Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS for Exchange over VPN doesn't work

Status
Not open for further replies.
paul1122

paul1122

IS-IT--Management
Feb 17, 2017
8
GB
Hello,

I have a perfectly working DNS environment on the LAN, however on the VPN something strange happens with Outlook clients connecting to the Exchange server. Outlook always connects to the Exchange on the LAN, there is no DNS issue there.

However, on the VPN, for some reason Outlook clients will not connect to Exchange. The workaround is to edit the local client hosts file to add in the IP Address and mail.domain.com, then the Outlook client connects over the VPN.

The problem is, our AV clears entries to the hosts file and I would prefer this to stay in place. So I have users who can work with Outlook on the LAN, then when they connect via VPN they cannot work on Outlook and I manually add the entry to their hosts file to make it work, however after a couple of days, the AV clears the entry on the hosts file and then the next time that user is on the VPN, Outlook doesn't work again, and I add the entry again...

I would prefer to sort out why the Exchange server IP address is not being resolved over the VPN. The strange thing is, all other servers are resolving over the VPN. The VPN server pushes the same DNS server settings to VPN clients as are used on the LAN. So I cannot work out where the problem with Exchange being resolved over the VPN lies.

Environment: Windows 10, Server 2012, Outlook 2013, Exchange 2013, OpenVPN-AS.

Any help would be appreciated.

Thanks,
Paul
 
Sort by date Sort by votes
Make sure your VPN handoff includes the required DNS server which has to be reachable by the VPN client. That way your client's resolver will query the needed DNS first. Hosts file entries is something one should avoid.
do:
Code: 
ipconfig/all
and look at the order of DNS servers to make sure.
 
Upvote 0 Downvote
Thanks Iggsterman.

Of course, the host file changes are only a workaround.

And that's the weird thing. DNS settings are the same for LAN and VPN. ipconfig /all shows exactly the same information on the LAN and the VPN, DNS server order included. With the only difference being the IP Address which is a different subnet to LAN IP addresses.

And weirder still. All servers resolve successfully on the VPN. The only one is Exchange that has the problem.

I don't know if this would make a difference, our mail is in the format @company.com but our domain is corp.company.co.jp
 
Upvote 0 Downvote
So you a4re confirming that you can reach the DNS servers from VPN? When you run nslookup can you confirm the replies come from the needed DNS server? Maybe it times out and the resolver goes down the list.
Another possibility is and you need to ask your friendly network engineer, if they are doing what is called "DNS rewrite".
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
6K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
6K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
7K
tbright
tbright
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
6K
Richard Carter
Richard Carter
rvirene
  • Locked
  • Question
MS DNS / Powershell Script Question
Replies
2
Views
6K
rvirene
rvirene

Part and Inventory Search

Sponsor

Back
Top