BPuhl’s Blog

A little bit of everything without actually being much of anything

Getting Single Label Name Resolution on MDM Enrolled Phones

Posted by BPuhl on August 21, 2008

If you’re using Mobile Device Manager, it’s likely that you’ll want to have your phones be able to resolve single label names.  If you do, then there are 2 basic options that you have, first you can make WINS servers accessible to the devices, or alternatively, you can configure the phones to append a DNS suffix to single label name queries.  In fact, as with the full OS’s, you can actually do both.

There is a Technet article located here which talks about some of this, and gives the following ADM template to be used to apply 2 registry settings to the phones – IMPORTANT DETAIL: AS OF 8/21/2008, ONE OF THE REG KEYS BELOW IS INCORRECT – SO KEEP READING!!!!

CLASS MACHINE
CATEGORY “Windows Mobile Settings”
       CATEGORY “Contoso DNS Settings”
            POLICY “Name Resolution Ordering”
                  KEYNAME “SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Comm\AFD”
                          VALUENAME “NameResolutionordering”
                          VALUEON NUMERIC 4
                          VALUEOFF NUMERIC 1
            END POLICY
            POLICY “DNS suffix”
                  KEYNAME “SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Comm\MSEC\IPSECVPNNIC1”
                  PART “Enter the dns suffix required” EDITTEXT REQUIRED
                         VALUENAME “Domain”
                        DEFAULT “dns.corp.contoso.com”
                         MAXLEN 32
                  END PART
            END POLICY
       END CATEGORY
END CATEGORY

The net effect of setting these 2 registry keys is *supposed* to be, that they change the single label name resolution behavior to WINS first, and then to DNS with the suffix appended.

But in my MDM environment, I don’t actually have WINS servers available.  So this article doesn’t fully apply to me, and possibly you.  The MSIT MDM deployment exclusively uses DNS, so the first thing that was important was to find that the NameResolutionOrdering registry key has the following settings:

The search order for name queries when set is:
          Default (or 1) –  DNS then WINS
          Value 4 – WINS then DNS

The DNS queries will append any suffix as configured

So with this handy bit of information in hand, the first thing I did was chop out the section of the ADM template that set that registry key.  In my case, default was good enough for me.  Then I applied the GPO linked to the OU which our devices are in, recalculated the policy manually (I’m impatient) by using the update-MobilePolicyCalculation cmdlet on the Device Management server, and reconnected my device (using the Connect Now utility from the MDM resource kit client tools)

At this point, everything was working great – EXCEPT for that fact that it didn’t work.

When I would sniff the traffic on the DNS server, the queries all came in as single label names and did not have the suffix appended.  After much thrashing about checking registry keys and investigating the client, I finally dragged one of the Program Managers from the product team over to my office to help.  That was about the time that he let me in on the secret, that there is a “documentation bug” filed on that page, because the registry key for the setting the suffix is wrong.  Oh great.

Rinse repeat the whole thing with the correct registry key, and here is what the ADM template which actually worked finally looked like:

CLASS MACHINE
CATEGORY “Windows Mobile Settings”
      CATEGORY “MSIT DNS Settings”
           POLICY “DNS suffix”
                 KEYNAME “SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Comm\MSEC\IPSECVPNVNIC1\Parms\TcpIp”
                 PART “Enter the dns suffix required” EDITTEXT REQUIRED
                        VALUENAME “Domain”
                        DEFAULT “mdm.microsoft.com”
                        MAXLEN 32
                 END PART           
            END POLICY
      END CATEGORY
END CATEGORY

And that ladies and gentleman, is all that’s required to get single label name resolution on a mobile device, by appending a DNS suffix.

Advertisements

7 Responses to “Getting Single Label Name Resolution on MDM Enrolled Phones”

  1. Laura said

    > “At this point, everything was working great – EXCEPT for that fact that it didn’t work.”

    My God, that’s the genius statement of the century.

  2. […] https://imav8n.wordpress.com/2008/08/21/getting-single-label-name-resolution-on-mdm-enrolled-phones/. […]

  3. […] https://imav8n.wordpress.com/2008/08/21/getting-single-label-name-resolution-on-mdm-enrolled-phones/. […]

  4. Tony said

    I currently am not able to get the DNS suffix to work. I have created and link the GPO to the OU. THe device is getting the GPO applied. I can see the device has the registry key for the DNS suffix that I want to append. However, when I attempt to reach an internal webpage via a single hostname (nonFQDN), the suffix is not appended and I get an error:

    The address is not valid. Check the address and try again.

    I am not using WINS. Also, I tested that the fully qualified domain name of the same site resolves properly from the device and I can reach it in IE on the device. So I know DNS is working and my device can reach it.

    Any ideas?

    THanks,
    Tony

  5. Tony said

    Ok,

    After more testing, I am able to get it working, sort of. Now if I use a device utility such as Enterprise Mobile’s IP utility () it resolves the single label hostname. However, IE still does not do it. I am still getting the error: The address is not valid. Check the address and try again.

    Why can’t IE append the suffix like the IP Utility? I will try to figure that out next.

  6. Tony said

    Ok. After I was able to prove that EM IP Util could successfully append the suffix, I knew it had something to do with IE. So on my MotoQ9c I went into IE–>Menu–>Tools–>Options–>Connections and unchecked the “Automatically detect settings.” I also changed the “Select Network” from Cellular to Internet (it also works if you chose Work). Then I went back and tried the single hostname (xyzserver) and it worked like a charm.

    So now, the next step is I have to find the reg settings for these things and include in the adm template. The other problem is that these IE settings don’t exist on the pocket PC IE, so I can’t figure out how to get it working on my palm treo pro yet….

    Tony

  7. well.. it’s like I knew!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: