I was called in to work with a client this week who was having some trouble with employees who were connecting to the network via VPN. The basic problem was this: when the employees made a VPN connection and tried to load the companyweb web site, they got directed to someplace else altogether. When they tried to connect to companyweb from machines on the internal network, no problems.
The core problem boiled down to the internal domain name space. It was the same as their public DNS name. I.e., their internal domain was smallbizco.net (not their real domain) and their public domain was smallbizco.net.
I was able to give them a workaround ( use the URL https://SBSserverIPaddress:444/ ) since they couldn’t implement the real solution, which is to rename the internal domain with a private, non-routable namespace (such as smallbizco.local or smallbizco.lan).
Every SBS consultant worth his or her salt will tell you that you never, EVER use a public domain name for your internal domain name. DNS lookup failures, like the ones experienced here, are the reason why. And had this client set up the internal domain name correctly, they could have avoided this problem.
However, the real reason WHY it was failing was because of what I now believe is a flaw in the way Windows handles VPN connections, not only because they used a public DNS namespace for their internal domain. What follows is how I determined that the problem lies with Windows and not solely with the client.
Read the rest of this entry »