M
Mike
Hi,
I have a customer that I setup a SBS 2003 server. 3 branch offices have
either 1/2 or full P2P T1's and there are no problems here. One other
branch I setup with a site to site VPN using Sonicwall. Everything (VNC,
Outlook via Exchange server, terminal
emulator connecting to server, pretty much all IP apps) work great, EXCEPT
anything dependent on windows browsing. The PC at this branch is WinXP(just
upgraded to SP2, with no resolve). I copied a 2.5 MB file from the server
to the PC in 48 seconds so it partially works(and this proves the internet
connections at each side of the VPN are fine).
I know XP and 2003/AD are very dependent on DNS for browsing, however I'm
sure everything is setup properly. Both server and this PC have only the
server for DNS servers, the internal domain is listed for a suffix for both,
I have a reverse zone setup for this(and all)network which the PC is
registering itself in.
When I do a packet sniff on this PC I see an excess of port 445 traffic(see
sample below) to the point where I think the PC is trying to resolve and
that's what the big delays are when you go to access network shares or do a
File>Open in Word(which has My Docs as Document dir and My Docs is
redirected to user folder via group policy).
An interesting thing is I've tried disabling the XP machine from using
NBT(137-139) and the problem continues as it was. However, if I disable
SMB(445) I saw no NBT traffic on the sniffer and no browsing worked(this is
with NBT enabled). Something on the PC is not allowing NBT to even send
packets out maybe or at least try because I'd expect to at least see 137-139
packets outbound from the PC even if they didn't make it accross the VPN.
Please help. Is there a way to tell this PC to not try to resolve whatever
way it's attempting when these delays occur? Like I said the other 3
branches connecting via T1s work fine and this branch works fine accross the
VPN for all other IP applications.
---sample of packet sniffing----
------------ Item: 1 ------------>
TCP 144 192.168.1.240 192.168.6.11 58403 445 2:52:58.190 PM,
11-30-2004
Euq@ü¥À¨õÀ¨ ä#½Â¡§å75|PüOÏ¡dÿSMB¢È
ñÿÞÞY@@
\wkssvc
------------ Item: 2 ------------>
TCP 179 192.168.6.11 192.168.1.240 445 58403 2:52:58.190 PM,
11-30-2004
E³ÿª@?qIÀ¨ À¨õ½ä#å75|¡§kPÿ+T$?ÿSMB¢~È
ñ*ÿ??
ÿÿ>
------------ Item: 3 ------------>
TCP 180 192.168.1.240 192.168.6.11 58403 445 2:52:58.268 PM,
11-30-2004
E´_=@¶À¨õÀ¨ ä#½Â¡§kå76PûÄ~"^ÿSMB/È
ÿþ°ñÿÞÞÿÿÿÿHH@Iî H¸¸
~Ðÿk¡6~3FÃø~4Z]^SëÉYè+H`
------------ Item: 4 ------------>
TCP 91 192.168.6.11 192.168.1.240 445 58403 2:52:58.284 PM,
11-30-2004
E[ÿ«@?q À¨ À¨õ½ä#å76¡§÷PþYS/ÿSMB/~È
ÿþ°ñÿ/Hÿÿ
------------ Item: 5 ------------>
TCP 103 192.168.1.240 192.168.6.11 58403 445 2:52:58.346 PM,
11-30-2004
Egr]@ÿâÀ¨õÀ¨ ä#½Â¡§÷å76û'f(;ÿSMB.È
ÿþÀñ ÿÞÞÿÿÿÿ
------------ Item: 6 ------------>
TCP 172 192.168.6.11 192.168.1.240 445 58403 2:52:58.346 PM,
11-30-2004
E¬ÿ¬@?qNÀ¨ À¨õ½ä#å76:¡¨6Pþ`ÁR?ÿSMB.~È
ÿþÀñ ÿD<E D¸¸ty
\PIPE\wkssvc
---end of sample---
Thanks,
Mike
I have a customer that I setup a SBS 2003 server. 3 branch offices have
either 1/2 or full P2P T1's and there are no problems here. One other
branch I setup with a site to site VPN using Sonicwall. Everything (VNC,
Outlook via Exchange server, terminal
emulator connecting to server, pretty much all IP apps) work great, EXCEPT
anything dependent on windows browsing. The PC at this branch is WinXP(just
upgraded to SP2, with no resolve). I copied a 2.5 MB file from the server
to the PC in 48 seconds so it partially works(and this proves the internet
connections at each side of the VPN are fine).
I know XP and 2003/AD are very dependent on DNS for browsing, however I'm
sure everything is setup properly. Both server and this PC have only the
server for DNS servers, the internal domain is listed for a suffix for both,
I have a reverse zone setup for this(and all)network which the PC is
registering itself in.
When I do a packet sniff on this PC I see an excess of port 445 traffic(see
sample below) to the point where I think the PC is trying to resolve and
that's what the big delays are when you go to access network shares or do a
File>Open in Word(which has My Docs as Document dir and My Docs is
redirected to user folder via group policy).
An interesting thing is I've tried disabling the XP machine from using
NBT(137-139) and the problem continues as it was. However, if I disable
SMB(445) I saw no NBT traffic on the sniffer and no browsing worked(this is
with NBT enabled). Something on the PC is not allowing NBT to even send
packets out maybe or at least try because I'd expect to at least see 137-139
packets outbound from the PC even if they didn't make it accross the VPN.
Please help. Is there a way to tell this PC to not try to resolve whatever
way it's attempting when these delays occur? Like I said the other 3
branches connecting via T1s work fine and this branch works fine accross the
VPN for all other IP applications.
---sample of packet sniffing----
------------ Item: 1 ------------>
TCP 144 192.168.1.240 192.168.6.11 58403 445 2:52:58.190 PM,
11-30-2004
Euq@ü¥À¨õÀ¨ ä#½Â¡§å75|PüOÏ¡dÿSMB¢È
ñÿÞÞY@@
\wkssvc
------------ Item: 2 ------------>
TCP 179 192.168.6.11 192.168.1.240 445 58403 2:52:58.190 PM,
11-30-2004
E³ÿª@?qIÀ¨ À¨õ½ä#å75|¡§kPÿ+T$?ÿSMB¢~È
ñ*ÿ??
ÿÿ>
------------ Item: 3 ------------>
TCP 180 192.168.1.240 192.168.6.11 58403 445 2:52:58.268 PM,
11-30-2004
E´_=@¶À¨õÀ¨ ä#½Â¡§kå76PûÄ~"^ÿSMB/È
ÿþ°ñÿÞÞÿÿÿÿHH@Iî H¸¸
~Ðÿk¡6~3FÃø~4Z]^SëÉYè+H`
------------ Item: 4 ------------>
TCP 91 192.168.6.11 192.168.1.240 445 58403 2:52:58.284 PM,
11-30-2004
E[ÿ«@?q À¨ À¨õ½ä#å76¡§÷PþYS/ÿSMB/~È
ÿþ°ñÿ/Hÿÿ
------------ Item: 5 ------------>
TCP 103 192.168.1.240 192.168.6.11 58403 445 2:52:58.346 PM,
11-30-2004
Egr]@ÿâÀ¨õÀ¨ ä#½Â¡§÷å76û'f(;ÿSMB.È
ÿþÀñ ÿÞÞÿÿÿÿ
------------ Item: 6 ------------>
TCP 172 192.168.6.11 192.168.1.240 445 58403 2:52:58.346 PM,
11-30-2004
E¬ÿ¬@?qNÀ¨ À¨õ½ä#å76:¡¨6Pþ`ÁR?ÿSMB.~È
ÿþÀñ ÿD<E D¸¸ty
\PIPE\wkssvc
---end of sample---
Thanks,
Mike