Re: DNS problem using WSAM on Vista

Kath_ · ‎05-25-2009

Hi all,

I have configured WSAM access to an internal web-resource inside company A.

The web-site alias is registered in company A's internal DNS-server on ip a.a.a.a and the same alias is registered on the company's external DNS-server on ip b.b.b.b (This contains an info-page telling the user that he tries to access an internal resource).

On XP, all works fine. A TCP dump from the PC shows that a standard DNS query is done, followed by a standard DNS respons on the correct IP-adresse (a.a.a.a).

On Vista, something weird is happening: After the standard DNS query is done, and the correct ip is returned in a standard DNS response, for some reason, alot of standard queries SRV-type are done, and after that, a new standard DNS regular query that resolves to the ip-adresse b.b.b.b (the external info-page). Therefor the user is sent to the infopage instead of the internal web-resource.

The abovec behaviuor is when I specified the company's internal DNS-servers as dns-servers in the IVE.

I also tried removing the DNS-servers from the IVE settings and add the relevant hosts to the hosttable on the IVE instead, but this gave the same result.

If I hard-code the web-sites internal ip-address (a.a.a.a) in the Vista hosts-file, it works fine.

Any ideas?....

ruc_ · ‎05-26-2009

This sounds like a bug to me. WSAM is supposed to intercept all DNS queries and get it resolved using the DNS server configured on IVE and only if that DNS resolution fails should it pass the DNS query to the PC's DNS servers. I would suggest opening a JTAC ticket.

KevinW_ · ‎05-27-2009

Sounds like either vista is trying to be too clever for its own good, or there is a bug with the vista client.

There was an issue with windows XP where the SAM client wouldnt pick up any TCP data at all. this was because the tcp.sys file was not allowing reverse loopback to tunnel connections through via SSL. I wonder if there is a similar issue but with vista dns resolution.

As dns works, it will use host file before dns and then broadcast if no dns is available, so it shows there is an issue with the vista machine resolving dns.

Kath_ · ‎05-27-2009

Thank you both. I also hope this is a bug and in the 6.4 release.

Juniper says they have fixed a DNS issue regarding WSAM on Vista so we'll try to upgrade and hope this might do the trick.

I just thought it was strange that noone else had posted any similar issues, I'm sure plenty of others is also running WSAM on Vista.. but then again, I guess our customers' way of setting up their DNS is not the most common one..

Message Edited by Kath on 05-27-2009 11:54 PM

KevinW_ · ‎05-28-2009

We run Wsam on 6.3r2 and works fine so far. No problems reported apart from a netbios share mapping issue.

So looks like an issue with 6.4