Linksys VPN Net Neighborhood browsing issues

[terapxl]

I've seen this seemingly identical issue come up many times before (including in the FAQ), but following all that advice still isn't getting me functionality. Here's my scenario:

- 2 locations
- NT 4.0 Server at Location #1
- Linksys VP41 at Location #1, SX41 at Location #2
- aDSL at Location #1, cable at Location #2, both dynamic IPs
- most workstations are Win2K, TCP/IP

From Location #1, I can successfully ping machines at Location #2 by either IP (they're all static) or machine name. Works just fine - we have connectivity. At one point, though, we also had Network Neighborhood browsing just fine. Then it stopped. No idea why. Nothing was changed as AFAIK with the network. I can still see the local machines in the Net Neighborhood.

I've tried setting up the LMHOSTS file and that doesn't seem to work. I've tried NETBIOS broadcasting enable vs. disable. I've also tried installing WINS on the NT Server and designating its IP as the WINS server on the workstations. I've followed all the instructions (including copy/pasting LMHOSTS lines/spacing) and am still not having any luck.

Does anybody have any suggestions on what else I can try? What is the right combination of NETBIOS broadcast/WINS/LMHOSTS settings? Can they all co-exist? Should I only have *one* activated at a time?

Anybody have any suggestions? Am I completely misunderstanding these items? I've read all the FAQs and threads I can get my hands on and am just running out of ideas. This area is not exactly my strength, but it seems to me that it should be working, and actually *was* at some point. Any suggestions would be most appreciated.

 

[markku]

There are some issues regarding SX and Netbios passthru.

Please try following Firmware:

http://www.broadbandreports.com/forum/remark,7229650~root=equip,16~mode=flat

NETBIOS broadcast/WINS/LMHOSTS they all live happy together. LMHOSTS you need only for logging into domain. The services can reside in either end of VPN tunnel. Enable the Netbios broadcasts in the routers though.

 

[terapxl]

Thanks for the firmware tip. I did the upgrade successfully and it didn't seem to make a difference. Any other thoughts?

How should IPSEC in the "Advanced TCP/IP" settings (in Win2K on the workstations) be configured since we've got a VP41 on one end of the tunnel and an SX41 on the other? On or off? If "on," which mode?

One thing I did notice on the SX41, it wouldn't let me update the WINS field. It let me type in numbers, but reverted to 0.0.0.0 after clicking "apply." Is this an issue for machines with static IPs and WINS server numbers manually entered via the TCP settings?

Should I also do a firmware upgrade to the VP41? It appears I'm behind on that one as well.

I feel like I'm still missing something, so any other suggestions would be most appreciated. I'd also be happy to give more info on the setup if necessary. Thanks!

 

[markku]

There are new firmwares just released for both boxes. Please upgrade. WINS server setting is working in the current SX firmware.

No IPSec configuration necessary with the workstations = off, since routers are doing the IPSec and routing between subnets.

Just enable Netbios passthru with both routers and you will see the network neighbourhood. Assuming the workgroups match both sides of the tunnel.

 

[terapxl]

Just to clarify, neither router has a "NetBIOS passthrough" setting anywhere I can find. There's a "NetBIOS broadcast" as well as "Multicast passthrough," "IPSec passthrough" and "PPTP passthrough." The SX41 also has a "PPPoE passthrough." How should these be set? Currently, they're all enabled on both routers. Individual computers are all set to "enable NetBIOS over TCP/IP" in the advanced TCP properties.

I can certainly try the firmware upgrade to the newest for each router, but does there seem to be something else not set up properly or working correctly if I have all these above settings enabled and am still not seeing the other machines? I have seen the remote machines, albeit briefly, in the network neighborhood twice. Once was when we first set up the routers. This lasted days and then went away for no reason. The second time was recently as I was playing with WINS, LMHOSTS and the NetBIOS broadcast settings, but this time the other machines were only visible for hours and then disappeared. I can't get them back, regardless of the settings I try.

Will the new firmware for each router magically fix these kinds of issues? I sure hope so...

Also, there are no remote "workgroups" ...the goal here is to have all local and remote machines be a member of and log into one *domain*. The domain name that all the machines are *supposed* to be members of is identical on all machines. There seems to be no problem with the local machines, but the remote machines can't login to the domain. Do I need to be using workgroups instead of the domain? What am I missing here? Any ideas?

 

[terapxl]

I'm going to reply to my own message with an update. I called Linksys tech support and they're telling me that everything is fine with the routers and this is apparently a strictly networking issue that they won't support. Their suggestion was to install IPX and Netbeui on at least one machine on either end of the tunnel to see if that helps. Should this help or is this a cop-out suggestion?

Also, I took remote desktop control over one of the remote machines at Location #2 and am seeing that my computers at Location #1 are now in their network neighborhood. This means that, at least temporarily, only the machines at Location #2 are not showing up in *anybody's* net neighborhood. Location #1 is showing up everywhere and Location #2 is nowhere. Even at Location #2, the local machines can't be seen.

Any thoughts? I'm still feeling a bit confused about this.

 

[markku]

Sorry for not-quite-exact advice. NetBIOS setting is in Advanced settings of VPN-tunnel in Linky routers.

IPX and NetBEUI suggestion is just BS, ignore. Only TCP/IP passes VPN tunnel.

For domain logon you need to specify you PDC in the remote machines LMHOSTS-file according to the instructions in lmhosts.sam-file.

Should work now.

 

[terapxl]

Not a problem. I thought I knew what you meant but just wanted to clarify.

I figured the IPX thing wasn't necessary, *but* enabled it and found something interesting. The remote machines at location #2 are now seeing (in the net neighborhood) all the machines from location #1, but *not* the machines at location #2. After enabling IPX/NetBEUI on one machine at location #2, that machine then could see *itself* in the net neighborhood where it *couldn't* before. What does *that* mean, I wonder?

Linksys is telling me that since I can ping all machines on either end of the tunnel successfully with both IP and name that this has *nothing* to do with the routers and is a more basic networking problem. They also specifically suggested not to upgrade firmware from where I'm at right now (1.40.3f on the VP41 and 1.44.11t on the SX41).

I do have the PDC noted in the LMHOSTS file as a PDC:
(192.168.2.100 MachineName #PRE #DOMomainName)
and that doesn't seem to make a difference. I also have entries for the domain name itself as per other threads I've read on this forum. Do I really need to be using LMHOSTS? Shouldn't WINS take care of things? Just curious, though I do have them both enabled currently. Since all the machines are static IP, I have them all listed explicitly in the LMHOSTS and also have tried both importing static mapping into the WINS server and letting it figure things out for itself.

Any other thoughts? Why would all machines at *both* locations see only location #1 machines in the net neighborhood, but *nobody* can see any location #2 machines, including themselves?

 

[markku]

Are the workgroups same both sides. Seeing Network neighbouhood depends also on OS and relies also on file and printer sharing enabled on machines.

Upgrade the firmwares though.

You need lmhosts for domain logon. Try first logon as an administrator from remote machines. What is the operating system of your PDC?

 

[terapxl]

PDC is WinNT 4.0 Server, all workstations are Win2K (varying service packs). There are no "workgroups" anywhere on the network - all machines are set to log into a "domain" instead of a "workgroup." File and print sharing are enabled on all machines. I've tried logging in as Administrator from remote machines with no different results.

Does that help at all? Any ideas?

 

[markku]

You could try following in your remote machines LMHOSTS:

# LMHOSTS-file for domain logon

ip.of.dom.contr PDCmachinename #PRE #DOMOMAINNAME
ip.of.dom.contr "PDCmachinename \0x1B"
# 16 characters incl. spaces between brackets above


Should help with NT4 domain logon

 

[terapxl]

Actually, I already have exactly that line in there, except the PDCmachinename in line #2 is the domain name instead. I also have that same line with a \0x1C" at the end as line #3, based on other sample LMHOSTS I've seen in other threads. I honestly can't say I know what either of those actually *mean* but it would be helpful to know whether it should have the PDC name or the domain name after the quote mark for line #2? If it *is* the PDC name instead of the domain, maybe that's one of my problems with the LMHOSTS file. Should I have two copies of that line#2, one with the domain name and the other with the PDC name? I've understood most of the things about the LMHOSTS file up until this particular addition. Any thoughts?