Ditto. -sc
> -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Thursday, August 13, 2009 12:40 PM > To: NT System Admin Issues > Subject: Re: PC in domain across stable VPN tunnel? > > I would recommend never doing it. :) > > Sent from my Verizon Wireless BlackBerry > > -----Original Message----- > From: Ben Scott <[email protected]> > > Date: Thu, 13 Aug 2009 12:35:44 > To: NT System Admin Issues<[email protected]> > Subject: Re: PC in domain across stable VPN tunnel? > > > Be aware that having an ISP nameserver configured in addition to > internal nameservers can sometimes cause issues. > > The typical scenario is: AD domain name is not visible in the public > DNS. One must query internal nameserver(s) to find it. The internal > nameserver(s) are listed first in IP configuration, but some ISP > nameservers are also listed. > > The typical failure mode is: Client (AD member) queries internal > nameservers for AD domain name. For some reason (e.g., VPN glitch), > no answer is received from the internal nameservers. Client falls > back to the ISP nameservers. ISP nameservers say "that domain does > not exist". Client gets very confused, since it's just been told its > AD domain doesn't exist. Various things on the client get farked > until reboot. > > This is especially irksome because things can work fine for months, > then suddenly half the PCs will act funny until rebooted. Lather, > rinse, repeat. > > I'm not saying "never do this", but one should be aware of the > potential failure mode. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
