VPN Server and Internal Browser conflicting

Here's the basic setup:
Windows 2003 PDC which is also DHCP, DNS, AD. It has a single NIC on internal network with internal IP (192.168.0.x). Setup the external router to forward VPN, HTTP and Term Service ports to PDC. The DNS server has a root authority that is a subdomain of our main domain name (internal.xxx.com)

I wanted to setup VPN, so enabled routing and remote access. This seems to have worked fine, external clients can see internal network by VPN connection.

The problem is that the routing service has created a dial-up IP interface, and assigned a second IP address, so now the machine has 2 IP addresses. The dial-up IP address gets registered with DNS, and now all the internal network clients are unable to browse the network. All the internal machines resolve the PDC machine name to the dial-up adapter IP, instead of the normal ethernet adapter address. If I manually remove the DNS entry for the dial-up adapter, the internal machines start resolving to the ethernet adapter address, and things start working again. But everytime the machine cycles, the DNS entry gets registered again.

Is there a way to prevent the DNS record from being created? Why the heck does the dial-up adapter want to be in DNS anyway? Do I even need a dial-up adapter at all (and is there some way to remove it)? The thing only has one NIC. I haven't been able to find a good answer to this problem on the net anywhere.

OT, but you really really really don't want to be running RRAS on that poor
server given its roles. Either get another server (with two NICs) for RRAS,
or, (my preference) use third party IPSec VPN thru a firewall like Sonicwall
or equivalent (Watchguard, etc). Takes the resource load off the server, and
is more secure - I've truly never understood the point of turning a Windows
box into a router myself to begin with, esp. now that fireall/router
appliances are so cheap. Just my two cents.

John Crowley wrote:
> Here's the basic setup:
> Windows 2003 PDC which is also DHCP, DNS, AD. It has a single NIC on
> internal network with internal IP (192.168.0.x). Setup the external
> router to forward VPN, HTTP and Term Service ports to PDC. The DNS
> server has a root authority that is a subdomain of our main domain
> name (internal.xxx.com)
>
> I wanted to setup VPN, so enabled routing and remote access. This
> seems to have worked fine, external clients can see internal network
> by VPN connection.
>
> The problem is that the routing service has created a dial-up IP
> interface, and assigned a second IP address, so now the machine has 2
> IP addresses. The dial-up IP address gets registered with DNS, and
> now all the internal network clients are unable to browse the
> network. All the internal machines resolve the PDC machine name to
> the dial-up adapter IP, instead of the normal ethernet adapter
> address. If I manually remove the DNS entry for the dial-up adapter,
> the internal machines start resolving to the ethernet adapter
> address, and things start working again. But everytime the machine
> cycles, the DNS entry gets registered again.
>
> Is there a way to prevent the DNS record from being created? Why the
> heck does the dial-up adapter want to be in DNS anyway? Do I even
> need a dial-up adapter at all (and is there some way to remove it)?
> The thing only has one NIC. I haven't been able to find a good
> answer to this problem on the net anywhere.

It was never a good idea to run a PDC as a multihomed server, and it still
isn't!

If you must do it, you need to prevent the "virtual" IP from registering
in DNS and/or WINS. Even if you aren't running WINS, having two interfaces
enabled for Netbios over TCP/IP will upset browsing.

See KB 292822 for ways to handle the DNS and Netbios problems.

PS. What do you think the remotes connect to, if not the dialup adapter?

"John Crowley" <(E-Mail Removed)> wrote in message
news:E5B6C840-AF0B-47B0-A535-(E-Mail Removed)...
> Here's the basic setup:
> Windows 2003 PDC which is also DHCP, DNS, AD. It has a single NIC on
internal network with internal IP (192.168.0.x). Setup the external router
to forward VPN, HTTP and Term Service ports to PDC. The DNS server has a
root authority that is a subdomain of our main domain name
(internal.xxx.com)
>
> I wanted to setup VPN, so enabled routing and remote access. This seems
to have worked fine, external clients can see internal network by VPN
connection.
>
> The problem is that the routing service has created a dial-up IP
interface, and assigned a second IP address, so now the machine has 2 IP
addresses. The dial-up IP address gets registered with DNS, and now all the
internal network clients are unable to browse the network. All the internal
machines resolve the PDC machine name to the dial-up adapter IP, instead of
the normal ethernet adapter address. If I manually remove the DNS entry for
the dial-up adapter, the internal machines start resolving to the ethernet
adapter address, and things start working again. But everytime the machine
cycles, the DNS entry gets registered again.
>
> Is there a way to prevent the DNS record from being created? Why the heck
does the dial-up adapter want to be in DNS anyway? Do I even need a dial-up
adapter at all (and is there some way to remove it)? The thing only has one
NIC. I haven't been able to find a good answer to this problem on the net
anywhere.

Thanks Bill, that seems to have done the trick...

Yes I know it would be nice to have a separate server or vpn appliance, but when you've got a server that only needs to support 10 clients and 3 vpn clients, and you had to fight to get the pdc at all, you do what you have to do.