Sign in with
Sign up | Sign in
Your question

can you identify if this is a dns issue..

Last response: in Windows 2000/NT
Share
Anonymous
August 2, 2004 9:17:30 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

To All,
I got no help from Cisco tac at all, and want to see if anyone here can give
me a direction.

I am able to VPN into our network from client PC with cisco VPN client
program, and PING servers IPs without problems. (I am able to PING by host
name only after using lmhost file) However, I cannot browse neighborhood PCs
or access servers by using either IP or host name. (for example,
\\server\shared or \\192.168.100.100\shared ) I have domain name, DNS server
and WIN server IP configured in the router (Cisco 2600)

Cisco tac kicked me back and said it's a microsoft dns issue. HELP!!!!


Calvin

More about : identify dns issue

Anonymous
August 3, 2004 4:48:56 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:o CcLK8NeEHA.236@tk2msftngp13.phx.gbl,
Calvin C. <CChang@mjlm.com> asked for help and I offered my suggestions
below:
> To All,
> I got no help from Cisco tac at all, and want to see if anyone here
> can give me a direction.
>
> I am able to VPN into our network from client PC with cisco VPN client
> program, and PING servers IPs without problems. (I am able to PING by
> host name only after using lmhost file) However, I cannot browse
> neighborhood PCs or access servers by using either IP or host name.
> (for example, \\server\shared or \\192.168.100.100\shared ) I have
> domain name, DNS server and WIN server IP configured in the router
> (Cisco 2600)
>
> Cisco tac kicked me back and said it's a microsoft dns issue. HELP!!!!
>
>
> Calvin

DNS just resolves names to IP addresses. I can't see it being a DNS problem
if you're saying you can't even connect by an IP address, but you can ping
it (which means that at least ICMP is allowed), but from what you're saying,
it's a "something is being blocked" issue, and based on your description,
obviously it's NOT a DNS issue. If you can't resolve, then port UDP &TCP 53
are blocked. If you cannot connect to any shares, or Network Neighborhood is
not population, then 139 and/or 445 are blocked. WINS uses port 42. If you
can't log into the domain, then that's about a dozen other ports being
blocked.

Does your client machine have a personal firewall installed? ICF running? IP
access rules on the router stopping you? Are you allowing routing from your
VPN client into your network? Proxy or ISA installed?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
Anonymous
August 3, 2004 6:17:34 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Maybe these will help...

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063

http://support.microsoft.com/default.aspx?scid=kb;en-us;292822

Lee


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:eZnyzUReEHA.2784@TK2MSFTNGP10.phx.gbl...
> In news:o CcLK8NeEHA.236@tk2msftngp13.phx.gbl,
> Calvin C. <CChang@mjlm.com> asked for help and I offered my suggestions
> below:
> > To All,
> > I got no help from Cisco tac at all, and want to see if anyone here
> > can give me a direction.
> >
> > I am able to VPN into our network from client PC with cisco VPN client
> > program, and PING servers IPs without problems. (I am able to PING by
> > host name only after using lmhost file) However, I cannot browse
> > neighborhood PCs or access servers by using either IP or host name.
> > (for example, \\server\shared or \\192.168.100.100\shared ) I have
> > domain name, DNS server and WIN server IP configured in the router
> > (Cisco 2600)
> >
> > Cisco tac kicked me back and said it's a microsoft dns issue. HELP!!!!
> >
> >
> > Calvin
>
> DNS just resolves names to IP addresses. I can't see it being a DNS
problem
> if you're saying you can't even connect by an IP address, but you can ping
> it (which means that at least ICMP is allowed), but from what you're
saying,
> it's a "something is being blocked" issue, and based on your description,
> obviously it's NOT a DNS issue. If you can't resolve, then port UDP &TCP
53
> are blocked. If you cannot connect to any shares, or Network Neighborhood
is
> not population, then 139 and/or 445 are blocked. WINS uses port 42. If you
> can't log into the domain, then that's about a dozen other ports being
> blocked.
>
> Does your client machine have a personal firewall installed? ICF running?
IP
> access rules on the router stopping you? Are you allowing routing from
your
> VPN client into your network? Proxy or ISA installed?
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
Related resources
Anonymous
August 4, 2004 2:20:05 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:o HiS3nSeEHA.384@TK2MSFTNGP10.phx.gbl,
Leon E. Webster, MCSE <leweb2000@hotmail.com> either posted for help, or
replied to my previous response, or just wanted to comment or offer an
addition, which spurred me to reply below
> Maybe these will help...
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;830063
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;292822
>
> Lee
>

Hi Lee,

I believe the poster said he is using Cisco's VPN services on his router or
PIX (didn't state which) and the Cisco VPN client for connectivity and not
Windows RAS.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
Anonymous
August 4, 2004 6:51:04 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks Ace and Lee,
Yes, we're using Cisco VPN client and Cisco router (2600 gateway)
No personal firewall, ICF, Proxy or ISA. Not sure about IP access rules on
router or allowing routing from VPN client but I guess not. (It's our vendor
to configure the router and VPN, but cannot figure out the problem either)

I've sent my VPN config to Cisco tech, and he said it's fine so I try to
find a clue from MS side.

THanks again.


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:eCOxTmceEHA.2908@TK2MSFTNGP10.phx.gbl...
> In news:o HiS3nSeEHA.384@TK2MSFTNGP10.phx.gbl,
> Leon E. Webster, MCSE <leweb2000@hotmail.com> either posted for help, or
> replied to my previous response, or just wanted to comment or offer an
> addition, which spurred me to reply below
> > Maybe these will help...
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;830063
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;292822
> >
> > Lee
> >
>
> Hi Lee,
>
> I believe the poster said he is using Cisco's VPN services on his router
or
> PIX (didn't state which) and the Cisco VPN client for connectivity and not
> Windows RAS.
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
Anonymous
August 4, 2004 10:06:13 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:o rtTszleEHA.2532@TK2MSFTNGP09.phx.gbl,
Calvin C. <CChang@mjlm.com> made a post then I commented below
> Thanks Ace and Lee,
> Yes, we're using Cisco VPN client and Cisco router (2600 gateway)
> No personal firewall, ICF, Proxy or ISA. Not sure about IP access
> rules on router or allowing routing from VPN client but I guess not.
> (It's our vendor to configure the router and VPN, but cannot figure
> out the problem either)
>
> I've sent my VPN config to Cisco tech, and he said it's fine so I try
> to find a clue from MS side.
>
> THanks again.


I still think it's something on their end, but I'm not trying to pass the
buck. I'm just saying that based on your description. You said that you can
ping by IP, but you cannot connect by IP, FQDN or computer name. Smply
stating that connecting by IP is the base method and easiest method to test
connectivity that does not utilize DNS. IF you cannot connect by IP, but can
ping it, then its telling me there's something blocking the connection,
meaning something is blocking the ports required to make a connection,
mapped drive, or whatever you;re trying to do, something such as a firewall
rule, an IP access list or even ICF. DNS from your description, does not
seem to be a factor here.

Maybe it's NAT. If mutliple internal NAT subnets are routing between each
other on a Windows NAT/RAS server, then I've seen issues with H.323 support,
since that squashes the PDUs required for LDAP communication, but this
applies to AD communication. In that case, we would kill H.323 support. But
since you are using a Cisco connection, and you state that you are not using
a Windows RAS server for VPN connectivity, then it seems to point back to
the Cisco VPN service.

Do you have multiple internal NAT subnets? If using private IP addressing,
what is offering NAT, the Cisco router or Windows?



--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
!