Microsoft KB Archive/292822

= Name resolution and connectivity issues on a Routing and Remote Access Server that also runs DNS or WINS =

Article ID: 292822

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Service Pack 4
 * Microsoft Windows Small Business Server 2003 Standard Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Small Business Server 2000 Standard Edition
 * Microsoft BackOffice Small Business Server 2000 Service Pack 1

-



This article was previously published under Q292822



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
A computer that is running Microsoft Windows 2000 Server or Microsoft Windows Server 2003 may exhibit connectivity issues if the server is configured in the following manner:
 * The Routing and Remote Access service is configured to permit incoming connections.
 * The Domain Name System (DNS) or Windows Internet Name Server (WINS) service is installed and configured on the server that is running Routing and Remote Access.

After a remote computer connects to the Routing and Remote Access server by using a dial-up or a Virtual Private Networking (VPN) connection, one or more of the following symptoms may occur intermittently:  If the Routing and Remote Access server is also running Microsoft Internet Security and Acceleration (ISA) Server 2000, you cannot browse the Web from client computers on the local network, regardless of whether the computers are configured to use Web Proxy or the Microsoft Firewall Client. For example, &quot;The page cannot be displayed&quot; may appear in the Web browser with a &quot;cannot find server or DNS&quot; error message. If the Routing and Remote Access server is running ISA Server 2000, and a user on a client computer clicks Update Now in the Firewall Client Options dialog box, the user receives the following error message:

The server is not responding when client requests an update.

Possible causes:

-The server is not an ISA Server.

-The server is down.

 When you try to ping the Routing and Remote Access server from a local computer by using the server's NetBIOS name or fully qualified domain name (FQDN), the computer tries to ping the wrong IP address. If the Routing and Remote Access server is the master browser for the network, you cannot browse the list of computers in Network Neighborhood or My Network Places. You cannot connect to the http:// /myconsole site on a Small Business Server 2000 computer. On the Routing and Remote Access server, you receive an event message that is similar to the following:

Event ID: 4319

Source: Netbt

Description: A duplicate name has been detected on the tcp network. The IP address of the machine that sent the message is in the data. Use NBTSTAT with a switch of N in a command window to see which name is in a conflict state.

 You receive error messages when you try to open file shares or map network drives to the Routing and Remote Access server.</li> If the Routing and Remote Access server is also a domain controller, you receive error messages when you try to log on to the network.</li> If the Routing and Remote Access server is a domain controller, you receive error messages when you try to open file shares or map network drives to any shared resource on the network. For example, computers that are running Microsoft Windows 2000 Professional or Microsoft Windows XP Professional receive an error message that is similar to the following:

No Logon Servers Available to Service your Logon Request

</li></ul>

This issue typically affects computers that are running Small Business Server because this version of Windows Server is frequently the only server on the network. However, the issue can affect any Windows 2000-based server or any Windows Server 2003-based Routing and Remote Access server that is running the DNS or the WINS service.

<div class="cause_section">

CAUSE
When a remote computer connects to the Routing and Remote Access server by using a dial-up or a VPN connection, the server creates a Point-to-Point Protocol (PPP) adapter to communicate with the remote computer. The server may then register the IP address of this PPP adapter in the DNS or the WINS database.

When the Routing and Remote Access server registers the IP address of its PPP adapter in DNS or WINS, you may receive errors on the local computers when you try to connect to the server. You receive these errors because the DNS or WINS servers may return the IP address of the PPP adapter to computers that query DNS or WINS for the server's IP address. The computers then try to connect to the IP address of the PPP adapter. Because the local computers cannot reach the PPP adapter, the connections fail.

<div class="resolution_section">

RESOLUTION
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this issue, configure the Routing and Remote Access server to prevent it from registering the IP address of its PPP adapter in the DNS or the WINS database. To do this, follow these steps:

Configure the Routing and Remote Access server to publish only the IP address of the local network adapter in DNS
Complete the steps in this section only if the Routing and Remote Access server is running the DNS service. If the server is not running the DNS service, go to the &quot;Configure the Routing and Remote Access server to register only the IP address of the local network adapter in WINS&quot; section.

Add the PublishAddresses and RegisterDnsARecords registry values for the DNS and Netlogon services
<ol> Click Start, click Run, type regedit, and then click OK.</li> Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

</li> On the Edit menu, point to New, and then click String Value to add the following registry value:

Value name: PublishAddresses

Data type: REG_SZ

Value data: IP address of the server's local network adapter. If you have to specify more than one IP address, separate the addresses with spaces.

</li> Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

</li> On the Edit menu, point to New, and then click DWORD Value to add the following registry value:

Value name: RegisterDnsARecords

Data type: REG_DWORD

Value data: 0

</li> Close Registry Editor, and then restart the DNS and Netlogon services. To restart a service, click Start, point to Programs or All Programs, point to Administrative Tools, and then click Services. In the Services console, right-click the service, and then click Restart.</li></ol>

For additional information about the PublishAddresses and RegisterDnsARecords registry values, click the following article number to view the article in the Microsoft Knowledge Base:

289735 Routing and Remote Access IP addresses register in DNS

Add the A Records in DNS
Complete these steps only if the Routing and Remote Access server is a domain controller. <ol> Click Start, point to Programs or All Programs, point to Administrative Tools, and then click DNS.</li> In the DNS console, expand the server object, expand the Forward Lookup Zones folder, and then click the folder for the local domain.</li> On the Action menu, click New Host.</li> In the IP address text box, type the IP address of the server's local network adapter.</li> Leave the Name box empty, click Create Associated PTR Record, and then click Add Host.</li> When you receive the &quot;(same as parent folder) is not a valid host name. Are you sure you want to add this record?&quot; message, click Yes.

Note If the server is a global catalog server, go to step 7. If the server is not a global catalog server, you do not have to complete steps 7 through 11. To determine if the server is a global catalog server, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, point to Programs or All Programs, point to Administrative Tools, and then click Active Directory Sites and Services.</li> <li>In the Active Directory Sites and Services console, expand the Sites folder, expand the site that contains the server, and then expand the server object.</li> <li>Right-click NTDS Settings, and then click Properties.</li> <li>On the General tab, locate the Global Catalog check box. If this check box is checked, the server is a global catalog server.</li></ol> </li> <li>Under the Forward Lookup Zones folder in the DNS console, expand the folder for the local domain, expand the MSDCS folder, and then click the GC folder.</li> <li>On the Action menu, click New Host.</li> <li>In the IP address box, type the IP address of the server's local network adapter.</li> <li>Leave the Name box empty, click Create Associated PTR Record, and then click Add Host.</li> <li>When you receive the &quot;(same as parent folder) is not a valid host name. Are you sure you want to add this record?&quot; message, click Yes.</li></ol>

Configure the Routing and Remote Access Server to register only the IP address of the local network adapter in WINS
Complete the steps in this section only if the Routing and Remote Access server is running the WINS service. Additionally, if the server is running Small Business Server 2000 SP1, Small Business Server 2000 SP1a, or Windows Small Business Server 2003, you do not have to complete the steps in this section. By default, these versions of the Windows server are configured to prevent the server from registering the PPP adapter's IP address in the WINS database.

Add the DisableNetbiosOverTcpip registry value for the Routing and Remote Access service
The DisableNetbiosOverTcpip registry value disables the NetBIOS over TCP/IP (NetBT) protocol for remote access connections. Therefore, the server will not register the PPP adaptor in the WINS database. Know that by adding this value, you will prevent remote access clients from browsing the local network through My Network Places or Network Neighborhood. Sometimes, it may also cause remote access connections to be unsuccessful on computers that are running older versions of Windows. For example, remote access connections may be unsuccessful on Microsoft Windows 98 computers and on Microsoft Windows NT 4.0 Workstation computers. For an alternative to using the DisableNetbiosOverTcpip registry, see the &quot;Workaround&quot; section.

Important If the server is running Windows 2000 Server SP2 or an earlier version, you must update the server with SP3 or SP4 for the DisableNetbiosOverTcpip registry value to work. If you do not update the server, the Routing and Remote Access service will not use this registry value, and the issue will not be resolved.

For additional information about how to obtain the latest service pack for Windows 2000 Server, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack

<ol> <li>Click Start, click Run, type regedit, and then click OK.</li> <li>Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\IP

</li> <li>On the Edit menu, point to New, and then click DWORD Value to add the following registry value:

Value name: DisableNetbiosOverTcpip

Data type: REG_DWORD

Value data: 1

</li> <li>Close Registry Editor, and then restart the Routing and Remote Access service. To restart a service, click Start, point to Programs or All Programs, point to Administrative Tools, and then click Services. In the Services console, right-click the service, and then click Restart.</li></ol>

Clear the WINS database

 * 1) Click Start, point to Programs or All Programs, point to Administrative Tools, and then click WINS.
 * 2) Expand the server object, right-click Active Registrations, and then click Delete Owner.
 * 3) In the Delete Owner dialog box, select the IP address of the server.
 * 4) If the WINS server does not have any replication partners, click Delete from this server only, and then click OK. If the WINS server has one or more replication partners, click Replicate deletion to other servers (tombstone), and then click OK.

The WINS server will rebuild the database automatically as computers on the network register their NetBIOS names. You can force Windows-based computers on the network to register their NetBIOS names immediately by running the nbtstat -RR command.

<div class="workaround_section">

WORKAROUND
As a workaround for this issue, you can configure the remote access connections to use a static pool of IP addresses that is on a different IP subnet than the local computers. In this case, local computers will not try to connect to the PPP adapter if it registers in DNS or WINS because the PPP adapter is on a different IP subnet.

To specify a static address pool in the Routing and Remote Access console, right-click  , click Properties, click the IP tab, click Static address pool, and then click Add. Add a range that does not use the same IP subnet as the local computers. For example, if the local computers are using the 10.0.0.0 subnet, add a static pool that uses the 172.168.0.0 subnet. If the Routing and Remote Access server is running ISA Server 2000, you must add this subnet to the Local Address Table. This scenario is most common on Small Business Server 2000.

For additional information about how to configure VPN access on a Small Business Server 2000 computer, click the following article number to view the article in the Microsoft Knowledge Base:

320697 How to turn on and configure inbound VPN access in Small Business Server 2000

Additional query words: isa surf firewall ras dial dialin bind bindings netbios smallbiz kbDirServices

Keywords: kbhotfixserver kbqfe kbdns kbprb kbwin2000presp3fix kbwin2000sp3fix KB292822

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.