XP Pro not accessable via LAN or VPN

[gstar]

Hi,
I have a Win2003 AD with XP pro clients all working nicely together.
Recently we merged with another company who also have XP pro clients &
Win2000 AD setup, but I am noticing that several things are not working
correctly. On all machines I cannot change the machine name & even
after enabling the defauilt share C$ cannot access the machines drives.
I have even enabled remote desktop but again cannot access that & to
cap it all off cannot even ping them even though they are on the LAN
and can use all LAN apps.

Am I missing something here?

Thanx for your time
G

 

[Steven L Umbach]

Can you ping the designation computer by IP address?? If the computers you
are trying to access are in a trusted domain you may not have proper
permissions for that domain. Also Windows Firewall and ipsec policies could
be causing you to not have access. What errors are you getting - access
denied, can not be found, etc??? Look in the security logs of the computers
you are trying to access via Event viewer to see if there are any logon
failures at the time you tried to gain access. --- Steve

 

[gstar]

Hi Steven & thanx for your reply,
I cannot even ping them from machines on their local LAN/trusted
domain. We have a VPN setup site to site so should be no drama there,
but that would not affect the local PCs anyway would it?
The site is 150 miles or so away so I asked a local user to enable
remote desktop but it states that the default C$ needs enabling, which
it already is. From an affected machine they can also ping other LAN
PCs and perform day to day LAN tasks without a problem.

Any advice appreciated on this.

Thanx
G

 

[Leythos]

Hi,
I have a Win2003 AD with XP pro clients all working nicely together.
Recently we merged with another company who also have XP pro clients &
Win2000 AD setup, but I am noticing that several things are not working
correctly. On all machines I cannot change the machine name & even
after enabling the defauilt share C$ cannot access the machines drives.
I have even enabled remote desktop but again cannot access that & to
cap it all off cannot even ping them even though they are on the LAN
and can use all LAN apps.

Am I missing something here?

You can't change the machine name
You had to enable the C$ share, but the default IS to have a C$ share
You can not access remote desktop when enabled

It sounds like two problems:

1) You don't have domain administrator rights
2) You don't have DNS setup properly

As for mapping to the C$ share:

Can you ping remote computer #1?
Can you type "net use * \\computer_IP\c$" and not get an error?

Have you disabled the Windows Firewall on the problem computers?

Have you made sure that File and Printer sharing is enabled on the
problem computers?

 

[gstar]

Hi Leythos, & thanx for you help, here are my answers..

You can't change the machine name

I have to login to machine, not domain as admin account change name and
reboot into domain to acheive this!

You had to enable the C$ share, but the default IS to have a C$ share

I didnt enable the share, it was already enabled but says I need to
enable it to connect via TS!

You can not access remote desktop when enabled

As above

Can you ping remote computer #1? No

Can you type "net use * \\computer_IP\c$" and not get an error?

No error below.
C:\Documents and Settings\Me.MyDOMAIN>net use W \\192.168.254.50\c$
System error 67 has occurred.

Windows FireWALL not enabled & File & Printer sharing is installed.

Strange isnt it. This occurs on only 8 XP machines out of AD where
there are no OUs or basic security. I have taken this on when our
company merged and there were no policies set before that.

Thanx
G

 

[Leythos]

Hi Leythos, & thanx for you help, here are my answers..

I have to login to machine, not domain as admin account change name and
reboot into domain to acheive this!

If you can't log onto the computer as a Domain Admin and change the
computer name, then you don't have the computer properly joined to the
domain or you have a really screwed up group-policy.

I didnt enable the share, it was already enabled but says I need to
enable it to connect via TS!

Again, since it's enabeld by default, then you don't need to enable it -
this is an indicator of a different problem - not sure what.

As above

No

If you can't ping the IP of the remote computer then you've got some
form of IP filtering going on - such as the Windows XP SP2 Firewall or
other. If could also be that you don't have a route to the remote
computer.

No error below.
C:\Documents and Settings\Me.MyDOMAIN>net use W \\192.168.254.50\c$
System error 67 has occurred.

that should have been the following command:

NET USE W: \\192.168.254.50\c$

If you don't use the : it will cause an error.

Windows FireWALL not enabled & File & Printer sharing is installed.

What Antivirus products do you have installed?

Do an IPCONFIG /ALL and past it here, one from a broken machine, one
from a good machine.

Strange isnt it. This occurs on only 8 XP machines out of AD where
there are no OUs or basic security. I have taken this on when our
company merged and there were no policies set before that.

post the IPCONFIG /ALL from a broken and a working machine.

 

[Steven L Umbach]

If you can not ping the machine by name or at least IP address it seems you
have some IP filtering going on somewhere. It may also help to try and use
tracert to the computers IP to see if you can detect if the hang up is the
computer or a router/firewall in the path. You could also try using portqry
which is a command line port scanner from your computer specifying the IP
address of the remote computer you can not access to see if you can see any
ports open on that computer from your computer as per example below. You
need to establish basic connectivity before we can consider other problems.
I would also run the support tool netdiag on your computer and the computer
you can not access looking for any problems and post the results here in a
reply if possible and also post the results of netstat -an on the remote
computer [to verify if ports 139/445/3389 are active or not]. You said that
you ruled out Windows Firewall but ipsec policies could also be an issue and
netdiag will show if an ipsec policy is assigned. If the remote computer is
behind a firewall have it booted into safe mode with networking to see if
that makes a difference which will boot into bare bones mode disabling most
start up applications and services that may be blocking access. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;310099&sd=tech ---
portqry


D:\Documents and Settings\Steve>portqry -n 192.168.1.105 -o 139,445,3389

Querying target system called:

192.168.1.105

Attempting to resolve IP address to a name...


IP address resolved to SERVER1-2000

querying...

TCP port 139 (netbios-ssn service): LISTENING

TCP port 445 (microsoft-ds service): LISTENING

TCP port 3389 (unknown service): LISTENING

 

[gstar]

Thanx Steve,
I am resigned to the fact I need to travel down to the site to have a
good look at the problem. I literally have tried everything I can think
of including the above from another box on the remote LAN but no joy.
Its almost as though its not even turned on, but I can confirm it is. I
have also ran Dameware which couldnt find anything, and VNC..
The only connection I can sort of get is when I run Net View, which
returns the computer name. I took you suggestion on board & ran PortQry
with the following results:

C:\Documents and Settings\GaryB.mydomain>C:\PortQryV2\PortQry.exe -n
192.168.254.50 -o 139,445,3389

Querying target system called:

192.168.254.50

Attempting to resolve IP address to a name...

Failed to resolve IP address to name

querying...

TCP port 139 (netbios-ssn service): FILTERED

TCP port 445 (microsoft-ds service): FILTERED

TCP port 3389 (unknown service): FILTERED

Is that whats expected? I also tried to run the suite of PSTOOLs but
path couldnt be found!
G

 

[Steven L Umbach]

Your results for portqry [filtered] show that it can not access the ports
needed for file and print sharing and TS/Remote Desktop which indicates that
the computer is either not on [which you ruled out] or something in the path
[router/switch/firewall/ipsec policy] to that computer is blocking traffic
to it. Net view does not establish needed connectivity to a computer but it
shows what is seen in the browse list that you see in My Network Places. ---
Steve

http://support.microsoft.com/kb/188001

The primary function of the browser service is to provide a list of
computers sharing resources in a client's domain along with a list of other
domain and workgroup names across the wide-area network (WAN). This list is
provided to clients that view network resources with Network Neighborhood or
the NET VIEW command.

 

[gstar]

Very interesting stuff Steve, thanx for the tip on PortQry. Because
there is nothing between the machine running the query & the affected
box I cant see it being filtered anywhere so I guess I will be driving
down there as soon as possible to have a look.

Appreciate your time & I will post back any findings I come across.

Cheers
Gary

 

[Steven L Umbach]

OK. Good luck and please let us know what you find. --- Steve