We have an NSA 2700 that we are using the SSLVPN functionality on. Remote workers have been configured with the Net Extender to connect remotely to our internal network so they can remote desktop into their workstations. We have had this configured for about a month and a half. The entire time we have had this setup I have had users call/email saying they cannot connect to their workstations? They are successfully connecting to the SSLVPN but when invoking their RDP connection file the machine cannot be found via it’s host name? When I go into the DNS server and check sure enough the workstations DNS registration is missing and has disappeared? A quick ipconfig /registerdns resolves the issue until the next time it pops up. I have gotten no where trying to troubleshoot this really odd behavior and copious amounts of searching have not yielded much help? Has anyone else experienced this behavior before and if so what was the ultimate resolution to it? We are using Active Directory DNS and DHCP. The DNS scavenging is default.
What DNS is specified for the IP pool for your SSLVPN users? It should be your AD DNS server(s)
Set your Dns addresses in the SSL VPN client settings
Ok setup packet capture with destination as RDP host and see if any drops are there
You can configure the DHCP server to register leases in DNS even if the workstation/node doesn’t ask for it.
In the firewall, also make sure the right DNS search order (domain name) is in place and DNS servers for the VPN clients go to your internal DNS server(s) ONLY.
Did you ever resolve this issue? I’m going through the exact same thing for years now.
It is my AD domain controller DNS servers.
The DNS settings are pointing to my AD domain controllers running DNS already?
It is ridiculously random. I wouldn’t know which RDP host to target? And do you mean the remote host or the local network RDP host? I assume you mean the local host but want to be sure.
Actually i have not heard back from the MSP guys who were looking into this issue? I also have not had anyone complain about it now in over a week? So I just fired off an email to the MSP folks asking them if they found anything or fixed it. I will let you know as soon as I hear something back.
are u talking about your global dns settings or SSL VPN dns settings? your dns should be added in the SSL VPN client settings make sure u have that in place
Ask the remote user to RDP into the local host(ex:-192.168.168.20) after connected to the SSL VPN.Then u set up packet capture put the destination as 192.168.168.20. Run the packet capture and see if there are any drop packets or generated packets
I might have a working theory. I’ve notice on my remote computer the physical Nic has “Register this connection’s addresses in DNS” - Enabled by default located in the DNS tab >> advance, but…but…on the NetExtender Virtual Nic the option disabled.
I’m wondering if I disabled this option on my physical Nic and enable it on my NetExtender virtual Nic - maybe this might resolve the issue. It’s not the idea solution, but it’s a work around. The only problem is I will need to wait for a very long time to see if this workaround works because this is very random.
Found this link below. It states the Fortinet VPN client is having the same issue.
The OP mentioned a possible solution to have for Fortinet users is enabling IP Helper - which they do not have, but SonicWALL does have this feature. And found another link that this OP mentioned using the SonicWALL IP Helper to help his DNS issue.
The workstation DNS registrations are disappearing from the DNS server on my domain? The SSLVPN client settings points all remote workers using the Net Extender to my internal DNS server IP’s. It only seems to affect these remote workers workstations? It is a very weird and puzzling issue?
I will attempt this but as I stated previously it is super random and no one remote user seems to have the issue more than anyone else. Very frustrating problem to troubleshoot.
Thank you for the links. But my issue isn’t like the ones in your links. My issue is the client workstations in house are losing their DNS name registrations somehow? So when one of my remote workers tries to connect via RDP through the NetExtender it fails because the name no longer exists in DNS?
Okay if this didnt help, if you have an support license you can contact sonicwall support
Oh. My apologies. My issue is that every now and then one of my users makes a sucessful connection to SSL NetExtender, but not able to RDP into their computers or ping any devices on the internal LAN. To resolve this, they have to try to make multiple successful connections to be able to make a true successful connection. The problem I’ve seen, it could be the client workstations DNS updates are not reaching to my internal DNS server or I’ve seen duplicate ip addresses in the DNS manager.
Now to your issues. Do you have “Register this connection’s addresses in DNS” (tcp/ip properties>advanced>DNS tab) Enabled on the client workstations? Also, you may want to look into who is managing the A records in DNS, the DHCP/DNS server or the client workstations. For me, it’s my workstations.