Considerations for WinGate in an Active Directory Environment
Posted by Adrien de Croy (Import) on 24 November 2003 10:02 AM
Active Directory Overview
When implementing WinGate in an Active Directory (AD) environment there are numerous features of the AD, which will affect the way that WinGate needs to be configured.
AD requires a DNS (DynamicDNS) server be available to register client IP address details. It can either receive this from a network MS DHCP server when it issues the client an IP address, or it can be configured to receive this information straight from client.
DDNS servers are also required by clients in the AD to find information about Domain Controllers. When a domain controller is setup correctly it registers specific AD info (thru SVR records) with the MS DDNS server.
To provide Internet(external) address resolution for clients in the Active Directory, the DDNS server has a Forwarders configuration, which can be set to a specified Internet DNS server that it will refer to for DNS requests that are outside of the domain that it is responsible for.
Client workstations will use the DDNS server for the Domain requests for their AD domain, and any Internet requests will be sent by the DDNS server to the Internet DNS server specified in the forward lookup configuration.
Active Directory and WinGate
When WinGate is being used in the AD environment the internal Network Interface address of the WinGate server should be listed on the Forwarders tab on the DDNS server properties. This way all of the clients Internet requests will be forwarded to the WinGate Server and of course Internet requests fulfilled from there.
Unfortunately when MS DDNS is first installed a scenario can arise where it is unable to find any other DNS servers, and so it sets itself as the Root server for all Domain Name Requests inturn effectively disabling the forwarders option. If this is how the DDNS is configured in your AD then you will need to read from MS Support how to enable Forward lookups on a DDNS server.
You can find this here
It should be noted that if the DDNS server is running on the same machine as WinGate, WinGates DNS service should be disabled. (As per Knowledge Base here).
Due to the important role the DHCP server plays in making Active Directory work, it is also recommended that the DHCP service in WinGate be disabled so not to interfere with AD network operations.
A further note on DHCP. If WinGate clients wish to use NAT(Network Address Translation) to access the Internet through WinGate and are receiving their Ip details from a network DHCP server, then the Gateway address they receive from the DHCP server should be that of the LAN ip address of the WinGate machine.This Commonly referred to as the Router(Gateway) option in DHCP.