question

RodrigoGonalves-5037 avatar image
0 Votes"
RodrigoGonalves-5037 asked Gary-5708 answered

Windows Server 2016 RRAS and clients DNS

Dear all,

we have a Windows Server 2016 providing a VPN service to our users. The server is configured with a static address pool.

The server has a single interface with its DNS servers configured to our internal DNS servers.

When the clients connect to the VPN (through L2TP or PPTP), they do not receive our DNS servers list.

Any idea what may be happening?

windows-server-infrastructure
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

When using a static ip address pool for VPN clients the RRAS server assigns the same DNS servers to the clients that are configured in the TCP/IP properties of the server NIC that's bound to RRAS so I'd check that.


--please don't forget to Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RodrigoGonalves-5037 avatar image
0 Votes"
RodrigoGonalves-5037 answered

Hi DSPatrick, I have checked that and although the RRAS bound interface has two DNS servers defined, neither are being supplied for the clients.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Please post an unedited ipconfig /all of both problem client and VPN server.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered

Hi,

Thanks for posting here.

I agree with DSPatrick that when using a static ip address pool for VPN clients, the RRAS server assigns the same DNS servers that are configured in the TCP/IP properties of the RRAS server's NIC to the clients.

May I know if IP addresses in static address pool of VPN server are in the same subnet of VPN server's internal IP address?

As DSPatrick suggested, could you please help provide the result of "ipconfig /all" of impacted client and VPN server for us further troubleshooting?

Click Start==>type "cmd"==>right click Command Prompt==>select Run as administrator==>insert command "ipconfig /all"


Hope my answer will help you!

---Please Accept as answer if the reply is helpful---

Best Regards,
Sunny

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RodrigoGonalves-5037 avatar image
0 Votes"
RodrigoGonalves-5037 answered RodrigoGonalves-5037 edited

Dear DSPatrick, here is the unedit ipconfig (I've just change our network prefix - we have a public /16 IPv4 block) to "10.0."):

 >ipconfig /all
    
 Windows IP Configuration
    
    Host Name . . . . . . . . . . . . : VPNTESTE
    Primary Dns Suffix  . . . . . . . : someplace.br
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : someplace.br
    
 PPP adapter RAS (Dial In) Interface:
    
    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : RAS (Dial In) Interface
    Physical Address. . . . . . . . . :
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 10.0.193.0(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . :
    NetBIOS over Tcpip. . . . . . . . : Enabled
    
 Tunnel adapter Reusable ISATAP Interface {58A646BF-C858-4A72-9CB8-FE92790F09EF}:
    
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    
 Tunnel adapter isatap.{6AE82518-6256-4DE7-A6AB-DEDA0A67A75A}:
    
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    
 Ethernet adapter Ethernet1:
    
    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection #2
    Physical Address. . . . . . . . . : 00-50-56-A1-FE-CE
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 10.0.0.66(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.248
    Default Gateway . . . . . . . . . : 10.0.0.70
    DNS Servers . . . . . . . . . . . : 10.0.1.33
                                        10.0.2.33
    NetBIOS over Tcpip. . . . . . . . : Enabled

Dear SunnyQi-MSFT, the IP address pools we have configured are as follows (as in the previous output, I've just changed our network prefix to "10.0"):

 10.0.193.0 10.0.193.254
 10.0.153.0 10.0.153.254
 10.0.103.0 10.0.103.254
 10.0.117.0 10.0.117.254
 10.0.166.0 10.0.166.254

Kind regards,


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Looks like the PPP adapter RAS has no default gateway.


--please don't forget to Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RodrigoGonalves-5037 avatar image
0 Votes"
RodrigoGonalves-5037 answered

Is it required @DSPatrick ? The users can browse if their machines have a DNS set (for example 8.8.8.8) thus it does not seems a gateway/routing issue.

Traceroutes from the clients show that they do navigate through the VPN.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

8.8.8.8 is public DNS and gets them internet, you'll need a LAN default gateway configured in order to access LAN resources.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RodrigoGonalves-5037 avatar image
0 Votes"
RodrigoGonalves-5037 answered

Yes, but that is our issue: the server is not providing our DNS servers to the clients.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

The PPP adapter RAS has no default gateway.



--please don't forget to Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.