@scottalanmiller said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
I don't see how I can create a unique A record for the Public Network when it goes through the same DNS as the other two networks.
You can't. That's why I mentioned having a different DNS server for that network.
So I would be making an entirely separate network for the Student/Public network on the same internet pipe?
@Dashrender said in ZeroTier Question:
@JaredBusch said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
@JaredBusch said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
Students are reporting that when they go to https://mailhost.wls.wels.net/owa on campus that it doesn't load.
However, if they go to https://wls-exchange.wls.wels.net/owa it works fine.This tells you that your DNS is the issue.
From a student device (or a test device on student network) what do those two domain names resolve to?
Mailhost resolves to the ZT IP address
WLS-Exchange resolves to the internal IP of the server.
There is your problem.
Exactly - if you want to continue with your current network topology, you'll want to create records specifically for use in the Public WiFi space that are different than those used for your internal network space.
The reason for this is that your internal devices all are on both ZT and your internal network, so they won't care if they receive an internal or ZT IP, but your Public network doesn't know about ZT, therefore it will fail everytime your DNS server gives out a ZT IP address.
FYI - you can register the same host name to more than one IP, so your hostname mailhost can resolve to an internal IP and ZT at the same time, and this is what causes most of these problems.
But creating a unique A record for use on the Public network, you don't have to worry about the Public network getting ZT addresses.
OK. Mailhost.wls.wels.net already had a A record of 172.16.0.14 (Exchange Server IP) but to get those on the ZT network to see the server I had to create another one with the ZT IP. I did not create a 2nd A record for wls-exchange.wls.wels.net. I don't see how I can create a unique A record for the Public Network when it goes through the same DNS as the other two networks.
@JaredBusch said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
Students are reporting that when they go to https://mailhost.wls.wels.net/owa on campus that it doesn't load.
However, if they go to https://wls-exchange.wls.wels.net/owa it works fine.This tells you that your DNS is the issue.
From a student device (or a test device on student network) what do those two domain names resolve to?
Mailhost resolves to the ZT IP address
WLS-Exchange resolves to the internal IP of the server.
Let me see if this helps explain my setup here.
172.16.0.60 is the HP Core Switch which acts as the router. Which also has 172.17.0.1 and 172.18.0.1 as Virtual IP's.
4 VLANs - 172.20.x.x not in use.
http://i.imgur.com/QcWSXo1.png
Sem Wired Scope
http://i.imgur.com/h5bkTYF.png
Sem WIreless Scope
http://i.imgur.com/kNYtjVZ.png
Student/Guest Scope
http://i.imgur.com/FvwORMP.png
Students are reporting that when they go to https://mailhost.wls.wels.net/owa on campus that it doesn't load. MOre often than not they get this error:
mailhost.wls.wels.net unexpectedly closed the connection.
Try:
Reloading the page
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_CLOSED
ReloadHIDE DETAILS
However, if they go to https://wls-exchange.wls.wels.net/owa it works fine.
We have a wireless controller that keeps the Secured and Student VLANs separate. I have access rules that allow certain IPs/ports through to the Secured side.
If that helps.
A little explanation of our LAN. We have 3 VLAN's
Wired - 172.16.1.x
Secured Wireless - 172.17.1.x
Student/Guest - 172.18.1.x
Those that are on the Student/Guest VLAN are saying that exchange/OWA is slow. I would imagine that this is because of the A records I put in for the Exchange Server. No one reports any issues on the Wired/Secured Wireless connections.
Any thoughts?
@Dashrender said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
@scottalanmiller said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
I suppose my other option is to do mapped drives via ZT IP address and remove the static DNS.
And hosts files work great, too.
So I am getting a few users (2 to be exact) who are still experiencing issues. I made the A record for the exchange server, and verified that it indeed has ZT on it.
As I have never messed with Host file records, how does one put a pointer in there?
<A Record name> <ZT IP ADDRESS>
?
Do you have time to trouble shoot this today? I'm really curious to find out what is giving you the DNS replies you are getting.
I have held off on making the hosts file change. As it was my error, I forgot to save the change to his ZT nic
@scottalanmiller said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
I suppose my other option is to do mapped drives via ZT IP address and remove the static DNS.
And hosts files work great, too.
So I am getting a few users (2 to be exact) who are still experiencing issues. I made the A record for the exchange server, and verified that it indeed has ZT on it.
As I have never messed with Host file records, how does one put a pointer in there?
<A Record name> <ZT IP ADDRESS>
?
Got it working!
Had to make an A record entry in DNS.
Not pretty but it works.
@scottalanmiller said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
@scottalanmiller said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
@scottalanmiller said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
@scottalanmiller Outlook client doesn't connect. Keeps asking for password. Webmail says page not found.
But these same services work for people on the same DNS when they are in the office?
Works for me running a mac. Works for other machines that never leave the network. Those that never leave I didn't set to a static DNS on the ZT nic.
But they are using the same DNS as the one on the ZT NIC, right?
No. All DHCP machines getting DNS from DHCP scope
But it is the same DNS right? No matter how they get it or on what connector it is, it's the same DNS handing out the same info, right? If not, that's a major issue.
WEll, Shit! Now I am confused!
LAN side - gets 172.16.0.10 172.16.0.15
@scottalanmiller said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
@scottalanmiller said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
@scottalanmiller Outlook client doesn't connect. Keeps asking for password. Webmail says page not found.
But these same services work for people on the same DNS when they are in the office?
Works for me running a mac. Works for other machines that never leave the network. Those that never leave I didn't set to a static DNS on the ZT nic.
But they are using the same DNS as the one on the ZT NIC, right?
No. All DHCP machines getting DNS from DHCP scope
I suppose my other option is to do mapped drives via ZT IP address and remove the static DNS.
@scottalanmiller said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
@scottalanmiller Outlook client doesn't connect. Keeps asking for password. Webmail says page not found.
But these same services work for people on the same DNS when they are in the office?
Works for me running a mac. Works for other machines that never leave the network. Those that never leave I didn't set to a static DNS on the ZT nic.
@scottalanmiller Outlook client doesn't connect. Keeps asking for password. Webmail says page not found. All offsite. Everything works on campus.
@WLS-ITGuy said in ZeroTier Question:
FYI - Not like you didn't know this but THIS PLACE IS AWESOME!
Thanks for all the help. If this works I won't have to listen to professors complaining about not being able to access files from China.
I may have spoke too soon. With the hard set DNS it doesn't allow Outlook to work. Via WEb or Client
FYI - Not like you didn't know this but THIS PLACE IS AWESOME!
Thanks for all the help. If this works I won't have to listen to professors complaining about not being able to access files from China.
@JaredBusch Won't it look at ZT first, realize it isn't on the ZT network, and then dump off to the end users ISP?
HOLY HELL! That was a Shit ton of responses.
Setting the ZT IP addresses of my two on-site DCs in the V-NIC on the client works. Should this be a short term fix only?
Reading through the last few posts my eyes were going wacko!
@dafyre said in ZeroTier Question:
@Dashrender said in ZeroTier Question:
@WLS-ITGuy said in ZeroTier Question:
@Dashrender said in ZeroTier Question:
makes me wonder if the router at the coffee shop was taken over and is doing bad things...
Was that IP obtained while at the coffee shop? or did I miss it and it was really someone at their home?
This one is at home.
What do they have for DNS servers at home? Their ISP? I've seen many ISPs (Cox does this) if you put in a bad address, you get redirected to a bad website request page hosted by Cox instead of getting an invalid domain name as you might rather have. They are trying to making things more understandable for consumers, sadly it just screws us instead.
Have you home user change the DNS provided by their router (if possible) to Google's 8.8.8.8 and 8.8.4.4 and try again.
I've got $1 that says I can name the ISP of the home user...
(Pro tip: It's mine too).
AT&T? Cause that is mine too and I think I got the same address 
