NetBIOS over IP -- XP to NT via VPN

[Randy Shearer]

I am trying to browse my NT Server from a remote XP machine, connected by a
VPN.

I believe that NetBIOS over IP is required in order for my XP machine to see
the NT Server shares.
I have the VPN created, NetBIOS ports are open, I can ping the NT Server,
but I cannot see it's shares.

I have selected the option to "Enable NetBIOS over IP" in the properties of
the PPPoE and the NIC. However, when I run "ipconfig /all", I see that
"NetBIOS over IP" is listed as "Disabled" (!!!) How do I really enable it?

Any help would be very much appreciated.

thanks,

rs

 

[Lanwench [MVP - Exchange]]

Hi -

I am trying to browse my NT Server from a remote XP machine,
connected by a VPN.

I believe that NetBIOS over IP is required in order for my XP machine
to see the NT Server shares.
I have the VPN created, NetBIOS ports are open, I can ping the NT
Server, but I cannot see it's shares.

Ping it by name?

I have selected the option to "Enable NetBIOS over IP" in the
properties of the PPPoE and the NIC. However, when I run "ipconfig
/all", I see that "NetBIOS over IP" is listed as "Disabled" (!!!)
How do I really enable it?

Browsing over a VPN connection can be difficult, to say the least. Broadcast
traffic can't be routed. Do you have WINS? I'd think so - can you specify
the WINS server IP manually in your network connection properties for the
VPN connection?

 

[Randy Shearer]

"Lanwench [MVP - Exchange]"

Hi -



Ping it by name?

Browsing over a VPN connection can be difficult, to say the least. Broadcast
traffic can't be routed. Do you have WINS? I'd think so - can you specify
the WINS server IP manually in your network connection properties for the
VPN connection?

Ping by name? Yes I can. But the resolution comes from the LHHOSTS file.
WINS is availalble on the far LAN, but I initially put entries into the
LMHOSTS for speed of access, and becasue the names I need are always static.
For interest sake, I tried adding my WINS server address to my remote PC...
no change... my remote pc still fails to see the NetBIOS share names on the
NT Server, and thus cannot map a drive letter.
From my reading NetBIOS over IP needs to be working, and although it is
enabled in properties of both the network interfaces, it does not show as
enabled. If it deos not work, I don't think I can make the connection.
So back to my question... Do you know how to force my interfaces to use
NetBIOS over IP?

thanks for taking the time to consider this...

Randy

 

[Lanwench [MVP - Exchange]]

"Lanwench [MVP - Exchange]"

Hi -



Ping it by name?

Browsing over a VPN connection can be difficult, to say the least.
Broadcast traffic can't be routed. Do you have WINS? I'd think so -
can you specify the WINS server IP manually in your network
connection properties for the VPN connection?

Ping by name? Yes I can. But the resolution comes from the LHHOSTS
file. WINS is availalble on the far LAN, but I initially put entries
into the LMHOSTS for speed of access, and becasue the names I need
are always static.

If that's true, and you've added the #DOM and 0x1b entries as per
http://support.microsoft.com/default.aspx?scid=kb;en-us;150800, perhaps this
isn't needed?

For interest sake, I tried adding my WINS server
address to my remote PC... no change...

Don't use your LMHOSTS file when trying this if you have dupes. Rename it &
reboot or run nbtstat -R.
Does your computer show up as registered in the WINS? database? Do all
servers & clients show up in WINS?

If you type in

nbtstat -c

What do you see?

my remote pc still fails to
see the NetBIOS share names on the NT Server, and thus cannot map a
drive letter.
From my reading NetBIOS over IP needs to be working, and although it
is enabled in properties of both the network interfaces, it does not
show as enabled. If it deos not work, I don't think I can make the
connection.
So back to my question... Do you know how to force my interfaces to
use NetBIOS over IP?

Perhaps this is related to NAT - are you behind a router/gateway. You've
already set NetBIOS over TCP/IP to be enabled.

But I'm curious about the WINS stuff if you care to check into it further.
It really is supposed to work.

Some possibly interesting reading:
http://www.faughnan.com/netbios.html

thanks for taking the time to consider this...

No prob - hope it's actually helping.

 

[Randy Shearer]

"Lanwench [MVP - Exchange]"

"Lanwench [MVP - Exchange]"

Hi -

Randy Shearer wrote:
I am trying to browse my NT Server from a remote XP machine,
connected by a VPN.

I believe that NetBIOS over IP is required in order for my XP
machine to see the NT Server shares.
I have the VPN created, NetBIOS ports are open, I can ping the NT
Server, but I cannot see it's shares.

Ping it by name?

I have selected the option to "Enable NetBIOS over IP" in the
properties of the PPPoE and the NIC. However, when I run "ipconfig
/all", I see that "NetBIOS over IP" is listed as "Disabled" (!!!)
How do I really enable it?

Browsing over a VPN connection can be difficult, to say the least.
Broadcast traffic can't be routed. Do you have WINS? I'd think so -
can you specify the WINS server IP manually in your network
connection properties for the VPN connection?



Any help would be very much appreciated.

thanks,

rs

Ping by name? Yes I can. But the resolution comes from the LHHOSTS
file. WINS is availalble on the far LAN, but I initially put entries
into the LMHOSTS for speed of access, and becasue the names I need
are always static.

If that's true, and you've added the #DOM and 0x1b entries as per
http://support.microsoft.com/default.aspx?scid=kb;en-us;150800, perhaps this
isn't needed?

Thanks for the 150800.... I already had found that article, and have it
printed.
I have the #DOM and 1b entries. This provides resolution to the address and
defines it's role, right?
What do you refer to when you say "this isn't needed?"

Don't use your LMHOSTS file when trying this if you have dupes. Rename it &
reboot or run nbtstat -R.
Does your computer show up as registered in the WINS? database? Do all
servers & clients show up in WINS?

What are "dupes" ???

About not using the hosts entries... you seem to prefer Wins over host
files. Is there something that my wins server will do that lmhosts does
not? I understood that lmhosts does everything that a Wins server can, just
not automated. I also understood that Wins does not resolve "shares" or
resources on the hosts. Am I am wrong? Will Wins bring something to the
table here that enable me to see those shares?

If you type in

nbtstat -c

What do you see?


Perhaps this is related to NAT - are you behind a router/gateway. You've
already set NetBIOS over TCP/IP to be enabled.

no NAT, just a direct connect to a DSL modem.

But I'm curious about the WINS stuff if you care to check into it further.
It really is supposed to work.

I will try using only wins... but even if wins does do more than I thought
(into resolving share names), is NetBIOS traffic still not needed to see the
data in that share.

So I keep coming back to what everybody I talk to is avoiding... NetBIOS
over IP is supposed to be working, and it is not. Will I not need this
working regardless? From the many hours of reading I have done, this will
be needed for the browsing to work. Why does does it show as Disabled?

Some possibly interesting reading:
http://www.faughnan.com/netbios.html

thanks... have read this too.

 

[Randy Shearer]

"Lanwench [MVP - Exchange]"

"Lanwench [MVP - Exchange]"
message Hi -

Randy Shearer wrote:
I am trying to browse my NT Server from a remote XP machine,
connected by a VPN.

I believe that NetBIOS over IP is required in order for my XP
machine to see the NT Server shares.
I have the VPN created, NetBIOS ports are open, I can ping the NT
Server, but I cannot see it's shares.

Ping it by name?

I have selected the option to "Enable NetBIOS over IP" in the
properties of the PPPoE and the NIC. However, when I run "ipconfig
/all", I see that "NetBIOS over IP" is listed as "Disabled" (!!!)
How do I really enable it?

Browsing over a VPN connection can be difficult, to say the least.
Broadcast traffic can't be routed. Do you have WINS? I'd think so -
can you specify the WINS server IP manually in your network
connection properties for the VPN connection?



Any help would be very much appreciated.

thanks,

rs



Ping by name? Yes I can. But the resolution comes from the LHHOSTS
file. WINS is availalble on the far LAN, but I initially put entries
into the LMHOSTS for speed of access, and becasue the names I need
are always static.

If that's true, and you've added the #DOM and 0x1b entries as per
http://support.microsoft.com/default.aspx?scid=kb;en-us;150800, perhaps this
isn't needed?

Thanks for the 150800.... I already had found that article, and have it
printed.
I have the #DOM and 1b entries. This provides resolution to the address and
defines it's role, right?
What do you refer to when you say "this isn't needed?"

Don't use your LMHOSTS file when trying this if you have dupes. Rename

it

&
reboot or run nbtstat -R.
Does your computer show up as registered in the WINS? database? Do all
servers & clients show up in WINS?

What are "dupes" ???

About not using the hosts entries... you seem to prefer Wins over host
files. Is there something that my wins server will do that lmhosts does
not? I understood that lmhosts does everything that a Wins server can, just
not automated. I also understood that Wins does not resolve "shares" or
resources on the hosts. Am I am wrong? Will Wins bring something to the
table here that enable me to see those shares?

If you type in

nbtstat -c

What do you see?


Perhaps this is related to NAT - are you behind a router/gateway. You've
already set NetBIOS over TCP/IP to be enabled.

no NAT, just a direct connect to a DSL modem.

But I'm curious about the WINS stuff if you care to check into it further.
It really is supposed to work.

I will try using only wins... but even if wins does do more than I thought
(into resolving share names), is NetBIOS traffic still not needed to see the
data in that share.

So I keep coming back to what everybody I talk to is avoiding... NetBIOS
over IP is supposed to be working, and it is not. Will I not need this
working regardless? From the many hours of reading I have done, this will
be needed for the browsing to work. Why does does it show as Disabled?

Some possibly interesting reading:
http://www.faughnan.com/netbios.html

thanks... have read this too.

No prob - hope it's actually helping.

ok - I removed the lmhosts entries, and put in the wins server address.
( the wins server is on the far lan, and that lan cannot be seen until the
pc sets up the VPN... it is software based, not a hardware appliance )
There is no resolution. In fact, with the lmhosts entries removed, and wins
enabled, I could not evern ping the servers. This I did not expect. Don't
know why, but that is what happened.

 

[Lanwench [MVP - Exchange]]

Randy Shearer wrote:

Then why do you need to browse?

Thanks for the 150800.... I already had found that article, and have
it printed.
I have the #DOM and 1b entries. This provides resolution to the
address and defines it's role, right?
What do you refer to when you say "this isn't needed?"

Meaning, if you have everything you need to access in your lmhosts file, is
browsing across the VPN connection really necessary? You don't need to
browse just to access something, presuming you can resolve the name via
LMHOSTS (and have the #DOM, #PRE, 0x1b setup properly in there)

Can't you just go to \\server\share?
or even \\server ?

Do you need to browse to, use, objects that don't have static IP addresses
on the remote network?

Did it register in the WINS database? Is *everyone* registering in the WINS
database?

What are "dupes" ???

I probably didn't phrase that very well. I'd disable the use of the LMHOSTS
file when trying to use WINS to test - and make sure you're getting the info
from WINS.

About not using the hosts entries... you seem to prefer Wins over
host files.
Yes.

Is there something that my wins server will do that
lmhosts does not?

Allow you to browse objects on the remote network - which LMHOSTS doesn't
really do.

I understood that lmhosts does everything that a
Wins server can, just not automated.

Not quite - WINS is dynamic, so clients register to it, regardless of IP
address. If your computer, and all the computers you want to browse, are
registered in the WINS database, you can browse and see them. LMHOSTS won't
do that; entries in it are static. It doesn't let you browse - it just maps
NetBIOS names to IP addresses.

I also understood that Wins
does not resolve "shares" or resources on the hosts. Am I am wrong?

It resolves NetBIOS names - and once you've got that, and can see the
object, you can see the shares on it by browsing.

Will Wins bring something to the table here that enable me to see
those shares?

If you can get it working so you can browse, you can see the objects & any
shares defined on them.


?
Do you see a 1b entry for your domain? 1c?

How are you looking?

no NAT, just a direct connect to a DSL modem.

Firewall anywhere in use?
Are you sure your DSL modem isn't doing NAT as well?
Is the router on the remote network doing NAT? I'd presume it is.
I'm not sure whether this is the problem, but it may be related.

I will try using only wins... but even if wins does do more than I
thought (into resolving share names),

That's not what it does. Think of it like a DNS database you can do lookups
to, but for NetBIOS names.

is NetBIOS traffic still not
needed to see the data in that share.
No.


So I keep coming back to what everybody I talk to is avoiding...
NetBIOS over IP is supposed to be working, and it is not. Will I not
need this working regardless? From the many hours of reading I have
done, this will be needed for the browsing to work. Why does does it
show as Disabled?

Again, I can't say. It could be the router on the other side? I don't use
PPTP - I use IPSEC VPN through a firewall & a proprietary client, and with
AD on the remote network, usually just have the remote user specify the AD
DNS server for resolution, so I'm not quite sure. Browsing over VPN
connections can be very difficult.

 

[Randy Shearer]

"Lanwench [MVP - Exchange]"

Randy Shearer wrote:


Then why do you need to browse?

Although I can resolve to the computer name, I can see it's computer name.
In a command window I can ping by the name or the IP, but if I "net view" I
get an error 53. Same for net use, of course. So that is why I need to
browse.

Meaning, if you have everything you need to access in your lmhosts file, is
browsing across the VPN connection really necessary? You don't need to
browse just to access something, presuming you can resolve the name via
LMHOSTS (and have the #DOM, #PRE, 0x1b setup properly in there)

Can't you just go to \\server\share?
or even \\server ?

I can ping to \\server, wich is just name resolution from the lmhosts... to
browse to \\server\share is to really browse, and that does not work. So,
no mapping will work. Error 53.

Do you need to browse to, use, objects that don't have static IP addresses
on the remote network?

Everything I need to map to has a static IP. It is just a few servers.

Did it register in the WINS database? Is *everyone* registering in the WINS
database?

I don't know how to check that, being remote from the wins server. But when
at the office, I recall looking at the wins database (maybe a year ago, and
it had everybody on the LAN. We didn't have any remotes back then.

I probably didn't phrase that very well. I'd disable the use of the LMHOSTS
file when trying to use WINS to test - and make sure you're getting the info
from WINS.

Allow you to browse objects on the remote network - which LMHOSTS doesn't
really do.


Not quite - WINS is dynamic, so clients register to it, regardless of IP
address. If your computer, and all the computers you want to browse, are
registered in the WINS database, you can browse and see them. LMHOSTS won't
do that; entries in it are static. It doesn't let you browse - it just maps
NetBIOS names to IP addresses.


It resolves NetBIOS names - and once you've got that, and can see the
object, you can see the shares on it by browsing.

ok - but Wins won't help with browsing past/inot the pc name will it? If
so, then Wins would have a listing of each pc's shared resources? I didn't
think Wins did that. ??? Does Wins not just get you to the IP address,
and then your direct communication using NetBIOS lets you query the machine
for it's shared resources? I don't want to say your wrong, as I am very
eager to learn, and you're likely right... in fact I hope you are. I
am simply stating the way I thought is was. I will try a Wins setup
again... more carefully this time ;o)

If you can get it working so you can browse, you can see the objects & any
shares defined on them.



?
Do you see a 1b entry for your domain? 1c?

Yes, I see the 1C for the PDC address, and the 03, 00, 20.

How are you looking?

oh, why that is kinda personal don't you think? ... but I think I am
looking ok today.

Ohhhhh... you mean how am I looking at the machine... sorry, I am
getting silly now.

I was using "net view" to try and see the shares.




no, the DSL gives my PC a valid internet address, on the PC's PPP interface,
so no nat.

there is a firewall, and I will try to disable it for my next wins test...
but in my trials to date it has not made a difference.
I have just created open ports when needed. I've been getting the same
results with or without the firewall enabled. I did in fact spend two days
on this with no firewall installed at all. I thought it best to remove it
totally to be sure it was not the problem.

In any case, you have me wondering about getting Wins working.. so I will
take the firewall out when I try Wins again.

Firewall anywhere in use?
Are you sure your DSL modem isn't doing NAT as well?
Is the router on the remote network doing NAT? I'd presume it is.
I'm not sure whether this is the problem, but it may be related.

NAT at the other end should not be a problem, should it?

That's not what it does. Think of it like a DNS database you can do lookups
to, but for NetBIOS names.


No.

hmmm.. ok. I can see that I'll be having some homework after this is all
said and done.

Again, I can't say. It could be the router on the other side? I don't use
PPTP - I use IPSEC VPN through a firewall & a proprietary client, and with
AD on the remote network, usually just have the remote user specify the AD
DNS server for resolution, so I'm not quite sure. Browsing over VPN
connections can be very difficult.

I believe the firewall client I have here (software), from Netscreen, is
using IPSec. I am connecting to a Netscreen appliance at the office. The
VPN seems to setup fine. I can do anything I wan't to an XP machine at the
office (browsing, mapping, rights, etc...). It is only the NT servers I
cannot see properly. My understanding is that XP will use Dynamic DNS to
resolve other network machines that also support Dynamic DNS... but NT not
supporting this, it must use "NetBIOS over IP" to accomplish the same. (at
least that is what I have read over the past week.)

 

[Lanwench [MVP - Exchange]]

Randy Shearer wrote:

I believe the firewall client I have here (software), from Netscreen,
is using IPSec. I am connecting to a Netscreen appliance at the
office. The VPN seems to setup fine. I can do anything I wan't to
an XP machine at the office (browsing, mapping, rights, etc...).

Tsk tsk tsk. You didn't mention that. I just spent quite some time writing
up a bit about ports, firewalls, etc...and just deleted & snipped.

Check out your LMHOSTS file and/or WINS.

It
is only the NT servers I cannot see properly. My understanding is
that XP will use Dynamic DNS to resolve other network machines that
also support Dynamic DNS... but NT not supporting this,
Yep.

it must use
"NetBIOS over IP" to accomplish the same. (at least that is what I
have read over the past week.)

No - it can use WINS and should - the NT box running WINS server should
point to itself for both primary and secondary WINS. All workstations should
specify the WINS server IP address as well.

Yes, I see the 1C for the PDC address, and the 03, 00, 20.

No - the 1b entry for the domain. As in, this (from KB 150800):
------------------------
c:\> nbtstat -c

NetBIOS Remote Cache Name Table

Name Type Host Address Life [sec]

 

[gandalf]

Check you PC for any security system that might be blocking share ports.
I had the same problem when my pc was using zone alarm. I added the IP
of the network behind my vpn on the trusted zone and it worked without
compromising security over access of shares.

Hope it gives something. Please ignore if it doesn't make sense.



Gandalf

 

[Steven L Umbach]

Also seeing computers and shares in My Network Places over a VPN is
problematic at best. For VPN a user is usually best off creating shortcuts
or mapping drives to the computer they want to access over the VPN possibly
using the IP address of the target computer instead of the name assuming the
computer has a static IP address. --- Steve