can you identify if this is a dns issue..

Archived from groups: microsoft.public.win2000.dns (More info?)

To All,
I got no help from Cisco tac at all, and want to see if anyone here can give
me a direction.

I am able to VPN into our network from client PC with cisco VPN client
program, and PING servers IPs without problems. (I am able to PING by host
name only after using lmhost file) However, I cannot browse neighborhood PCs
or access servers by using either IP or host name. (for example,
\\server\shared or \\192.168.100.100\shared ) I have domain name, DNS server
and WIN server IP configured in the router (Cisco 2600)

Cisco tac kicked me back and said it's a microsoft dns issue. HELP!!!!


Calvin
5 answers Last reply
More about identify issue
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:OCcLK8NeEHA.236@tk2msftngp13.phx.gbl,
    Calvin C. <CChang@mjlm.com> asked for help and I offered my suggestions
    below:
    > To All,
    > I got no help from Cisco tac at all, and want to see if anyone here
    > can give me a direction.
    >
    > I am able to VPN into our network from client PC with cisco VPN client
    > program, and PING servers IPs without problems. (I am able to PING by
    > host name only after using lmhost file) However, I cannot browse
    > neighborhood PCs or access servers by using either IP or host name.
    > (for example, \\server\shared or \\192.168.100.100\shared ) I have
    > domain name, DNS server and WIN server IP configured in the router
    > (Cisco 2600)
    >
    > Cisco tac kicked me back and said it's a microsoft dns issue. HELP!!!!
    >
    >
    > Calvin

    DNS just resolves names to IP addresses. I can't see it being a DNS problem
    if you're saying you can't even connect by an IP address, but you can ping
    it (which means that at least ICMP is allowed), but from what you're saying,
    it's a "something is being blocked" issue, and based on your description,
    obviously it's NOT a DNS issue. If you can't resolve, then port UDP &TCP 53
    are blocked. If you cannot connect to any shares, or Network Neighborhood is
    not population, then 139 and/or 445 are blocked. WINS uses port 42. If you
    can't log into the domain, then that's about a dozen other ports being
    blocked.

    Does your client machine have a personal firewall installed? ICF running? IP
    access rules on the router stopping you? Are you allowing routing from your
    VPN client into your network? Proxy or ISA installed?

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    Maybe these will help...

    http://support.microsoft.com/default.aspx?scid=kb;en-us;830063

    http://support.microsoft.com/default.aspx?scid=kb;en-us;292822

    Lee


    "Ace Fekay [MVP]"
    <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
    message news:eZnyzUReEHA.2784@TK2MSFTNGP10.phx.gbl...
    > In news:OCcLK8NeEHA.236@tk2msftngp13.phx.gbl,
    > Calvin C. <CChang@mjlm.com> asked for help and I offered my suggestions
    > below:
    > > To All,
    > > I got no help from Cisco tac at all, and want to see if anyone here
    > > can give me a direction.
    > >
    > > I am able to VPN into our network from client PC with cisco VPN client
    > > program, and PING servers IPs without problems. (I am able to PING by
    > > host name only after using lmhost file) However, I cannot browse
    > > neighborhood PCs or access servers by using either IP or host name.
    > > (for example, \\server\shared or \\192.168.100.100\shared ) I have
    > > domain name, DNS server and WIN server IP configured in the router
    > > (Cisco 2600)
    > >
    > > Cisco tac kicked me back and said it's a microsoft dns issue. HELP!!!!
    > >
    > >
    > > Calvin
    >
    > DNS just resolves names to IP addresses. I can't see it being a DNS
    problem
    > if you're saying you can't even connect by an IP address, but you can ping
    > it (which means that at least ICMP is allowed), but from what you're
    saying,
    > it's a "something is being blocked" issue, and based on your description,
    > obviously it's NOT a DNS issue. If you can't resolve, then port UDP &TCP
    53
    > are blocked. If you cannot connect to any shares, or Network Neighborhood
    is
    > not population, then 139 and/or 445 are blocked. WINS uses port 42. If you
    > can't log into the domain, then that's about a dozen other ports being
    > blocked.
    >
    > Does your client machine have a personal firewall installed? ICF running?
    IP
    > access rules on the router stopping you? Are you allowing routing from
    your
    > VPN client into your network? Proxy or ISA installed?
    >
    > --
    > Regards,
    > Ace
    >
    > Please direct all replies ONLY to the Microsoft public newsgroups
    > so all can benefit.
    >
    > This posting is provided "AS-IS" with no warranties or guarantees
    > and confers no rights.
    >
    > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    > Microsoft Windows MVP - Windows Server - Directory Services
    >
    > Security Is Like An Onion, It Has Layers
    > HAM AND EGGS: A day's work for a chicken;
    > A lifetime commitment for a pig.
    > --
    > =================================
    >
    >
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:OHiS3nSeEHA.384@TK2MSFTNGP10.phx.gbl,
    Leon E. Webster, MCSE <leweb2000@hotmail.com> either posted for help, or
    replied to my previous response, or just wanted to comment or offer an
    addition, which spurred me to reply below
    > Maybe these will help...
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;830063
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;292822
    >
    > Lee
    >

    Hi Lee,

    I believe the poster said he is using Cisco's VPN services on his router or
    PIX (didn't state which) and the Cisco VPN client for connectivity and not
    Windows RAS.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    Thanks Ace and Lee,
    Yes, we're using Cisco VPN client and Cisco router (2600 gateway)
    No personal firewall, ICF, Proxy or ISA. Not sure about IP access rules on
    router or allowing routing from VPN client but I guess not. (It's our vendor
    to configure the router and VPN, but cannot figure out the problem either)

    I've sent my VPN config to Cisco tech, and he said it's fine so I try to
    find a clue from MS side.

    THanks again.


    "Ace Fekay [MVP]"
    <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
    message news:eCOxTmceEHA.2908@TK2MSFTNGP10.phx.gbl...
    > In news:OHiS3nSeEHA.384@TK2MSFTNGP10.phx.gbl,
    > Leon E. Webster, MCSE <leweb2000@hotmail.com> either posted for help, or
    > replied to my previous response, or just wanted to comment or offer an
    > addition, which spurred me to reply below
    > > Maybe these will help...
    > >
    > > http://support.microsoft.com/default.aspx?scid=kb;en-us;830063
    > >
    > > http://support.microsoft.com/default.aspx?scid=kb;en-us;292822
    > >
    > > Lee
    > >
    >
    > Hi Lee,
    >
    > I believe the poster said he is using Cisco's VPN services on his router
    or
    > PIX (didn't state which) and the Cisco VPN client for connectivity and not
    > Windows RAS.
    >
    > --
    > Regards,
    > Ace
    >
    > Please direct all replies ONLY to the Microsoft public newsgroups
    > so all can benefit.
    >
    > This posting is provided "AS-IS" with no warranties or guarantees
    > and confers no rights.
    >
    > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    > Microsoft Windows MVP - Windows Server - Directory Services
    >
    > Security Is Like An Onion, It Has Layers
    > HAM AND EGGS: A day's work for a chicken;
    > A lifetime commitment for a pig.
    > --
    > =================================
    >
    >
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:OrtTszleEHA.2532@TK2MSFTNGP09.phx.gbl,
    Calvin C. <CChang@mjlm.com> made a post then I commented below
    > Thanks Ace and Lee,
    > Yes, we're using Cisco VPN client and Cisco router (2600 gateway)
    > No personal firewall, ICF, Proxy or ISA. Not sure about IP access
    > rules on router or allowing routing from VPN client but I guess not.
    > (It's our vendor to configure the router and VPN, but cannot figure
    > out the problem either)
    >
    > I've sent my VPN config to Cisco tech, and he said it's fine so I try
    > to find a clue from MS side.
    >
    > THanks again.


    I still think it's something on their end, but I'm not trying to pass the
    buck. I'm just saying that based on your description. You said that you can
    ping by IP, but you cannot connect by IP, FQDN or computer name. Smply
    stating that connecting by IP is the base method and easiest method to test
    connectivity that does not utilize DNS. IF you cannot connect by IP, but can
    ping it, then its telling me there's something blocking the connection,
    meaning something is blocking the ports required to make a connection,
    mapped drive, or whatever you;re trying to do, something such as a firewall
    rule, an IP access list or even ICF. DNS from your description, does not
    seem to be a factor here.

    Maybe it's NAT. If mutliple internal NAT subnets are routing between each
    other on a Windows NAT/RAS server, then I've seen issues with H.323 support,
    since that squashes the PDUs required for LDAP communication, but this
    applies to AD communication. In that case, we would kill H.323 support. But
    since you are using a Cisco connection, and you state that you are not using
    a Windows RAS server for VPN connectivity, then it seems to point back to
    the Cisco VPN service.

    Do you have multiple internal NAT subnets? If using private IP addressing,
    what is offering NAT, the Cisco router or Windows?


    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
Ask a new question

Read More

Cisco DNS Servers Windows