Strange Firewall/network problem

[Guest]

Hi all, this is driving me nuts so all help is welcome.

Setup;
one pc & one laptop - both xp pro - simple file sharing disabled - share
access defined by group membership - no third party firewall (until this is
solved) - both connect to a router for network/internet access, DHCP set by
router. Both on same workgroup.
Both computers have the windows firewall service disabled.

Problem;
If I try to 'show workgroup computers' I get a cannot access workgroup
message, do not have permission, check with admin etc. I spent ages checking
the permissions, but then found that if I started the firewall service on one
of the machines, and then without doing anything else, stopped the firewall
service, I could access my workgroup computers as expected.

After starting & stopping the firewall service, and getting network access,
I've set up shares and can synchronize correctly at logon and manually -
share access permissions are functioning as expected. My network places will
show the shares and I've managed to map a network drive from the laptop to
the pc (as a test - don't normally use this method). I can access the shared
folders as expected through my network places & using explorer.

After a reboot of both machines, I can still access the shared folders (and
mapped drive) but if I try to 'view workgroup computers' I get 'you don't
have permission' again, despite being able to access & modify files through
the shared folders - (on both files defined as available offline, and those
on the 'other' computer)

Starting & stopping the firewall service gives correct access through
workgroup computers again.

I've been reading around and it seems the firewall service maybe affecting
the browser service, the browser service is set to automatic on both machines
but keeps stopping, error 7023 - timeout period expired, which happens until
I start/stop the firewall service. All is then well until a reboot.

I tried the browerstat? tool as mentioned in this forum with the following
results

Pre firewall service start/stop;

Status for domain HOME on transport \Device\NetBT_Tcpip_{C16FEC42-05DD-441B-9A
0F-5D01BF8AF5AA}
Browsing is NOT active on domain.
Master name cannot be determined from GetAdapterStatus.
------------------------------------------

after starting and stopping firewall service;

Status for domain HOME on transport \Device\NetBT_Tcpip_{C16FEC42-05DD-441B-9A
0F-5D01BF8AF5AA}
Browsing is active on domain.
Master browser name is: PCONE
Master browser is running build 2600
1 backup servers retrieved from master PCONE
\\PCONE
There are 2 servers in domain HOME on transport \Device\NetBT_Tcpip_{C16FE
C42-05DD-441B-9A0F-5D01BF8AF5AA}
There are 1 domains in domain HOME on transport \Device\NetBT_Tcpip_{C16FE
C42-05DD-441B-9A0F-5D01BF8AF5AA}
-------------------------------------------

This means little to me although it seems the browser service is inactive
until the firewall service has been started/stopped -

note my use of 'firewall service' - the firewall(s) have been off on both
machines throughout - (according to the firewall control panel app.)

It seems ip/subnet/workgroup & access permissions are all in order, & this
problem does not really stop me using the network as I wish to. The only
issue is fast/easy access to new shares (without having to go through
start/stop firewall) & the fact I want to install mcafee firewall - which I
don't fancy whilst there is still some connectivity problem.

Any ideas where to go from here?

thanks for reading this far, darren

 

[Steve Winograd [MVP]]

Hi all, this is driving me nuts so all help is welcome.

Setup;
one pc & one laptop - both xp pro - simple file sharing disabled - share
access defined by group membership - no third party firewall (until this is
solved) - both connect to a router for network/internet access, DHCP set by
router. Both on same workgroup.
Both computers have the windows firewall service disabled.

Problem;
If I try to 'show workgroup computers' I get a cannot access workgroup
message, do not have permission, check with admin etc. I spent ages checking
the permissions, but then found that if I started the firewall service on one
of the machines, and then without doing anything else, stopped the firewall
service, I could access my workgroup computers as expected.

After starting & stopping the firewall service, and getting network access,
I've set up shares and can synchronize correctly at logon and manually -
share access permissions are functioning as expected. My network places will
show the shares and I've managed to map a network drive from the laptop to
the pc (as a test - don't normally use this method). I can access the shared
folders as expected through my network places & using explorer.

After a reboot of both machines, I can still access the shared folders (and
mapped drive) but if I try to 'view workgroup computers' I get 'you don't
have permission' again, despite being able to access & modify files through
the shared folders - (on both files defined as available offline, and those
on the 'other' computer)

Starting & stopping the firewall service gives correct access through
workgroup computers again.

I've been reading around and it seems the firewall service maybe affecting
the browser service, the browser service is set to automatic on both machines
but keeps stopping, error 7023 - timeout period expired, which happens until
I start/stop the firewall service. All is then well until a reboot.

I tried the browerstat? tool as mentioned in this forum with the following
results

Pre firewall service start/stop;

Status for domain HOME on transport \Device\NetBT_Tcpip_{C16FEC42-05DD-441B-9A
0F-5D01BF8AF5AA}
Browsing is NOT active on domain.
Master name cannot be determined from GetAdapterStatus.
------------------------------------------

after starting and stopping firewall service;

Status for domain HOME on transport \Device\NetBT_Tcpip_{C16FEC42-05DD-441B-9A
0F-5D01BF8AF5AA}
Browsing is active on domain.
Master browser name is: PCONE
Master browser is running build 2600
1 backup servers retrieved from master PCONE
\\PCONE
There are 2 servers in domain HOME on transport \Device\NetBT_Tcpip_{C16FE
C42-05DD-441B-9A0F-5D01BF8AF5AA}
There are 1 domains in domain HOME on transport \Device\NetBT_Tcpip_{C16FE
C42-05DD-441B-9A0F-5D01BF8AF5AA}
-------------------------------------------

This means little to me although it seems the browser service is inactive
until the firewall service has been started/stopped -

note my use of 'firewall service' - the firewall(s) have been off on both
machines throughout - (according to the firewall control panel app.)

It seems ip/subnet/workgroup & access permissions are all in order, & this
problem does not really stop me using the network as I wish to. The only
issue is fast/easy access to new shares (without having to go through
start/stop firewall) & the fact I want to install mcafee firewall - which I
don't fancy whilst there is still some connectivity problem.

Any ideas where to go from here?

thanks for reading this far, darren

Why have you disabled the firewall service? Disabling services
sometimes has unexpected side effects.

If you don't want to use the Windows Firewall, turn it off in the
Security Center, but leave the firewall service running. It's full
name is "Windows Firewall/Internet Connection Sharing (ICS)".
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

Why have you disabled the firewall service? Disabling services
sometimes has unexpected side effects.

If you don't want to use the Windows Firewall, turn it off in the
Security Center, but leave the firewall service running. It's full
name is "Windows Firewall/Internet Connection Sharing (ICS)".
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

Thanks Steve, I disabled the service, as I do others, because I didn't think
I needed it.
Bizarrely, I could start/stop the service and browse through explorer. The
firewall/ics service only needed to run for a few seconds on one machine for
everything to work as expected. I've set it to automatic on one machine and
all is OK.
I'm curious as to what is going on here, but as the network is ok - I'm happy
I'll have a dig around in group policy to see if I can prevent ics, as I
don't want this to be posible
cheers darren

 

[Steve Winograd [MVP]]

Thanks Steve, I disabled the service, as I do others, because I didn't think
I needed it.
Bizarrely, I could start/stop the service and browse through explorer. The
firewall/ics service only needed to run for a few seconds on one machine for
everything to work as expected. I've set it to automatic on one machine and
all is OK.
I'm curious as to what is going on here, but as the network is ok - I'm happy
I'll have a dig around in group policy to see if I can prevent ics, as I
don't want this to be posible
cheers darren

You're welcome, Darren.

Who are you trying to prevent from enabling ICS? You can do that
quite easily, with no need for group policy or tinkering with
services, by giving that person a limited user account.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com