windows 2003 and the MS client for DOS

[Jason]

I have a windows 2003 server with two network cards in it. I have 20 PCs
connected to a switch in one room and I have another 20 PCs in a second room
connected to another switch. One switch plugs into one Ethernet card on the
server and the other switch plugs into the second Ethernet card on the
server. The first room is setup to use 192.168.8.x with a 255.255.255.0
subnet mask. The second room uses 192.168.10.x. The server has RIS, DHCP,
DNS, and Active Directory installed on it. Active Directory, RIS, DHCP, and
DNS work for both rooms. Routing is not turned on. The rooms don't need to
talk to each other. The rooms only need to talk to the server.

I can get the MS client for DOS to connect to the windows 2003 server by
setting the domain controller group policy to disable:

Domain member: digitally encrypt or sign secure channel data (always)
Microsoft network client: digitally sign communications (always)
Microsoft network server: digitally sign communications (always).

The problem is only one room works at a time. What I mean is all of the PCs
in the first room can connect to the server and map a drive. the second
room gets error 5 access has been denied when script gets to:

net logon username password /domain:domainname /savepw:no

If I disable the network card for the first room, then the second room can
connect to the server and map a drive. If I reactive the first room
Ethernet card then the first room works again and the second room stops
working. I REALLY need to get BOTH rooms running at the same time. Does
anyone have any ideas on what is going on?

Jason Dravet

 

[Gary Fose [MSFT]]

Jason,

Interesting scenario. Other than the script that runs and fails on one side or the other, can both
networks connect to the server and access shares? If so, could be something in the script that
is causing the problem.

Another thing you can try is removing the default gateway off one of the server NICs and
instead put a static route in the routing table for that network. Seems like it could be that when
both NICs are enabled, because the request is coming from another network, the OS sees it is
not local to the first NIC that is bound and tries to send the request out it's default gateway.

Thanks,
Gary
--------------------
'--'From: "Jason" <[email protected]>
'--'Subject: windows 2003 and the MS client for DOS
'--'Date: Wed, 4 Feb 2004 17:10:02 -0600
'--'Lines: 32
'--'X-Priority: 3
'--'X-MSMail-Priority: Normal
'--'X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
'--'X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
'--'Message-ID: <[email protected]>
'--'Newsgroups: microsoft.public.win2000.networking
'--'NNTP-Posting-Host: cisit1.cisit.calumet.purdue.edu 205.215.123.61
'--'Path: cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!
TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
'--'Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.networking:53722
'--'X-Tomcat-NG: microsoft.public.win2000.networking
'--'
'--'I have a windows 2003 server with two network cards in it. I have 20 PCs
'--'connected to a switch in one room and I have another 20 PCs in a second room
'--'connected to another switch. One switch plugs into one Ethernet card on the
'--'server and the other switch plugs into the second Ethernet card on the
'--'server. The first room is setup to use 192.168.8.x with a 255.255.255.0
'--'subnet mask. The second room uses 192.168.10.x. The server has RIS, DHCP,
'--'DNS, and Active Directory installed on it. Active Directory, RIS, DHCP, and
'--'DNS work for both rooms. Routing is not turned on. The rooms don't need to
'--'talk to each other. The rooms only need to talk to the server.
'--'
'--'I can get the MS client for DOS to connect to the windows 2003 server by
'--'setting the domain controller group policy to disable:
'--'
'--'Domain member: digitally encrypt or sign secure channel data (always)
'--'Microsoft network client: digitally sign communications (always)
'--'Microsoft network server: digitally sign communications (always).
'--'
'--'The problem is only one room works at a time. What I mean is all of the PCs
'--'in the first room can connect to the server and map a drive. the second
'--'room gets error 5 access has been denied when script gets to:
'--'
'--'net logon username password /domain:domainname /savepw:no
'--'
'--'If I disable the network card for the first room, then the second room can
'--'connect to the server and map a drive. If I reactive the first room
'--'Ethernet card then the first room works again and the second room stops
'--'working. I REALLY need to get BOTH rooms running at the same time. Does
'--'anyone have any ideas on what is going on?
'--'
'--'Jason Dravet
'--'
'--'
'--'


--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included
script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best
directed to the newsgroup/thread from which they originated.

 

[Jason]

Both rooms can access the server, but only if one of the two network cards
in the server is disabled. If I leave both cards enabled, one room works
and the other receives an error 5 access denied. If I disable the network
card for the room that works, reboot the PC in the room that didn't work,
the script works.

Nic 1 has a default gateway, Nic 2 does not have a default gateway. Good
idea, I will try the static route and let you what happens.

Thank you,

Jason

 

[Jason]

If I reading the configuration correctly the route you suggested is already
there. Could the problem be with the metric? The 192.168.10.0 route has a
metric of 20 while the 192.168.8.0 route has a metric of 10.

Jason Dravet

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : net0
Primary Dns Suffix . . . . . . . : cisitlab.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cisitlab.local

Ethernet adapter G40:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 F Server Adapter
Physical Address. . . . . . . . . : 00-03-47-4E-29-24
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.8.253
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.8.254
DNS Servers . . . . . . . . . . . : 127.0.0.1

Ethernet adapter G48:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For
Complete
PC Management NIC (3C905C-TX) #2
Physical Address. . . . . . . . . : 00-01-02-0B-20-04
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.253
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1

route print

IPv4 Route Table

Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 03 47 4e 29 24 ...... Intel(R) PRO/1000 F Server Adapter
0x10004 ...00 01 02 0b 20 04 ...... 3Com EtherLink XL 10/100 PCI For
Complete PC
Management NIC (3C905C-TX) #2

Active Routes:
Network Destination Netmask Gateway
Interface Metric
0.0.0.0 0.0.0.0 192.168.8.254
192.168.8.253 10
127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1 1
192.168.8.0 255.255.255.0 192.168.8.253
192.168.8.253 10
192.168.8.253 255.255.255.255 127.0.0.1 127.0.0.1
10
192.168.8.255 255.255.255.255 192.168.8.253 192.168.8.253
10
192.168.10.0 255.255.255.0 192.168.10.253
192.168.10.253 20
192.168.10.253 255.255.255.255 127.0.0.1 127.0.0.1
20
192.168.10.255 255.255.255.255 192.168.10.253 192.168.10.253
20
224.0.0.0 240.0.0.0 192.168.8.253
192.168.8.253 10
224.0.0.0 240.0.0.0 192.168.10.253
192.168.10.253 20
255.255.255.255 255.255.255.255 192.168.8.253 192.168.8.253
1
255.255.255.255 255.255.255.255 192.168.10.253 192.168.10.253
1
Default Gateway: 192.168.8.254
===========================================================================
Persistent Routes:
None