DNS? Problem Browsing Local Network

[rstill]

I desparetely need some help. I am looking after a small network for a friend's accounting firm. This is the setup. 1 W2k Server with SP4. It is configured with AD, DHCP and DNS. DHCP provides the Gateway, Name Server, DNS Server and of course addresses. (Scope Options 003, 006, 015) There are12 XP Pro Clients - Simple file sharing (default) is on. ICF is Off (default). I am using a Netgear router for a firewall. All firewall settings are default with the these exceptions: the password has been changed, DHCP has been turned off and the alterante DNS server is set to My DNS server. Problem: I get some message like "you may not have permissions to use or view this resource" when tying to browse the local network. I can't even see the other machines. The file shares set up as drive mappings all work fine (shared folders are mapped to drives with the logon script) but browsing does not work. A user can share a printer but no one can see it to use it. (it will work if it is explictly defined). This is what does work. Drive mappings to shared folders, logon authentication. The internet is available to all machines and works just fine. I can ping the local host of all machines (from the machine) by name and IP address. From all machines I can ping the server by name and address. From all machines I can ping machines on the internet by name and address. In the Properties of my DNS server under Monitoring the Tests work just fine. So why can't all the clients see each other? nslookup can't find the server or domain. I did a Server NAME and a set domain=NAME. Then I was able to do an ls -a DOMAIN after that and saw all the machines listed with their IP addresses. So again... why can't my clients see each other, why can't they ping each other? I may go bald over this and I'm too old to go bald. Please help - I am kind of new to network troublshooting.. ps - I have 6 PC's at home with 1 w2K Server and 5 W2K clients and it works perfectly - The only thing I can see that is different is XP.
I really don't know much about DNS - It all works just fine if I use NetBUIE, but I don't want it nor should I need it.

 

[JockFrog]

Hi rstill,

Can you give me some info on the results of an ipconfig /all from the command prompt> on the DC and from one/any of your clients?

It could be an addressing problem or perhaps a service problem.

AP

 

[TechyMcSe2k]

You will need to have WINS running on this network also.


Cliff, CCNA/MCSE/MCSA 2000
Network Administrator

 

[TechyMcSe2k]

The DHCP scope will need to include options 44 and 46 once you get WINS operational.

Cliff, CCNA/MCSE/MCSA 2000
Network Administrator

 

[jaksen112]

why would he need WINS? I dont see how that makes sense being he has DNS running.



01110000

 

[TechyMcSe2k]

You still need reverse IP resolution to a hostname. We are not at a point in a network where we can completely get rid of WINS.

Cliff, CCNA/MCSE/MCSA 2000
Network Administrator

 

[jaksen112]

Techy69, note he said he can ping these hosts by name.

rstill ... Ipconfig /all results?

01110000

 

[rstill]

I do not want WINS nor do I need it. It works perfectly when I install it but that't not the issue. My home network works GREAT without it. (1 server 5 clients)
ipconfig /all shows DHCP enabled - YES, Autocinfiguration enabled - YES, IP Address 192.168.0.51 (within the scope I defined in DHCP), Subnet 255.255.255.0, Gateway 192.168.0.1, DNS Severs 192.168.0.1 and 192.168.0.10 - It's perfect. I can ping by name and address all internet machines/addresses and the server by name and address. DCHP is working, all clients are getting the gateway and DNS servers (I don't think I need the 192.168.0.1 listed - it's only the netgear router) Ping by name and IP of the locahost suggests good TCP/IP. I would sustect hardware but not on ALL brand new clients.
Thanks

 

[rstill]

Remember - I can ping everything by Name and Address Except machines on the local domain. I am not running any subnets - I did recenty add a reverse lookup zone and nslookup now spits out data (nslookup -d DOMAIN) It lists all the pc's and their address. I was hope-full for a moment but I still can't browes to the other machines.
And yes the browser service is running or I wouldn't have the success with every other connection.
This one is killing me. I even had the guy on the phone tonight and walked him through all the settings (in DNS) checking it against my home network that works perfectly. The setup looks good. I even when as far as reinstalling his server two weeks ago.

 

[jaksen112]

"Remember - I can ping everything by Name and Address Except machines on the local domain "

wait I'm confused, you cant ping the local machines from each other by name? eg: 192.168.0.51 cant ping by name to 192.168.0.52?

did you set up the DHCP server to automatically register hostnames it passes addresses to?



01110000

 

[TechyMcSe2k]

Just another idea below. Hopefully I won't be pounced on again for my suggestions. Doubt this will resolve, but worth a try. Also, have you tried a static IP setup on a few PC's just for troubleshooting purposes?

If you can ping both the loopback address and your own IP address, but not any other IP addresses, you might have to clear out the Address Resolution Protocol (ARP) cache. This can be done by using the Arp tool. Use commands arp -a or arp -g to display the cache contents. Delete the entries by using arp -d "IP address". Flush the ARP cache by using "netsh interface ip delete arpcache".

Remember, we are here to try and help each other.

Cliff, CCNA/MCSE/MCSA 2000
Network Administrator

 

[wbg34]

ipconfig /all shows DHCP enabled - YES,
Autocinfiguration enabled - YES,
IP Address 192.168.0.51 (within the scope I defined in DHCP),
Subnet 255.255.255.0,
Gateway 192.168.0.1,
DNS Severs 192.168.0.1 and 192.168.0.10 - It's perfect.
I can ping by name and address all internet machines/addresses and the server by name and address. DCHP is working, all clients are getting the gateway and DNS servers (I don't think I need the 192.168.0.1 listed - it's only the netgear router)

Is this IPconfig from a workstation or the server?
Regardless of the answer to number one your DNS setup is wrong. Your Primary DNS needs to be your Domain DNS server and not your gateway. Secondly your router or gateway is forwarding DNS requests back to your DNS server. So in your current setup your computers check dns at the router first. The router forwards the request to your server. If they don't find the answer there they then check your server which has already benn checked.

Change the dhcp settings to serve your servers ip address as primary and your isp's dns server as secondary. Also verify that you have dns forwaders enabled and pointing to your isp's dns server. On your router change the dns setting to check your isp's Dns server.

Can you please provide an ipconfig /all from your DNS server.

 

[jaksen112]

you def dont need the netgear listed, just add an external dns address on the fwd'ng tab on the 2k dns box.

01110000

 

[rstill]

I will try clearing the ARP Cache and see what I get.
As for the ipconfig /all - I typed it wrong for you, the Primary DNS IS my server 192.168.0.10 the secondary is 192.168.0.1 (which is not required). The server and clients produce the same ipconfig /all output with the exception of the server; DHCP Enabled is NO (static ip) As far as forewarding goes - it is NOT turned on on my home network and all things work perfectly there. So I don't think I need it at the accounting office either. But it is worth a try. Also there was a suggestion to enter a DNS server or 2 from the ISP in the router set up. (I can have up to three) I will give that a try as well.
And to try and clarify what I can do;
From the server I can ping by host name and address of all internet machines I tried. From the server I can ping the localhost by name and address.
From the clients I can ping the server and internet machines by name and address. I CANNOT however ping client to client by name OR address. I CANNOT browes the clients from the server of from client to client.
Thanks a lot for all the help so far.

 

[rstill]

One more thing everyone! I just called the accounting office. Since I installed a reverse lookup zone the nslookup produces the desired results. THINGS have changed for ping as well.
Now instead of getting request timed out looking for "ComputerName IP Addrsss" messages he is getting DNS Request timed out. Time value was 2 seconds. ***Request COMPUTERNAME timed out. This is a new message for me so I hope it sheds a little more light on getting some help.
ans thanks again so far to everyone.

 

[jaksen112]

after reading that post I have to ask, are all of these pc's in question (cant ping each other) in the same location????


if all your machines are on the same subnet,(same loc) all getting addresses from their (same) gateway, and cannot ping each other .. something other then DNS is wrong. and being that your router doesnt seem to be a big player in this network I couldnt guess whats wrong at this point.


The msg you see now just verifies that DNS is working properly.


01110000

 

[bcastner]

. In Explorer, Tools, Folder Options, View, scroll nearly to the bottom and uncheck "Use Simple file sharing - recommended."

Otherwise everything is going through the permissions of the 'Guest' account, and the 'Guest' account cannot register with your internal DNS server.

. It sounds like you are sorting the DNS issues. I have some notes about XP as client under Win2k servers that may help: faq779-4017

In particular, handling your intranet and extranet settings under DNS. There really is only one "right" way to do so, see the FAQ and in particular the links to the MS KB articles.

You are nearly there.

 

[rstill]

Yes they are all on the same subnet (in the same location).
The default "simple file shareing is checked". I will disable that tonight and give it a try. It could very well be the Guest account that is messing me up. Although it did appear as though I had some DNS issues.
I will also give FAQ779-4017 a read.
Looks like I'm getting close.
Thanks

 

[rstill]

I hope some of you/all of you are still into following this thread.
I removed the check mark by Simple File Sharing on all the XP Pro machines (all the clients). Nothing changed.
I did run netdiag /fix to see what it produced. It did some diags on the internal NIC that is not plugged it to anyting (it always gets a 169 address). All tests passed.
I Added forewarders (the two my router is getting from his ISP)
No change in my situation

PING results from the Server

ping touch (touch is one of the pc's)
pinging touch.gpi.office [192.168.0.21
Request timed out.

ping touch.gpi.office
pining touch.gpi.office
Request timed out.

ping 192.168.0.21
pinging 192.168.0.21
Request timed out.

ping alldata (the name of the server)
pinging alldata.gpi.office [192.168.0.3]
a perfect 4 out of 4

ping 192.168.0.3
a perfect 4 out of 4

ping

http://www.lds.org

pinging lds.org [198.31.238.20]
a perfect score

This works from all clients, I can ping alldata by name and address as well as any internet site.
BUT CLIENT TO CLIENT is killing me Why Why Why doesn't it work?

All clients have an IP in the range of 192.168.0.21-50
All clients have a gateway of 192.168.0.1
All clients have a DNS address of 192.168.0.3

I can see all clients in Browse entire network/Network Neighborhood. I doulble click them or try to connect using the unc name \\touch\c$ and get the same message cannot find the path.
This has changed a little from when I started.

 

[nedmega]

Hi rstill,

Is the real problem you are trying to solve the inability to browse other network shares or DNS or both? You shouldn't need internal DNS setup to browse by using the UNC path.

For instance if you try to connect to \\touch\c$ and it can't find the path then something more than DNS is the problem.

These PC's are all on the same subnet but are they on the same switch or spread out across different switches or hubs.

I find it interesting too that you get a request timed out instead of an unknown host error which would almost make me think that DNS is working but the PC is refusing the PING. Do you have the XP Internet Firewall turned on under the LAN settings. I think you can configure under there to ignore ICMP echo requests which would explain the "Request timed outs". If it is on then try disabling it and see if your problem persists.

I suspect that if you find the answer to one problem you will have solved all of them.

Also on a side note, I notice you reference the ls command in your original post but don't mention any unix or linux boxes. Where did you run the ls command from...or does W2K Server have this command now and I've just never noticed...

-nedmega