Subnet issue....I'm baffled

[Guest]

Here we go, I am running a 2000 based Active Directory with a healthy mix of
2000/XP workstations/member servers distributed throughout approx 15
locations. About 8 of these locations have a local Domain Controller and
DNS/DHCP running locally. There are 4 WINS Servers located at strategic
locations throughout the enterprise. All sites that do not have a local WINS
server are configured to point to one in the corporate offices and all can
browse through Nethood and resolve everything successfully. Except for one.

This one site in particular is unable to access any workstation outside of
its' local subnet using a UNC/SMB share name. I can hit all workstations
within this subnet using \\computername\sharename. I can ping all
workstations on external subnets successfully. I can access any external
server using Telnet or any Web based content that those servers offer. This
subnet has a Domain Controller which is able to replicate with its' peers.
However I am not able to see any computers outside of its' local subnet
through NETHOOD. Whenever I attempt to connect to a computer outside of its
subnet using the \\computername method I get "The network path was not found"
despite the fact that I can ping this server. This server that I can ping but
cannot hit through UNC is running IIS which I can also hit through a web
browser. I can successfully resolve the name using DNS as well.

No packet filtering is enabled on the NICs no firewalls between this and
other subnets or anything like that. Any thoughts? I'm stumped

 

[Phillip Windell]

If you run "IPConfig /All" from a command prompt on this machine does it
show the correct WINS Server? Do you have Netbios over TCP/IP enabled?

Make sure any "personal firewalls" are disabled during troubleshooting.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

 

[John Wunderlich]

Here we go, I am running a 2000 based Active Directory with a
healthy mix of 2000/XP workstations/member servers distributed
throughout approx 15 locations. About 8 of these locations have a
local Domain Controller and DNS/DHCP running locally. There are 4
WINS Servers located at strategic locations throughout the
enterprise. All sites that do not have a local WINS server are
configured to point to one in the corporate offices and all can
browse through Nethood and resolve everything successfully. Except
for one.

This one site in particular is unable to access any workstation
outside of its' local subnet using a UNC/SMB share name. I can hit
all workstations within this subnet using
\\computername\sharename. I can ping all workstations on external
subnets successfully. I can access any external server using
Telnet or any Web based content that those servers offer. This
subnet has a Domain Controller which is able to replicate with
its' peers. However I am not able to see any computers outside of
its' local subnet through NETHOOD. Whenever I attempt to connect
to a computer outside of its subnet using the \\computername
method I get "The network path was not found" despite the fact
that I can ping this server. This server that I can ping but
cannot hit through UNC is running IIS which I can also hit through
a web browser. I can successfully resolve the name using DNS as
well.

No packet filtering is enabled on the NICs no firewalls between
this and other subnets or anything like that. Any thoughts? I'm
stumped

It sounds like everything that is TCP/IP based (ping and DNS lookup)
work but the NetBIOS operations only work in the current subnet.

Some things to look at:
Make sure that NetBIOS-over-TCP/IP (NetBT) is enabled in the
TCP/IP configuration in the network control panel on this computer.
Without that, it may be communicationg using NetBEUI which can't
cross subnets. Running "netstat -an" from a command window should
find ports :135,:136,:137, and :445 open if things are OK.
Make sure that machine doesn't think it is a broadcast node.
Running the command "ipconfig /all" from a command window should
show "Node Type" as being "Hybrid" or something other than
"Broadcast".
Make sure the WINS server configuration (displayed with the
ipconfig command above) is correct for your setup.

HTH,
John

 

[Guest]

NetBT is enabled on the interface

an output of the ipconfig /all command reveals the following:

Node Type......Hybrid
WINS Proxy Enabled.....NO
Primary WINS Server......192.168.1.100
Secondary WINS Server.......192.168.2.100

all of which appears correct

running a netstat command shows ports 135 & 445 open on

UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*

ports 136 & 137 are open as

UDP 192.168.70.10:137 *:*
UDP 192.168.70.10:138 *:*

where 192.168.70.10 is the IP address of the Domain Controller on this subnet

does this setup appear correct?

 

[John Wunderlich]

NetBT is enabled on the interface

an output of the ipconfig /all command reveals the following:

Node Type......Hybrid
WINS Proxy Enabled.....NO
Primary WINS Server......192.168.1.100
Secondary WINS Server.......192.168.2.100

all of which appears correct

running a netstat command shows ports 135 & 445 open on

UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*

ports 136 & 137 are open as

UDP 192.168.70.10:137 *:*
UDP 192.168.70.10:138 *:*

where 192.168.70.10 is the IP address of the Domain Controller on
this subnet

does this setup appear correct?

The last part seems strange. In the "Local Address" column, you
should only have IP addresses for your machine. Usually either
0.0.0.0, 127.0.0.1, or the machine's IP address. It's strange that
your Domain Controller's address is in this column.

-- John