Re: Can't see (most) shares over the WAN. System Error 53
- From: scampisi <scampisi@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 1 Nov 2007 15:15:02 -0700
The current network design (or glaring lack of a design) contains ONLY one DC
and that is at the main site. (City A). All authentication for city b is
done across the WAN. I have not setup site, because this is my first dealing
with their network, and I didn't want to go changing things until I had a
better grasp of what my main problem is. The DC in city A is also the ONLY
DNS server and the ONLY WINS server. All that traffic flows across the WAN
all the time. This new server that I put in was supposed to replace the
existing DC ( 00server). I had asked them what they were going to do with
the Old DC and they said retire it. I asked if we could set it up in City B,
so that is GOING to be our plan. however, as of now, I have to leave the old
server in City A, because it is the only way for the users to get to any
shares. It is a pitiful mess, but I can't start re-arranging things until I
can see my new server. I'm not a big fan of them accessing their shares over
the WAN myself. Their "My Pictures" folder and everything is stored over the
WAN link. ugh.
Anyay, your comment made me consider this. Is it possible that the Master
Browser in City B is not registered in the WINS database in the WINS server
in City A, and so the WINS database is NOT giving it the updated WINS
information, which would include the new server. This would leave the MAster
Browser in City B "on an island" and it would be able to see hosts that it
knew about from the last update it had from the WINS server, however long ago
that is? Is that a possible scenarion that would create the mess I'm in?
I will go to the city B site tomorrow (Friday) and check out any suggestions
you guys have. Thanks.
"Bill Grant" wrote:
Browsing a routed network is never easy, whether it is a WAN or not. The.
browser service works on LAN broadcasts, and these usually are blocked by
routers an WAN links. Getting your DNS setup working properly is very
important but has no effect on the browser service because it uses Netbios
names, not DNS names.
If you have a DNS server as a primary at the second site, I would
recommend that you also make it a secondary for the other site so that it
can resolve the machines in the "other" site for your local machines. You
could also make the main site a secondary for the smaller site to avoid DNS
lookups going over the WAN link. Have you configured Active Directory Sites
so that machines use their local DC for login?
Browsing routed networks really needs WINS. The master browser in each
site can build a browse list of the local network, but you need WINS to
allow the master browsers in each site to be able to communicate with each
other. If all machines are set up as WINS clients and register with WINS the
master browsers can work together across the WAN. They use WINS to find each
other's IP address and communicate directly. The Domain Master Browser can
then build a network-wide browse list for the WAN.
"scampisi" <scampisi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BE3F6FF3-EBEB-470A-BAB1-43FDD6425848@xxxxxxxxxxxxxxxx
I am having trouble seeing machines over a WAN Link. I am trying to install
two new servers in a Windows 2003 network. I didn't setup this network,
and
this is the first time I've worked on it. It is located in two different
cities connected by a T1 WAN Link. I have setup a new server as a Domain
Controller and I have also setup the server as their primary DNS for their
network. This machine is also the DHCP server for the local network in
what
we'll call “City A” (137.10.0.0). Everything works fine locally, and
people
are resolving names, attaching to shares and peacefully processing.
However,
the remote network(137.101.0.0) in “City B”, across the WAN link cannot
access shares on the new server. The new server's name is DC1-2k3, and the
other two older servers on that network are named 00SERVER and
APPLICATIONS.
When I physically go to the remote network(137.101.0.0) in city B, I can
ping
and resolve the name of any of the servers in City A. DC1-2k3,
APPLICATIONS,
and 00SERVER all respond to a ping of either their name or IP address.
However, if I try and attach to a share on the new server, DC1-2K3, I am
told
that I cannot see the server. I can attach fine to shares on either of the
other servers in City A from City B. If I do:
net view \\DC1-2K3
I get an
“System error 53 has occurred. The network path was not found”
When I do a “net view” of any of the other older City A machines from the
City B network I also have trouble. It is just the two older servers in
City
A that I can see. I checked for HOSTS files on the machines, and there
were
none. I noticed that the DHCP server in City B (137.101.0.0 network) was
handing out a WINS server address, which corresponds to the 00SERVER in
City
A. I thought this was my problem, so I setup my new server (DC1-2K3
137.100.10.6) with the WINS information and rebooted. I then had entries
in
my WINS database that reflected that there was a machine at 137.100.10.6
that
was named DC1-2K3. Unfortunately, I still can't see any resources on the
new
server in City A, from City B. I am completely unfamiliar with WINS
servers,
so i thought this was my problem, but then I did this net view
net view 137.100.10.6
and I still got an error 53. I cannot map to the new server or “net view”
it
via it's IP address OR it's name. The person that contacted me to help
them
with this told me that “they had a real hard time” getting the two
networks
to see each other when it was originally setup. The guy wants me to clean
up
his network and fix any problems that I find, and I am wondering what this
problem could be. It is clearly not just name resolution, as my DNS is
working fine and I can ping any machine by it's name. If I configure a
machine in City B without a WINS server, it can't resolve any local names
on
the City A network, even though it resolves Internet names correctly.
This is the layout of the network.
City A -137.10.0.0 class B
with three servers DC1-2k3(windows 2003 R2 server) @ 137.100.10.6,
00SERVER(windows 200 Server) @ 137.100.10.5 and APPLICATIONS(windows 203
Server) @ 137.100.10.185
City B - 137.101.0.0 class B with one server 01SERVER(Windows 2000 Server)
@
137.101.10.5
The T1 wan link is connected by a Lucent Superpipe 155 on each end. The
T1
is a point to point and it isn't carrying any voice or any other
transmission.
I have found that the SYN TCP packets on port 445 (microsoft-ds) and port
139 (netbios ssn) are NOT being responded to when I do a “net view” or
“net
use” to DC1-2k3 (new server) over the WAN (from city B to City A), but
they
DO receive an ACK when I do the “net view” or “net use” to 00SERVER (old
server) over the WAN from the same PC. This made me think that the
firewall
had somehow been activated on my new server. This was NOT the case.
If I physically drive to City A and do a net view and a net use to either
DC1-2k3 or 00server, they both work beautifully.
I have run the portqry command on ports 139 and 445 on the new server
(DC1-2k3) and the old server (00server). If I am on the local network with
those servers ( physically in City A ) then both commands respond with
"Listening".
However, if I drive to City B, and then do the same portqry over the wan,
00SERVER responds with "Listening", but DC1-2K3 responds with "Filtered".
This makes it pretty clear to me that something external to my new server,
is filtering ports 139 and 445. If it was a setting on the new server, I
shouldn't be able to map drives on the local network, and I should see
"filtered" on a portqry from the local network. However, if something on
the
two Lucent superpipes were blocking the port 139 and port 445 traffic,
then I
wouldn't be able to see my older servers. I have been through the
settings
on the routers a number of times, and though it is a bit of a cryptic
telnet
interface, I was able to find a section for "filters" and "firewalls", but
neither seems to be configured to either pass through certain ports to
certain machines, or to block certain ports over the WAN link.
Because it seems to be a netbios session issue, I have setup an LMHOSTS
file
on a client in City B that had no effect on the problem. the DC1-2k3
server
shows up in an nbtstat -c and I seem to be resolving it's netbios name
just
fine, with or without the LMHOSTS file.
Thanks so much for ANY help you can give me. All suggestions will be
carefully considered. My best suggestion right now, is to turn around and
run from this place screaming.
- Follow-Ups:
- Re: Can't see (most) shares over the WAN. System Error 53
- From: Bill Grant
- Re: Can't see (most) shares over the WAN. System Error 53
- Prev by Date: Re: Moving DHCP Server from one to another server
- Next by Date: Re: Moving DHCP Server from one to another server
- Previous by thread: Routing
- Next by thread: Re: Can't see (most) shares over the WAN. System Error 53
- Index(es):
Relevant Pages
|
