Guest swu30@hotmail.com Posted August 25, 2007 Posted August 25, 2007 We recently imaged a small (< 25) number of laptops for use in our office. Our basic setup is a routed network with servers on a 192.168.10.x network, clients on 3 diff subnets. We have a number of W2k and W2k3 servers, clients are WinXP desk and laptops. We have two AD servers doing DNS & DHCP. What we're running into is with the new laptops, they can't always browse the Microsoft Network. We have an app that we need to browse in order to setup correctly. On the same subnet I can have clients that can browse, while others (usually the new laptops, but not always) can't. They get the "xDomain is not accessible. You might not have permission to use this network resource.... We've gone through all the network settings, firewall and others on the clients and they seem the same. They can auth to the AD and login just fine. DNS and access to IP resources not a problem. We can map a drive to the same server that we can't browse to (well, we can't browse to anything). Are we having a master browser issue on this subnet? We do not have WINS running. There are rare times when one of the laptops that can't browse, can, for a while. We can have on the same subnet, machines that can browse and others that can't. And they may "flip flop". ANY help would be greatly appreciated. Thx!
Guest Coraleigh Miller Posted August 26, 2007 Posted August 26, 2007 Re: Domain Browsing Issues Hi swu30, Since you mentioned that you imaged these new pcs, did you account in your clone process for each pc getting an unique SID? Check that they do in fact have their own sids, if not there are tools to help fix this including NewSID http://www.microsoft.com/technet/sysinternals/security/newsid.mspx and Ghostwalker http://entkb.symantec.com/security/output/n1999050308324125.html Are there any related event ids in your event logs? Coraleigh Miller <swu30@hotmail.com> wrote in message news:1188075487.914197.146470@57g2000hsv.googlegroups.com... > We recently imaged a small (< 25) number of laptops for use in our > office. Our basic setup is a routed network with servers on a > 192.168.10.x network, clients on 3 diff subnets. We have a number of > W2k and W2k3 servers, clients are WinXP desk and laptops. We have two > AD servers doing DNS & DHCP. > > What we're running into is with the new laptops, they can't always > browse the Microsoft Network. We have an app that we need to browse in > order to setup correctly. On the same subnet I can have clients that > can browse, while others (usually the new laptops, but not always) > can't. They get the "xDomain is not accessible. You might not have > permission to use this network resource.... > > We've gone through all the network settings, firewall and others on > the clients and they seem the same. They can auth to the AD and login > just fine. DNS and access to IP resources not a problem. We can map a > drive to the same server that we can't browse to (well, we can't > browse to anything). > > Are we having a master browser issue on this subnet? We do not have > WINS running. There are rare times when one of the laptops that can't > browse, can, for a while. We can have on the same subnet, machines > that can browse and others that can't. And they may "flip flop". > > ANY help would be greatly appreciated. Thx! >
Guest swu30@hotmail.com Posted August 26, 2007 Posted August 26, 2007 Re: Domain Browsing Issues On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> wrote: > Hi swu30, > > Since you mentioned that you imaged these new pcs, did you account in your > clone process for each pc getting an unique SID? Check that they do in fact > have their own sids, if not there are tools to help fix this including > NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx > and Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html > > Are there any related event ids in your event logs? > > Coraleigh Miller > > <sw...@hotmail.com> wrote in message > > news:1188075487.914197.146470@57g2000hsv.googlegroups.com... > > > We recently imaged a small (< 25) number of laptops for use in our > > office. Our basic setup is a routed network with servers on a > > 192.168.10.x network, clients on 3 diff subnets. We have a number of > > W2k and W2k3 servers, clients are WinXP desk and laptops. We have two > > AD servers doing DNS & DHCP. > > > What we're running into is with the new laptops, they can't always > > browse the Microsoft Network. We have an app that we need to browse in > > order to setup correctly. On the same subnet I can have clients that > > can browse, while others (usually the new laptops, but not always) > > can't. They get the "xDomain is not accessible. You might not have > > permission to use this network resource.... > > > We've gone through all the network settings, firewall and others on > > the clients and they seem the same. They can auth to the AD and login > > just fine. DNS and access to IP resources not a problem. We can map a > > drive to the same server that we can't browse to (well, we can't > > browse to anything). > > > Are we having a master browser issue on this subnet? We do not have > > WINS running. There are rare times when one of the laptops that can't > > browse, can, for a while. We can have on the same subnet, machines > > that can browse and others that can't. And they may "flip flop". > > > ANY help would be greatly appreciated. Thx! Hi - Yes, they have their own SID. The odd thing is that sometimes there are "older" PCs/laptops on the same subnet that have been able to browse and then they can't either. So it' not just limited to the newly imaged laptops. Although it is far more often with them.
Guest Coraleigh Miller Posted August 26, 2007 Posted August 26, 2007 Re: Domain Browsing Issues Ahh ok. Try the Browstat tool to troubleshoot a possible Browser problem, it could be that the new pcs are trying to be the Master Browser and confusing the browser service. http://support.microsoft.com/kb/188305/en-us Do any of your Master Browsers have two network cards? http://support.microsoft.com/kb/191611/en-us You might really want to consider using WINS for your "my network places" browsing, it is far less broadcast chatty on your network and performs more efficiently with multi-subnet networks. http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-0561-44a5-884c-d2dfaa5b10191033.mspx?mfr=true Are you using Trend Micro antivirus? http://support.microsoft.com/kb/318245 Do you have any issue related event ids in your Event Log? Coraleigh Miller <swu30@hotmail.com> wrote in message news:1188132357.554349.105140@57g2000hsv.googlegroups.com... > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> > wrote: >> Hi swu30, >> >> Since you mentioned that you imaged these new pcs, did you account in >> your >> clone process for each pc getting an unique SID? Check that they do in >> fact >> have their own sids, if not there are tools to help fix this including >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx >> and >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html >> >> Are there any related event ids in your event logs? >> >> Coraleigh Miller >> >> <sw...@hotmail.com> wrote in message >> >> news:1188075487.914197.146470@57g2000hsv.googlegroups.com... >> >> > We recently imaged a small (< 25) number of laptops for use in our >> > office. Our basic setup is a routed network with servers on a >> > 192.168.10.x network, clients on 3 diff subnets. We have a number of >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have two >> > AD servers doing DNS & DHCP. >> >> > What we're running into is with the new laptops, they can't always >> > browse the Microsoft Network. We have an app that we need to browse in >> > order to setup correctly. On the same subnet I can have clients that >> > can browse, while others (usually the new laptops, but not always) >> > can't. They get the "xDomain is not accessible. You might not have >> > permission to use this network resource.... >> >> > We've gone through all the network settings, firewall and others on >> > the clients and they seem the same. They can auth to the AD and login >> > just fine. DNS and access to IP resources not a problem. We can map a >> > drive to the same server that we can't browse to (well, we can't >> > browse to anything). >> >> > Are we having a master browser issue on this subnet? We do not have >> > WINS running. There are rare times when one of the laptops that can't >> > browse, can, for a while. We can have on the same subnet, machines >> > that can browse and others that can't. And they may "flip flop". >> >> > ANY help would be greatly appreciated. Thx! > > Hi - > > Yes, they have their own SID. The odd thing is that sometimes there > are "older" PCs/laptops on the same subnet that have been able to > browse and then they can't either. So it' not just limited to the > newly imaged laptops. Although it is far more often with them. > >
Guest swu30@hotmail.com Posted August 27, 2007 Posted August 27, 2007 Re: Domain Browsing Issues On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> wrote: > Ahh ok. Try the Browstat tool to troubleshoot a possible Browser problem, > it could be that the new pcs are trying to be the Master Browser and > confusing the browser service.http://support.microsoft.com/kb/188305/en-us > > Do any of your Master Browsers have two network cards?http://support.microsoft.com/kb/191611/en-us > > You might really want to consider using WINS for your "my network places" > browsing, it is far less broadcast chatty on your network and performs more > efficiently with multi-subnet networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05... > > Are you using Trend Micro antivirus?http://support.microsoft.com/kb/318245 > > Do you have any issue related event ids in your Event Log? > > Coraleigh Miller > > <sw...@hotmail.com> wrote in message > > news:1188132357.554349.105140@57g2000hsv.googlegroups.com... > > > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> > > wrote: > >> Hi swu30, > > >> Since you mentioned that you imaged these new pcs, did you account in > >> your > >> clone process for each pc getting an unique SID? Check that they do in > >> fact > >> have their own sids, if not there are tools to help fix this including > >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx > >> and > >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html > > >> Are there any related event ids in your event logs? > > >> Coraleigh Miller > > >> <sw...@hotmail.com> wrote in message > > >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com... > > >> > We recently imaged a small (< 25) number of laptops for use in our > >> > office. Our basic setup is a routed network with servers on a > >> > 192.168.10.x network, clients on 3 diff subnets. We have a number of > >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have two > >> > AD servers doing DNS & DHCP. > > >> > What we're running into is with the new laptops, they can't always > >> > browse the Microsoft Network. We have an app that we need to browse in > >> > order to setup correctly. On the same subnet I can have clients that > >> > can browse, while others (usually the new laptops, but not always) > >> > can't. They get the "xDomain is not accessible. You might not have > >> > permission to use this network resource.... > > >> > We've gone through all the network settings, firewall and others on > >> > the clients and they seem the same. They can auth to the AD and login > >> > just fine. DNS and access to IP resources not a problem. We can map a > >> > drive to the same server that we can't browse to (well, we can't > >> > browse to anything). > > >> > Are we having a master browser issue on this subnet? We do not have > >> > WINS running. There are rare times when one of the laptops that can't > >> > browse, can, for a while. We can have on the same subnet, machines > >> > that can browse and others that can't. And they may "flip flop". > > >> > ANY help would be greatly appreciated. Thx! > > > Hi - > > > Yes, they have their own SID. The odd thing is that sometimes there > > are "older" PCs/laptops on the same subnet that have been able to > > browse and then they can't either. So it' not just limited to the > > newly imaged laptops. Although it is far more often with them. Will check out the browse tool. No, they are all single NIC machines. The non-browse issue seems to come into play after we load Sophos AV. We have to browse to the server that has Sophos, we do a network install. After the install is complete, browsing is still OK - until we reboot. Then the laptop cannot browse the same network. No matter if we login as the local admin, domain user, or domain admin, we get the "xDomain is not accessible. You might not have permission to use this network..." error. All net services are good except browsing. Nothing in the event log of the client or AD servers. Arg! I can easily turn on WINS, do I need to disable/enable anything on the clients? Thx!
Guest Coraleigh Miller Posted August 27, 2007 Posted August 27, 2007 Re: Domain Browsing Issues On the clients you should disable the Computer Browser service since this would take precedence over WINS browsing. You can use Group Policy to do this if you wish.. http://support.microsoft.com/kb/297789 Also make sure the clients have the WINS server IP in their tcpip settings. If you use DHCP for your workstations, add both the WINS server IP and node type (0x8, hybrid) to your DHCP scope options. Let me know how it goes. :-) Coraleigh Miller <swu30@hotmail.com> wrote in message news:1188183273.619497.37010@o80g2000hse.googlegroups.com... > On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> > wrote: >> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser >> problem, >> it could be that the new pcs are trying to be the Master Browser and >> confusing the browser >> service.http://support.microsoft.com/kb/188305/en-us >> >> Do any of your Master Browsers have two network >> cards?http://support.microsoft.com/kb/191611/en-us >> >> You might really want to consider using WINS for your "my network places" >> browsing, it is far less broadcast chatty on your network and performs >> more >> efficiently with multi-subnet >> networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05... >> >> Are you using Trend Micro >> antivirus?http://support.microsoft.com/kb/318245 >> >> Do you have any issue related event ids in your Event Log? >> >> Coraleigh Miller >> >> <sw...@hotmail.com> wrote in message >> >> news:1188132357.554349.105140@57g2000hsv.googlegroups.com... >> >> > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> >> > wrote: >> >> Hi swu30, >> >> >> Since you mentioned that you imaged these new pcs, did you account in >> >> your >> >> clone process for each pc getting an unique SID? Check that they do >> >> in >> >> fact >> >> have their own sids, if not there are tools to help fix this including >> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx >> >> and >> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html >> >> >> Are there any related event ids in your event logs? >> >> >> Coraleigh Miller >> >> >> <sw...@hotmail.com> wrote in message >> >> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com... >> >> >> > We recently imaged a small (< 25) number of laptops for use in our >> >> > office. Our basic setup is a routed network with servers on a >> >> > 192.168.10.x network, clients on 3 diff subnets. We have a number of >> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have >> >> > two >> >> > AD servers doing DNS & DHCP. >> >> >> > What we're running into is with the new laptops, they can't always >> >> > browse the Microsoft Network. We have an app that we need to browse >> >> > in >> >> > order to setup correctly. On the same subnet I can have clients that >> >> > can browse, while others (usually the new laptops, but not always) >> >> > can't. They get the "xDomain is not accessible. You might not have >> >> > permission to use this network resource.... >> >> >> > We've gone through all the network settings, firewall and others on >> >> > the clients and they seem the same. They can auth to the AD and >> >> > login >> >> > just fine. DNS and access to IP resources not a problem. We can map >> >> > a >> >> > drive to the same server that we can't browse to (well, we can't >> >> > browse to anything). >> >> >> > Are we having a master browser issue on this subnet? We do not have >> >> > WINS running. There are rare times when one of the laptops that >> >> > can't >> >> > browse, can, for a while. We can have on the same subnet, machines >> >> > that can browse and others that can't. And they may "flip flop". >> >> >> > ANY help would be greatly appreciated. Thx! >> >> > Hi - >> >> > Yes, they have their own SID. The odd thing is that sometimes there >> > are "older" PCs/laptops on the same subnet that have been able to >> > browse and then they can't either. So it' not just limited to the >> > newly imaged laptops. Although it is far more often with them. > > > Will check out the browse tool. No, they are all single NIC machines. > The non-browse issue seems to come into play after we load Sophos AV. > We have to browse to the server that has Sophos, we do a network > install. After the install is complete, browsing is still OK - until > we reboot. Then the laptop cannot browse the same network. > > No matter if we login as the local admin, domain user, or domain > admin, we get the "xDomain is not accessible. You might not have > permission to use this network..." error. All net services are good > except browsing. Nothing in the event log of the client or AD > servers. Arg! > > I can easily turn on WINS, do I need to disable/enable anything on the > clients? > > Thx! >
Guest swu30@hotmail.com Posted September 4, 2007 Posted September 4, 2007 Re: Domain Browsing Issues On Aug 27, 12:07 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com> wrote: > On the clients you should disable the Computer Browser service since this > would take precedence over WINS browsing. You can use Group Policy to do > this if you wish..http://support.microsoft.com/kb/297789 > Also make sure the clients have the WINS server IP in their tcpip settings. > If you use DHCP for your workstations, add both the WINS server IP and node > type (0x8, hybrid) to your DHCP scope options. > > Let me know how it goes. :-) > > Coraleigh Miller > > <sw...@hotmail.com> wrote in message > > news:1188183273.619497.37010@o80g2000hse.googlegroups.com... > > > > > On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> > > wrote: > >> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser > >> problem, > >> it could be that the new pcs are trying to be the Master Browser and > >> confusing the browser > >> service.http://support.microsoft.com/kb/188305/en-us > > >> Do any of your Master Browsers have two network > >> cards?http://support.microsoft.com/kb/191611/en-us > > >> You might really want to consider using WINS for your "my network places" > >> browsing, it is far less broadcast chatty on your network and performs > >> more > >> efficiently with multi-subnet > >> networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05... > > >> Are you using Trend Micro > >> antivirus?http://support.microsoft.com/kb/318245 > > >> Do you have any issue related event ids in your Event Log? > > >> Coraleigh Miller > > >> <sw...@hotmail.com> wrote in message > > >>news:1188132357.554349.105140@57g2000hsv.googlegroups.com... > > >> > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> > >> > wrote: > >> >> Hiswu30, > > >> >> Since you mentioned that you imaged these new pcs, did you account in > >> >> your > >> >> clone process for each pc getting an unique SID? Check that they do > >> >> in > >> >> fact > >> >> have their own sids, if not there are tools to help fix this including > >> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx > >> >> and > >> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html > > >> >> Are there any related event ids in your event logs? > > >> >> Coraleigh Miller > > >> >> <sw...@hotmail.com> wrote in message > > >> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com... > > >> >> > We recently imaged a small (< 25) number of laptops for use in our > >> >> > office. Our basic setup is a routed network with servers on a > >> >> > 192.168.10.x network, clients on 3 diff subnets. We have a number of > >> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have > >> >> > two > >> >> > AD servers doing DNS & DHCP. > > >> >> > What we're running into is with the new laptops, they can't always > >> >> > browse the Microsoft Network. We have an app that we need to browse > >> >> > in > >> >> > order to setup correctly. On the same subnet I can have clients that > >> >> > can browse, while others (usually the new laptops, but not always) > >> >> > can't. They get the "xDomain is not accessible. You might not have > >> >> > permission to use this network resource.... > > >> >> > We've gone through all the network settings, firewall and others on > >> >> > the clients and they seem the same. They can auth to the AD and > >> >> > login > >> >> > just fine. DNS and access to IP resources not a problem. We can map > >> >> > a > >> >> > drive to the same server that we can't browse to (well, we can't > >> >> > browse to anything). > > >> >> > Are we having a master browser issue on this subnet? We do not have > >> >> > WINS running. There are rare times when one of the laptops that > >> >> > can't > >> >> > browse, can, for a while. We can have on the same subnet, machines > >> >> > that can browse and others that can't. And they may "flip flop". > > >> >> > ANY help would be greatly appreciated. Thx! > > >> > Hi - > > >> > Yes, they have their own SID. The odd thing is that sometimes there > >> > are "older" PCs/laptops on the same subnet that have been able to > >> > browse and then they can't either. So it' not just limited to the > >> > newly imaged laptops. Although it is far more often with them. > > > Will check out the browse tool. No, they are all single NIC machines. > > The non-browse issue seems to come into play after we load Sophos AV. > > We have to browse to the server that has Sophos, we do a network > > install. After the install is complete, browsing is still OK - until > > we reboot. Then the laptop cannot browse the same network. > > > No matter if we login as the local admin, domain user, or domain > > admin, we get the "xDomain is not accessible. You might not have > > permission to use this network..." error. All net services are good > > except browsing. Nothing in the event log of the client or AD > > servers. Arg! > > > I can easily turn on WINS, do I need to disable/enable anything on the > > clients? > > > Thx!- Hide quoted text - > > - Show quoted text - Thanks for the help so far. I'll give this a try and let you know. If I can bounce one more question off of you, I would like to replace one of our aging AD servers. Our AD is currently on W2k, can I have AD on a W2k3 server if the other is W2k AD? I heard you can't mix. True? If so, can you migrate from W2k to W2k3? Thx!
Guest Coraleigh Miller Posted September 5, 2007 Posted September 5, 2007 Re: Domain Browsing Issues Hi! :-) Yes you can mix 2000 DCs with 2003 DCs, as long as your domain functional level remains at 2000. Doing this however you dont gain some of the new domain features of 2003. http://support.microsoft.com/kb/322692 If you were to raise your domain functional level to take advantage of the 2003 features, you would not be able to use any 2000 DCs...so you would have to upgrade them all to 2003. You would also have to buy 2003 client access licenses... http://www.microsoft.com/windowsserver2003/howtobuy/licensing/priclicfaq.mspx Hope this helps. Coraleigh Miller <swu30@hotmail.com> wrote in message news:1188878736.086728.274450@50g2000hsm.googlegroups.com... > On Aug 27, 12:07 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com> > wrote: >> On the clients you should disable the Computer Browser service since this >> would take precedence over WINS browsing. You can use Group Policy to do >> this if you wish..http://support.microsoft.com/kb/297789 >> Also make sure the clients have the WINS server IP in their tcpip >> settings. >> If you use DHCP for your workstations, add both the WINS server IP and >> node >> type (0x8, hybrid) to your DHCP scope options. >> >> Let me know how it goes. :-) >> >> Coraleigh Miller >> >> <sw...@hotmail.com> wrote in message >> >> news:1188183273.619497.37010@o80g2000hse.googlegroups.com... >> >> >> >> > On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> >> > wrote: >> >> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser >> >> problem, >> >> it could be that the new pcs are trying to be the Master Browser and >> >> confusing the browser >> >> service.http://support.microsoft.com/kb/188305/en-us >> >> >> Do any of your Master Browsers have two network >> >> cards?http://support.microsoft.com/kb/191611/en-us >> >> >> You might really want to consider using WINS for your "my network >> >> places" >> >> browsing, it is far less broadcast chatty on your network and performs >> >> more >> >> efficiently with multi-subnet >> >> networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05... >> >> >> Are you using Trend Micro >> >> antivirus?http://support.microsoft.com/kb/318245 >> >> >> Do you have any issue related event ids in your Event Log? >> >> >> Coraleigh Miller >> >> >> <sw...@hotmail.com> wrote in message >> >> >>news:1188132357.554349.105140@57g2000hsv.googlegroups.com... >> >> >> > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> >> >> > wrote: >> >> >> Hiswu30, >> >> >> >> Since you mentioned that you imaged these new pcs, did you account >> >> >> in >> >> >> your >> >> >> clone process for each pc getting an unique SID? Check that they >> >> >> do >> >> >> in >> >> >> fact >> >> >> have their own sids, if not there are tools to help fix this >> >> >> including >> >> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx >> >> >> and >> >> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html >> >> >> >> Are there any related event ids in your event logs? >> >> >> >> Coraleigh Miller >> >> >> >> <sw...@hotmail.com> wrote in message >> >> >> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com... >> >> >> >> > We recently imaged a small (< 25) number of laptops for use in >> >> >> > our >> >> >> > office. Our basic setup is a routed network with servers on a >> >> >> > 192.168.10.x network, clients on 3 diff subnets. We have a number >> >> >> > of >> >> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have >> >> >> > two >> >> >> > AD servers doing DNS & DHCP. >> >> >> >> > What we're running into is with the new laptops, they can't >> >> >> > always >> >> >> > browse the Microsoft Network. We have an app that we need to >> >> >> > browse >> >> >> > in >> >> >> > order to setup correctly. On the same subnet I can have clients >> >> >> > that >> >> >> > can browse, while others (usually the new laptops, but not >> >> >> > always) >> >> >> > can't. They get the "xDomain is not accessible. You might not >> >> >> > have >> >> >> > permission to use this network resource.... >> >> >> >> > We've gone through all the network settings, firewall and others >> >> >> > on >> >> >> > the clients and they seem the same. They can auth to the AD and >> >> >> > login >> >> >> > just fine. DNS and access to IP resources not a problem. We can >> >> >> > map >> >> >> > a >> >> >> > drive to the same server that we can't browse to (well, we can't >> >> >> > browse to anything). >> >> >> >> > Are we having a master browser issue on this subnet? We do not >> >> >> > have >> >> >> > WINS running. There are rare times when one of the laptops that >> >> >> > can't >> >> >> > browse, can, for a while. We can have on the same subnet, >> >> >> > machines >> >> >> > that can browse and others that can't. And they may "flip flop". >> >> >> >> > ANY help would be greatly appreciated. Thx! >> >> >> > Hi - >> >> >> > Yes, they have their own SID. The odd thing is that sometimes there >> >> > are "older" PCs/laptops on the same subnet that have been able to >> >> > browse and then they can't either. So it' not just limited to the >> >> > newly imaged laptops. Although it is far more often with them. >> >> > Will check out the browse tool. No, they are all single NIC machines. >> > The non-browse issue seems to come into play after we load Sophos AV. >> > We have to browse to the server that has Sophos, we do a network >> > install. After the install is complete, browsing is still OK - until >> > we reboot. Then the laptop cannot browse the same network. >> >> > No matter if we login as the local admin, domain user, or domain >> > admin, we get the "xDomain is not accessible. You might not have >> > permission to use this network..." error. All net services are good >> > except browsing. Nothing in the event log of the client or AD >> > servers. Arg! >> >> > I can easily turn on WINS, do I need to disable/enable anything on the >> > clients? >> >> > Thx!- Hide quoted text - >> >> - Show quoted text - > > Thanks for the help so far. I'll give this a try and let you know. If > I can bounce one more question off of you, I would like to replace one > of our aging AD servers. Our AD is currently on W2k, can I have AD on > a W2k3 server if the other > is W2k AD? I heard you can't mix. True? If so, can you migrate from > W2k to W2k3? > > > Thx! >
Guest swu30@hotmail.com Posted September 9, 2007 Posted September 9, 2007 Re: Domain Browsing Issues Hi - Ok, both of my AD servers are W2k in mixed mode. Given that, and that I want to replace them both from a hardware level, can I install two new W2k3 servers in "2000 mode", then retire the old hardware leaving me with new w2k3 servers in "2000 mode" and then up both W2k3 AD servers to "2003 mode"? If not, what's a good strategy for replacing and upgrading my W2k AD servers? Thx again! On Sep 5, 12:57 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com> wrote: > Hi! :-) > > Yes you can mix 2000 DCs with 2003 DCs, as long as your domain functional > level remains at 2000. Doing this however you dont gain some of the new > domain features of 2003. http://support.microsoft.com/kb/322692 > > If you were to raise your domain functional level to take advantage of the > 2003 features, you would not be able to use any 2000 DCs...so you would have > to upgrade them all to 2003. You would also have to buy 2003 client access > licenses...http://www.microsoft.com/windowsserver2003/howtobuy/licensing/priclic... > > Hope this helps. > > Coraleigh Miller > > <sw...@hotmail.com> wrote in message > > news:1188878736.086728.274450@50g2000hsm.googlegroups.com... > > > On Aug 27, 12:07 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com> > > wrote: > >> On the clients you should disable the Computer Browser service since this > >> would take precedence over WINS browsing. You can use Group Policy to do > >> this if you wish..http://support.microsoft.com/kb/297789 > >> Also make sure the clients have the WINS server IP in their tcpip > >> settings. > >> If you use DHCP for your workstations, add both the WINS server IP and > >> node > >> type (0x8, hybrid) to your DHCP scope options. > > >> Let me know how it goes. :-) > > >> Coraleigh Miller > > >> <sw...@hotmail.com> wrote in message > > >>news:1188183273.619497.37010@o80g2000hse.googlegroups.com... > > >> > On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> > >> > wrote: > >> >> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser > >> >> problem, > >> >> it could be that the new pcs are trying to be the Master Browser and > >> >> confusing the browser > >> >> service.http://support.microsoft.com/kb/188305/en-us > > >> >> Do any of your Master Browsers have two network > >> >> cards?http://support.microsoft.com/kb/191611/en-us > > >> >> You might really want to consider using WINS for your "my network > >> >> places" > >> >> browsing, it is far less broadcast chatty on your network and performs > >> >> more > >> >> efficiently with multi-subnet > >> >> networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05... > > >> >> Are you using Trend Micro > >> >> antivirus?http://support.microsoft.com/kb/318245 > > >> >> Do you have any issue related event ids in your Event Log? > > >> >> Coraleigh Miller > > >> >> <sw...@hotmail.com> wrote in message > > >> >>news:1188132357.554349.105140@57g2000hsv.googlegroups.com... > > >> >> > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> > >> >> > wrote: > >> >> >> Hiswu30, > > >> >> >> Since you mentioned that you imaged these new pcs, did you account > >> >> >> in > >> >> >> your > >> >> >> clone process for each pc getting an unique SID? Check that they > >> >> >> do > >> >> >> in > >> >> >> fact > >> >> >> have their own sids, if not there are tools to help fix this > >> >> >> including > >> >> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx > >> >> >> and > >> >> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html > > >> >> >> Are there any related event ids in your event logs? > > >> >> >> Coraleigh Miller > > >> >> >> <sw...@hotmail.com> wrote in message > > >> >> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com... > > >> >> >> > We recently imaged a small (< 25) number of laptops for use in > >> >> >> > our > >> >> >> > office. Our basic setup is a routed network with servers on a > >> >> >> > 192.168.10.x network, clients on 3 diff subnets. We have a number > >> >> >> > of > >> >> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have > >> >> >> > two > >> >> >> > AD servers doing DNS & DHCP. > > >> >> >> > What we're running into is with the new laptops, they can't > >> >> >> > always > >> >> >> > browse the Microsoft Network. We have an app that we need to > >> >> >> > browse > >> >> >> > in > >> >> >> > order to setup correctly. On the same subnet I can have clients > >> >> >> > that > >> >> >> > can browse, while others (usually the new laptops, but not > >> >> >> > always) > >> >> >> > can't. They get the "xDomain is not accessible. You might not > >> >> >> > have > >> >> >> > permission to use this network resource.... > > >> >> >> > We've gone through all the network settings, firewall and others > >> >> >> > on > >> >> >> > the clients and they seem the same. They can auth to the AD and > >> >> >> > login > >> >> >> > just fine. DNS and access to IP resources not a problem. We can > >> >> >> > map > >> >> >> > a > >> >> >> > drive to the same server that we can't browse to (well, we can't > >> >> >> > browse to anything). > > >> >> >> > Are we having a master browser issue on this subnet? We do not > >> >> >> > have > >> >> >> > WINS running. There are rare times when one of the laptops that > >> >> >> > can't > >> >> >> > browse, can, for a while. We can have on the same subnet, > >> >> >> > machines > >> >> >> > that can browse and others that can't. And they may "flip flop". > > >> >> >> > ANY help would be greatly appreciated. Thx! > > >> >> > Hi - > > >> >> > Yes, they have their own SID. The odd thing is that sometimes there > >> >> > are "older" PCs/laptops on the same subnet that have been able to > >> >> > browse and then they can't either. So it' not just limited to the > >> >> > newly imaged laptops. Although it is far more often with them. > > >> > Will check out the browse tool. No, they are all single NIC machines. > >> > The non-browse issue seems to come into play after we load Sophos AV. > >> > We have to browse to the server that has Sophos, we do a network > >> > install. After the install is complete, browsing is still OK - until > >> > we reboot. Then the laptop cannot browse the same network. > > >> > No matter if we login as the local admin, domain user, or domain > >> > admin, we get the "xDomain is not accessible. You might not have > >> > permission to use this network..." error. All net services are good > >> > except browsing. Nothing in the event log of the client or AD > >> > servers. Arg! > > >> > I can easily turn on WINS, do I need to disable/enable anything on the > >> > clients? > > >> > Thx!- Hide quoted text - > > >> - Show quoted text - > > > Thanks for the help so far. I'll give this a try and let you know. If > > I can bounce one more question off of you, I would like to replace one > > of our aging AD servers. Our AD is currently on W2k, can I have AD on > > a W2k3 server if the other > > is W2k AD? I heard you can't mix. True? If so, can you migrate from > > W2k to W2k3? > > > Thx!
Guest Coraleigh Miller Posted September 12, 2007 Posted September 12, 2007 Re: Domain Browsing Issues Hi, Yes...also in order to transfer all your AD settings etc Meinolf Weber (an esteemed poster in this group) actually recently posted a step by step good strategy for replacing a 2000 AD server with a 2003 AD. I have pasted it below.... Coraleigh Miller (paste) ........................................................................................................................................... Hello JPCLYONS, - on the 2000 DC, if not done, make DNS as Active directory integrated zone, easier for administration and replication - on the 2003 server, point DNS on the NIC only to the 2000 DNS server - prepare the schema master 2000 for the new schema with adprep /forestprep adprep /domainprep from the 2003 installation cd with an account that is member of the schema admins - run dcpromo on the 2003 server, make it DNS server and check that DNS is active directory integrated, let it time for replication from DNS - if the new one is ready so far, run dcdiag and netdiag against the new server to check for errors - if no errors make it a global catalog server Open Active directory site and services, go to Sites, default first site name, servers, choose the server, right click NTDS settings, open properties and checkmark Global catalog (check event viewer after it, in Directory service you must find event id 1110 and 1119) - move the 5 FSMO roles to the new 2003 machine, check in eventviewer>directory services for entries about success or failure http://support.microsoft.com/kb/324801 - check again with dcdiag and netdiag for errors - change DNS settings from the new server to point to itself as primary server, change the 2000 machine to point to the new 2003 server as primary DNS server - give it some time and test that your environment it still running, web, shares, login etc. Also again dcdiag and netdiag - do not forget to reconfigure your clients for the new DNS server - if you have done all your server preparation, you can copy your data to new locations with keeping your security settings with xcopy or robocopy - if everything is ok, you can start demoting the old server, do NOT delete them from AD, run dcpromo on the 2000 DC and follow the wizard, read carefully. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. > Can anyone point me to a references for replacing a Windows 2000 > server with a Windows 2003 server? > > I need a step by step guide - since this project was inherited and my > credentials right now are just an MCP. > > The current server is in a mixed mode Active Directory structure. > It is the PDC, DNS and file server. The new Windows 2003 server will > replace all these functions. > So far, I have installed the server in the rack, assigned the two NICS > with IP's, and gotten all service packs. It is still in WORKGROUP - I > have not added it to the domain. > > Without disrupting logins, DNS, etc, I need to know the sequence of > how to proceed. > > I do not want DHCP on, or any other services that are not absolutely > essential. > > I also realize that this answer might already be somewhere on these > forums, and I will look, it's just that I do not want this to linger, > as the old server has hardly any disk space - the new one has 400 > gigs. > > Any and all answers will be gratefully appreciated. > > Jim Lyons > > J P C LYONS AT GEE MAIL DOT COM > ........................................................................................................................... (/paste) <swu30@hotmail.com> wrote in message news:1189360842.994457.43950@r34g2000hsd.googlegroups.com... > Hi - > > Ok, both of my AD servers are W2k in mixed mode. Given that, and that > I want to replace them both from a hardware level, can I install two > new W2k3 servers in "2000 mode", then retire the old hardware leaving > me with new w2k3 servers in "2000 mode" and then up both W2k3 AD > servers to "2003 mode"? > > If not, what's a good strategy for replacing and upgrading my W2k AD > servers? > > Thx again! > > > On Sep 5, 12:57 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com> > wrote: >> Hi! :-) >> >> Yes you can mix 2000 DCs with 2003 DCs, as long as your domain functional >> level remains at 2000. Doing this however you dont gain some of the new >> domain features of 2003. http://support.microsoft.com/kb/322692 >> >> If you were to raise your domain functional level to take advantage of >> the >> 2003 features, you would not be able to use any 2000 DCs...so you would >> have >> to upgrade them all to 2003. You would also have to buy 2003 client >> access >> licenses...http://www.microsoft.com/windowsserver2003/howtobuy/licensing/priclic... >> >> Hope this helps. >> >> Coraleigh Miller >> >> <sw...@hotmail.com> wrote in message >> >> news:1188878736.086728.274450@50g2000hsm.googlegroups.com... >> >> > On Aug 27, 12:07 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com> >> > wrote: >> >> On the clients you should disable the Computer Browser service since >> >> this >> >> would take precedence over WINS browsing. You can use Group Policy to >> >> do >> >> this if you wish..http://support.microsoft.com/kb/297789 >> >> Also make sure the clients have the WINS server IP in their tcpip >> >> settings. >> >> If you use DHCP for your workstations, add both the WINS server IP and >> >> node >> >> type (0x8, hybrid) to your DHCP scope options. >> >> >> Let me know how it goes. :-) >> >> >> Coraleigh Miller >> >> >> <sw...@hotmail.com> wrote in message >> >> >>news:1188183273.619497.37010@o80g2000hse.googlegroups.com... >> >> >> > On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com> >> >> > wrote: >> >> >> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser >> >> >> problem, >> >> >> it could be that the new pcs are trying to be the Master Browser >> >> >> and >> >> >> confusing the browser >> >> >> service.http://support.microsoft.com/kb/188305/en-us >> >> >> >> Do any of your Master Browsers have two network >> >> >> cards?http://support.microsoft.com/kb/191611/en-us >> >> >> >> You might really want to consider using WINS for your "my network >> >> >> places" >> >> >> browsing, it is far less broadcast chatty on your network and >> >> >> performs >> >> >> more >> >> >> efficiently with multi-subnet >> >> >> networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05... >> >> >> >> Are you using Trend Micro >> >> >> antivirus?http://support.microsoft.com/kb/318245 >> >> >> >> Do you have any issue related event ids in your Event Log? >> >> >> >> Coraleigh Miller >> >> >> >> <sw...@hotmail.com> wrote in message >> >> >> >>news:1188132357.554349.105140@57g2000hsv.googlegroups.com... >> >> >> >> > On Aug 25, 10:38 pm, "Coraleigh Miller" >> >> >> > <CoraleighMil...@yahoo.com> >> >> >> > wrote: >> >> >> >> Hiswu30, >> >> >> >> >> Since you mentioned that you imaged these new pcs, did you >> >> >> >> account >> >> >> >> in >> >> >> >> your >> >> >> >> clone process for each pc getting an unique SID? Check that >> >> >> >> they >> >> >> >> do >> >> >> >> in >> >> >> >> fact >> >> >> >> have their own sids, if not there are tools to help fix this >> >> >> >> including >> >> >> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx >> >> >> >> and >> >> >> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html >> >> >> >> >> Are there any related event ids in your event logs? >> >> >> >> >> Coraleigh Miller >> >> >> >> >> <sw...@hotmail.com> wrote in message >> >> >> >> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com... >> >> >> >> >> > We recently imaged a small (< 25) number of laptops for use in >> >> >> >> > our >> >> >> >> > office. Our basic setup is a routed network with servers on a >> >> >> >> > 192.168.10.x network, clients on 3 diff subnets. We have a >> >> >> >> > number >> >> >> >> > of >> >> >> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We >> >> >> >> > have >> >> >> >> > two >> >> >> >> > AD servers doing DNS & DHCP. >> >> >> >> >> > What we're running into is with the new laptops, they can't >> >> >> >> > always >> >> >> >> > browse the Microsoft Network. We have an app that we need to >> >> >> >> > browse >> >> >> >> > in >> >> >> >> > order to setup correctly. On the same subnet I can have >> >> >> >> > clients >> >> >> >> > that >> >> >> >> > can browse, while others (usually the new laptops, but not >> >> >> >> > always) >> >> >> >> > can't. They get the "xDomain is not accessible. You might not >> >> >> >> > have >> >> >> >> > permission to use this network resource.... >> >> >> >> >> > We've gone through all the network settings, firewall and >> >> >> >> > others >> >> >> >> > on >> >> >> >> > the clients and they seem the same. They can auth to the AD >> >> >> >> > and >> >> >> >> > login >> >> >> >> > just fine. DNS and access to IP resources not a problem. We >> >> >> >> > can >> >> >> >> > map >> >> >> >> > a >> >> >> >> > drive to the same server that we can't browse to (well, we >> >> >> >> > can't >> >> >> >> > browse to anything). >> >> >> >> >> > Are we having a master browser issue on this subnet? We do not >> >> >> >> > have >> >> >> >> > WINS running. There are rare times when one of the laptops >> >> >> >> > that >> >> >> >> > can't >> >> >> >> > browse, can, for a while. We can have on the same subnet, >> >> >> >> > machines >> >> >> >> > that can browse and others that can't. And they may "flip >> >> >> >> > flop". >> >> >> >> >> > ANY help would be greatly appreciated. Thx! >> >> >> >> > Hi - >> >> >> >> > Yes, they have their own SID. The odd thing is that sometimes >> >> >> > there >> >> >> > are "older" PCs/laptops on the same subnet that have been able to >> >> >> > browse and then they can't either. So it' not just limited to the >> >> >> > newly imaged laptops. Although it is far more often with them. >> >> >> > Will check out the browse tool. No, they are all single NIC >> >> > machines. >> >> > The non-browse issue seems to come into play after we load Sophos >> >> > AV. >> >> > We have to browse to the server that has Sophos, we do a network >> >> > install. After the install is complete, browsing is still OK - until >> >> > we reboot. Then the laptop cannot browse the same network. >> >> >> > No matter if we login as the local admin, domain user, or domain >> >> > admin, we get the "xDomain is not accessible. You might not have >> >> > permission to use this network..." error. All net services are good >> >> > except browsing. Nothing in the event log of the client or AD >> >> > servers. Arg! >> >> >> > I can easily turn on WINS, do I need to disable/enable anything on >> >> > the >> >> > clients? >> >> >> > Thx!- Hide quoted text - >> >> >> - Show quoted text - >> >> > Thanks for the help so far. I'll give this a try and let you know. If >> > I can bounce one more question off of you, I would like to replace one >> > of our aging AD servers. Our AD is currently on W2k, can I have AD on >> > a W2k3 server if the other >> > is W2k AD? I heard you can't mix. True? If so, can you migrate from >> > W2k to W2k3? >> >> > Thx! > >
Recommended Posts