RE: SBS2003 Firewall disconnecting workstations

Hi Andrew,

Thanks for posting here.

From your post, my understanding of this issue is: After join a Windows XP
SP2 based computer into a domain, the computer has problem to install
applications located on the server. If this is not correct, please feel
free to let me know.

I. Generally, the option in Windows Firewall on the computer is grayed out,
that indicates that the Windows Firewall is controlled by Windows firewall
group policy. Please refer to the following steps to check:

1. On SBS 2003 server, log on as administrator.
2. Open the Default domain policy in Group policy object Management console.
3. Navigate to Computer Configuration\Administrative
Templates\Network\Network Connections\Windows Firewall\Domain Profile.
4. On the right pane, set the "Windows Firewall: Protect all network
connections" setting to Not Configured. Then run command "gpupdate /force"
on the server box.
5. Restart the XP machine to check the settings of Windows firewall on the
computer.

II. If the issue persists, you should apply the following fix to the XP
machine to resolve the issue. It is a known issue addressed in SBS 2003
environment. Please check into the following article to get detail
information and hotfix:

You cannot configure Windows Firewall settings or Security Center settings
on a Windows XP Service Pack 2-based client computer that is in a Windows
Small Business Server 2003-based network
http://support.microsoft.com/default.aspx?scid=kb;en-us;872769

Please also apply the following hotfix to the XP machine:
An exception may not show up in the Windows Firewall graphical user
interface if you create the exception by modifying the registry
http://support.microsoft.com/?id=897663

Then please test the issue to see if it resolved.

III. How you joined the computer to SBS domain? Using the connectcomputer
wizard or manually joined? If joined manually, I suggest that you re-join
the XP machine to domain to see if it helps. To do so:

1. Quit the client computer from the domain. To do so, see:

Locate in Client Computers in Server Management console and choose the
computer in right panel. Click Remove from network link to delete the
computer from domain.

2. Logon the client computer with Administrator permissions and join it to
"Workgroup", and reboot the computer.

Right click My Computer to open its properties page, click Computer Name
tab, click Change button to re-join the computer to Workgroup.

3. Reset the TCP/IP stack by using the suggestion in the following KB
article:

299357 How to Reset Internet Protocol (TCP/IP) in Windows XP
http://support.microsoft.com/?id=299357

4. Setup the client computer by running Setup Client Computer wizard to
setup computer account and assign related user account to the laptop.

6. Logon the computer with Administrator permissions and join it to domain
by running http://servername/connectcomputer. And assign appropriate user
accounts to the computer.

Note: Please ensure you have added the SBS Site (http://FQDN/*) in trusted
site in IE of the laptop.

Then please test the issue and let me know the result.

If the issue persists, please help me collect the following information to
isolate the issue:

1. What is the exact error message you received when attempting an
application installation from the server? Please capture a screen shot of
the error message and send to me for analyze.

2. What is the output when ping other computers? Please paste the output
here.

3. Please run command "msinfo32" (no quotation marks) on the server box to
launch System Information console. And click File and then Save. Save the
system information to a .nfo file to send to me. My working mailbox:
v-yanniw@xxxxxxxxxxxxx

Please compress all files and send to my working mailbox:
v-yanniw@xxxxxxxxxxxxx

I appreciate your time. I am happy to be of assistance to you and look
forward to your reply.

Have a nice day!

Sincerely,

Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Thread-Topic: SBS2003 Firewall disconnecting workstations
thread-index: AcbACIMrgluy2nzQSt2tfYfA3CtX6A==
X-WBNR-Posting-Host: 203.41.14.84
From: =?Utf-8?B?QW5kcmV3?= <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: SBS2003 Firewall disconnecting workstations
Date: Mon, 14 Aug 2006 18:17:01 -0700
Lines: 13
Message-ID: <B7F37F08-E5DB-4117-84E5-9F277522BE69@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:289795
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.sbs

We have a problem with some new XP Pro workstations being added to a
SBS2003
domain. When joined, the firewall option on the PC is greyed out, and
appears
to be controlled by Group Policy from the server . The workstations work
fine; can print, access the Internet, and read and write to files.
However,
if we try an application installatiion from the server, the server appears
to
firewall the workstation from the network. The workstation cannot ping any
other device on the network, nor can any device ping to it. Unplugging the
ethernet cable and pluggin it back in again brings the PC back on the
network
immediately. Logging on locally brings the firewall options back.... Have
tried changing cabling, the network switch, and formatting the PC (couple
of
times), but each time the problem recurrs. Any ideas as to what might be
happening ? Older PCs are okay, but the "greyed out" firewall was not
there
when we installed the applications.


.

Quantcast