Leopard server "Workgroup mode" with AD .Local Domain

Similar Messages

• Will 2 routers running in server mode with no vtp domain defined conflict with each other when connecting over layer 2 sonet?

  Our remote site has a 3845 router running MPLS to connect back to our other 3845 locally. The ISP has provided us a layer 2 sonet connection with no other configurations necessary with the exception of configuring the layer 2 portion on our side. Both of these 3845 routers are in "server mode" with "no vtp domain" specified. Will this cause an issue/conflict when the remote router bypasses the MPLS for the faster 100MB layer 2 connection?

  Jon,
  Excellent answer. Our two 3845 routers are about 400 miles away and we're trying to bring up a layer 2 100MB sonet connection over fiber connected to the GIG0/1 port on each router. I was worried that essentially having these 2 routers back to back over layer 2 may cause issues since our remote site has a higher revision number than our local site. It appears since we're configuring an ip address on each router and then adding the network to ospf this shouldn't conflict with our 2 routers. Below is how each router VTP is configured with the exception our remote site has 1 extra VLAN and a higher revision number.
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 68
  Number of existing VLANs        : 5
  VTP Operating Mode              : Server
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Enabled
  MD5 digest                      : 0xBF 0x86 0x94 0x45 0xFC 0xDF 0xB5 0x70

• Create OD Kerberos record with Windows .local domain

  I am in the process of setting up my open directory master that will be working in a golden triangle with our existing windows domain. Our windows FQDN ends with .local and all dns is running on this domain.
  I am unable to create a kerberos record for the open directory because of the .local domain. The xserver thinks the FQDN is a Bonjour name and will not create the record.
  If anyone has an Idea on how to work around this problem I would apreciate your help.
  Thank you

  OD uses AD kerberos

• Office 365 Deployment with new local domain

  I just started working for a company that has somewhat implemented Office 365 to about 100 users. They are mostly using it for Exchange Online. No ADFS or AD Sync has been done between the on-premise domain and Office365.
  The same user accounts do exist in the local domain.
  Once we get ADFS and AD Sync working what will happen between the Office365 accounts and the local accounts. For instance, in Office365 we have
  [email protected] and locally we have a user
  [email protected] Will the accounts just sync together and use the information from the local domain since the IDs are the same.

  Hi,
  This is the forum to discuss questions and feedback for Microsoft Office client. There is so much about Office 365
  Directory integration aspect here, I would suggest you to post in the forum of Office Community, where you can get more experienced responses:
  http://community.office365.com/en-us/f/613.aspx
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Regards,
  Ethan Hua
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Very slow Time Machine Initial Backup to Leopard Server on Xserve with RAID

  I'm having trouble backing up my iMac to my Xserve running leopard with dual drobos as my time machine drives
  So here is the setup:
  Server: Xserve (dual quad 2.8 xeons) backing up to Drobo array with 4x1tb drives running (dual drobos on server) fully patched 10.5 server with 16gb/RAM (showing 8gb free)
  Network: 1gbs via catalyst switches on essentially unloaded segment (a couple of folks reading emails)
  Source Machine: iMac 24" 3.06 Core2Duo with 8gb RAM
  Most important fact: nothing has changed on the server (other than usual updates)
  Doing an initial backup of the iMac over the network, and getting peak of about 100Kb/sec, and much of the time it seems to have stalled. Given that the machine has like 230GB to backup, this is going to take a real long while. When I query activity monitor on both the client and Xserve, they are both virtually idle with all resources free (lots of free RAM/Disk/CPU). Neither machine is running any apps right now during the test (other than filesharing, but nobody is using as the office is empty today)
  Now one thing to note is the staggering number of files (iPhoto library is ~120gb and holds over 500,000 files [faces?]) giving a total of 1.2M files.
  As a point of testing, copied a 500mb quicktime movie to same partition, took <5 seconds.

  Should I be concerned that the TimeMachineBuddy widget is producing tons of error messages in the system console (and doesn't seem to work)
  8/4/09 3:34:01 PM [0x0-0xb00b].com.apple.dock[233] 2009-08-04 15:34:01.438 DashboardClient[381:10b] com.bluedog.tmwidget.TimeMachine: ERROR: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma
  8/4/09 3:34:01 PM [0x0-0xb00b].com.apple.dock[233] 2009-08-04 15:34:01.439 DashboardClient[381:10b] (com.bluedog.tmwidget.TimeMachine) file:///Users/henryhbk/Library/Widgets/Time%20Machine%20Buddy.wdgt/Utilities.js: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma (line: 33)
  8/4/09 3:34:02 PM [0x0-0xb00b].com.apple.dock[233] 2009-08-04 15:34:02.359 DashboardClient[381:10b] com.bluedog.tmwidget.TimeMachine: ERROR: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma
  8/4/09 3:34:02 PM [0x0-0xb00b].com.apple.dock[233] 2009-08-04 15:34:02.360 DashboardClient[381:10b] (com.bluedog.tmwidget.TimeMachine) file:///Users/henryhbk/Library/Widgets/Time%20Machine%20Buddy.wdgt/Utilities.js: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma (line: 33)
  8/4/09 3:34:02 PM [0x0-0xb00b].com.apple.dock[233] 2009-08-04 15:34:02.620 DashboardClient[381:10b] com.bluedog.tmwidget.TimeMachine: ERROR: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma
  8/4/09 3:34:02 PM [0x0-0xb00b].com.apple.dock[233] 2009-08-04 15:34:02.621 DashboardClient[381:10b] (com.bluedog.tmwidget.TimeMachine) file:///Users/henryhbk/Library/Widgets/Time%20Machine%20Buddy.wdgt/Utilities.js: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma (line: 33)
  8/4/09 3:34:02 PM [0x0-0xb00b].com.apple.dock[233] 2009-08-04 15:34:02.885 DashboardClient[381:10b] com.bluedog.tmwidget.TimeMachine: ERROR: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma
  8/4/09 3:34:02 PM [0x0-0xb00b].com.apple.dock[233] 2009-08-04 15:34:02.885 DashboardClient[381:10b] (com.bluedog.tmwidget.TimeMachine) file:///Users/henryhbk/Library/Widgets/Time%20Machine%20Buddy.wdgt/Utilities.js: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma: Unrecognized message format: Aug 4 14:31:01 Henry-Feldma (line: 33)

• Webaccess on linux with no local domain?

  How can I install webaccess on a Linux box that does not have the domain directory?
  The machine is puerly a gateway between the internet and the back end groupwise box.
  GW7
  SLES10 ( for web access )
  NW6.5.7 ( For mta/poa/etc.... )
  Thanks
  Robin

  Hi,
  twinturbo wrote:
  >
  > I assume I have to create a "second domain" in my existing system
  Correct.
  > But form console one on the linux box there is no way to access the
  > domain directory on the netware box in order to add the second domain
  > into the system.
  You're looking at this backwards. You need to use the same ConsoleOne
  you use today to manage your GW. *That* instance of ConsoleOne must be
  able to map a drive to the new server. You need this anyways to be able
  to admin it. The new server does *not* need to connect anywhere.
  > Or do I create a new system on the Linux?
  No!
  CU,
  Massimo Rosen
  Novell Product Support Forum Sysop
  No emails please!
  http://www.cfc-it.de

• DNS: Client can't connect because .local domain isn't in DNS. How can I connect over the WAN to server.domain.local?

  So my 2012 server is set up on the LAN with a .local domain name. 
  Remote Desktop Services are set up and remoteapp stuff works fine on the LAN.
  I've set up port forwarding so I can connect to the server over the WAN too, but remoteapp stuff is a bit different. I can connect to the server by specifying the correct IP address. Giving a Web browser the address
  https://serverIPAddress/RDWeb
  lets me get the login screen and see the range of apps for me to run. I select one, the connectoid is downloaded correctly (in Chrome) and I click on the downloaded connectoid. 
  Unfortunately, rather than pursuing the sensible IP-address approach that I started with, the connectoid has been given the server's name on the LAN:  server.domain.local. Clearly, the client machine tries to look this up but DNS hasn't heard of
  it because it's a .local address. 
  I cannot be the only one to have come across this apparent oversight on Microsoft's part. Any ideas as to how this can sensibly be overcome? Obviously, I could put the IP address translation into every client's hosts file (and I've done this and shown it
  works) but I've got too many clients to mess about like this. Anybody know 'the Microsoft way' to fix this?
  Thank you for checking this out -- I am confident the details of the problem are completely specified in this query but, if I'm wrong, please ask.
  Many thanks again,
  Biffo

  Hi,
  I would like to suggest you to follow the checklist.
  Checklist: Make RemoteApp Programs Available from the Internet
  http://technet.microsoft.com/en-us/library/cc772415.aspx
  Thanks.
  Jeremy Wu
  TechNet Community Support

• .local domain and autodiscover issues

  I want to preface this by saying I am a new administrator.
  Our SSL cert recently expired, and since .local domains can no longer be on certs, were registered a CA cert with autodiscover.domain.com and mail.domain.com. This new cert was successfully applied, but whenever someones opens their e-mail they get a warning
  about the name on the server not matching the cert. I
  I'm pretty sure this is juts a few DNS records I need to update but I don't know which ones and really need some guidance.
  Thanks for your time.

  So what you are saying is that his current DNS for company.com (which his internal users use for external access) needs to be duplicated internally, then modified to support his internal email access?  I've set up many systems where internal DNS and
  external DNS hosted the same name, and it is far from simple as "a new zone takes less than a minute to create".  How do you handle internal access to external sites (which is currently working just fine with his external DNS)?
  To answer your question, my recommendation is that his internal clients use AutoDiscover to gain their internal settings. Keep in mind that while the Exchange server may be in the .local domain, the SMTP domain they host is a .com domain. And since his servers
  are in a domain, any domain-attached Outlook client will be able to access the mailbox successfully.
  Just create a new DNS record pointing to the external host.  Or get a new domain name that doesn't have external websites, then create a new DNS zone for that.
  Alright, so with your recommendation - he updates his clients to use Autodiscover, which they are likely already using, to gain internal settings.  And then what do you configure the internal URLs as?  
  For example - Autodiscover.
  You set the AutoDiscoverServiceInternalURI to servername.domain.local -> he still gets a cert prompt every time he opens Outlook.
  You set the AutoDiscoverServiceInternalURI to mail.domain.com to match the certificate -> Now ALL autodiscover requests from all clients are going out to the internet, then back into the Public VIP.  
  Same with EWS.  And this is assuming he's using RPC/TCP rather than HTTP.  So then he's either going to get prompts for cert every time he opens outlook and checks OOF or mailtips, or all internal clients are going to use the external VIP for Autodiscover
  and EWS. 

• Certificate error on Outlook 2013 clients, Outlook 2007 clients do not get certificate error, Exchange 2010, dot local domain name

  Hi
  I'm looking for a solution that I can't seem to find.  I have an Exchange 2010 server running in a dot local domain (domainname.local), so my SSL certificate is installed using the servers external email DNS name.  email.mycompany.com
  I have followed the instructions to resolve this on the Exchange server, implemented the changes so autodiscovery sees the server as email.mycompany.com.  This works great for my Outlook 2007 users.  The downside is that none of my Outlook 2013
  clients can access their email without the certificate error server name mismatch.  
  I know Outlook 2013 has tighter security but I need to get rid of these cert errors, any thoughts out there?

  Hi,
  Since both your Outlook 2007 users and Outlook 2013 users are using Exchange 2010 with the same server configuration, it should be working in both Outlook client version.
  Please restart your IIS service by running IISReset /noforce from a Command Prompt window in Exchange to have a try. In Outlook, please re-create a Outlook profile to check whether the issue persists.
  Regards,
  Winnie Liang
  TechNet Community Support

• Upgrading 10.6.8 to Snow Leopard Server?

  After a recent servicing at the Apple Retail store, my mid-2010 MacMini has a clean installation of OS X 10.6.8 (client, i.e., non-Server). I want to re-install OS X Snow Leopard Server that came with the machine when it was purchased. Can it be installed on top of 10.6.8, or do I need to wipe the disks again and re-install from scratch using the Snow Leopard Server Install DVD?

  Thanks mende1, I appreciate the quick response.
  What is the general consensus within the community about the relative benefits of upgrading to Mountain Lion (particularly within a server environment)? I'm thinking that if I have to do a complete OS install, I might as well upgrade to Mountain Lion and then apply the Server.app on top of that.

• 5 mail domains with one snow leopard server

  Hi,
  i have a mac pro with snow leopard server and i want to set up the mail service. If i only have one domain, i know that i can do that, but i want to do it with 5 domains. Can I do that? How can I do it?
  Than you for your help.

  I am using mail.app from mac os x snow leopard.
  The smtp settings on mail:
  port (25,465,587)
  ssl activated
  md5 challenge-response
  and i copied it:
  biff = no
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  content_filter =
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  enableserveroptions = yes
  header_checks =
  html_directory = /usr/share/doc/postfix/html
  inet_interfaces = all
  mail_owner = _postfix
  mailboxsizelimit = 0
  mailbox_transport = dovecot
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  messagesizelimit = 10485760
  mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
  mydomain = playstore.es
  mydomain_fallback = localhost
  myhostname = server.playstore.es
  mynetworks = 127.0.0.0/8
  newaliases_path = /usr/bin/newaliases
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  relayhost =
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = _postdrop
  smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated permit
  smtpdenforcetls = no
  smtpdhelorequired = no
  smtpdhelorestrictions =
  smtpdpw_server_securityoptions = cram-md5
  smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination permit
  smtpdsasl_authenable = yes
  smtpdtlsCAfile = /etc/certificates/server.playstore.es.D03BC945C97A0058A8CB9D7F862D48EED9CE5C3D. chain.pem
  smtpdtls_certfile = /etc/certificates/server.playstore.es.D03BC945C97A0058A8CB9D7F862D48EED9CE5C3D. cert.pem
  smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL
  smtpdtls_keyfile = /etc/certificates/server.playstore.es.D03BC945C97A0058A8CB9D7F862D48EED9CE5C3D. key.pem
  smtpduse_pwserver = yes
  smtpdusetls = yes
  tlsrandomsource = dev:/dev/urandom
  unknownlocal_recipient_rejectcode = 550
  virtualaliasdomains = $virtualaliasmaps hash:/etc/postfix/virtual_domains
  virtualaliasmaps = $virtual_maps hash:/etc/postfix/virtual_users
  Thank you again.

• Intel Xserve with Leopard Server 10.5.5 won't let me in via login

  A power outage appears to have created some issues with my intel Xserve, running Leopard server 10.5.5
  The System identifier light was blinking, so I booted up from the Leopard disk and found out that my mirrored internal array needed to be rebuilt. No problem, 4 hours later, I repair permissions on the mirrored internal array, everything gets "repaired". Change bootup disk to the internal 10.5.5 mirrored array and reboot. System Identifier light stopped blinking, things were looking good.
  The login screen comes up and when I put in the admin username and password, the screen does the shake of the wrong login.
  What's weird is, on my laptop I can use Server Admin, Workgroup Manager, and the screen sharing for the server....with the admin username and password.
  So, I figure, perhaps the mirror rebuild requires me to reset the admin password. So, boot back up from the Leopard Server install DVD, run the password utility. and reset the main account password.
  I change the boot drive back to the internal mirror, same thing. I'm stuck. I can't get past the login screen on the actually server....or via the screen sharing...and Server Monitor appears to be stuck at 'waiting for response'. I can, again, use Server Admin and Workgroup Manager on my laptop and make changes to the X server software....but I can't log into the X serve.
  My webpage, wiki, etc....are all serving fine. But, I'd like to be able to figure out what I'm doing wrong...log back in and run super duper, etc.
  Help...please...

  Spent all day with apple support. They said it sounded like the LADP database was corrupted. They had me try to login as root, via an opendir account, etc. No luck.
  So, they suggested I do a fresh install of the Leopard server on an external drive. Did that. They then suggested I use my laptop and the workgroup manager app to log in to the xserver, export users, groups and computers....and to copy over the library/collaboration folder to the external "clean install" of Leopard server.
  Did that and followed the instructions to "relink" the metadata.plist files in each group, to the GUID to the groups in workgroup manager. First issue, they weren't different GUID strings.
  Well, that didn't work...kept getting file not found error. When trying to access the domain.com/groups/groupname...it should've asked for authentication. And let me into that wiki...but no, apache error page.
  So, they had me create a new "test" group....added a user. Start and stopped the web...etc. This didn't create a new wiki entry (when we replaced my custom index.html to the default index where groups/wikis/blogs populate automatically at the main). And, there's no new "test" folder in the library/collaboration files.
  They then said "well, it must be because you don't have reverse DNS configured right, that's why the new wikis won't set up". I've contacted dyndns.com...but I don't think that's the problem.
  So, I've rebooted my xserver to the internal drive. The wiki and blog is still there, still accessible the way I like....I still can't login to the xserver.
  So, I'm wondering, if anyone knows a way I can boot up my xserve in the target drive mode, hook up my laptop and replace / swap whatever admin files so that when I boot up my xserve, I can login again.
  There has to be a way to hard fix a hidden file? Replace a DB? Some awesome terminal command to get me in and fix the admin account / password....
  Or, does anyone know if the reverse DNS issue applecare cites is legit? Doesn't make sense how, the same public ip and domain name, that's worked for some time...suddenly doesn't???
  I'm hoping someone can help me.

• Help - Snow Leopard Server Setup with AEBS

  Hi.
  I am trying to setup two things at once. Good start, eh ;0)
  Step-by-step, this is what I have:
  Internet connection
  Static IP address
  Apple Airport Extreme Base Station
  Mac Mini Server (Snow Leopard)
  Registered Domain name with access to control panel for the name
  This is what I want to do:
  Connect the AEBS to the Internet
  Connect the Server to the Internet via AEBS
  Connect Client computers (all Mac, iPhone & iPad) to the server network and the internet locally
  Connect Client computers (all Mac, iPhone & iPad) to the server network and the internet remotely
  This is the information that I have been given by my ISP (I have added letters before the address to help you to help me identify where they should be entered):
  Router IP: (a)192.xxx.94.x (maps to (b)195.xxx.xx.xx)
  Subnet Mask: (c)255.255.255.0
  Default Gateway: (d)192.xxx.94.x
  DNS 1: (e)192.xxx.50.xx1
  DNS 2: (f)192.xxx.50.xx2
  SMTP: (g)smtp.xx.net
  I can't really find any obvious instructions, particularly about pointing my domain name to the router/server. Do I change the name servers/the A records, the A&MX Records on the domain control panel?
  If anyone has any experience with setting-up the server with an AEBS, I would be truly grateful for some pointers! e.g. put IP address (a) in box (x)
  Ha! if only it were that easy, but any help would be appreciated.
  Thanks in advance.

  Easy answer. Paid a local IT company to come and check my settings. Turns out that due to the office that I am in, I am in a 'double NAT' environment. When AEBS was throwing-up NAT errors, I was unsure about continuing.
  Al sorted now with a few phone calls to the ISP and 2 hours' work by the IT company. Done. What else can I try and break???

• "Sharepoint 2013" is giving error that prevents local domain users authentication for "Team Foundation Server"

  I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
  1st Error (from administrative events):
  The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception. More information is included below.
  Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
  Tried so far:-
  - changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
  2nd Error (from application server):
  DistributedCOM error
  The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
  {000C101C-0000-0000-C000-000000000046}
   and APPID 
  {000C101C-0000-0000-C000-000000000046}
   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
  Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
  https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
  Other Fixes I tried
  - Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
  loading up using w3wp.exe from processes. 
  Concern
  - by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?

  Hi Kpdn, 
  Thanks for your post.
  All your participation and support are very important to build such harmonious/ pleasant / learning environment for MSDN community.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Unable to access gateway and DNS via VPN (L2TP) with Snow Leopard Server

  Summary:
  After rebooting my VPN server, i am able to establish a VPN (L2TP) connection from outside my private network. I am able to connect (ping, SSH, …) the gateway only until the first client disconnects. Then i can perfectly access all the other computers of the private network, but i cannot access the private IP address of the gateway.
  Additionally, during my first VPN connection, my DNS server, which is on the same server, is not working properly with VPN. I can access it with the public IP address of my gateway. I can access it from inside my private network. A port scan indicates me that the port 53 is open, but a dig returns me a timeout.
  Configuration:
  Cluster of 19 Xserve3.1 - Snow Leopard Server 10.6.2
  Private network 192.168.1.0/255.255.255.0 -> domain name: cluster
  -> 1 controller, which act as a gateway for the cluster private network, with the following services activated:
  DHCP, DNS, firewall (allowing all incoming traffic for each groups for test purposes), NAT, VPN, OpenDirectory, web, software update, AFP, NFS and Xgrid controller.
  en0: fixed public IP address -> controller.example.com
  en1: 192.168.1.254 -> controller.cluster
  -> 18 agents with AFP and Xgrid agent activated:
  en1: 192.168.1.x -> nodex.cluster with x between 1 and 18
  VPN (L2TP) server distributes IP addresses between 192.168.1.201 and 192.168.1.210 (-> vpn1.cluster to vpn10.cluster). Client informations contain the private network DNS server informations (192.168.1.254, search domain: cluster).
  _*Detailed problem description:*_
  After rebooting the Xserve, my VPN server works fine except for the DNS. My client receives the correct informations:
  Configure IPv4: Using PPP
  IPv4 address: 192.168.1.201
  Subnet Mask:
  Router: 192.168.1.254
  DNS: 192.168.1.254
  Search domain: cluster
  From my VPN client, i can ping all the Xserve of my cluster (192.168.1.1 to 18 and 192.168.1.254). If i have a look in Server Admin > Settings > Network, i have three interfaces listed: en0, en1 and ppp0 of family IPv4 with address 192.168.1.254 and DNS name controller.cluster.
  The DNS server returns me timeouts when i try to do a dig from my VPN client even if i am able to access it directly from a computer inside or outside my private network.
  After i disconnect, i can see in Server Admin that the IP address of my ppp0 interface has switch to my public IP address.
  Then i can always establish a VPN (L2TP) connection, but the client receives the following informations:
  Configure IPv4: Using PPP
  IPv4 address: 192.168.1.202
  Subnet Mask:
  Router: (Public IP address of my VPN server)
  DNS: 192.168.1.254
  Search domain: cluster
  From my VPN client, i can access all the other computers of my network (192.168.1.1 to 192.168.1.18) but when i ping my gateway (192.168.1.254), it returns me timeouts.
  I have two "lazy" solutions to this problem: 1) Configure VPN and DNS servers on two differents Xserve, 2) Put the public IP address of my gateway as DNS server address, but none of these solutions are acceptable for me…
  Any help is welcome!!!

  I would suggest taking a look at:
  server admin:vpn:settings:client information:network route definitions.
  as I understand your setup it should be something like
  192.168.1.0 255.255.255.0 private.
  at least as a start. I just got done troubleshooting a similar issue but via two subnets:
  http://discussions.apple.com/thread.jspa?threadID=2292827&tstart=0