To configure the A record for the network location server to use the wrong IP address
1. On DC1, click Start, point to Administrative Tools, and then click DNS. 2. In the console tree, open Forward Lookup Zones\corp.contoso.com. 3. In the details pane, double-click the nls record. 4. In nls Properties, change the IP address to 10.0.0.1, and then click OK. 5. Connect CLIENT1 to the Corpnet subnet. 6. On CLIENT1, from a Command Prompt window, run the ping app1 command. This command should display the Ping request could not find host app1 message. 7. From the Command Prompt window, run the ipconfig command. Notice that there are no global IPv6 addresses assigned. CLIENT1 cannot resolve the name ISATAP to reach the intranet ISATAP server and configure the Tunnel adapter isatap.corp.contoso.com interface. |
To troubleshoot this scenario
1. On CLIENT1, from the Command Prompt window, run the netsh namespace show effective command. If intranet detection was successful you would not see the two NRPT rules. However, because intranet detection was not successful, you should see the two NRPT rules. 2. From the Command Prompt window, run the reg query HKLM\software\policies\microsoft\windows\NetworkConnectivityStatusIndicator\CorporateConnectivity /v DomainLocationDeterminationUrl command. This command displays the network location URL. 3. From the display of the netsh namespace show effective command in step 1, verify that the FQDN in the network location URL appears as an exemption rule in the NRPT (nls.corp.contoso.com).
4. From the Command Prompt window, ping the FQDN in the network location URL (nls.corp.contoso.com). This command should be successful. 5. Open Internet Explorer, type the network location URL in the address bar, and press ENTER. You should see a “There is a problem with this website’s security certificate.” message. This indicates that CLIENT1 could not perform a successful validation of the SSL certificate used by the application server for HTTPS-based URLs. 6. On APP1, run the Internet Information Services (IIS) Manager snap-in. 7. In the console tree, open APP1\Sites, and then click NLS. 8. In Actions, click Bindings. 9. In Site Bindings, click https, and then click Edit. 10. In Edit Site Binding, in SSL certificate, notice the name of the selected certificate. 11. Click View, click the Details tab, and then click the Subject field. Notice that the Subject field FQDN (nls.corp.contoso.com) matches the FQDN from the network location URL (nls.corp.contoso.com). 12. On DC1, from a Command Prompt window, ping app1.corp.contoso.com. Note that the IP address for the name app1.corp.contoso.com (10.0.0.3) is different from the IP address for nls.corp.contoso.com (10.0.0.1, from step 4). Because APP1 is the network location server, the resolved IP address for both of these FQDNs should be 10.0.0.3, the IP address of APP1. |
To configure the A records for the network location server use the correct IP address
1. On DC1, click Start, point to Administrative Tools, and then click DNS. 2. In the console tree, open Forward Lookup Zones\corp.contoso.com. 3. In the details pane, double-click the nls record. 4. In nls Properties, change the IP address to 10.0.0.3, and then click OK. 5. Disconnect CLIENT1 from the intranet subnet, wait 30 seconds, and then reconnect it to the intranet subnet. 6. From the Command Prompt window, run the ping app1 command. This command should be successful. 7. From the Command Prompt window, run the ipconfig command. Notice that there is now a global IPv6 address assigned to the Tunnel adapter isatap.corp.contoso.com that begins with 2002:836b:2. |