RE: Windows XP SP2 not gettings the domain firewall policy

Hi Venkat,

Thanks for your update by mail!

For your now scenario, I suggest you follow below steps to rejoin the
laptop to domain to smooth every thing:

0). For the laptop's DNS suffix is incorrect, please check the following
settings of the laptop:

a. Right-click the My Network Place and click Properties to open Network
Connections page.
b. Please ensure the Preferred DNS server is the internal NIC IP address of
the SBS server box. And there is not Alternate DNS server.
c. Please make sure input correct Gateway setting.
d. Please check if you have checked the box of Append parent suffixes of
the primary DNS suffix on the laptop(Local network connection Properties ->
choose Internet Protocol (TCP/IP) and click Properties button to open
Internet Protocol (TCP/IP) Properties page. Click Advanced -> DNS tab,
please ensure check the box of "Append parent suffixes of the primary DNS
suffix ").


1). Quit the laptop from the domain. To do so, see:

Locate in Client Computers in Server Management console and choose the
computer the customer has in right panel. Click Remove from network link to
delete the computer from domain.

2). Setup the laptop by running Setup Client Computer wizard to setup
computer account.

3). In the laptop, try to join it to domain by running
http://servername/connectcomputer. And assign user account to the computer.

Note: Please ensure you have added the SBS Site (http://FQDN/*) in trusted
site in IE of the laptop. You can refer to the following steps:

a. Start Internet Explorer.
b. On the Tools menu, click Internet Options.
c. On the Security tab, click Local intranet zone, and then click Sites.
d. Click Advanced.
e. In the Add this Web site to the zone box, type the ConnectComputer
server's IP address or the ConnectComputer server's FQDN, and then click
Add.

Try to test again and check if everything is OK.

If it does not work, please refer to the following steps to rejoin its to
domain:

1. Quit the Windows XP computer from the domain and join in a workgroup. To
do so, see:

295017 How to Change a Computer Name or Join a Domain in Windows XP
http://support.microsoft.com/?id=295017

2. Reset the TCP/IP stack by using the suggestion in the following KB
article:

299357 How to Reset Internet Protocol (TCP/IP) in Windows XP
http://support.microsoft.com/?id=299357

3. Make sure the Windows XP client is pointing to the SBS 2003 server as
its ONLY DNS server.

4. Join the computer into the domain again and check if everything is OK.

When it tries to join in the domain, you should run
http://servername/connectcomputer wizard to do.

I appreciate your time. I am currently standing by for your test result. I
am glad to be further assistance!


Have a nice day!

Sincerely,

Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

The partner mail content:
===================
Hi Jenny,

Thanks for your reply.

The laptops are connected via a cisco router. The OS is Windows XP prof
SP2.
When the laptops reboot, they get the standard windows firewall profile
which blocks all the port. We configured the domain windows firewall with
the open ports. For some reason the laptops do not recognize that they are
networked to the domain and picks upo the standard FW profile.

The dns suffix i see when i run ipconfig all is different for PCs that have
the standard profile and the domain profile. The PCs that have domain FW
profile show corp.example.com and the ones with standard FW profile show
only example.com.

I can explain and illustrate the problem when I can talk to you, if you
give me your conatct number

Thanks.
===================


--------------------
>X-Tomcat-ID: 140809882
>References: <1131038762.117330.90650@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain
>Content-Transfer-Encoding: 7bit
>From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
>Organization: Microsoft
>Date: Fri, 04 Nov 2005 08:06:48 GMT
>Subject: RE: Windows XP SP2 not gettings the domain firewall policy
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>Message-ID: <YzOA2aR4FHA.2904@xxxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>Lines: 161
>Path: TK2MSFTNGXA01.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:167601
>NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
>
>Hi Venkat,
>
>Thanks for posting here!
>
>For your description, I don't clearly know what your situation is. Whether
>it is your main problem is that laptops can not access your company
network
>remotely?
>
>Before we go further, let"s confirm some information with you so that the
>problem is resolved efficiently.
>
>1. How you access your company network remotely? Through RWW, RDP or VPN?
>
>2. What is your firewall? If it is ISA, what is the version? Have you
>installed hardware firewall or router outside the SBS server box? Have you
>configured related ports to allow traffic?
>
>3. What is the symptom when laptops access LAN remotely? What is the
>accurate error message you got?
>
>4. What is the meaning of "I find that they do not get the subdomain
>corp.example.com DNS suffix as we get here in the office. They get the DNS
>suffix example.com."?
>
>I would like to give you some general suggestions to the issue:
>
>If you want to domain users can access LAN network from internet, you need
>publish related services to internet and open related ports on the
hardware
>firewall or router.
>
>Please try to rerun CEICW to make sure enable firewall and publish VPN,
>Terminal services, RWW and OWA to internet. You can refer to the following
>steps:
>
>1. Expand Standard Management | To Do List.
>2. Click Connect to the Internet in the right pane.
>3. Navigate the wizard to Firewall and then select Enable firewall. In the
>next page, make sure the E-mail, VPN, Terminal services item is checked in
>services configuration page.
>4. Click Next and then select Allow access to the following web site
>services from the internet.
>5. Make sure OWA, RWW be selected and click Next.
>6. Click Create a new Web services certificate (input your FQDN as the web
>server certificate) and then click Next.
>7. Following the wizard to finish it.
>
>I suggest you refer to KB 825763 to reconfigure the network connection:
>
>825763 How to configure Internet access in Windows Small Business Server
>2003
>http://support.microsoft.com/?id=825763
>
>If you have installed router or hardware firewall outside the SBS 2003
>network, please double check to make sure the TCP port 4125, 1723, 3389
are
>opened on your router or hardware firewall.
>
>Try to test again, how about the result?
>
>Generally, we open the ports we needed to allow some specific traffic. You
>can refer to the following list:
>
>TCP port Definition
>25 Email (SMTP)
>80 required for HTTP
>requests for your site
>443 required for HTTPS
>requests using SSL, which secures communications from your server and a
Web
>browser
>444 Companyweb
>4125 Remote Web Workplace
>1723 (plus GRE Protocol 47) VPN
>3389 Terminal Services
>21 FTP
>
>Hope above information helps! I appreciate your time to perform test and
>collect information. I am happy to be assistance of you and look forward
to
>your reply!
>
>Have a nice day!
>
>Sincerely,
>
>Jenny Wu
>Microsoft CSS Online Newsgroup Support
>Get Secure! - www.microsoft.com/security
>======================================================
>This newsgroup only focuses on SBS technical issues. If you have issues
>regarding other Microsoft products, you'd better post in the corresponding
>newsgroups so that they can be resolved in an efficient and timely manner.
>You can locate the newsgroup here:
>http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
>When opening a new thread via the web interface, we recommend you check
the
>"Notify me of replies" box to receive e-mail notifications when there are
>any updates in your thread. When responding to posts via your newsreader,
>please "Reply to Group" so that others may learn and benefit from your
>issue.
>
>Microsoft engineers can only focus on one issue per thread. Although we
>provide other information for your reference, we recommend you post
>different incidents in different threads to keep the thread clean. In
doing
>so, it will ensure your issues are resolved in a timely manner.
>
>For urgent issues, you may want to contact Microsoft CSS directly. Please
>check http://support.microsoft.com for regional support phone numbers.
>
>Any input or comments in this thread are highly appreciated.
>======================================================
>This posting is provided "AS IS" with no warranties, and confers no rights.
>
>--------------------
>>From: "venkat27@xxxxxxxxx" <venkat27@xxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.sbs
>>Subject: Windows XP SP2 not gettings the domain firewall policy
>>Date: 3 Nov 2005 09:26:02 -0800
>>Organization: http://groups.google.com
>>Lines: 14
>>Message-ID: <1131038762.117330.90650@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>NNTP-Posting-Host: 63.84.124.100
>>Mime-Version: 1.0
>>Content-Type: text/plain; charset="iso-8859-1"
>>X-Trace: posting.google.com 1131038767 15767 127.0.0.1 (3 Nov 2005
>17:26:07 GMT)
>>X-Complaints-To: groups-abuse@xxxxxxxxxx
>>NNTP-Posting-Date: Thu, 3 Nov 2005 17:26:07 +0000 (UTC)
>>User-Agent: G2/0.2
>>X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
>.NET CLR 1.1.4322),gzip(gfe),gzip(gfe)
>>Complaints-To: groups-abuse@xxxxxxxxxx
>>Injection-Info: g49g2000cwa.googlegroups.com; posting-host=63.84.124.100;
>> posting-account=6VPLNA0AAADGEoyamIRrEm7zl28lztue
>>Path:
>TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onl
i
>ne.de!border2.nntp.dca.giganews.com!nntp.giganews.com!news.glorb.com!postne
w
>s.google.com!g49g2000cwa.googlegroups.com!not-for-mail
>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:167360
>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>
>>Hi,
>>
>>Few home office laptops logping into our company domain do not get the
>>domain firewall policy. They could not be accessed remotely.
>>
>>I find that they do not get the subdomain corp.example.com DNS suffix
>>as we get here in the office. They get the DNS suffix example.com.
>>
>>Any help will be appreciated.
>>
>>Thanks
>>
>>Venkat
>>
>>
>
>

.

Loading