If you’re using Mobile Device Manager, it’s likely that you’ll want to have your phones be able to resolve single label names. If you do, then there are 2 basic options that you have, first you can make WINS servers accessible to the devices, or alternatively, you can configure the phones to append a DNS suffix to single label name queries. In fact, as with the full OS’s, you can actually do both.
There is a Technet article located here which talks about some of this, and gives the following ADM template to be used to apply 2 registry settings to the phones – IMPORTANT DETAIL: AS OF 8/21/2008, ONE OF THE REG KEYS BELOW IS INCORRECT – SO KEEP READING!!!!
CLASS MACHINE
CATEGORY “Windows Mobile Settings”
CATEGORY “Contoso DNS Settings”
POLICY “Name Resolution Ordering”
KEYNAME “SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Comm\AFD”
VALUENAME “NameResolutionordering”
VALUEON NUMERIC 4
VALUEOFF NUMERIC 1
END POLICY
POLICY “DNS suffix”
KEYNAME “SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Comm\MSEC\IPSECVPNNIC1”
PART “Enter the dns suffix required” EDITTEXT REQUIRED
VALUENAME “Domain”
DEFAULT “dns.corp.contoso.com”
MAXLEN 32
END PART
END POLICY
END CATEGORY
END CATEGORY
The net effect of setting these 2 registry keys is *supposed* to be, that they change the single label name resolution behavior to WINS first, and then to DNS with the suffix appended.
But in my MDM environment, I don’t actually have WINS servers available. So this article doesn’t fully apply to me, and possibly you. The MSIT MDM deployment exclusively uses DNS, so the first thing that was important was to find that the NameResolutionOrdering registry key has the following settings:
The search order for name queries when set is:
Default (or 1) – DNS then WINS
Value 4 – WINS then DNSThe DNS queries will append any suffix as configured
So with this handy bit of information in hand, the first thing I did was chop out the section of the ADM template that set that registry key. In my case, default was good enough for me. Then I applied the GPO linked to the OU which our devices are in, recalculated the policy manually (I’m impatient) by using the update-MobilePolicyCalculation cmdlet on the Device Management server, and reconnected my device (using the Connect Now utility from the MDM resource kit client tools)
At this point, everything was working great – EXCEPT for that fact that it didn’t work.
When I would sniff the traffic on the DNS server, the queries all came in as single label names and did not have the suffix appended. After much thrashing about checking registry keys and investigating the client, I finally dragged one of the Program Managers from the product team over to my office to help. That was about the time that he let me in on the secret, that there is a “documentation bug” filed on that page, because the registry key for the setting the suffix is wrong. Oh great.
Rinse repeat the whole thing with the correct registry key, and here is what the ADM template which actually worked finally looked like:
CLASS MACHINE
CATEGORY “Windows Mobile Settings”
CATEGORY “MSIT DNS Settings”
POLICY “DNS suffix”
KEYNAME “SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Comm\MSEC\IPSECVPNVNIC1\Parms\TcpIp”
PART “Enter the dns suffix required” EDITTEXT REQUIRED
VALUENAME “Domain”
DEFAULT “mdm.microsoft.com”
MAXLEN 32
END PART
END POLICY
END CATEGORY
END CATEGORY
And that ladies and gentleman, is all that’s required to get single label name resolution on a mobile device, by appending a DNS suffix.