SMB or NBT issues on VPN

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Mike (mike008us_at_yahoo.com)
Date: 12/27/04 

Date: Mon, 27 Dec 2004 09:50:21 -0600

Hi,

I have a customer that I setup a SBS 2003 server. 3 branch offices have
either 1/2 or full P2P T1's and there are no problems here. One other
branch I setup with a site to site VPN using Sonicwall. Everything (VNC,
Outlook via Exchange server, terminal
emulator connecting to server, pretty much all IP apps) work great, EXCEPT
anything dependent on windows browsing. The PC at this branch is WinXP(just
upgraded to SP2, with no resolve). I copied a 2.5 MB file from the server
to the PC in 48 seconds so it partially works(and this proves the internet
connections at each side of the VPN are fine).

I know XP and 2003/AD are very dependent on DNS for browsing, however I'm
sure everything is setup properly. Both server and this PC have only the
server for DNS servers, the internal domain is listed for a suffix for both,
I have a reverse zone setup for this(and all)network which the PC is
registering itself in.

When I do a packet sniff on this PC I see an excess of port 445 traffic(see
sample below) to the point where I think the PC is trying to resolve and
that's what the big delays are when you go to access network shares or do a
File>Open in Word(which has My Docs as Document dir and My Docs is
redirected to user folder via group policy).

An interesting thing is I've tried disabling the XP machine from using
NBT(137-139) and the problem continues as it was. However, if I disable
SMB(445) I saw no NBT traffic on the sniffer and no browsing worked(this is
with NBT enabled). Something on the PC is not allowing NBT to even send
packets out maybe or at least try because I'd expect to at least see 137-139
packets outbound from the PC even if they didn't make it accross the VPN.

Please help. Is there a way to tell this PC to not try to resolve whatever
way it's attempting when these delays occur? Like I said the other 3
branches connecting via T1s work fine and this branch works fine accross the
VPN for all other IP applications.

---sample of packet sniffing----
------------ Item: 1 ------------>
TCP 144 192.168.1.240 192.168.6.11 58403 445 2:52:58.190 PM,
11-30-2004

Euq@ #¡75|POϡdSMB
 Y@@
\wkssvc

------------ Item: 2 ------------>
TCP 179 192.168.6.11 192.168.1.240 445 58403 2:52:58.190 PM,
11-30-2004

E@?qI #75|¡kP+T$?SMB~
 *??
>

------------ Item: 3 ------------>
TCP 180 192.168.1.240 192.168.6.11 58403 445 2:52:58.268 PM,
11-30-2004

E_=@ #¡k76P~"^SMB/
HH@I H
~k6~3F~4Z]^SY+H`

------------ Item: 4 ------------>
TCP 91 192.168.6.11 192.168.1.240 445 58403 2:52:58.284 PM,
11-30-2004

E[@?q  #76¡PYS/SMB/~
/H

------------ Item: 5 ------------>
TCP 103 192.168.1.240 192.168.6.11 58403 445 2:52:58.346 PM,
11-30-2004

Egr]@ #¡76:P'f(;SMB.
 

------------ Item: 6 ------------>
TCP 172 192.168.6.11 192.168.1.240 445 58403 2:52:58.346 PM,
11-30-2004

E@?qN #76:¡6P`R?SMB.~
 D<E Dty

\PIPE\wkssvc

---end of sample---

Thanks,
Mike

Relevant Pages

  • Re: Port Forwarding?
    ... Here is my current setup at home. ... D-Link Wireless Router ... The term "Virtual Server" is D-Link speak for port forwarding. ... supports VPN passthru, so you'll have to setup a VPN client on the ...
    (microsoft.public.windowsxp.network_web)
  • >>>> SETUP VPN <<<<
    ... Vpn End Points Setup Vista ... Setup Vpn Windows Server 2003 ... Setup Vpn With Zyxel Prestige Router ...
    (rec.radio.shortwave)
  • Re: No http access - server 2003
    ... If VPN server is behind a firewall or router, you don't need setup it as a multihomed computer. ... What should I have as the DNS for the WAN and the LAN ports - both the same or what? ...
    (microsoft.public.windows.server.networking)
  • Re: How to configure for Two different IP subnets
    ... Active Directory will go haywire in a setup like that. ... AD integrates with the local DNS, so you cannot use the DNS at your ISP ... With Server 2003 Standard ... for its internal interface (ie the VPN endpoint). ...
    (microsoft.public.windows.server.networking)
  • RE: To Setup Exchange or not to Setup Exchange...That is the Question.
    ... enough rescources to handle the load that Exchange will put on it. ... into your server in no time, so you will either have to have a very fast RAID ... You can also setup RPC over HTTP for your sales people to reteive e-mail ... phones can download a simple POP client to the phone to get E-mail. ...
    (microsoft.public.exchange.setup)