Windows Server 2008 R2 – RRAS Duplicate DNS Entries

I recently installed the Routing & Remote Access service on a Windows Server 2008 R2 domain controller. While this is not a recommended approach, it was unfortunately the only server available to host the role. Shortly after installing the role and binding it to the DHCP service, I noticed that when pinging the domain controller it was returning an IP address in the DHCP range. On further inspection it appeared the IP address assigned to the virtual RRAS adapter was registering against DNS and therefore creating two entries for the domain controller. To resolve this issue, the following steps were performed.

1. Navigate to Start -> Administrative Tools and click the DNS option.

2. When the DNS console opens, expand the “Forward Lookup Zones” container and then expand your local domain name.

3. Locate the incorrect host A record for your domain controller and delete it by right clicking the record and selecting delete.

4. In the DNS console, right click the servers name and select properties.

5. In the properties window click the listeners tab and select the “Only the following IP addresses” radio button.

6. In IP addresses list remove the incorrect IP address and then click ok and exit the DNS console.

That’s it, you should no longer experience duplicate DNS entries for your domain controller.

ISA Server 2006 – Missing RRAS Ports

After recently rebooting a Microsoft ISA 2006 server, I found myself in the situation of being unable to establish VPN connectivity to it from a remote location. After performing several troubleshooting methods, I identified that there were no available PPTP RAS ports listed in the Routing and Remote Access (RRAS) console.

This explained why VPN connections could not be established, however I could see that a pool of ten ports had been configured but for some reason were not available. Some research on this issue led me to identify this was the result of a recent Windows Update. If you have applied KB 956570 to your ISA Server and then rebooted it, you may find yourself in the same situation. To resolve this issue, perform the following actions on the affected server:

1. Click Start and select Run

2. In the Run dialog box enter the following registry command to reset the servers reserved port threshold. Please note, enter this command without the quotation marks:

“reg add HKLM\SYSTEM\CurrentControlSet\Services\Fweng\Parameters /v ReservedPortThreshold /t REG_DWORD /d 1250 /f”

3. To uninstall the update, please run the following script which has been provided by Microsoft for this purpose. I have collated this script, which can be downloaded here for your convenience.

4. Create a new folder on the C: drive of your ISA Server named KBFix and copy the downloaded script (KB956570.vbs) to this folder location.

5. Open the command prompt and browse to the new folder you have just created. This can be achieved by typing cd c:\kbfix and then pressing return on your keyboard.

6. Once in the correct directory type cscript KB956570.vbs and then press return on your keyboard. This will now start the process of removing the update.

7. Once the removal process is complete, reboot your ISA Server and VPN connectivity will be restored.

For reference, here is the official Microsoft TechNet KB article on the problem: http://support.microsoft.com/kb/956570