As for those that are remote, consider removing that 'register in dns' from the vpn adapter (not the nic necessarily, but the vpn adapter depending on the manufacturer.)
Since this doesn't seem to be your root problem any longer, I suspect the priority has dropped?
If your DHCP server is running under your credentials you may want to reconsider that. That causes the ownership of the records it creates to be set to the account DHCP runs under. That means that the machine accounts won't be able to de-register there own ip address records later. Since the remotely connected users are using a different dhcp server, this would also inevitably result in orphaned records in most cases.
There's a KB somewhere that talks about the trade-offs etc. If you need it I may be able to find it.
Your remote users don't really need to register their addresses from the sound of it. They can wait until they are back on the lan to get whatever management is needed most likely. Consider blocking the registration completely for those users. It might also be a way for you to get what you need out of the configuration. I suspect this won't be necessary though, if you're getting sophos to fix their issues.
Al
On 9/13/06, Ravi Dogra <[EMAIL PROTECTED]> wrote:
No, Laptop Users are getting IP Addresses from my VPN Box and when
they are on site its DHCP.
On machines "Register in DNS" option Is checked, hence machines are
attempting to register its own records in DNS. Although i have made my
LAN DHCP to register only its Clients in DNS.
Credentials used are abviously my Administrator Account.
But Al,
The Issue we had is laptop users are using LAN DHCP as well as using
VPN Connection from home. Both are getting registered in My DNS with
different IP. Which is obvious.
But the thing is SOPHOS gave us this as one of the reasons for my
laptop machines not showing in Sophos Enterprise Console because it
uses DNS to build existing machines list.
Now everything is working fine and this reason was totally not applicable.
but still there are other machines which are only in our network using
only my LAN DHCP and are not showing up in EC.
Sophos Support team is working on this.
Thanks and Regards
Ravi Dogra
On 9/13/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
> I swear this is the last question and then I'll make a suggestion. :)
>
> Is the DHCP server that the remote clients are getting their ip addr's from
> the same as the one that you are using for lan connected clients? You are
> obviously allowing the user's machine to update it's own records, but is
> that consistent or is the DHCP server on the lan registering the records for
> you possibly under a different set of credentials or in a different zone?
>
>
>
>
>
>
> On 9/11/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:
> > yes its correct.
> >
> > No we have mobile users..
> >
> > On 9/11/06, Al Mulnick < [EMAIL PROTECTED]> wrote:
> > > Besides the obvious of telling Sophos to adjust their management to deal
> > > with this, here's what I understand of your problem to date.
> > >
> > > VPN clients that are also trusted network clients (i.e. mobile users
> that
> > > traverse both trusted and non-trusted networks can end up with seemingly
> > > duplicate entries for the same device but different ip addresses. This
> > > confuses some antivirus management applications and presumably some
> > > management applications such as SMS or similar class of app, that rely
> on
> > > reverse name resolution.
> > >
> > > Is that correct?
> > >
> > > Do you have workers that are remote-based only?
> > >
> > > Al
> > >
> > >
> > >
> > > On 9/8/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:
> > > > According to Sophos Support if one host has 2 DNS Entries, Sophos
> > > > Enterprise Manager might not be able to detect this Host and auto
> > > > update will also dont work.
> > > >
> > > > As you know jolly;- We are in process of migration from Trend to
> > > > Sophos as our Antivirus Solution.
> > > >
> > > > Working on a solution will update soon.....
> > > >
> > > > Thanks
> > > > Ravi Dogra
> > > >
> > > > On 9/8/06, Jaspreet Singh < [EMAIL PROTECTED]> wrote:
> > > > >
> > > > > Ravi,
> > > > > As Rob said, If your VPN box is forwarding requests to your internal
> > > network
> > > > > the your DNS will automatically update the records according to the
> new
> > > IP
> > > > > which in your case is "x.x.5.x".
> > > > >
> > > > > Can you explain exactly what is the problem that you are facing due
> to
> > > this?
> > > > >
> > > > > Regards,
> > > > > Jaspreet Singh Jolly
> > > > >
> > > > >
> > > > >
> > > > > On 9/7/06, Al Mulnick < [EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > >
> > > > > > 1. I Didnt understand what exactly u r asking?
> > > > > > 2. Yes DHCP Is configured properly.
> > > > > >
> > > > > >
> > > > > > That's not what I asked. I asked if it's updating the records for
> the
> > > > > device or is it letting the devices update their own?
> > > > > >
> > > > > >
> > > > > >
> > > > > > Al
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On 9/6/06, Ravi Dogra < [EMAIL PROTECTED] > wrote:
> > > > > >
> > > > > > > 1. I Didnt understand what exactly u r asking?
> > > > > > > 2. Yes DHCP Is configured properly.
> > > > > > > 3. Yes it is running on DC
> > > > > > > 4. No, not running any other credential.
> > > > > > > 5. VPN Machine is entirely a different BOX on other site.
> > > > > > > 6. It doesnt register in my DNS. (Will extract other information
> > > from
> > > > > > > Site B Admin)
> > > > > > >
> > > > > > > update you very soon...
> > > > > > >
> > > > > > > Thanks
> > > > > > > RD
> > > > > > > List info :
> http://www.activedir.org/List.aspx
> > > > > > > List FAQ :
> http://www.activedir.org/ListFAQ.aspx
> > > > > > > List archive:
> > > http://www.activedir.org/ml/threads.aspx
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Regards,
> > > > > Jaspreet Singh Jolly
> > > >
> > > >
> > > > --
> > > > Ravi Dogra
> > > > 9899647200
> > > > This e-mail, together with any attachments, is confidential. It may be
> > > > read, copied and used only by the intended recipient. If you have
> > > > received it in error, please notify the sender immediately by e-mail
> > > > or telephone. Please then delete it from your computer without making
> > > > any copies or disclosing it to any other person.
> > > > List info : http://www.activedir.org/List.aspx
> > > > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > > > List archive:
> http://www.activedir.org/ml/threads.aspx
> > > >
> > >
> > >
> >
> >
> > --
> > Ravi Dogra
> > 9899647200
> > This e-mail, together with any attachments, is confidential. It may be
> > read, copied and used only by the intended recipient. If you have
> > received it in error, please notify the sender immediately by e-mail
> > or telephone. Please then delete it from your computer without making
> > any copies or disclosing it to any other person.
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive: http://www.activedir.org/ml/threads.aspx
> >
>
>
--
Ravi Dogra
9899647200
This e-mail, together with any attachments, is confidential. It may be
read, copied and used only by the intended recipient. If you have
received it in error, please notify the sender immediately by e-mail
or telephone. Please then delete it from your computer without making
any copies or disclosing it to any other person.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
