RE: Can not see vpn clients in SBS domain network view

Hello Customer,

Thank you for posting here.

From your description, I understand the issue is that you can not browse
computers in my network places from SBS to VPN clients, and you can not
send console message to the remote clients. If I am off base, please let me
know.

When the remote clients connect SBS network via VPN, they are not able to
logon domain. So you can not find the remote computers. But when they move
to local, they can logon SBS domain, it is different.

I. The computer browsing and the console message are based on broadcast
traffic. As we know, the broadcast traffic cannot go through a router.
Since the networks are connected through VPN, it's expected that the
browsing broadcast cannot go through the network. For the non-broadcast
network, we need to leverage WINS server. Let us check as follows:

1. Go to the main site client workstations. Open TCP/IP properties. Click
'Advanced' button. In 'WINS' tab, add the SBS server's IP address into the
list. Select 'Enable NetBIOS' over TCP/IP.

2. For the branch office computers, configure them to use the SBS server as
'WINS'. Also enable 'NetBIOS over TCP/IP'.

3. Wait for several minutes. Will you be able to see the computers in
branch office?

More information:

117633 How browsing over a multi-subnet TCP/IP network works in a domain
and in a workgroup
http://support.microsoft.com/default.aspx?scid=kb;EN-US;117633

II. If the issue persists, please check the following settings:

1. You can try to install the update to see if it helps.

898060 Installing security update MS05-019 or Windows Server 2003 Service
Pack 1 may cause network connectivity between clients and servers to fail
http://support.microsoft.com/default.aspx?scid=kb;EN-US;898060

899148 Some firewalls may reject network traffic that originates from
Windows Server 2003 Service Pack 1-based computers
http://support.microsoft.com/?kbid=899148

Server Message Block communication between a client-side SMB component and
a server-side SMB component is not completed if the SMB signing settings
are mismatched in Group Policy or in the registry
http://support.microsoft.com/?kbid=916846

After applying above the hotfixes, please reboot the server box and client
computer and then test the issue to see if the issue fixed.

2. Make sure that you have selected Enable NetBIOS over TCP/IP on all
computers and SBS server as following:

1) Right click My Network Places and select Properties.
2) Right click Local Area Connection (client computer)/Network Connection
(server) and select Properties.
3) Click Internet Protocol (TCP/IP) and high light it. Click Properties.
4) On the General tab, click Advanced. Go to WINS tab.
5) Make sure that you select Enable NetBIOS over TCP/IP.
6) Click OK twice and close all the windows.

For detailed information, please refer to the following KB article:

318030 You cannot access shared files and folders or browse computers
in the
http://support.microsoft.com/?id=318030

3. Make sure the TCP/IP NetBIOS Helper service and the Server service and
Workstation service are running on SBS and client computers. You may check
them through running Services.msc.

4. Check WINS:

1) Open WINS console in the SBS Administrative Tools.
2) Make sure that the service is started.

5. Check Computer Browser on SBS and client computers:

1) Open Services console in the SBS Administrative Tools.
2) In the right pane, make sure that the "Computer Browser" service is
started and the startup type is "Automatic".
3) Check the same settings on all client computers and make sure that the
"Computer Browser" service is stopped and the startup type is "Disabled".

6. Disable SMB signing in the whole server domain:

1) Make sure the following policies are all ''Disable'' (instead of ''Not
defined'') in BOTH ''Default Domain Policy'' and ''Default Domain
Controller Policy'':

A. Microsoft network client: Digitally sign communications (always):
Disabled
B. Microsoft network client: Digitally sign communications (if server
agrees): Disabled
C. Microsoft network server: Digitally sign communications (always):
Disabled
D. Microsoft network server: Digitally sign communications (if client
agrees): Disabled
E. LAN Manager Authentication Level set to Send LM and NTLM - use NTLMv2
session security if negotiated

You can find the policy as following:

A. Open Server Management, and then expand Advanced Management | Group
Policy Management | Forest | Domains | Server name.
B. Right click Default Domain Policy and select Edit.
C. In Group Policy Object Editor, expand Computer Configuration | Windows
Settings | Security Settings | Local Policies.
D. Click Security Options.
E. Open Server Management, and then expand Advanced Management | Group
Policy Management | Forest | Domains | Server name | Domain Controllers.
F. Right click Default Domain Controllers Policy and select Edit.
G. In Group Policy Object Editor, expand Computer Configuration | Windows
Settings | Security Settings | Local Policies.
H. Click Security Options.

2) Still on the DC, issue ''gpupdate /force'' in a command console.
3) Restart the DC and client computer to take effect.

More information:

298804 Internet firewalls can prevent browsing and file sharing
http://support.microsoft.com/?id=298804

If the issue persists, please kindly help me collect some information for
further investigation:

1. How do you send message in cmd? Please capture a screenshot on the
outcome and send the picture to me at v-terliu@xxxxxxxxxxxxx

2. What is "routing and ras server" means?

3. What is "SBS domain network view" exactly point to? Please capture a
screenshot on it.

4. Is there any error you get when you send message?

5. Could you please let me know how you established the VPN connection? Is
the SBS server acting as a VPN server or the VPN connection of the main
office is handed by a hardware device? Please provide me with a detailed
network diagram so that I can have a clear understanding of your
environment.

6. Is ISA installed on the SBS server? What is the ISA edition? How many
NIC are installed on the SBS server? Is the SBS server acting as a firewall
in the network?

7. Use the Networking MPS report to capture the server networking
configurations for further analysis:
a. Download MPSrepot_network from
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE

b. Run MPSRPT_NETWORK.exe on the server box.

c. The tool will automatically collect the information. This procedure will
take 10~15 minutes.

d. Open Windows Explorer, navigate to the folder:
%SystemRoot%\MPSReports\Network\Reports\Cab\

e. Send the .cab file directly to me.

Hope this information helps. If you have further questions or concerns on
this issue, please let me know. I am looking forward to hearing from you.

Have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Can not see vpn clients in SBS domain network view
| thread-index: AccqEL6CB9CHtx1VQ6i85r3WqbzApw==
| X-WBNR-Posting-Host: 89.15.34.158
| From: =?Utf-8?B?aGVpc2Vy?= <heiser@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Can not see vpn clients in SBS domain network view
| Date: Wed, 27 Dec 2006 15:43:00 -0800
| Lines: 11
| Message-ID: <EC922C3F-250D-407F-9063-1E62ACC225FE@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:6813
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have clients they connect about VPN to the SBS.
| The Clients can use all open folders, share point...., but I can't see
| the client in the SBS domain network view. I have config WINS and DNS
| (clients and SBS).
| It is not possible to send a message from the SBS to the VPN clients
about
| cmd or the routing and ras server.
| It's also not possible to support the cliens by remote.
|
| If the clients connect into the local network, everything is ok.
|
| Could someone help me?
|

.