SMB or NBT issues on VPN

[Mike]

Hi,

I have a customer that I setup a SBS 2003 server. 3 branch offices have
either 1/2 or full P2P T1's and there are no problems here. One other
branch I setup with a site to site VPN using Sonicwall. Everything (VNC,
Outlook via Exchange server, terminal
emulator connecting to server, pretty much all IP apps) work great, EXCEPT
anything dependent on windows browsing. The PC at this branch is WinXP(just
upgraded to SP2, with no resolve). I copied a 2.5 MB file from the server
to the PC in 48 seconds so it partially works(and this proves the internet
connections at each side of the VPN are fine).

I know XP and 2003/AD are very dependent on DNS for browsing, however I'm
sure everything is setup properly. Both server and this PC have only the
server for DNS servers, the internal domain is listed for a suffix for both,
I have a reverse zone setup for this(and all)network which the PC is
registering itself in.

When I do a packet sniff on this PC I see an excess of port 445 traffic(see
sample below) to the point where I think the PC is trying to resolve and
that's what the big delays are when you go to access network shares or do a
File>Open in Word(which has My Docs as Document dir and My Docs is
redirected to user folder via group policy).

An interesting thing is I've tried disabling the XP machine from using
NBT(137-139) and the problem continues as it was. However, if I disable
SMB(445) I saw no NBT traffic on the sniffer and no browsing worked(this is
with NBT enabled). Something on the PC is not allowing NBT to even send
packets out maybe or at least try because I'd expect to at least see 137-139
packets outbound from the PC even if they didn't make it accross the VPN.

Please help. Is there a way to tell this PC to not try to resolve whatever
way it's attempting when these delays occur? Like I said the other 3
branches connecting via T1s work fine and this branch works fine accross the
VPN for all other IP applications.

---sample of packet sniffing----
------------ Item: 1 ------------>
TCP 144 192.168.1.240 192.168.6.11 58403 445 2:52:58.190 PM,
11-30-2004

Euq@ü¥À¨
õÀ¨ ä#
½Â¡§å75|PüOÏ¡dÿSMB¢È
 ñÿÞÞY

@@


\wkssvc

------------ Item: 2 ------------>
TCP 179 192.168.6.11 192.168.1.240 445 58403 2:52:58.190 PM,
11-30-2004

E³ÿª@?qIÀ¨ À¨
õ
½ä#å75|¡§kPÿ+T$?ÿSMB¢~È
 ñ*ÿ?
?
ÿÿ
>


------------ Item: 3 ------------>
TCP 180 192.168.1.240 192.168.6.11 58403 445 2:52:58.268 PM,
11-30-2004

E´_=@¶À¨
õÀ¨ ä#
½Â¡§kå76PûÄ~"^ÿSMB/È
ÿþ°ñÿÞÞÿÿÿÿHH@Iî H
¸¸


~Ðÿk¡6~3FÃø~4Z
]^SëÉYè+H`

------------ Item: 4 ------------>
TCP 91 192.168.6.11 192.168.1.240 445 58403 2:52:58.284 PM,
11-30-2004

E[ÿ«@?q À¨ À¨
õ
½ä#å76¡§÷PþYS/ÿSMB/~È
ÿþ°ñÿ/Hÿÿ

------------ Item: 5 ------------>
TCP 103 192.168.1.240 192.168.6.11 58403 445 2:52:58.346 PM,
11-30-2004

Egr]@؉ˬ
õÀ¨ ä#
½Â¡§÷å76û'f(;ÿSMB.È
ÿþÀñ ÿÞÞÿÿÿÿ

------------ Item: 6 ------------>
TCP 172 192.168.6.11 192.168.1.240 445 58403 2:52:58.346 PM,
11-30-2004

E¬ÿ¬@?qNÀ¨ À¨
õ
½ä#å76:¡¨6Pþ`ÁR?ÿSMB.~È
ÿþÀñ ÿD<E D
¸¸ty

\PIPE\wkssvc



---end of sample---

Thanks,
Mike

 

[Paul Shapiro]

You could check the Sonicwall VPN settings. I think there's a checkbox to
enable/disable Windows browsing traffic.
Paul Shapiro

 

[Mike]

Yes, I've tried it with both sides having Netbios traffic broadcasted and
not broadcasted. Currently, I'm allowing both sides of the tunnel to
broadcast as the performance of other IP based applications work perfectly.

Any other ideas?

Thanks,
Mike

 

[SlowJet]

Could a WINS sever help for file print sharing?
Put the names in local host, too.

I'm having a same catagory problem between Linux and XP PRO.
It wants a WINS sever secive but I don't have a sever?
I don't know how to do that in PRO or Linux, for that matter, but it s/b a
snap on a W23k server.

SJ

Hi,

I have a customer that I setup a SBS 2003 server. 3 branch offices have
either 1/2 or full P2P T1's and there are no problems here. One other
branch I setup with a site to site VPN using Sonicwall. Everything (VNC,
Outlook via Exchange server, terminal
emulator connecting to server, pretty much all IP apps) work great, EXCEPT
anything dependent on windows browsing. The PC at this branch is
WinXP(just
upgraded to SP2, with no resolve). I copied a 2.5 MB file from the server
to the PC in 48 seconds so it partially works(and this proves the internet
connections at each side of the VPN are fine).

I know XP and 2003/AD are very dependent on DNS for browsing, however I'm
sure everything is setup properly. Both server and this PC have only the
server for DNS servers, the internal domain is listed for a suffix for
both,
I have a reverse zone setup for this(and all)network which the PC is
registering itself in.

When I do a packet sniff on this PC I see an excess of port 445
traffic(see
sample below) to the point where I think the PC is trying to resolve and
that's what the big delays are when you go to access network shares or do
a
File>Open in Word(which has My Docs as Document dir and My Docs is
redirected to user folder via group policy).

An interesting thing is I've tried disabling the XP machine from using
NBT(137-139) and the problem continues as it was. However, if I disable
SMB(445) I saw no NBT traffic on the sniffer and no browsing worked(this
is with NBT enabled). Something on the PC is not allowing NBT to even
send packets out maybe or at least try because I'd expect to at least see
137-139 packets outbound from the PC even if they didn't make it accross
the VPN.

Please help. Is there a way to tell this PC to not try to resolve
whatever
way it's attempting when these delays occur? Like I said the other 3
branches connecting via T1s work fine and this branch works fine accross
the
VPN for all other IP applications.

---sample of packet sniffing----
------------ Item: 1 ------------>
TCP 144 192.168.1.240 192.168.6.11 58403 445 2:52:58.190 PM,
11-30-2004

Euq@ü¥À¨
õÀ¨ ä#
½Â¡§å75|PüOÏ¡dÿSMB¢È
 ñÿÞÞY

@@


\wkssvc

------------ Item: 2 ------------>
TCP 179 192.168.6.11 192.168.1.240 445 58403 2:52:58.190 PM,
11-30-2004

E³ÿª@?qIÀ¨ À¨
õ
½ä#å75|¡§kPÿ+T$?ÿSMB¢~È
 ñ*ÿ?
?
ÿÿ
>


------------ Item: 3 ------------>
TCP 180 192.168.1.240 192.168.6.11 58403 445 2:52:58.268 PM,
11-30-2004

E´_=@¶À¨
õÀ¨ ä#
½Â¡§kå76PûÄ~"^ÿSMB/È
ÿþ°ñÿÞÞÿÿÿÿHH@Iî H
¸¸


~Ðÿk¡6~3FÃø~4Z
]^SëÉYè+H`

------------ Item: 4 ------------>
TCP 91 192.168.6.11 192.168.1.240 445 58403 2:52:58.284 PM,
11-30-2004

E[ÿ«@?q À¨ À¨
õ
½ä#å76¡§÷PþYS/ÿSMB/~È
ÿþ°ñÿ/Hÿÿ

------------ Item: 5 ------------>
TCP 103 192.168.1.240 192.168.6.11 58403 445 2:52:58.346 PM,
11-30-2004

Egr]@؉ˬ
õÀ¨ ä#
½Â¡§÷å76û'f(;ÿSMB.È
ÿþÀñ ÿÞÞÿÿÿÿ

------------ Item: 6 ------------>
TCP 172 192.168.6.11 192.168.1.240 445 58403 2:52:58.346 PM,
11-30-2004

E¬ÿ¬@?qNÀ¨ À¨
õ
½ä#å76:¡¨6Pþ`ÁR?ÿSMB.~È
ÿþÀñ ÿD<E D
¸¸ty

\PIPE\wkssvc



---end of sample---

Thanks,
Mike

 

[Mike]

I don't want to run WINS for WinXP and that should not be necessary. The
other 3 branch offices connect via a 1/2 T1 and that is the only difference.
Sure the T1 connectected branches have less latency, 768k bandwidth(vs 1MB+
with DSL), but the VPN connected branch should be able to browse via SMB or
NBT seeing how other IP traffic works without issue.

I'm convinced this can be fixed by adjusting something that affects the way
the Windows machine browses to the server. Maybe it's an MTU on a DSL
modem, maybe a TCP window size on the server and VPN connected PCs. I'm
sure someone else knows the fix here.

Please help!

Thanks,
Mike

Could a WINS sever help for file print sharing?
Put the names in local host, too.

I'm having a same catagory problem between Linux and XP PRO.
It wants a WINS sever secive but I don't have a sever?
I don't know how to do that in PRO or Linux, for that matter, but it s/b a
snap on a W23k server.

SJ

Hi,

I have a customer that I setup a SBS 2003 server. 3 branch offices have
either 1/2 or full P2P T1's and there are no problems here. One other
branch I setup with a site to site VPN using Sonicwall. Everything (VNC,
Outlook via Exchange server, terminal
emulator connecting to server, pretty much all IP apps) work great,
EXCEPT
anything dependent on windows browsing. The PC at this branch is
WinXP(just
upgraded to SP2, with no resolve). I copied a 2.5 MB file from the
server
to the PC in 48 seconds so it partially works(and this proves the
internet
connections at each side of the VPN are fine).

I know XP and 2003/AD are very dependent on DNS for browsing, however I'm
sure everything is setup properly. Both server and this PC have only the
server for DNS servers, the internal domain is listed for a suffix for
both,
I have a reverse zone setup for this(and all)network which the PC is
registering itself in.

When I do a packet sniff on this PC I see an excess of port 445
traffic(see
sample below) to the point where I think the PC is trying to resolve and
that's what the big delays are when you go to access network shares or do
a
File>Open in Word(which has My Docs as Document dir and My Docs is
redirected to user folder via group policy).

An interesting thing is I've tried disabling the XP machine from using
NBT(137-139) and the problem continues as it was. However, if I disable
SMB(445) I saw no NBT traffic on the sniffer and no browsing worked(this
is with NBT enabled). Something on the PC is not allowing NBT to even
send packets out maybe or at least try because I'd expect to at least see
137-139 packets outbound from the PC even if they didn't make it accross
the VPN.

Please help. Is there a way to tell this PC to not try to resolve
whatever
way it's attempting when these delays occur? Like I said the other 3
branches connecting via T1s work fine and this branch works fine accross
the
VPN for all other IP applications.

---sample of packet sniffing----
------------ Item: 1 ------------>
TCP 144 192.168.1.240 192.168.6.11 58403 445 2:52:58.190 PM,
11-30-2004

Euq@ü¥À¨
õÀ¨ ä#
½Â¡§å75|PüOÏ¡dÿSMB¢È
 ñÿÞÞY

@@


\wkssvc

------------ Item: 2 ------------>
TCP 179 192.168.6.11 192.168.1.240 445 58403 2:52:58.190 PM,
11-30-2004

E³ÿª@?qIÀ¨ À¨
õ
½ä#å75|¡§kPÿ+T$?ÿSMB¢~È
 ñ*ÿ?
?
ÿÿ
>


------------ Item: 3 ------------>
TCP 180 192.168.1.240 192.168.6.11 58403 445 2:52:58.268 PM,
11-30-2004

E´_=@¶À¨
õÀ¨ ä#
½Â¡§kå76PûÄ~"^ÿSMB/È
ÿþ°ñÿÞÞÿÿÿÿHH@Iî H
¸¸


~Ðÿk¡6~3FÃø~4Z
]^SëÉYè+H`

------------ Item: 4 ------------>
TCP 91 192.168.6.11 192.168.1.240 445 58403 2:52:58.284 PM,
11-30-2004

E[ÿ«@?q À¨ À¨
õ
½ä#å76¡§÷PþYS/ÿSMB/~È
ÿþ°ñÿ/Hÿÿ

------------ Item: 5 ------------>
TCP 103 192.168.1.240 192.168.6.11 58403 445 2:52:58.346 PM,
11-30-2004

Egr]@؉ˬ
õÀ¨ ä#
½Â¡§÷å76û'f(;ÿSMB.È
ÿþÀñ ÿÞÞÿÿÿÿ

------------ Item: 6 ------------>
TCP 172 192.168.6.11 192.168.1.240 445 58403 2:52:58.346 PM,
11-30-2004

E¬ÿ¬@?qNÀ¨ À¨
õ
½ä#å76:¡¨6Pþ`ÁR?ÿSMB.~È
ÿþÀñ ÿD<E D
¸¸ty

\PIPE\wkssvc



---end of sample---

Thanks,
Mike

 

[Malke]

Could a WINS sever help for file print sharing?
Put the names in local host, too.

I'm having a same catagory problem between Linux and XP PRO.
It wants a WINS sever secive but I don't have a sever?
I don't know how to do that in PRO or Linux, for that matter, but it
s/b a snap on a W23k server.

You don't need a WINS server. You need Samba on your Linux box, with
both nmbd and smbd running and the user accounts/passwords on the Linux
box to match the Windows box - you also need to add the user
accounts/passwords with smbpasswd -a. Man samba and take Linux/Samba
questions to a Linux and/or Samba group. If you are having problems
printing, you need to look at information about CUPS. This doesn't
exist in Windows and problems with CUPS should be posted in a Linux ng.

Malke