newsgroups: microsoft.public.windows.server.sbs


I have a customer who is experiencing an ongoing problem with their Remote Access.


They Have MS SBS 2003 Standard Edition and have a Zyxel Zywall 5 Internet firewall appliance.  The deal is that it is all set up and working properly and in approximately every day or so it will say server cannot be found.  Once they go in and run the remote access wizard again the problem stops and they are able to access with no problem.  They are using the Zywall to configure the DHCP and have a manual IP set for the Server.  I am not sure what is going on and if someone could help it would be very much appreciated.


Thank you all for your help.


Joe


**************************************


From: “Cris Hanna \(SBS-MVP\)”
Subject: Re: Remote Access Problem
Date: Fri, 11 Aug 2006 16:03:12 -0500
Newsgroups: microsoft.public.windows.server.sbs


I would strongly encourage you to turn off DCHP and any DNS on the Zyxel unit and have SBS provide these services as designed.



Cris Hanna [SBS-MVP]


**************************************


From: “Russ SBITS.Biz \(MCP SBS\)” <support att sbits ttod biz>
Subject: Re: Remote Access Problem
Date: Fri, 11 Aug 2006 15:08:00 -0700
Newsgroups: microsoft.public.windows.server.sbs


This Advice assumes you are running 1 NIC in your SBS box.
 
Having DHCP by the sbs box is Preferred and you will make your life easier.
I’m not trying to dis Cris, (Because what he said is Best Practice and Advice)
 
But you can keep the router as DHCP (I have some clients I go around and around on this.) But there is a fix.


First your SBS box must be correctly setup for the DNS to your ISP’s (PRI & SEC)


Then set the Primary DNS of the Router to the SBS box and the Secondary As your ISP’s
 
Then put in the Login Script
ipconfig /flushdns
 
Really not needed all the time, but instead of going to all the pcs.. After you do this, all your PC’s should have no problem seeing things.
 
If of course you still have problem, you will have to disable the DHCP on the Router.. Enable it on your SBS box, and Set scope etc etc…
 
Russ
 



Russell Grover
SBITS.Biz
Enterprise Solutions for Small Business
Microsoft Certified Small Business Specialist.
MCP, MCPS MCNPS, (MCP-SBS)
Portland/Beaverton Oregon USA
Live Support
href=”
http://www.sbits.biz/livehelp”http://www.sbits.biz/livehelp
Support @ SBITS.Biz
href=”
http://www.SBITS.Biz”http://www.SBITS.Biz


**************************************


From: “Steve Friedl [MVP]” <steve at uniwiz dot net>
Subject: Re: Remote Access Problem
Date: Sat, 12 Aug 2006 08:22:42 -0700
Newsgroups: microsoft.public.windows.server.sbs


Russ SBITS.Biz (MCP SBS)”  wrote:

“Then on the Router.
Then set the Primary DNS of the Router to the SBS box and the Secondary As your ISP’s”

I believe this is a very bad idea: when plugging in the IP address of multiple DNS servers, they must all return the same data for any given query or hard-to-debug problems will arise.
 
Of course, asking the SBS box and your ISP’s nameserver for (say) href=”
http://www.unixwiz.net”www.unixwiz.net will both return the same data,  and this applies to the whole internet at large, but for the *internal* domain of the SBS box – perhaps unixwiz.local – the two nameservers have no chance of returning the same data. the ISP won’t ever have an answer for this even though the SBS box would be fully able to answer it, so it will return “No such domain” to those who ask.
 
This is a recipe for havoc.
 
XP (at least) uses negative DNS caching, where “No such domain” is taken as an affirmative response rather than a transient failure, so they *remember that response*. This means that if the SBS machine is unavailable for even a moment, clients on the network asking for (say) server.unixwiz.local will learn that the name has no value, and won’t try the other machine later: they “know” that it’s a bad lookup.
 
Considering how much Windows relies on DNS for Active Directory stuff, negative caching of the local will destroy an entire network in short order, and the only real fix is to wait it out (for the TTL to expire) or reboot everything. It’s awful, and completely avoidable.


If the SBS machine is the only machine providing DNS, it’s actually better if clients get a timeout/no response error during DNS lookups, because these are considered transitory and will be retried in short order – there is no negative caching in this case.
 
It’s true that when SBS is down you also won’t be able to surf the internet (which wouldn’t be affected one way or another by this negative caching thing), the downside is so ugly that we-can’t-be-down environments should just get a second box to run AD-integrated DNS. Then either one of them can provide authoritative answers for the local domain or the public internet.
 
I suppose it’s possible to try hard and configure your router to do DHCP, but it’s unlikely that it’s going to be able to provide all the same information that the SBS box will, and getting dynamic DNS to work is going to be a lot more tricky. This is just a poor idea, but not the same kind of really bad idea that splitting your DNS authorities is.
 
Steve



Steve Friedl / UNIX Wizard / Microsoft Security MVP / href=”
http://www.unixwiz.net”www.unixwiz.net


**************************************


Date: Sat, 12 Aug 2006 13:20:04 PST
Subject: Re: Remote Access Problem
From: Hollis Paul
Newsgroups: microsoft.public.windows.server.sbs


You avoid this by putting the ISP’s name servers in the DNS forwarders list, and they are queried only after DNS have found no local reference.



Hollis Paul
Mukilteo, WA  USA


**************************************


From: “Russ SBITS.Biz \(MCP SBS\)”
Subject: Re: Remote Access Problem
Date: Sat, 12 Aug 2006 20:59:27 -0700
Newsgroups: microsoft.public.windows.server.sbs


UH, I’d hate to argue but it works perfect. Never had any DNS issues…


The SBS Takes care of DNS, and if it’s down, then the Router will use the ISPs DNS


Works Perfect, or it has for years anyway?


And Hellis is correct if you do have that issue, just make a DNS entry…


Russ



Russell Grover
SBITS.Biz
Enterprise Solutions for Small Business
Microsoft Certified Small Business Specialist.
MCP, MCPS MCNPS, (MCP-SBS)
Portland/Beaverton Oregon USA
Live Support
http://www.sbits.biz/livehelp
Support @ SBITS.Biz
http://www.SBITS.Biz


end slug


Posted using BlogJet

Posted in SBS03_Tips | No Comments »



Comments are closed.