Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS? Problem Browsing Local Network

Status
Not open for further replies.
rstill

rstill

Technical User
Feb 10, 2003
21
CA
I desparetely need some help. I am looking after a small network for a friend's accounting firm. This is the setup. 1 W2k Server with SP4. It is configured with AD, DHCP and DNS. DHCP provides the Gateway, Name Server, DNS Server and of course addresses. (Scope Options 003, 006, 015) There are12 XP Pro Clients - Simple file sharing (default) is on. ICF is Off (default). I am using a Netgear router for a firewall. All firewall settings are default with the these exceptions: the password has been changed, DHCP has been turned off and the alterante DNS server is set to My DNS server. Problem: I get some message like "you may not have permissions to use or view this resource" when tying to browse the local network. I can't even see the other machines. The file shares set up as drive mappings all work fine (shared folders are mapped to drives with the logon script) but browsing does not work. A user can share a printer but no one can see it to use it. (it will work if it is explictly defined). This is what does work. Drive mappings to shared folders, logon authentication. The internet is available to all machines and works just fine. I can ping the local host of all machines (from the machine) by name and IP address. From all machines I can ping the server by name and address. From all machines I can ping machines on the internet by name and address. In the Properties of my DNS server under Monitoring the Tests work just fine. So why can't all the clients see each other? nslookup can't find the server or domain. I did a Server NAME and a set domain=NAME. Then I was able to do an ls -a DOMAIN after that and saw all the machines listed with their IP addresses. So again... why can't my clients see each other, why can't they ping each other? I may go bald over this and I'm too old to go bald. Please help - I am kind of new to network troublshooting.. ps - I have 6 PC's at home with 1 w2K Server and 5 W2K clients and it works perfectly - The only thing I can see that is different is XP.
I really don't know much about DNS - It all works just fine if I use NetBUIE, but I don't want it nor should I need it.
 
Sort by date Sort by votes
rstill - question, if you go into network connections, what do you see listed there other then "local area connection" if anything. do you see something that says "internet connection"?

01110000
 
Upvote 0 Downvote
Don't forget that you can set your Windows 2000/XP machines NOT to answer PINGs. The IP security may be enabled on the machine you are testing (192.168.0.21) to refuse requests to the PING port, which I think is port 8. The reason the server might see the computers is that the Master Browser is working perfectly and it uses a different port.

I don't know if it will help, but all the info you can gather won't hurt.



"In space, nobody can hear you click..."
 
Upvote 0 Downvote
Yes, I think the DNS issues are resolved. The bigger and greater problem is somthing else.
All the PC's run off a 4 port netgear router and a 16 port linksys switch. It does not matter if I try to connect to a PC via the switch or router the results are the same.

jaksen112 - I don't recall what I called the connection but yes I have one there, I think I called it LAN (local area connection) I called the other one Internet I think. I am not at that office right now. The Internet NIC is not used - that will be put into play later - I will probably call it VPN at that time. I have that nic configured to use DHCP settings for now.

As for the IP security regarding ping - is this set to refuse pings by default. All 12 clients are brand spanking new XP Pro machines and I can;t connect to any of them via UNC names, ping 192.x.x.x or by ping ComputerName
 
Upvote 0 Downvote
nedmega - nslookup has several switches, one of them being ls - it works similar to UNIX's ls. It lists info from the DNS database. ls -d will produce almost everying in there by the looks of it.
Cheers
 
Upvote 0 Downvote
Reason I ask is because I also run a small home network using a linksys router/firewall, one time after introducing a brand new dell pc, I couldnt browse to or from it period, error was path was not found. after an hour of head scratching I noticed something listed in network connections labled "internet connection" that I never saw before, after toying with the settings here my problem was solved.

this is def an odd one you have going on, I look fwd to finding out what the resolve will be.

01110000
 
Upvote 0 Downvote
If it is any consolation, I am now experiencing the same problem.

My network spans 10 sites across the city and no one can browse outside their subnet. Most get the "You do not have permission..." error when trying to open the domain under the Microsft network.

Problems started happening when we added 300 XP clients...

I am looking more towards a licensing issue, although everything is up to snuff with M$.....

I have checked DNS, Wins, Browser, routing, you name it I have checked it. Everything was fine up to last week. I understand rstill's frustration becuase everything still works yet you can't see anything to use it...

One thing I read that I haven't finished testing yet and maybe you can and report back. There is a windows update for XP called Advanced netwrok pack (or something like that) it supports IPv6 and is not a critical update. Do you have it installed? If so, try and remove it from all systems and see what happens.

Hewissa

MCSE, CCNA, CIW
 
Upvote 0 Downvote
You need to learn about browsing in a Windows environment.



When you get home to that network that works perfectly, take a trace while browsing resources. You'll notice that the client is making a call to DNS. It's looking up the SRV record. No try it at work. No SRV record, the client downgrades to plain old Netbios; ports 137, 138, and 139. Of course, you have this disabled ...

In a single server environment, the netlogon service starts before the DNS service. I doubt you DC is registering in DNS correctly. Try:

1. Restart the netlogon service
2. IPCONFIG /refreshdns

This should reregister everything; after DNS has started.
 
Upvote 0 Downvote
It seems that everyone is focused on DNS/Pinging/WINS and everything else related to networking.

Go back to the basics. What does your network topology look like, how many switches and hubs do you have on your network. I had the similiar problem and it turned out that the Intelegent switch that I was using needed to have some configurations done to each port in order to rectify the problem. Each port needs to be configured properly depending on if a PC, Switch, Hub, Router, Thin Client, etc.

Tell me about your physical network layout.
 
Upvote 0 Downvote
Depending on what was connected you had to enable or disable some features, such as Edge Port, Spanning Tree, Trunk settings, Vlan settings,etc.

On one occasion, I had a PC connected to the master switch and I was able to log on successfully, internet access was fine, connecting to my database was fine and connecting to my Exchange server was fine. However, I could not connect to network drives until I changed a setting on the port.

When we first implemented the switchs, we simply pluged them in as normal and started using it. The next morning the entire network was down, we spent hours trying to figure out what was wrong. Finally we used the serial cable that was shipped with the switch to assign an IP address to the switch. We connected through a browser to the switch via the IP and there were more features than a Luxury car to configure.
 
Upvote 0 Downvote
xmsre - That sounds intriguing. I can't wait to give that a try. I will be able to get there this evening some time.
I will look into those links you pointed me to as well.
 
Upvote 0 Downvote
Same issue when you put an E2K FE in the DMZ, then use a host file so it can find the DC/GCs on the internal network. No SRV record, no direct hosting on 445. It falls back to 137, 138, and 139, which are usually blocked. I've seen this enough times that I have ample traces to prove it.

 
Upvote 0 Downvote
Just so you all know - Netbios over TCP/IP is enabled and always has been. (on all machines) The Computer browser service is "Sarted" on all computers and always has been.

I will try restarting the Netlogon service tonight and then do an IPCONFIG /refreshdns and see if all my problems go away.
 
Upvote 0 Downvote
Crap!!!!!
And by the way... there has been no port tampering of any kind and I can't beleive that the default settigs for ports on a very basic system would prevent browsing (I could be wrong)
I did read up on browsing (that took me back many years when I did my MCSE - eons ago)
I think the DNS issues are resolved - I hope
STILL NO BROWSING - I checked the HKEY_LocaMachine etc.
The ISDomainMaster was set to FALSE on the PDC, I changed it to TRUE. I checked all clients, the value was set at FALSE so I left it that way.
I stopped and started the logon service.
I cleared the DNS cache via IPCONFIG /flushdns I renewed by doing a IPCONFIG /registerdns
I STILL don't have the ability to browse, connect via UNC names or ping local clients. Maybe it's the freaken Linksys NIC on the server.
Maybe I should Disable the internal NIC and see what happens. When that doesn't work maybe I should enable the integrated NIC and throw the freaken Linksys NIC away and when that doesn't work I will have to concede and install NetBUIE I know that will work. I already tried it but shoudln't have to use it. (I know, tisk tisk don't be so negative)
Thanks for the help everyone - If I ever do get it I will be sure to let you know.
 
Upvote 0 Downvote
Set a second server to be the designated backup browser. ISDomainMaster = False; Maintainserverlist = Auto.

Did you try to remove the XP Advanced Networking pack on all clients?

Hewissa

MCSE, CCNA, CIW
 
Upvote 0 Downvote
hewissa,
What is that and how do you remove it???
 
Upvote 0 Downvote
I did however get rid of the other nic in the server. Then the problems really got bad. I ended up having to reinstall AD, DNS & DHCP. I really had a runaway.
All the problems still exist. DNS has a new one. When I create a host record in the forward lookup zone and select Automatically create a pointer record - it doesn't. It also did not populate the list of root hints. It there an easy way to get that list back?
 
Upvote 0 Downvote
Demote the DC (you only have one right?) Uninstall DNS again,make sure you manually remove DNS folder, I think in system 32 not sure.. then promote again. You did remove the "." root from the DNs server right? Just checking.

You can also try:

if you have a second DNS server...

The Advanced networking pack is on the XP client machines and can be removed using Add/Remove programs. It is installed using windows update. I had read that this update, on a 2K domain can cause this problem, but again it is here-say. I thought maybe, since you had a small number of XP clients, and if it was installed, you could test it out and remove it from all XP machines. For me, I have over 400 across my domain and the problem only began when I installed the last 300 with SP1 and the ANP.




Hewissa

MCSE, CCNA, CIW
 
Upvote 0 Downvote
Here is what I know after today. I took a W2K notebook from my "perfect" home domain. Joined it to my friends (accounting office) domain. It worked perfecly right away. Pinging, browsing all perfect. Instant conclusion XP really sucks. XP has been the problem right from the start. (Yes I did have some minor DNS issues and thanks for the help). I can ping by hostname and IP address from an XP machine to my w2k host and to the server. XP machines don't talk to each other. I can browse from my w2kpro client to other machines. XP machines say I don't have permission to access the domain or resource (while tesing everyone and everything had full admin rights.)
The XP Hotfix (if it is installed) is Hotfix KB817778 that is to do with Peer to Peer stuff and IPv6 stuff. I have yet to see if it is installed. I have my doubts though. This problem has existed from day one. BEFORE any updates were installed and continued on after updates were installed but I will look into it.
 
Upvote 0 Downvote
On a Win XP machine Right-Click on My network Places and choose properties. Right Click on your Lan Connection and choose properties. Click on the advanced tab and verify that the Internet connection firewall is not checked.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
292
suncit
suncit
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
447
gbaughma
gbaughma
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
189
DTGMI
DTGMI
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
121
hairlessupportmonkey
hairlessupportmonkey
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
385
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top