question

ElTistou-6106 avatar image
0 Votes"
ElTistou-6106 asked ElTistou-6106 commented

When VPN enabled, lost DNS and DCO / Event ID 8015, 334 ...

Hello all,
On a Windows Server 2019, when I'm connected on the VPN (IKEV), I lost the connection with local DNS (event ID : 8015).
I lost the communication with my DC (event ID : 334, 5719, 1054).
Of course when I try to connect on shared folder : \\nameofcomputer it don't work ... (by IP : yes).
When someone connect on this server it's very long and the VPN disconnect.
NSLookup show that it's the DNS remote who is by default.
So I change the metric, I enter "1" on my network adapter.
NSLookup show :
DNS Request timed out
Default server : Unknow
Address : 192.168.0.1

Thanks in advance for your help.







windows-serverwindows-dhcp-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ElTistou-6106 avatar image
0 Votes"
ElTistou-6106 answered ElTistou-6106 commented

Hello,

When I'm connected on the VPN I can't resolve the address with my local DNS.
I can contact with a ping or again with the SMB protocol "\\192.168.0.1".
I've two network cards : one for the local area (192.168.0....) and other one for the VPN (10.59.40).

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,

you have two network cards, and that is probably the problem.

Before VPN connection, the default gateway is the local network on the local area/network card.
After VPN connection, the default gateway is the VPN with the second network card.

It should be only the network card/default gateway that should know, what is local and what is remote/VPN.

You can try to change the metric, but the result will be hazardous.

Regards,


0 Votes 0 ·

Hello,

In fact, I've tried with one network card and with two and the result is the same.
With one network card when I connect to the VPN the nslookup indicate the address 172.11.170.131.
When I change the metric it indicate : 192.168.0.1 (my server) but timed out (previous screenshot).
We agree that the box "use default gateway" is uncheck.
So in this case the metric work but again one more time : no DNS communication.
However the ping works.

0 Votes 0 ·
SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered

Hi,

Thanks for posting in Q&A platform.

My understanding is when IKEv2 VPN is connected, you cannot connect to the DNS server. And as provided screenshots, my understanding is the IP address of VPN connection is 10.59.40.118 and the IP address of DNS server is 192.168.0.1. Please correct me if my understanding is wrong. Please make sure that these 2 subnet can connect with each other via a specific router.

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ElTistou-6106 avatar image
0 Votes"
ElTistou-6106 answered

I don't understand why the firewall would be the source of this problem.
Because when I'm disconnected from the VPN all work.

I've deactivated the Firewall and the problem is always present.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

Looks like a firewall is blocking. I'd check the required ports are flowing between networks.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
https://www.microsoft.com/en-us/download/details.aspx?id=24009

--please don't forget to Accept as answer if the reply is helpful--










5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ElTistou-6106 avatar image
0 Votes"
ElTistou-6106 answered

96876-image.png



image.png (71.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

DNS request timed out

I'd check the correct DNS server are being used. Generally a vpn client connection inherits the DNS servers used on the RRAS server.

--please don't forget to Accept as answer if the reply is helpful--







5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ElTistou-6106 avatar image
0 Votes"
ElTistou-6106 answered

I have not explained enough.

In fact "use default gateway on remote desktop" don't change the result (check or uncheck).
The ipconfig of VPN is the same :
gateway : 0.0.0.0

And the nslookup give always : "DNS request timed out" (witch change metric).

I said "no option "gateway"" to put a IP address.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

96837-image.png


--please don't forget to Accept as answer if the reply is helpful--







image.png (1.8 MiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ElTistou-6106 avatar image
0 Votes"
ElTistou-6106 answered

There is no option "gateway" in the VPN properties.

96875-image.png



image.png (48.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.