[ActiveDir] DNS Entries --Laptop Users--
Hi, Problem is i have 2 different records of each laptop (Using VPN Connection) in my DNS. I have secure updates configured in my DNS Conf. we are using DHCP. Laptop users getting a specific VLAN IP Address for there wireless connection which is getting registered in my DNS. This is good. "But the Problem is that when these Laptop users login from home using VPN, they get a new IP Address from my VPN Box which is also getting registered in my DNS." I have no clue why this is happening. i m suspecting on DNS conf on local machine under Advanced Tcp Ip settings. I am not sure i am heading right way or not. here is the snapshot attached for same. -- RD <>
Re: [ActiveDir] DNS Entries --Laptop Users--
How would you propose to change that setting exactly and still have it work? Another question: is your DHCP configured to update/remove addresses for you? Is it running on a DC? Is it running under some other credentials? How about the VPN machine? How's it configured with regards to registration? From your description, there are a couple of things going on, but I think the clarifying questions should help. On 9/5/06, Ravi Dogra <[EMAIL PROTECTED]> wrote: Hi,Problem is i have 2 different records of each laptop (Using VPNConnection) in my DNS. I have secure updates configured in my DNS Conf.we are using DHCP. Laptop users getting a specific VLAN IP Address forthere wireless connection which is getting registered in my DNS. Thisis good."But the Problem is that when these Laptop users login from home using VPN, they get a new IP Address from my VPN Box which is also gettingregistered in my DNS."I have no clue why this is happening.i m suspecting on DNS conf on local machine under Advanced Tcp Ip settings. I am not sure i am heading right way or not. here is thesnapshot attached for same.--RD
RE: [ActiveDir] DNS Entries --Laptop Users--
What is the VPN device? Rob Robert Rutherford QuoStar Solutions Limited T:+44 (0) 8456 440 331 F:+44 (0) 8456 440 332 M:+44 (0) 7974 249 494 E:[EMAIL PROTECTED] W:www.quostar.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ravi Dogra Sent: 06 September 2006 00:15 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DNS Entries --Laptop Users-- Hi, Problem is i have 2 different records of each laptop (Using VPN Connection) in my DNS. I have secure updates configured in my DNS Conf. we are using DHCP. Laptop users getting a specific VLAN IP Address for there wireless connection which is getting registered in my DNS. This is good. "But the Problem is that when these Laptop users login from home using VPN, they get a new IP Address from my VPN Box which is also getting registered in my DNS." I have no clue why this is happening. i m suspecting on DNS conf on local machine under Advanced Tcp Ip settings. I am not sure i am heading right way or not. here is the snapshot attached for same. -- RD List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DNS Entries --Laptop Users--
1. I Didnt understand what exactly u r asking? 2. Yes DHCP Is configured properly. 3. Yes it is running on DC 4. No, not running any other credential. 5. VPN Machine is entirely a different BOX on other site. 6. It doesnt register in my DNS. (Will extract other information from Site B Admin) update you very soon... Thanks RD List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DNS Entries --Laptop Users--
Hi Ravi, Are you talking about your own company or is is for someone else's scenario ? If it for your own company then : 1) VPN box is CISCO PIX 515e 2) Your VPN box forwards all DNS queries to your DC/ Primary DNS server. 3) As far as i remember It does register machines (As the moment your machine comes to domain and gets ip from domain it would register with DNS) Now i am bit perplexed...what seems to be the problem here? Regards, Jaspreet Singh Jolly On 9/6/06, Ravi Dogra <[EMAIL PROTECTED]> wrote: 1. I Didnt understand what exactly u r asking?2. Yes DHCP Is configured properly.3. Yes it is running on DC 4. No, not running any other credential.5. VPN Machine is entirely a different BOX on other site.6. It doesnt register in my DNS. (Will extract other information fromSite B Admin)update you very soon... ThanksRDList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DNS Entries --Laptop Users--
1. I Didnt understand what exactly u r asking?2. Yes DHCP Is configured properly. That's not what I asked. I asked if it's updating the records for the device or is it letting the devices update their own? Al On 9/6/06, Ravi Dogra <[EMAIL PROTECTED]> wrote: 1. I Didnt understand what exactly u r asking?2. Yes DHCP Is configured properly.3. Yes it is running on DC 4. No, not running any other credential.5. VPN Machine is entirely a different BOX on other site.6. It doesnt register in my DNS. (Will extract other information fromSite B Admin)update you very soon... ThanksRDList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DNS Entries --Laptop Users--
Jolly, I was not sure abt how VPN Box was configured and as i had a word with Prashant boss, it is not configured for updating records to our DNS. I will talk to Prashant boss abt ths. But the thing is i can see 2 DNS records for one host. One is for VPN and the other one is for Wireless IP Address for the Host. Al, It is letting the device update their own record to DNS. Thanks Ravi Dogra List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DNS Entries --Laptop Users--
Confusing... Please keep the thread going when you reply so we can look back through... 1) If your VPN device is giving the windows client machines connecting a DNS server setting of your internal DNS server, then the client will update its records with the IP address allocated by the VPN device. 2) You can see 2 records for the same host name within the DNS manager? Rob Robert Rutherford QuoStar Solutions Limited T:+44 (0) 8456 440 331 F:+44 (0) 8456 440 332 M:+44 (0) 7974 249 494 E:[EMAIL PROTECTED] W:www.quostar.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ravi Dogra Sent: 08 September 2006 01:24 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DNS Entries --Laptop Users-- Jolly, I was not sure abt how VPN Box was configured and as i had a word with Prashant boss, it is not configured for updating records to our DNS. I will talk to Prashant boss abt ths. But the thing is i can see 2 DNS records for one host. One is for VPN and the other one is for Wireless IP Address for the Host. Al, It is letting the device update their own record to DNS. Thanks Ravi Dogra List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DNS Entries --Laptop Users--
Ravi, As Rob said, If your VPN box is forwarding requests to your internal network the your DNS will automatically update the records according to the new IP which in your case is "x.x.5.x". Can you explain exactly what is the problem that you are facing due to this? Regards, Jaspreet Singh Jolly On 9/7/06, Al Mulnick <[EMAIL PROTECTED]> wrote: 1. I Didnt understand what exactly u r asking?2. Yes DHCP Is configured properly. That's not what I asked. I asked if it's updating the records for the device or is it letting the devices update their own? Al On 9/6/06, Ravi Dogra <[EMAIL PROTECTED] > wrote: 1. I Didnt understand what exactly u r asking?2. Yes DHCP Is configured properly.3. Yes it is running on DC 4. No, not running any other credential.5. VPN Machine is entirely a different BOX on other site.6. It doesnt register in my DNS. (Will extract other information fromSite B Admin)update you very soon... ThanksRDList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx -- Regards,Jaspreet Singh Jolly
Fwd: [ActiveDir] DNS Entries --Laptop Users--
According to Sophos Support if one host has 2 DNS Entries, Sophos Enterprise Manager might not be able to detect this Host and auto update will also dont work. As you know jolly;- We are in process of migration from Trend to Sophos as our Antivirus Solution. Working on a solution will update soon. Thanks Ravi Dogra On 9/8/06, Jaspreet Singh <[EMAIL PROTECTED]> wrote: Ravi, As Rob said, If your VPN box is forwarding requests to your internal network the your DNS will automatically update the records according to the new IP which in your case is "x.x.5.x". Can you explain exactly what is the problem that you are facing due to this? Regards, Jaspreet Singh Jolly On 9/7/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > > > 1. I Didnt understand what exactly u r asking? > 2. Yes DHCP Is configured properly. > > > That's not what I asked. I asked if it's updating the records for the device or is it letting the devices update their own? > > > > Al > > > > > On 9/6/06, Ravi Dogra <[EMAIL PROTECTED] > wrote: > > > 1. I Didnt understand what exactly u r asking? > > 2. Yes DHCP Is configured properly. > > 3. Yes it is running on DC > > 4. No, not running any other credential. > > 5. VPN Machine is entirely a different BOX on other site. > > 6. It doesnt register in my DNS. (Will extract other information from > > Site B Admin) > > > > update you very soon... > > > > Thanks > > RD > > List info : http://www.activedir.org/List.aspx > > List FAQ: http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.activedir.org/ml/threads.aspx > > > > > -- Regards, Jaspreet Singh Jolly -- Ravi Dogra 9899647200 This e-mail, together with any attachments, is confidential. It may be read, copied and used only by the intended recipient. If you have received it in error, please notify the sender immediately by e-mail or telephone. Please then delete it from your computer without making any copies or disclosing it to any other person. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DNS Entries --Laptop Users--
Besides the obvious of telling Sophos to adjust their management to deal with this, here's what I understand of your problem to date. VPN clients that are also trusted network clients (i.e. mobile users that traverse both trusted and non-trusted networks can end up with seemingly duplicate entries for the same device but different ip addresses. This confuses some antivirus management applications and presumably some management applications such as SMS or similar class of app, that rely on reverse name resolution. Is that correct? Do you have workers that are remote-based only? Al On 9/8/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:According to Sophos Support if one host has 2 DNS Entries, Sophos Enterprise Manager might not be able to detect this Host and autoupdate will also dont work.As you know jolly;- We are in process of migration from Trend toSophos as our Antivirus Solution.Working on a solution will update soon. ThanksRavi DograOn 9/8/06, Jaspreet Singh <[EMAIL PROTECTED]> wrote:>> Ravi,> As Rob said, If your VPN box is forwarding requests to your internal network > the your DNS will automatically update the records according to the new IP> which in your case is "x.x.5.x".>> Can you explain exactly what is the problem that you are facing due to this? >> Regards,> Jaspreet Singh Jolly On 9/7/06, Al Mulnick <[EMAIL PROTECTED]> wrote:> >> >> > 1. I Didnt understand what exactly u r asking? > > 2. Yes DHCP Is configured properly.> >> >> > That's not what I asked. I asked if it's updating the records for the> device or is it letting the devices update their own? > >> >> >> > Al> >> >> >> >> > On 9/6/06, Ravi Dogra <[EMAIL PROTECTED] > wrote: > >> > > 1. I Didnt understand what exactly u r asking?> > > 2. Yes DHCP Is configured properly.> > > 3. Yes it is running on DC> > > 4. No, not running any other credential. > > > 5. VPN Machine is entirely a different BOX on other site.> > > 6. It doesnt register in my DNS. (Will extract other information from> > > Site B Admin)> > >> > > update you very soon... > > >> > > Thanks> > > RD> > > List info : http://www.activedir.org/List.aspx> > > List FAQ: http://www.activedir.org/ListFAQ.aspx> > > List archive: http://www.activedir.org/ml/threads.aspx> > >> >> >> > --> Regards,> Jaspreet Singh Jolly--Ravi Dogra9899647200This e-mail, together with any attachments, is confidential. It may beread, copied and used only by the intended recipient. If you have received it in error, please notify the sender immediately by e-mailor telephone. Please then delete it from your computer without makingany copies or disclosing it to any other person.List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DNS Entries --Laptop Users--
yes its correct. No we have mobile users.. On 9/11/06, Al Mulnick <[EMAIL PROTECTED]> wrote: Besides the obvious of telling Sophos to adjust their management to deal with this, here's what I understand of your problem to date. VPN clients that are also trusted network clients (i.e. mobile users that traverse both trusted and non-trusted networks can end up with seemingly duplicate entries for the same device but different ip addresses. This confuses some antivirus management applications and presumably some management applications such as SMS or similar class of app, that rely on reverse name resolution. Is that correct? Do you have workers that are remote-based only? Al On 9/8/06, Ravi Dogra < [EMAIL PROTECTED]> wrote: > According to Sophos Support if one host has 2 DNS Entries, Sophos > Enterprise Manager might not be able to detect this Host and auto > update will also dont work. > > As you know jolly;- We are in process of migration from Trend to > Sophos as our Antivirus Solution. > > Working on a solution will update soon. > > Thanks > Ravi Dogra > > On 9/8/06, Jaspreet Singh <[EMAIL PROTECTED]> wrote: > > > > Ravi, > > As Rob said, If your VPN box is forwarding requests to your internal network > > the your DNS will automatically update the records according to the new IP > > which in your case is "x.x.5.x". > > > > Can you explain exactly what is the problem that you are facing due to this? > > > > Regards, > > Jaspreet Singh Jolly > > > > > > > > On 9/7/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > > > > > > > > > 1. I Didnt understand what exactly u r asking? > > > 2. Yes DHCP Is configured properly. > > > > > > > > > That's not what I asked. I asked if it's updating the records for the > > device or is it letting the devices update their own? > > > > > > > > > > > > Al > > > > > > > > > > > > > > > On 9/6/06, Ravi Dogra <[EMAIL PROTECTED] > wrote: > > > > > > > 1. I Didnt understand what exactly u r asking? > > > > 2. Yes DHCP Is configured properly. > > > > 3. Yes it is running on DC > > > > 4. No, not running any other credential. > > > > 5. VPN Machine is entirely a different BOX on other site. > > > > 6. It doesnt register in my DNS. (Will extract other information from > > > > Site B Admin) > > > > > > > > update you very soon... > > > > > > > > Thanks > > > > RD > > > > List info : http://www.activedir.org/List.aspx > > > > List FAQ: http://www.activedir.org/ListFAQ.aspx > > > > List archive: http://www.activedir.org/ml/threads.aspx > > > > > > > > > > > > > > > > > > > > > -- > > Regards, > > Jaspreet Singh Jolly > > > -- > Ravi Dogra > 9899647200 > This e-mail, together with any attachments, is confidential. It may be > read, copied and used only by the intended recipient. If you have > received it in error, please notify the sender immediately by e-mail > or telephone. Please then delete it from your computer without making > any copies or disclosing it to any other person. > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > -- Ravi Dogra 9899647200 This e-mail, together with any attachments, is confidential. It may be read, copied and used only by the intended recipient. If you have received it in error, please notify the sender immediately by e-mail or telephone. Please then delete it from your computer without making any copies or disclosing it to any other person. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DNS Entries --Laptop Users--
I swear this is the last question and then I'll make a suggestion. :)Is the DHCP server that the remote clients are getting their ip addr's from the same as the one that you are using for lan connected clients? You are obviously allowing the user's machine to update it's own records, but is that consistent or is the DHCP server on the lan registering the records for you possibly under a different set of credentials or in a different zone? On 9/11/06, Ravi Dogra <[EMAIL PROTECTED]> wrote: yes its correct.No we have mobile users..On 9/11/06, Al Mulnick <[EMAIL PROTECTED]> wrote:> Besides the obvious of telling Sophos to adjust their management to deal > with this, here's what I understand of your problem to date.>> VPN clients that are also trusted network clients (i.e. mobile users that> traverse both trusted and non-trusted networks can end up with seemingly > duplicate entries for the same device but different ip addresses. This> confuses some antivirus management applications and presumably some> management applications such as SMS or similar class of app, that rely on > reverse name resolution.>> Is that correct?>> Do you have workers that are remote-based only?>> Al On 9/8/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:> > According to Sophos Support if one host has 2 DNS Entries, Sophos> > Enterprise Manager might not be able to detect this Host and auto> > update will also dont work. > >> > As you know jolly;- We are in process of migration from Trend to> > Sophos as our Antivirus Solution.> >> > Working on a solution will update soon.> > > > Thanks> > Ravi Dogra> >> > On 9/8/06, Jaspreet Singh <[EMAIL PROTECTED]> wrote:> > >> > > Ravi,> > > As Rob said, If your VPN box is forwarding requests to your internal > network> > > the your DNS will automatically update the records according to the new> IP> > > which in your case is "x.x.5.x".> > >> > > Can you explain exactly what is the problem that you are facing due to > this?> > >> > > Regards,> > > Jaspreet Singh Jolly> > >> > >> > >> > > On 9/7/06, Al Mulnick < [EMAIL PROTECTED]> wrote:> > > >> > > >> > > > 1. I Didnt understand what exactly u r asking?> > > > 2. Yes DHCP Is configured properly.> > > > > > > >> > > > That's not what I asked. I asked if it's updating the records for the> > > device or is it letting the devices update their own?> > > >> > > > > > > >> > > > Al> > > >> > > >> > > >> > > >> > > > On 9/6/06, Ravi Dogra < [EMAIL PROTECTED] > wrote:> > > >> > > > > 1. I Didnt understand what exactly u r asking?> > > > > 2. Yes DHCP Is configured properly.> > > > > 3. Yes it is running on DC > > > > > 4. No, not running any other credential.> > > > > 5. VPN Machine is entirely a different BOX on other site.> > > > > 6. It doesnt register in my DNS. (Will extract other information > from> > > > > Site B Admin)> > > > >> > > > > update you very soon...> > > > >> > > > > Thanks> > > > > RD > > > > > List info : http://www.activedir.org/List.aspx> > > > > List FAQ: http://www.activedir.org/ListFAQ.aspx > > > > > List archive:> http://www.activedir.org/ml/threads.aspx> > > > >> > > >> > > > > > > >> > >> > >> > >> > > --> > > Regards,> > > Jaspreet Singh Jolly> >> >> > --> > Ravi Dogra > > 9899647200> > This e-mail, together with any attachments, is confidential. It may be> > read, copied and used only by the intended recipient. If you have> > received it in error, please notify the sender immediately by e-mail > > or telephone. Please then delete it from your computer without making> > any copies or disclosing it to any other person.> > List info : http://www.activedir.org/List.aspx > > List FAQ: http://www.activedir.org/ListFAQ.aspx> > List archive: http://www.activedir.org/ml/threads.aspx > >>>--Ravi Dogra9899647200This e-mail, together with any attachments, is confidential. It may beread, copied and used only by the intended recipient. If you have received it in error, please notify the sender immediately by e-mailor telephone. Please then delete it from your computer without makingany copies or disclosing it to any other person.List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DNS Entries --Laptop Users--
No, Laptop Users are getting IP Addresses from my VPN Box and when they are on site its DHCP. On machines "Register in DNS" option Is checked, hence machines are attempting to register its own records in DNS. Although i have made my LAN DHCP to register only its Clients in DNS. Credentials used are abviously my Administrator Account. But Al, The Issue we had is laptop users are using LAN DHCP as well as using VPN Connection from home. Both are getting registered in My DNS with different IP. Which is obvious. But the thing is SOPHOS gave us this as one of the reasons for my laptop machines not showing in Sophos Enterprise Console because it uses DNS to build existing machines list. Now everything is working fine and this reason was totally not applicable. but still there are other machines which are only in our network using only my LAN DHCP and are not showing up in EC. Sophos Support team is working on this. Thanks and Regards Ravi Dogra On 9/13/06, Al Mulnick <[EMAIL PROTECTED]> wrote: I swear this is the last question and then I'll make a suggestion. :) Is the DHCP server that the remote clients are getting their ip addr's from the same as the one that you are using for lan connected clients? You are obviously allowing the user's machine to update it's own records, but is that consistent or is the DHCP server on the lan registering the records for you possibly under a different set of credentials or in a different zone? On 9/11/06, Ravi Dogra <[EMAIL PROTECTED]> wrote: > yes its correct. > > No we have mobile users.. > > On 9/11/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > > Besides the obvious of telling Sophos to adjust their management to deal > > with this, here's what I understand of your problem to date. > > > > VPN clients that are also trusted network clients (i.e. mobile users that > > traverse both trusted and non-trusted networks can end up with seemingly > > duplicate entries for the same device but different ip addresses. This > > confuses some antivirus management applications and presumably some > > management applications such as SMS or similar class of app, that rely on > > reverse name resolution. > > > > Is that correct? > > > > Do you have workers that are remote-based only? > > > > Al > > > > > > > > On 9/8/06, Ravi Dogra < [EMAIL PROTECTED]> wrote: > > > According to Sophos Support if one host has 2 DNS Entries, Sophos > > > Enterprise Manager might not be able to detect this Host and auto > > > update will also dont work. > > > > > > As you know jolly;- We are in process of migration from Trend to > > > Sophos as our Antivirus Solution. > > > > > > Working on a solution will update soon. > > > > > > Thanks > > > Ravi Dogra > > > > > > On 9/8/06, Jaspreet Singh <[EMAIL PROTECTED]> wrote: > > > > > > > > Ravi, > > > > As Rob said, If your VPN box is forwarding requests to your internal > > network > > > > the your DNS will automatically update the records according to the new > > IP > > > > which in your case is "x.x.5.x". > > > > > > > > Can you explain exactly what is the problem that you are facing due to > > this? > > > > > > > > Regards, > > > > Jaspreet Singh Jolly > > > > > > > > > > > > > > > > On 9/7/06, Al Mulnick < [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > 1. I Didnt understand what exactly u r asking? > > > > > 2. Yes DHCP Is configured properly. > > > > > > > > > > > > > > > That's not what I asked. I asked if it's updating the records for the > > > > device or is it letting the devices update their own? > > > > > > > > > > > > > > > > > > > > Al > > > > > > > > > > > > > > > > > > > > > > > > > On 9/6/06, Ravi Dogra < [EMAIL PROTECTED] > wrote: > > > > > > > > > > > 1. I Didnt understand what exactly u r asking? > > > > > > 2. Yes DHCP Is configured properly. > > > > > > 3. Yes it is running on DC > > > > > > 4. No, not running any other credential. > > > > > > 5. VPN Machine is entirely a different BOX on other site. > > > > > > 6. It doesnt register in my DNS. (Will extract other information > > from > > > > > > Site B Admin) > > > > > > > > > > > > update you very soon... > > > > > > > > > > > > Thanks > > > > > > RD > > > > > > List info : http://www.activedir.org/List.aspx > > > > > > List FAQ: http://www.activedir.org/ListFAQ.aspx > > > > > > List archive: > > http://www.activedir.org/ml/threads.aspx > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Regards, > > > > Jaspreet Singh Jolly > > > > > > > > > -- > > > Ravi Dogra > > > 9899647200 > > > This e-mail, together with any attachments, is confidential. It may be > > > read, copied and used only by the intended recipient. If you have > > > received it in error, please notify the sender immediately by e-mail > > > or telephone. Please then delete it from your computer without making > > > any copies or disclosing it to any other person. > > > List info : http://www.activedir.org/List.aspx > > > List FAQ: http://www.activedir.org/
Re: [ActiveDir] DNS Entries --Laptop Users--
sounds like reverse dns is not the only reason that sophos isn't working then. As for those that are remote, consider removing that 'register in dns' from the vpn adapter (not the nic necessarily, but the vpn adapter depending on the manufacturer.) Since this doesn't seem to be your root problem any longer, I suspect the priority has dropped? If your DHCP server is running under your credentials you may want to reconsider that. That causes the ownership of the records it creates to be set to the account DHCP runs under. That means that the machine accounts won't be able to de-register there own ip address records later. Since the remotely connected users are using a different dhcp server, this would also inevitably result in orphaned records in most cases. There's a KB somewhere that talks about the trade-offs etc. If you need it I may be able to find it. Your remote users don't really need to register their addresses from the sound of it. They can wait until they are back on the lan to get whatever management is needed most likely. Consider blocking the registration completely for those users. It might also be a way for you to get what you need out of the configuration. I suspect this won't be necessary though, if you're getting sophos to fix their issues. AlOn 9/13/06, Ravi Dogra <[EMAIL PROTECTED]> wrote: No, Laptop Users are getting IP Addresses from my VPN Box and whenthey are on site its DHCP.On machines "Register in DNS" option Is checked, hence machines areattempting to register its own records in DNS. Although i have made my LAN DHCP to register only its Clients in DNS.Credentials used are abviously my Administrator Account.But Al,The Issue we had is laptop users are using LAN DHCP as well as usingVPN Connection from home. Both are getting registered in My DNS with different IP. Which is obvious.But the thing is SOPHOS gave us this as one of the reasons for mylaptop machines not showing in Sophos Enterprise Console because ituses DNS to build existing machines list. Now everything is working fine and this reason was totally not applicable.but still there are other machines which are only in our network usingonly my LAN DHCP and are not showing up in EC.Sophos Support team is working on this. Thanks and RegardsRavi DograOn 9/13/06, Al Mulnick <[EMAIL PROTECTED]> wrote:> I swear this is the last question and then I'll make a suggestion. :) >> Is the DHCP server that the remote clients are getting their ip addr's from> the same as the one that you are using for lan connected clients? You are> obviously allowing the user's machine to update it's own records, but is > that consistent or is the DHCP server on the lan registering the records for> you possibly under a different set of credentials or in a different zone?>>> On 9/11/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:> > yes its correct.> >> > No we have mobile users..> >> > On 9/11/06, Al Mulnick < [EMAIL PROTECTED]> wrote:> > > Besides the obvious of telling Sophos to adjust their management to deal> > > with this, here's what I understand of your problem to date.> > > > > > VPN clients that are also trusted network clients (i.e. mobile users> that> > > traverse both trusted and non-trusted networks can end up with seemingly> > > duplicate entries for the same device but different ip addresses. This > > > confuses some antivirus management applications and presumably some> > > management applications such as SMS or similar class of app, that rely> on> > > reverse name resolution. > > >> > > Is that correct?> > >> > > Do you have workers that are remote-based only?> > >> > > Al> > >> > >> > > > > > On 9/8/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:> > > > According to Sophos Support if one host has 2 DNS Entries, Sophos> > > > Enterprise Manager might not be able to detect this Host and auto > > > > update will also dont work.> > > >> > > > As you know jolly;- We are in process of migration from Trend to> > > > Sophos as our Antivirus Solution. > > > >> > > > Working on a solution will update soon.> > > >> > > > Thanks> > > > Ravi Dogra> > > >> > > > On 9/8/06, Jaspreet Singh < [EMAIL PROTECTED]> wrote:> > > > >> > > > > Ravi,> > > > > As Rob said, If your VPN box is forwarding requests to your internal > > > network> > > > > the your DNS will automatically update the records according to the> new> > > IP> > > > > which in your case is "x.x.5.x". > > > > >> > > > > Can you explain exactly what is the problem that you are facing due> to> > > this?> > > > >> > > > > Regards, > > > > > Jaspreet Singh Jolly> > > > >> > > > >> > > > >> > > > > On 9/7/06, Al Mulnick < [EMAIL PROTECTED]> wrote:> > > > > >> > > > > >> > > > > > 1. I Didnt understand what exactly u r asking?> > > > > > 2. Yes DHCP Is configured properly. > > > > > >> > > > > >> > > > > > That's not what I asked. I asked if it's updating the records for> the> > > > > device or is it letting the devices update their own? > > > > > >> > > > > >> > > > > >> > > > > > Al> > > > >
Re: [ActiveDir] DNS Entries --Laptop Users--
I'm not s huge DNS geek, so I'm not sure whether you can do this, but can't you just set the DHCP to have a short expiration (1 hour?) and it will unregister the 'old' entry for a machine? There would be a small amount of vulnerability, but it would go away after the client's reservation expires. On 9/13/06, Ravi Dogra <[EMAIL PROTECTED]> wrote: No, Laptop Users are getting IP Addresses from my VPN Box and whenthey are on site its DHCP.On machines "Register in DNS" option Is checked, hence machines areattempting to register its own records in DNS. Although i have made my LAN DHCP to register only its Clients in DNS.Credentials used are abviously my Administrator Account.But Al,The Issue we had is laptop users are using LAN DHCP as well as usingVPN Connection from home. Both are getting registered in My DNS with different IP. Which is obvious.But the thing is SOPHOS gave us this as one of the reasons for mylaptop machines not showing in Sophos Enterprise Console because ituses DNS to build existing machines list. Now everything is working fine and this reason was totally not applicable.but still there are other machines which are only in our network usingonly my LAN DHCP and are not showing up in EC.Sophos Support team is working on this. Thanks and RegardsRavi DograOn 9/13/06, Al Mulnick <[EMAIL PROTECTED]> wrote:> I swear this is the last question and then I'll make a suggestion. :) >> Is the DHCP server that the remote clients are getting their ip addr's from> the same as the one that you are using for lan connected clients? You are> obviously allowing the user's machine to update it's own records, but is > that consistent or is the DHCP server on the lan registering the records for> you possibly under a different set of credentials or in a different zone?>>> On 9/11/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:> > yes its correct.> >> > No we have mobile users..> >> > On 9/11/06, Al Mulnick < [EMAIL PROTECTED]> wrote:> > > Besides the obvious of telling Sophos to adjust their management to deal> > > with this, here's what I understand of your problem to date.> > > > > > VPN clients that are also trusted network clients (i.e. mobile users> that> > > traverse both trusted and non-trusted networks can end up with seemingly> > > duplicate entries for the same device but different ip addresses. This > > > confuses some antivirus management applications and presumably some> > > management applications such as SMS or similar class of app, that rely> on> > > reverse name resolution. > > >> > > Is that correct?> > >> > > Do you have workers that are remote-based only?> > >> > > Al> > >> > >> > > > > > On 9/8/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:> > > > According to Sophos Support if one host has 2 DNS Entries, Sophos> > > > Enterprise Manager might not be able to detect this Host and auto > > > > update will also dont work.> > > >> > > > As you know jolly;- We are in process of migration from Trend to> > > > Sophos as our Antivirus Solution. > > > >> > > > Working on a solution will update soon.> > > >> > > > Thanks> > > > Ravi Dogra> > > >> > > > On 9/8/06, Jaspreet Singh < [EMAIL PROTECTED]> wrote:> > > > >> > > > > Ravi,> > > > > As Rob said, If your VPN box is forwarding requests to your internal > > > network> > > > > the your DNS will automatically update the records according to the> new> > > IP> > > > > which in your case is "x.x.5.x". > > > > >> > > > > Can you explain exactly what is the problem that you are facing due> to> > > this?> > > > >> > > > > Regards, > > > > > Jaspreet Singh Jolly> > > > >> > > > >> > > > >> > > > > On 9/7/06, Al Mulnick < [EMAIL PROTECTED]> wrote:> > > > > >> > > > > >> > > > > > 1. I Didnt understand what exactly u r asking?> > > > > > 2. Yes DHCP Is configured properly. > > > > > >> > > > > >> > > > > > That's not what I asked. I asked if it's updating the records for> the> > > > > device or is it letting the devices update their own? > > > > > >> > > > > >> > > > > >> > > > > > Al> > > > > >> > > > > >> > > > > > > > > > > >> > > > > > On 9/6/06, Ravi Dogra < [EMAIL PROTECTED] > wrote:> > > > > >> > > > > > > 1. I Didnt understand what exactly u r asking? > > > > > > > 2. Yes DHCP Is configured properly.> > > > > > > 3. Yes it is running on DC> > > > > > > 4. No, not running any other credential. > > > > > > > 5. VPN Machine is entirely a different BOX on other site.> > > > > > > 6. It doesnt register in my DNS. (Will extract other information> > > from > > > > > > > Site B Admin)> > > > > > >> > > > > > > update you very soon...> > > > > > >> > > > > > > Thanks > > > > > > > RD> > > > > > > List info :> http://www.activedir.org/List.aspx> > > > > > > List FAQ: > http://www.activedir.org/ListFAQ.aspx> > > > > > > List archive:> > > http://www.activedir.org/ml/threads.aspx > > > > > > >> > > > > >> > > > > >> > > > > >> > > > >> > > > >> > > > > > > > > > --> > > > > Regards,> > > > > Jaspreet Singh Jolly> > > >> > > >> > > > --> > > > Ravi Dogra > > > >
Re: [ActiveDir] DNS Entries --Laptop Users--
Personally, for a shop with more than 30 machines I wouldn't recommend this approach. DHCP half-life registrations would start to fly all over the place. That and the DHCP server is not registering for the remote users. On 9/13/06, Matt Hargraves <[EMAIL PROTECTED]> wrote: I'm not s huge DNS geek, so I'm not sure whether you can do this, but can't you just set the DHCP to have a short expiration (1 hour?) and it will unregister the 'old' entry for a machine? There would be a small amount of vulnerability, but it would go away after the client's reservation expires. On 9/13/06, Ravi Dogra < [EMAIL PROTECTED]> wrote: No, Laptop Users are getting IP Addresses from my VPN Box and whenthey are on site its DHCP.On machines "Register in DNS" option Is checked, hence machines areattempting to register its own records in DNS. Although i have made my LAN DHCP to register only its Clients in DNS.Credentials used are abviously my Administrator Account.But Al,The Issue we had is laptop users are using LAN DHCP as well as usingVPN Connection from home. Both are getting registered in My DNS with different IP. Which is obvious.But the thing is SOPHOS gave us this as one of the reasons for mylaptop machines not showing in Sophos Enterprise Console because ituses DNS to build existing machines list. Now everything is working fine and this reason was totally not applicable.but still there are other machines which are only in our network usingonly my LAN DHCP and are not showing up in EC.Sophos Support team is working on this. Thanks and RegardsRavi DograOn 9/13/06, Al Mulnick <[EMAIL PROTECTED]> wrote:> I swear this is the last question and then I'll make a suggestion. :) >> Is the DHCP server that the remote clients are getting their ip addr's from> the same as the one that you are using for lan connected clients? You are> obviously allowing the user's machine to update it's own records, but is > that consistent or is the DHCP server on the lan registering the records for> you possibly under a different set of credentials or in a different zone?>>> On 9/11/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:> > yes its correct.> >> > No we have mobile users.. > >> > On 9/11/06, Al Mulnick < [EMAIL PROTECTED]> wrote:> > > Besides the obvious of telling Sophos to adjust their management to deal> > > with this, here's what I understand of your problem to date.> > > > > > VPN clients that are also trusted network clients (i.e. mobile users> that> > > traverse both trusted and non-trusted networks can end up with seemingly> > > duplicate entries for the same device but different ip addresses. This > > > confuses some antivirus management applications and presumably some> > > management applications such as SMS or similar class of app, that rely> on> > > reverse name resolution. > > >> > > Is that correct?> > >> > > Do you have workers that are remote-based only?> > >> > > Al> > >> > >> > > > > > On 9/8/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:> > > > According to Sophos Support if one host has 2 DNS Entries, Sophos > > > > Enterprise Manager might not be able to detect this Host and auto > > > > update will also dont work.> > > >> > > > As you know jolly;- We are in process of migration from Trend to> > > > Sophos as our Antivirus Solution. > > > >> > > > Working on a solution will update soon.> > > >> > > > Thanks> > > > Ravi Dogra> > > >> > > > On 9/8/06, Jaspreet Singh < [EMAIL PROTECTED]> wrote:> > > > >> > > > > Ravi,> > > > > As Rob said, If your VPN box is forwarding requests to your internal > > > network> > > > > the your DNS will automatically update the records according to the> new> > > IP> > > > > which in your case is "x.x.5.x". > > > > >> > > > > Can you explain exactly what is the problem that you are facing due> to> > > this?> > > > >> > > > > Regards, > > > > > Jaspreet Singh Jolly> > > > >> > > > >> > > > >> > > > > On 9/7/06, Al Mulnick < [EMAIL PROTECTED]> wrote:> > > > > >> > > > > >> > > > > > 1. I Didnt understand what exactly u r asking?> > > > > > 2. Yes DHCP Is configured properly. > > > > > >> > > > > >> > > > > > That's not what I asked. I asked if it's updating the records for> the> > > > > device or is it letting the devices update their own? > > > > > >> > > > > >> > > > > >> > > > > > Al> > > > > >> > > > > >> > > > > > > > > > > >> > > > > > On 9/6/06, Ravi Dogra < [EMAIL PROTECTED] > wrote:> > > > > >> > > > > > > 1. I Didnt understand what exactly u r asking? > > > > > > > 2. Yes DHCP Is configured properly.> > > > > > > 3. Yes it is running on DC> > > > > > > 4. No, not running any other credential. > > > > > > > 5. VPN Machine is entirely a different BOX on other site.> > > > > > > 6. It doesnt register in my DNS. (Will extract other information> > > from > > > > > > > Site B Admin)> > > > > > >> > > > > > > update you very soon...> > > > > > >> > > > > > > Thanks > > > > > > > RD> > > > > > > List info :> http://www.activedir.org/List.aspx > > > > > > > List FAQ: > http://w
Re: [ActiveDir] DNS Entries --Laptop Users--
Al this in not a priority for us now. Earlier i was unaware of our VPN Box settings thats why i was a bit confuse about why these machines are registring there own records in my DNS. Also i am not going to uncheck Register in DNS check box on Client machine as this is not required as if now. I have already set lease period as per our organizational requirement so, again i will not do any change unless it is a must required thing to do. Al i would surely want to have a look on KB you refered to. If possible, do me this favor. Thanks for all your help!!! Ravi Dogra On 9/14/06, Al Mulnick <[EMAIL PROTECTED]> wrote: Personally, for a shop with more than 30 machines I wouldn't recommend this approach. DHCP half-life registrations would start to fly all over the place. That and the DHCP server is not registering for the remote users. On 9/13/06, Matt Hargraves <[EMAIL PROTECTED]> wrote: > > I'm not s huge DNS geek, so I'm not sure whether you can do this, but can't you just set the DHCP to have a short expiration (1 hour?) and it will unregister the 'old' entry for a machine? There would be a small amount of vulnerability, but it would go away after the client's reservation expires. > > > > > On 9/13/06, Ravi Dogra < [EMAIL PROTECTED]> wrote: > > No, Laptop Users are getting IP Addresses from my VPN Box and when > > they are on site its DHCP. > > > > On machines "Register in DNS" option Is checked, hence machines are > > attempting to register its own records in DNS. Although i have made my > > LAN DHCP to register only its Clients in DNS. > > > > Credentials used are abviously my Administrator Account. > > > > But Al, > > > > The Issue we had is laptop users are using LAN DHCP as well as using > > VPN Connection from home. Both are getting registered in My DNS with > > different IP. Which is obvious. > > But the thing is SOPHOS gave us this as one of the reasons for my > > laptop machines not showing in Sophos Enterprise Console because it > > uses DNS to build existing machines list. > > > > Now everything is working fine and this reason was totally not applicable. > > > > but still there are other machines which are only in our network using > > only my LAN DHCP and are not showing up in EC. > > > > Sophos Support team is working on this. > > > > Thanks and Regards > > Ravi Dogra > > > > On 9/13/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > > > I swear this is the last question and then I'll make a suggestion. :) > > > > > > Is the DHCP server that the remote clients are getting their ip addr's from > > > the same as the one that you are using for lan connected clients? You are > > > obviously allowing the user's machine to update it's own records, but is > > > that consistent or is the DHCP server on the lan registering the records for > > > you possibly under a different set of credentials or in a different zone? > > > > > > > > > > > > > > > > > > > > > On 9/11/06, Ravi Dogra < [EMAIL PROTECTED]> wrote: > > > > yes its correct. > > > > > > > > No we have mobile users.. > > > > > > > > On 9/11/06, Al Mulnick < [EMAIL PROTECTED]> wrote: > > > > > Besides the obvious of telling Sophos to adjust their management to deal > > > > > with this, here's what I understand of your problem to date. > > > > > > > > > > VPN clients that are also trusted network clients (i.e. mobile users > > > that > > > > > traverse both trusted and non-trusted networks can end up with seemingly > > > > > duplicate entries for the same device but different ip addresses. This > > > > > confuses some antivirus management applications and presumably some > > > > > management applications such as SMS or similar class of app, that rely > > > on > > > > > reverse name resolution. > > > > > > > > > > Is that correct? > > > > > > > > > > Do you have workers that are remote-based only? > > > > > > > > > > Al > > > > > > > > > > > > > > > > > > > > On 9/8/06, Ravi Dogra < [EMAIL PROTECTED]> wrote: > > > > > > According to Sophos Support if one host has 2 DNS Entries, Sophos > > > > > > Enterprise Manager might not be able to detect this Host and auto > > > > > > update will also dont work. > > > > > > > > > > > > As you know jolly;- We are in process of migration from Trend to > > > > > > Sophos as our Antivirus Solution. > > > > > > > > > > > > Working on a solution will update soon. > > > > > > > > > > > > Thanks > > > > > > Ravi Dogra > > > > > > > > > > > > On 9/8/06, Jaspreet Singh < [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > Ravi, > > > > > > > As Rob said, If your VPN box is forwarding requests to your internal > > > > > network > > > > > > > the your DNS will automatically update the records according to the > > > new > > > > > IP > > > > > > > which in your case is "x.x.5.x". > > > > > > > > > > > > > > Can you explain exactly what is the problem that you are facing due > > > to > > > > > this? > > > > > > > > > > > > > > Regards, > > > > > > > Jaspreet Singh Jolly > > > > > > > > > > > > > > > > > > > > > > > >
Re: [ActiveDir] DNS Entries --Laptop Users--
Ulf did a really nice write up a while back that's worth reading:http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/03/26/39841.aspx here's the KB I was referring to: http://support.microsoft.com/?id=816592On 9/14/06, Ravi Dogra <[EMAIL PROTECTED]> wrote: Al this in not a priority for us now. Earlier i was unaware of our VPNBox settings thats why i was a bit confuse about why these machinesare registring there own records in my DNS.Also i am not going to uncheck Register in DNS check box on Client machine as this is not required as if now.I have already set lease period as per our organizational requirementso, again i will not do any change unless it is a must required thingto do.Al i would surely want to have a look on KB you refered to. If possible, do me this favor.Thanks for all your help!!!Ravi DograOn 9/14/06, Al Mulnick <[EMAIL PROTECTED]> wrote:> Personally, for a shop with more than 30 machines I wouldn't recommend this > approach. DHCP half-life registrations would start to fly all over the> place. That and the DHCP server is not registering for the remote users. On 9/13/06, Matt Hargraves < [EMAIL PROTECTED]> wrote:> >> > I'm not s huge DNS geek, so I'm not sure whether you can do this, but> can't you just set the DHCP to have a short expiration (1 hour?) and it will > unregister the 'old' entry for a machine? There would be a small amount of> vulnerability, but it would go away after the client's reservation expires.> >> >> >> > > > On 9/13/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:> > > No, Laptop Users are getting IP Addresses from my VPN Box and when> > > they are on site its DHCP. > > >> > > On machines "Register in DNS" option Is checked, hence machines are> > > attempting to register its own records in DNS. Although i have made my> > > LAN DHCP to register only its Clients in DNS. > > >> > > Credentials used are abviously my Administrator Account.> > >> > > But Al,> > >> > > The Issue we had is laptop users are using LAN DHCP as well as using > > > VPN Connection from home. Both are getting registered in My DNS with> > > different IP. Which is obvious.> > > But the thing is SOPHOS gave us this as one of the reasons for my > > > laptop machines not showing in Sophos Enterprise Console because it> > > uses DNS to build existing machines list.> > >> > > Now everything is working fine and this reason was totally not > applicable.> > >> > > but still there are other machines which are only in our network using> > > only my LAN DHCP and are not showing up in EC.> > >> > > Sophos Support team is working on this. > > >> > > Thanks and Regards> > > Ravi Dogra> > >> > > On 9/13/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > > > > I swear this is the last question and then I'll make a suggestion. :)> > > >> > > > Is the DHCP server that the remote clients are getting their ip addr's> from > > > > the same as the one that you are using for lan connected clients? You> are> > > > obviously allowing the user's machine to update it's own records, but> is> > > > that consistent or is the DHCP server on the lan registering the > records for> > > > you possibly under a different set of credentials or in a different> zone?> > > >> > > >> > > >> > > > > > > >> > > >> > > > On 9/11/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:> > > > > yes its correct.> > > > > > > > > > No we have mobile users..> > > > >> > > > > On 9/11/06, Al Mulnick < [EMAIL PROTECTED]> wrote:> > > > > > Besides the obvious of telling Sophos to adjust their management > to deal> > > > > > with this, here's what I understand of your problem to date.> > > > > >> > > > > > VPN clients that are also trusted network clients ( i.e. mobile> users> > > > that> > > > > > traverse both trusted and non-trusted networks can end up with> seemingly> > > > > > duplicate entries for the same device but different ip addresses. > This> > > > > > confuses some antivirus management applications and presumably> some> > > > > > management applications such as SMS or similar class of app, that > rely> > > > on> > > > > > reverse name resolution.> > > > > >> > > > > > Is that correct?> > > > > >> > > > > > Do you have workers that are remote-based only? > > > > > >> > > > > > Al> > > > > >> > > > > >> > > > > >> > > > > > On 9/8/06, Ravi Dogra < [EMAIL PROTECTED]> wrote:> > > > > > > According to Sophos Support if one host has 2 DNS Entries,> Sophos> > > > > > > Enterprise Manager might not be able to detect this Host and > auto> > > > > > > update will also dont work.> > > > > > >> > > > > > > As you know jolly;- We are in process of migration from Trend to > > > > > > > Sophos as our Antivirus Solution.> > > > > > >> > > > > > > Working on a solution will update soon.> > > > > > > > > > > > > > Thanks> > > > > > > Ravi Dogra> > > > > > >> > > > > > > On 9/8/06, Jaspreet Singh < [EMAIL PROTECTED]> wrote:> > > > > > > >> > > > > > > > Ravi,> > > > > > > > As Rob said, If your VPN box is forwarding requests to your > internal> > > > > > network> > > > >
