Should I be able to browse using network neighborhood?

[Joel]

I have been killing myself trying to figure this out. If you have any
ideas or suggestions please reply.

Our Windows 2000 network consists of 3 segments (10.1.1.0, 10.1.2.0,
10.1.6.0).

10.1.1.X and 10.1.2.X are connected via T1. PDC (DHCP,DNS) on 10.1.1.X
and DC (DHCP,DNS) on 10.1.2.X. This works fine.

Our 10.1.2.X net ran out of addresses so I created a secondary IP
address of 10.1.6.X on the 10.1.2.X interface of the router, then
created a superscope to combine both DHCP scopes. I can get a 10.1.6.X
IP address from the server, ping, login, access the web, access shares
\\sharename, but I cannot browse via network neighborhood from a
10.1.6.X address.

When I try to browse network neighborhood I get the following message:

MY Domain is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find out
if you have access permissions.

Windows cannot find the network path. Verify that the network path is
correct and that the network and that the destination computer is not
busy or turned off. If windows still can not find the network path,
contact your network administrator.


Should I be able to browse using network neighborhood?

 

[Kevin D. Goodknecht Sr. [MVP]]

I have been killing myself trying to figure this out. If you have any
ideas or suggestions please reply.

Our Windows 2000 network consists of 3 segments (10.1.1.0, 10.1.2.0,
10.1.6.0).

10.1.1.X and 10.1.2.X are connected via T1. PDC (DHCP,DNS) on
10.1.1.X and DC (DHCP,DNS) on 10.1.2.X. This works fine.

Our 10.1.2.X net ran out of addresses so I created a secondary IP
address of 10.1.6.X on the 10.1.2.X interface of the router, then
created a superscope to combine both DHCP scopes. I can get a
10.1.6.X IP address from the server, ping, login, access the web,
access shares \\sharename, but I cannot browse via network
neighborhood from a
10.1.6.X address.

When I try to browse network neighborhood I get the following message:

MY Domain is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find
out if you have access permissions.

Windows cannot find the network path. Verify that the network path is
correct and that the network and that the destination computer is not
busy or turned off. If windows still can not find the network path,
contact your network administrator.


Should I be able to browse using network neighborhood?

You need WINS to browse across multple subnets in Network Neighborhood.

 

[Herb Martin]

I have been killing myself trying to figure this out. If you have any
ideas or suggestions please reply.

Our Windows 2000 network consists of 3 segments (10.1.1.0, 10.1.2.0,
10.1.6.0).

[As Kevin said] You need WINS Server(s) if you have more than one SUBNET
and wish browsing or other NetBIOS name-dependent services to work.

Every server and client machine must be a WINS "client". (NIC
properties or DHCP options.)

10.1.1.X and 10.1.2.X are connected via T1. PDC (DHCP,DNS) on 10.1.1.X
and DC (DHCP,DNS) on 10.1.2.X. This works fine.

Our 10.1.2.X net ran out of addresses so I created a secondary IP
address of 10.1.6.X on the 10.1.2.X interface of the router, then
created a superscope to combine both DHCP scopes. I can get a 10.1.6.X
IP address from the server, ping, login, access the web, access shares
\\sharename, but I cannot browse via network neighborhood from a
10.1.6.X address.

The rule about "multiple subnets" is REALLY about "multiple broadcast
segments", which are not technically the same as subnets but usually
equivalent. Since you are using a multinet with multiple subnets on
the same 'wire', i.e., broadcast domain, you can resolve NetBIOS there
by broadcast.

It will not work across your routers since they (usually) separate
your network-subnets into different broadcast domains.

When I try to browse network neighborhood I get the following message:

MY Domain is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find out
if you have access permissions.

This however looks like an AUTHENTICATION problem which is USUALLY a
DNS issue in an AD Domain. (See DNS help below.)

Another tack is to explictly connect (from the command line) to a share
resource. This will separate the browsing from the name resolution.
If this fails, explicitly connect to the IP which will further isolate
the problem.

net use * \\Server\Share
net use * \\Server.IP.Addr.ess\Share

Windows cannot find the network path. Verify that the network path is
correct and that the network and that the destination computer is not
busy or turned off. If windows still can not find the network path,
contact your network administrator.

This looks like NAME resolution (cannot find network path.)

Should I be able to browse using network neighborhood?

With WINS (NetBIOS name resolution) Server, name resolution (including
DNS), and authentication all working.


General troubleshooting: DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

 

[Joel]

Herb,

Thanks for the great advice!

Here is a list of the things that I had to correct for this to work.

1.remove external DNS servers from all clients
2.update DNS to have correct external DNS
3.Install WINS on PDC and DC
4.Add WINS server to DHCP scope
5.point PDC and DC to themselves as WINS servers

I can now browse across the subnets! But........

Clients that renew their DHCP leases and have the same 10.1.6.X address
from before I made these changes still receive this error:

MY Domain is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find out
if you have access permissions.

Windows cannot find the network path. Verify that the network path is
correct and that the network and that the destination computer is not
busy or turned off. If windows still can not find the network path,
contact your network administrator.

To solve this problem I have to exclude the IP address of the client
from the DHCP scope then go to the clients machine and do a release,
renew. The client gets a diffrent IP and then it can browse across the
subnets.

Any idea why this is happening?

Thanks again for all your help!

I found a few more of your posts last night, in one of them you
mentioned a website "learnitnow" (I think), can you send me the correct
URL?

Joel

 

[Herb Martin]

Herb,

Thanks for the great advice!

Here is a list of the things that I had to correct for this to work.

1.remove external DNS servers from all clients

VERY IMPORTANT (and doing it otherwise is a very common mistake.)

2.update DNS to have correct external DNS

You mean, "updated the internal DNS servers" to forward to the external
DNS?

3.Install WINS on PDC and DC

Make sure the two (or more) WINS Servers REPLICATE.

4.Add WINS server to DHCP scope
5.point PDC and DC to themselves as WINS servers

If these are you only servers/non-DHCP-clients then fine, otherwise
make sure that ALL fixed address machines, including other servers,
are also WINS clients on their NIC IP properties.

I can now browse across the subnets! But........
Cool.

Clients that renew their DHCP leases and have the same 10.1.6.X address
from before I made these changes still receive this error:

MY Domain is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find out
if you have access permissions.

This seems to be a separate problem (as I hinted in the first reply)
which is likely an Authentication problem which is itself likely a DNS
issue.

Permission USUALLY is about Authentication if you have done the obvious
and given permission to the User for shares and files. (Check
permissions too, if you haven't done that.)

Windows cannot find the network path. Verify that the network path is
correct and that the network and that the destination computer is not
busy or turned off. If windows still can not find the network path,
contact your network administrator.

This sounds like a pure name resolution problem which is LIKELY DNS
based. Notice that "browsing" is NOT name resolution, but both browsing
and authentication are both based on name resolution working.

Browsing NEEDS NetBIOS name resolution (which means WINS server if you
have more than on physical subnet) and authentication is usually DNS.

Name resolution in general might be enabled by either or both.

To solve this problem I have to exclude the IP address of the client
from the DHCP scope then go to the clients machine and do a release,
renew. The client gets a diffrent IP and then it can browse across the
subnets.

Hmmm. This is unusual, and if you are telling me everything relevant
it should NOT be happening.

The release might be doing something as simple as resetting the NIC
which also causes the client to retry the DNS servers. This WOULD
be a likely symptom if you had not YET removed the "external DNS"
from the DHCP scope. (Check that on ALL DHCP servers.)

Before doing this next time, run the Net Use and NSLookup commands I
gave you to explicitly test share connections and DNS resolution.

Any idea why this is happening?

Most likely would be those pesky external DNS servers.

Second guess would be some weird firewall filtering on your ROUTER
but you haven't mentioned anything like that.

Thanks again for all your help!

I found a few more of your posts last night, in one of them you
mentioned a website "learnitnow" (I think), can you send me the correct
URL?

My website is: http://www.LearnQuick.Com

I teach an Accelerated Win2003 MCSE Seminar for network professionals
who wish to prepare for the MCSE while REALLY learning how the products
work.

You can always call me about that -- but generally I take calls even
from people who just have technical problems and need (free) help.