Jump to content

Domain Browsing Issues

Guest swu30@hotmail.com

By Guest swu30@hotmail.com
in Windows 2003 Server

 Share

Recommended Posts

Guest swu30@hotmail.com

Guest swu30@hotmail.com

Posted
Posted

We recently imaged a small (< 25) number of laptops for use in our

office. Our basic setup is a routed network with servers on a

192.168.10.x network, clients on 3 diff subnets. We have a number of

W2k and W2k3 servers, clients are WinXP desk and laptops. We have two

AD servers doing DNS & DHCP.

 

What we're running into is with the new laptops, they can't always

browse the Microsoft Network. We have an app that we need to browse in

order to setup correctly. On the same subnet I can have clients that

can browse, while others (usually the new laptops, but not always)

can't. They get the "xDomain is not accessible. You might not have

permission to use this network resource....

 

We've gone through all the network settings, firewall and others on

the clients and they seem the same. They can auth to the AD and login

just fine. DNS and access to IP resources not a problem. We can map a

drive to the same server that we can't browse to (well, we can't

browse to anything).

 

Are we having a master browser issue on this subnet? We do not have

WINS running. There are rare times when one of the laptops that can't

browse, can, for a while. We can have on the same subnet, machines

that can browse and others that can't. And they may "flip flop".

 

ANY help would be greatly appreciated. Thx!

  • Replies 9
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Coraleigh Miller

Guest Coraleigh Miller

Posted
Posted

Re: Domain Browsing Issues

 

Hi swu30,

 

Since you mentioned that you imaged these new pcs, did you account in your

clone process for each pc getting an unique SID? Check that they do in fact

have their own sids, if not there are tools to help fix this including

NewSID http://www.microsoft.com/technet/sysinternals/security/newsid.mspx

and Ghostwalker

http://entkb.symantec.com/security/output/n1999050308324125.html

 

Are there any related event ids in your event logs?

 

Coraleigh Miller

 

 

<swu30@hotmail.com> wrote in message

news:1188075487.914197.146470@57g2000hsv.googlegroups.com...

> We recently imaged a small (< 25) number of laptops for use in our

> office. Our basic setup is a routed network with servers on a

> 192.168.10.x network, clients on 3 diff subnets. We have a number of

> W2k and W2k3 servers, clients are WinXP desk and laptops. We have two

> AD servers doing DNS & DHCP.

>

> What we're running into is with the new laptops, they can't always

> browse the Microsoft Network. We have an app that we need to browse in

> order to setup correctly. On the same subnet I can have clients that

> can browse, while others (usually the new laptops, but not always)

> can't. They get the "xDomain is not accessible. You might not have

> permission to use this network resource....

>

> We've gone through all the network settings, firewall and others on

> the clients and they seem the same. They can auth to the AD and login

> just fine. DNS and access to IP resources not a problem. We can map a

> drive to the same server that we can't browse to (well, we can't

> browse to anything).

>

> Are we having a master browser issue on this subnet? We do not have

> WINS running. There are rare times when one of the laptops that can't

> browse, can, for a while. We can have on the same subnet, machines

> that can browse and others that can't. And they may "flip flop".

>

> ANY help would be greatly appreciated. Thx!

>

Guest swu30@hotmail.com

Guest swu30@hotmail.com

Posted
Posted

Re: Domain Browsing Issues

 

On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

wrote:

> Hi swu30,

>

> Since you mentioned that you imaged these new pcs, did you account in your

> clone process for each pc getting an unique SID? Check that they do in fact

> have their own sids, if not there are tools to help fix this including

> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx

> and Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html

>

> Are there any related event ids in your event logs?

>

> Coraleigh Miller

>

> <sw...@hotmail.com> wrote in message

>

> news:1188075487.914197.146470@57g2000hsv.googlegroups.com...

>

> > We recently imaged a small (< 25) number of laptops for use in our

> > office. Our basic setup is a routed network with servers on a

> > 192.168.10.x network, clients on 3 diff subnets. We have a number of

> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have two

> > AD servers doing DNS & DHCP.

>

> > What we're running into is with the new laptops, they can't always

> > browse the Microsoft Network. We have an app that we need to browse in

> > order to setup correctly. On the same subnet I can have clients that

> > can browse, while others (usually the new laptops, but not always)

> > can't. They get the "xDomain is not accessible. You might not have

> > permission to use this network resource....

>

> > We've gone through all the network settings, firewall and others on

> > the clients and they seem the same. They can auth to the AD and login

> > just fine. DNS and access to IP resources not a problem. We can map a

> > drive to the same server that we can't browse to (well, we can't

> > browse to anything).

>

> > Are we having a master browser issue on this subnet? We do not have

> > WINS running. There are rare times when one of the laptops that can't

> > browse, can, for a while. We can have on the same subnet, machines

> > that can browse and others that can't. And they may "flip flop".

>

> > ANY help would be greatly appreciated. Thx!

 

Hi -

 

Yes, they have their own SID. The odd thing is that sometimes there

are "older" PCs/laptops on the same subnet that have been able to

browse and then they can't either. So it' not just limited to the

newly imaged laptops. Although it is far more often with them.

Guest Coraleigh Miller

Guest Coraleigh Miller

Posted
Posted

Re: Domain Browsing Issues

 

Ahh ok. Try the Browstat tool to troubleshoot a possible Browser problem,

it could be that the new pcs are trying to be the Master Browser and

confusing the browser service. http://support.microsoft.com/kb/188305/en-us

 

Do any of your Master Browsers have two network cards?

http://support.microsoft.com/kb/191611/en-us

 

You might really want to consider using WINS for your "my network places"

browsing, it is far less broadcast chatty on your network and performs more

efficiently with multi-subnet networks.

http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-0561-44a5-884c-d2dfaa5b10191033.mspx?mfr=true

 

Are you using Trend Micro antivirus? http://support.microsoft.com/kb/318245

 

Do you have any issue related event ids in your Event Log?

 

 

Coraleigh Miller

 

<swu30@hotmail.com> wrote in message

news:1188132357.554349.105140@57g2000hsv.googlegroups.com...

> On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

> wrote:

>> Hi swu30,

>>

>> Since you mentioned that you imaged these new pcs, did you account in

>> your

>> clone process for each pc getting an unique SID? Check that they do in

>> fact

>> have their own sids, if not there are tools to help fix this including

>> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx

>> and

>> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html

>>

>> Are there any related event ids in your event logs?

>>

>> Coraleigh Miller

>>

>> <sw...@hotmail.com> wrote in message

>>

>> news:1188075487.914197.146470@57g2000hsv.googlegroups.com...

>>

>> > We recently imaged a small (< 25) number of laptops for use in our

>> > office. Our basic setup is a routed network with servers on a

>> > 192.168.10.x network, clients on 3 diff subnets. We have a number of

>> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have two

>> > AD servers doing DNS & DHCP.

>>

>> > What we're running into is with the new laptops, they can't always

>> > browse the Microsoft Network. We have an app that we need to browse in

>> > order to setup correctly. On the same subnet I can have clients that

>> > can browse, while others (usually the new laptops, but not always)

>> > can't. They get the "xDomain is not accessible. You might not have

>> > permission to use this network resource....

>>

>> > We've gone through all the network settings, firewall and others on

>> > the clients and they seem the same. They can auth to the AD and login

>> > just fine. DNS and access to IP resources not a problem. We can map a

>> > drive to the same server that we can't browse to (well, we can't

>> > browse to anything).

>>

>> > Are we having a master browser issue on this subnet? We do not have

>> > WINS running. There are rare times when one of the laptops that can't

>> > browse, can, for a while. We can have on the same subnet, machines

>> > that can browse and others that can't. And they may "flip flop".

>>

>> > ANY help would be greatly appreciated. Thx!

>

> Hi -

>

> Yes, they have their own SID. The odd thing is that sometimes there

> are "older" PCs/laptops on the same subnet that have been able to

> browse and then they can't either. So it' not just limited to the

> newly imaged laptops. Although it is far more often with them.

>

>

Guest swu30@hotmail.com

Guest swu30@hotmail.com

Posted
Posted

Re: Domain Browsing Issues

 

On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

wrote:

> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser problem,

> it could be that the new pcs are trying to be the Master Browser and

> confusing the browser service.http://support.microsoft.com/kb/188305/en-us

>

> Do any of your Master Browsers have two network cards?http://support.microsoft.com/kb/191611/en-us

>

> You might really want to consider using WINS for your "my network places"

> browsing, it is far less broadcast chatty on your network and performs more

> efficiently with multi-subnet networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05...

>

> Are you using Trend Micro antivirus?http://support.microsoft.com/kb/318245

>

> Do you have any issue related event ids in your Event Log?

>

> Coraleigh Miller

>

> <sw...@hotmail.com> wrote in message

>

> news:1188132357.554349.105140@57g2000hsv.googlegroups.com...

>

> > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

> > wrote:

> >> Hi swu30,

>

> >> Since you mentioned that you imaged these new pcs, did you account in

> >> your

> >> clone process for each pc getting an unique SID? Check that they do in

> >> fact

> >> have their own sids, if not there are tools to help fix this including

> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx

> >> and

> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html

>

> >> Are there any related event ids in your event logs?

>

> >> Coraleigh Miller

>

> >> <sw...@hotmail.com> wrote in message

>

> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com...

>

> >> > We recently imaged a small (< 25) number of laptops for use in our

> >> > office. Our basic setup is a routed network with servers on a

> >> > 192.168.10.x network, clients on 3 diff subnets. We have a number of

> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have two

> >> > AD servers doing DNS & DHCP.

>

> >> > What we're running into is with the new laptops, they can't always

> >> > browse the Microsoft Network. We have an app that we need to browse in

> >> > order to setup correctly. On the same subnet I can have clients that

> >> > can browse, while others (usually the new laptops, but not always)

> >> > can't. They get the "xDomain is not accessible. You might not have

> >> > permission to use this network resource....

>

> >> > We've gone through all the network settings, firewall and others on

> >> > the clients and they seem the same. They can auth to the AD and login

> >> > just fine. DNS and access to IP resources not a problem. We can map a

> >> > drive to the same server that we can't browse to (well, we can't

> >> > browse to anything).

>

> >> > Are we having a master browser issue on this subnet? We do not have

> >> > WINS running. There are rare times when one of the laptops that can't

> >> > browse, can, for a while. We can have on the same subnet, machines

> >> > that can browse and others that can't. And they may "flip flop".

>

> >> > ANY help would be greatly appreciated. Thx!

>

> > Hi -

>

> > Yes, they have their own SID. The odd thing is that sometimes there

> > are "older" PCs/laptops on the same subnet that have been able to

> > browse and then they can't either. So it' not just limited to the

> > newly imaged laptops. Although it is far more often with them.

 

 

Will check out the browse tool. No, they are all single NIC machines.

The non-browse issue seems to come into play after we load Sophos AV.

We have to browse to the server that has Sophos, we do a network

install. After the install is complete, browsing is still OK - until

we reboot. Then the laptop cannot browse the same network.

 

No matter if we login as the local admin, domain user, or domain

admin, we get the "xDomain is not accessible. You might not have

permission to use this network..." error. All net services are good

except browsing. Nothing in the event log of the client or AD

servers. Arg!

 

I can easily turn on WINS, do I need to disable/enable anything on the

clients?

 

Thx!

Guest Coraleigh Miller

Guest Coraleigh Miller

Posted
Posted

Re: Domain Browsing Issues

 

On the clients you should disable the Computer Browser service since this

would take precedence over WINS browsing. You can use Group Policy to do

this if you wish.. http://support.microsoft.com/kb/297789

Also make sure the clients have the WINS server IP in their tcpip settings.

If you use DHCP for your workstations, add both the WINS server IP and node

type (0x8, hybrid) to your DHCP scope options.

 

Let me know how it goes. :-)

 

Coraleigh Miller

 

 

 

<swu30@hotmail.com> wrote in message

news:1188183273.619497.37010@o80g2000hse.googlegroups.com...

> On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

> wrote:

>> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser

>> problem,

>> it could be that the new pcs are trying to be the Master Browser and

>> confusing the browser

>> service.http://support.microsoft.com/kb/188305/en-us

>>

>> Do any of your Master Browsers have two network

>> cards?http://support.microsoft.com/kb/191611/en-us

>>

>> You might really want to consider using WINS for your "my network places"

>> browsing, it is far less broadcast chatty on your network and performs

>> more

>> efficiently with multi-subnet

>> networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05...

>>

>> Are you using Trend Micro

>> antivirus?http://support.microsoft.com/kb/318245

>>

>> Do you have any issue related event ids in your Event Log?

>>

>> Coraleigh Miller

>>

>> <sw...@hotmail.com> wrote in message

>>

>> news:1188132357.554349.105140@57g2000hsv.googlegroups.com...

>>

>> > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

>> > wrote:

>> >> Hi swu30,

>>

>> >> Since you mentioned that you imaged these new pcs, did you account in

>> >> your

>> >> clone process for each pc getting an unique SID? Check that they do

>> >> in

>> >> fact

>> >> have their own sids, if not there are tools to help fix this including

>> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx

>> >> and

>> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html

>>

>> >> Are there any related event ids in your event logs?

>>

>> >> Coraleigh Miller

>>

>> >> <sw...@hotmail.com> wrote in message

>>

>> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com...

>>

>> >> > We recently imaged a small (< 25) number of laptops for use in our

>> >> > office. Our basic setup is a routed network with servers on a

>> >> > 192.168.10.x network, clients on 3 diff subnets. We have a number of

>> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have

>> >> > two

>> >> > AD servers doing DNS & DHCP.

>>

>> >> > What we're running into is with the new laptops, they can't always

>> >> > browse the Microsoft Network. We have an app that we need to browse

>> >> > in

>> >> > order to setup correctly. On the same subnet I can have clients that

>> >> > can browse, while others (usually the new laptops, but not always)

>> >> > can't. They get the "xDomain is not accessible. You might not have

>> >> > permission to use this network resource....

>>

>> >> > We've gone through all the network settings, firewall and others on

>> >> > the clients and they seem the same. They can auth to the AD and

>> >> > login

>> >> > just fine. DNS and access to IP resources not a problem. We can map

>> >> > a

>> >> > drive to the same server that we can't browse to (well, we can't

>> >> > browse to anything).

>>

>> >> > Are we having a master browser issue on this subnet? We do not have

>> >> > WINS running. There are rare times when one of the laptops that

>> >> > can't

>> >> > browse, can, for a while. We can have on the same subnet, machines

>> >> > that can browse and others that can't. And they may "flip flop".

>>

>> >> > ANY help would be greatly appreciated. Thx!

>>

>> > Hi -

>>

>> > Yes, they have their own SID. The odd thing is that sometimes there

>> > are "older" PCs/laptops on the same subnet that have been able to

>> > browse and then they can't either. So it' not just limited to the

>> > newly imaged laptops. Although it is far more often with them.

>

>

> Will check out the browse tool. No, they are all single NIC machines.

> The non-browse issue seems to come into play after we load Sophos AV.

> We have to browse to the server that has Sophos, we do a network

> install. After the install is complete, browsing is still OK - until

> we reboot. Then the laptop cannot browse the same network.

>

> No matter if we login as the local admin, domain user, or domain

> admin, we get the "xDomain is not accessible. You might not have

> permission to use this network..." error. All net services are good

> except browsing. Nothing in the event log of the client or AD

> servers. Arg!

>

> I can easily turn on WINS, do I need to disable/enable anything on the

> clients?

>

> Thx!

>

Guest swu30@hotmail.com

Guest swu30@hotmail.com

Posted
Posted

Re: Domain Browsing Issues

 

On Aug 27, 12:07 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

wrote:

> On the clients you should disable the Computer Browser service since this

> would take precedence over WINS browsing. You can use Group Policy to do

> this if you wish..http://support.microsoft.com/kb/297789

> Also make sure the clients have the WINS server IP in their tcpip settings.

> If you use DHCP for your workstations, add both the WINS server IP and node

> type (0x8, hybrid) to your DHCP scope options.

>

> Let me know how it goes. :-)

>

> Coraleigh Miller

>

> <sw...@hotmail.com> wrote in message

>

> news:1188183273.619497.37010@o80g2000hse.googlegroups.com...

>

>

>

> > On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

> > wrote:

> >> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser

> >> problem,

> >> it could be that the new pcs are trying to be the Master Browser and

> >> confusing the browser

> >> service.http://support.microsoft.com/kb/188305/en-us

>

> >> Do any of your Master Browsers have two network

> >> cards?http://support.microsoft.com/kb/191611/en-us

>

> >> You might really want to consider using WINS for your "my network places"

> >> browsing, it is far less broadcast chatty on your network and performs

> >> more

> >> efficiently with multi-subnet

> >> networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05...

>

> >> Are you using Trend Micro

> >> antivirus?http://support.microsoft.com/kb/318245

>

> >> Do you have any issue related event ids in your Event Log?

>

> >> Coraleigh Miller

>

> >> <sw...@hotmail.com> wrote in message

>

> >>news:1188132357.554349.105140@57g2000hsv.googlegroups.com...

>

> >> > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

> >> > wrote:

> >> >> Hiswu30,

>

> >> >> Since you mentioned that you imaged these new pcs, did you account in

> >> >> your

> >> >> clone process for each pc getting an unique SID? Check that they do

> >> >> in

> >> >> fact

> >> >> have their own sids, if not there are tools to help fix this including

> >> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx

> >> >> and

> >> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html

>

> >> >> Are there any related event ids in your event logs?

>

> >> >> Coraleigh Miller

>

> >> >> <sw...@hotmail.com> wrote in message

>

> >> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com...

>

> >> >> > We recently imaged a small (< 25) number of laptops for use in our

> >> >> > office. Our basic setup is a routed network with servers on a

> >> >> > 192.168.10.x network, clients on 3 diff subnets. We have a number of

> >> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have

> >> >> > two

> >> >> > AD servers doing DNS & DHCP.

>

> >> >> > What we're running into is with the new laptops, they can't always

> >> >> > browse the Microsoft Network. We have an app that we need to browse

> >> >> > in

> >> >> > order to setup correctly. On the same subnet I can have clients that

> >> >> > can browse, while others (usually the new laptops, but not always)

> >> >> > can't. They get the "xDomain is not accessible. You might not have

> >> >> > permission to use this network resource....

>

> >> >> > We've gone through all the network settings, firewall and others on

> >> >> > the clients and they seem the same. They can auth to the AD and

> >> >> > login

> >> >> > just fine. DNS and access to IP resources not a problem. We can map

> >> >> > a

> >> >> > drive to the same server that we can't browse to (well, we can't

> >> >> > browse to anything).

>

> >> >> > Are we having a master browser issue on this subnet? We do not have

> >> >> > WINS running. There are rare times when one of the laptops that

> >> >> > can't

> >> >> > browse, can, for a while. We can have on the same subnet, machines

> >> >> > that can browse and others that can't. And they may "flip flop".

>

> >> >> > ANY help would be greatly appreciated. Thx!

>

> >> > Hi -

>

> >> > Yes, they have their own SID. The odd thing is that sometimes there

> >> > are "older" PCs/laptops on the same subnet that have been able to

> >> > browse and then they can't either. So it' not just limited to the

> >> > newly imaged laptops. Although it is far more often with them.

>

> > Will check out the browse tool. No, they are all single NIC machines.

> > The non-browse issue seems to come into play after we load Sophos AV.

> > We have to browse to the server that has Sophos, we do a network

> > install. After the install is complete, browsing is still OK - until

> > we reboot. Then the laptop cannot browse the same network.

>

> > No matter if we login as the local admin, domain user, or domain

> > admin, we get the "xDomain is not accessible. You might not have

> > permission to use this network..." error. All net services are good

> > except browsing. Nothing in the event log of the client or AD

> > servers. Arg!

>

> > I can easily turn on WINS, do I need to disable/enable anything on the

> > clients?

>

> > Thx!- Hide quoted text -

>

> - Show quoted text -

 

Thanks for the help so far. I'll give this a try and let you know. If

I can bounce one more question off of you, I would like to replace one

of our aging AD servers. Our AD is currently on W2k, can I have AD on

a W2k3 server if the other

is W2k AD? I heard you can't mix. True? If so, can you migrate from

W2k to W2k3?

 

 

Thx!

Guest Coraleigh Miller

Guest Coraleigh Miller

Posted
Posted

Re: Domain Browsing Issues

 

Hi! :-)

 

Yes you can mix 2000 DCs with 2003 DCs, as long as your domain functional

level remains at 2000. Doing this however you dont gain some of the new

domain features of 2003. http://support.microsoft.com/kb/322692

 

If you were to raise your domain functional level to take advantage of the

2003 features, you would not be able to use any 2000 DCs...so you would have

to upgrade them all to 2003. You would also have to buy 2003 client access

licenses...

http://www.microsoft.com/windowsserver2003/howtobuy/licensing/priclicfaq.mspx

 

Hope this helps.

 

Coraleigh Miller

 

<swu30@hotmail.com> wrote in message

news:1188878736.086728.274450@50g2000hsm.googlegroups.com...

> On Aug 27, 12:07 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

> wrote:

>> On the clients you should disable the Computer Browser service since this

>> would take precedence over WINS browsing. You can use Group Policy to do

>> this if you wish..http://support.microsoft.com/kb/297789

>> Also make sure the clients have the WINS server IP in their tcpip

>> settings.

>> If you use DHCP for your workstations, add both the WINS server IP and

>> node

>> type (0x8, hybrid) to your DHCP scope options.

>>

>> Let me know how it goes. :-)

>>

>> Coraleigh Miller

>>

>> <sw...@hotmail.com> wrote in message

>>

>> news:1188183273.619497.37010@o80g2000hse.googlegroups.com...

>>

>>

>>

>> > On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

>> > wrote:

>> >> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser

>> >> problem,

>> >> it could be that the new pcs are trying to be the Master Browser and

>> >> confusing the browser

>> >> service.http://support.microsoft.com/kb/188305/en-us

>>

>> >> Do any of your Master Browsers have two network

>> >> cards?http://support.microsoft.com/kb/191611/en-us

>>

>> >> You might really want to consider using WINS for your "my network

>> >> places"

>> >> browsing, it is far less broadcast chatty on your network and performs

>> >> more

>> >> efficiently with multi-subnet

>> >> networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05...

>>

>> >> Are you using Trend Micro

>> >> antivirus?http://support.microsoft.com/kb/318245

>>

>> >> Do you have any issue related event ids in your Event Log?

>>

>> >> Coraleigh Miller

>>

>> >> <sw...@hotmail.com> wrote in message

>>

>> >>news:1188132357.554349.105140@57g2000hsv.googlegroups.com...

>>

>> >> > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

>> >> > wrote:

>> >> >> Hiswu30,

>>

>> >> >> Since you mentioned that you imaged these new pcs, did you account

>> >> >> in

>> >> >> your

>> >> >> clone process for each pc getting an unique SID? Check that they

>> >> >> do

>> >> >> in

>> >> >> fact

>> >> >> have their own sids, if not there are tools to help fix this

>> >> >> including

>> >> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx

>> >> >> and

>> >> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html

>>

>> >> >> Are there any related event ids in your event logs?

>>

>> >> >> Coraleigh Miller

>>

>> >> >> <sw...@hotmail.com> wrote in message

>>

>> >> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com...

>>

>> >> >> > We recently imaged a small (< 25) number of laptops for use in

>> >> >> > our

>> >> >> > office. Our basic setup is a routed network with servers on a

>> >> >> > 192.168.10.x network, clients on 3 diff subnets. We have a number

>> >> >> > of

>> >> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have

>> >> >> > two

>> >> >> > AD servers doing DNS & DHCP.

>>

>> >> >> > What we're running into is with the new laptops, they can't

>> >> >> > always

>> >> >> > browse the Microsoft Network. We have an app that we need to

>> >> >> > browse

>> >> >> > in

>> >> >> > order to setup correctly. On the same subnet I can have clients

>> >> >> > that

>> >> >> > can browse, while others (usually the new laptops, but not

>> >> >> > always)

>> >> >> > can't. They get the "xDomain is not accessible. You might not

>> >> >> > have

>> >> >> > permission to use this network resource....

>>

>> >> >> > We've gone through all the network settings, firewall and others

>> >> >> > on

>> >> >> > the clients and they seem the same. They can auth to the AD and

>> >> >> > login

>> >> >> > just fine. DNS and access to IP resources not a problem. We can

>> >> >> > map

>> >> >> > a

>> >> >> > drive to the same server that we can't browse to (well, we can't

>> >> >> > browse to anything).

>>

>> >> >> > Are we having a master browser issue on this subnet? We do not

>> >> >> > have

>> >> >> > WINS running. There are rare times when one of the laptops that

>> >> >> > can't

>> >> >> > browse, can, for a while. We can have on the same subnet,

>> >> >> > machines

>> >> >> > that can browse and others that can't. And they may "flip flop".

>>

>> >> >> > ANY help would be greatly appreciated. Thx!

>>

>> >> > Hi -

>>

>> >> > Yes, they have their own SID. The odd thing is that sometimes there

>> >> > are "older" PCs/laptops on the same subnet that have been able to

>> >> > browse and then they can't either. So it' not just limited to the

>> >> > newly imaged laptops. Although it is far more often with them.

>>

>> > Will check out the browse tool. No, they are all single NIC machines.

>> > The non-browse issue seems to come into play after we load Sophos AV.

>> > We have to browse to the server that has Sophos, we do a network

>> > install. After the install is complete, browsing is still OK - until

>> > we reboot. Then the laptop cannot browse the same network.

>>

>> > No matter if we login as the local admin, domain user, or domain

>> > admin, we get the "xDomain is not accessible. You might not have

>> > permission to use this network..." error. All net services are good

>> > except browsing. Nothing in the event log of the client or AD

>> > servers. Arg!

>>

>> > I can easily turn on WINS, do I need to disable/enable anything on the

>> > clients?

>>

>> > Thx!- Hide quoted text -

>>

>> - Show quoted text -

>

> Thanks for the help so far. I'll give this a try and let you know. If

> I can bounce one more question off of you, I would like to replace one

> of our aging AD servers. Our AD is currently on W2k, can I have AD on

> a W2k3 server if the other

> is W2k AD? I heard you can't mix. True? If so, can you migrate from

> W2k to W2k3?

>

>

> Thx!

>

Guest swu30@hotmail.com

Guest swu30@hotmail.com

Posted
Posted

Re: Domain Browsing Issues

 

Hi -

 

Ok, both of my AD servers are W2k in mixed mode. Given that, and that

I want to replace them both from a hardware level, can I install two

new W2k3 servers in "2000 mode", then retire the old hardware leaving

me with new w2k3 servers in "2000 mode" and then up both W2k3 AD

servers to "2003 mode"?

 

If not, what's a good strategy for replacing and upgrading my W2k AD

servers?

 

Thx again!

 

 

On Sep 5, 12:57 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

wrote:

> Hi! :-)

>

> Yes you can mix 2000 DCs with 2003 DCs, as long as your domain functional

> level remains at 2000. Doing this however you dont gain some of the new

> domain features of 2003. http://support.microsoft.com/kb/322692

>

> If you were to raise your domain functional level to take advantage of the

> 2003 features, you would not be able to use any 2000 DCs...so you would have

> to upgrade them all to 2003. You would also have to buy 2003 client access

> licenses...http://www.microsoft.com/windowsserver2003/howtobuy/licensing/priclic...

>

> Hope this helps.

>

> Coraleigh Miller

>

> <sw...@hotmail.com> wrote in message

>

> news:1188878736.086728.274450@50g2000hsm.googlegroups.com...

>

> > On Aug 27, 12:07 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

> > wrote:

> >> On the clients you should disable the Computer Browser service since this

> >> would take precedence over WINS browsing. You can use Group Policy to do

> >> this if you wish..http://support.microsoft.com/kb/297789

> >> Also make sure the clients have the WINS server IP in their tcpip

> >> settings.

> >> If you use DHCP for your workstations, add both the WINS server IP and

> >> node

> >> type (0x8, hybrid) to your DHCP scope options.

>

> >> Let me know how it goes. :-)

>

> >> Coraleigh Miller

>

> >> <sw...@hotmail.com> wrote in message

>

> >>news:1188183273.619497.37010@o80g2000hse.googlegroups.com...

>

> >> > On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

> >> > wrote:

> >> >> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser

> >> >> problem,

> >> >> it could be that the new pcs are trying to be the Master Browser and

> >> >> confusing the browser

> >> >> service.http://support.microsoft.com/kb/188305/en-us

>

> >> >> Do any of your Master Browsers have two network

> >> >> cards?http://support.microsoft.com/kb/191611/en-us

>

> >> >> You might really want to consider using WINS for your "my network

> >> >> places"

> >> >> browsing, it is far less broadcast chatty on your network and performs

> >> >> more

> >> >> efficiently with multi-subnet

> >> >> networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05...

>

> >> >> Are you using Trend Micro

> >> >> antivirus?http://support.microsoft.com/kb/318245

>

> >> >> Do you have any issue related event ids in your Event Log?

>

> >> >> Coraleigh Miller

>

> >> >> <sw...@hotmail.com> wrote in message

>

> >> >>news:1188132357.554349.105140@57g2000hsv.googlegroups.com...

>

> >> >> > On Aug 25, 10:38 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

> >> >> > wrote:

> >> >> >> Hiswu30,

>

> >> >> >> Since you mentioned that you imaged these new pcs, did you account

> >> >> >> in

> >> >> >> your

> >> >> >> clone process for each pc getting an unique SID? Check that they

> >> >> >> do

> >> >> >> in

> >> >> >> fact

> >> >> >> have their own sids, if not there are tools to help fix this

> >> >> >> including

> >> >> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx

> >> >> >> and

> >> >> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html

>

> >> >> >> Are there any related event ids in your event logs?

>

> >> >> >> Coraleigh Miller

>

> >> >> >> <sw...@hotmail.com> wrote in message

>

> >> >> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com...

>

> >> >> >> > We recently imaged a small (< 25) number of laptops for use in

> >> >> >> > our

> >> >> >> > office. Our basic setup is a routed network with servers on a

> >> >> >> > 192.168.10.x network, clients on 3 diff subnets. We have a number

> >> >> >> > of

> >> >> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We have

> >> >> >> > two

> >> >> >> > AD servers doing DNS & DHCP.

>

> >> >> >> > What we're running into is with the new laptops, they can't

> >> >> >> > always

> >> >> >> > browse the Microsoft Network. We have an app that we need to

> >> >> >> > browse

> >> >> >> > in

> >> >> >> > order to setup correctly. On the same subnet I can have clients

> >> >> >> > that

> >> >> >> > can browse, while others (usually the new laptops, but not

> >> >> >> > always)

> >> >> >> > can't. They get the "xDomain is not accessible. You might not

> >> >> >> > have

> >> >> >> > permission to use this network resource....

>

> >> >> >> > We've gone through all the network settings, firewall and others

> >> >> >> > on

> >> >> >> > the clients and they seem the same. They can auth to the AD and

> >> >> >> > login

> >> >> >> > just fine. DNS and access to IP resources not a problem. We can

> >> >> >> > map

> >> >> >> > a

> >> >> >> > drive to the same server that we can't browse to (well, we can't

> >> >> >> > browse to anything).

>

> >> >> >> > Are we having a master browser issue on this subnet? We do not

> >> >> >> > have

> >> >> >> > WINS running. There are rare times when one of the laptops that

> >> >> >> > can't

> >> >> >> > browse, can, for a while. We can have on the same subnet,

> >> >> >> > machines

> >> >> >> > that can browse and others that can't. And they may "flip flop".

>

> >> >> >> > ANY help would be greatly appreciated. Thx!

>

> >> >> > Hi -

>

> >> >> > Yes, they have their own SID. The odd thing is that sometimes there

> >> >> > are "older" PCs/laptops on the same subnet that have been able to

> >> >> > browse and then they can't either. So it' not just limited to the

> >> >> > newly imaged laptops. Although it is far more often with them.

>

> >> > Will check out the browse tool. No, they are all single NIC machines.

> >> > The non-browse issue seems to come into play after we load Sophos AV.

> >> > We have to browse to the server that has Sophos, we do a network

> >> > install. After the install is complete, browsing is still OK - until

> >> > we reboot. Then the laptop cannot browse the same network.

>

> >> > No matter if we login as the local admin, domain user, or domain

> >> > admin, we get the "xDomain is not accessible. You might not have

> >> > permission to use this network..." error. All net services are good

> >> > except browsing. Nothing in the event log of the client or AD

> >> > servers. Arg!

>

> >> > I can easily turn on WINS, do I need to disable/enable anything on the

> >> > clients?

>

> >> > Thx!- Hide quoted text -

>

> >> - Show quoted text -

>

> > Thanks for the help so far. I'll give this a try and let you know. If

> > I can bounce one more question off of you, I would like to replace one

> > of our aging AD servers. Our AD is currently on W2k, can I have AD on

> > a W2k3 server if the other

> > is W2k AD? I heard you can't mix. True? If so, can you migrate from

> > W2k to W2k3?

>

> > Thx!

Guest Coraleigh Miller

Guest Coraleigh Miller

Posted
Posted

Re: Domain Browsing Issues

 

Hi,

 

Yes...also in order to transfer all your AD settings etc Meinolf Weber (an

esteemed poster in this group) actually recently posted a step by step good

strategy for replacing a 2000 AD server with a 2003 AD. I have pasted it

below....

 

Coraleigh Miller

 

(paste)

...........................................................................................................................................

Hello JPCLYONS,

 

 

- on the 2000 DC, if not done, make DNS as Active directory integrated zone,

easier for administration and replication

 

- on the 2003 server, point DNS on the NIC only to the 2000 DNS server

 

- prepare the schema master 2000 for the new schema with adprep /forestprep

adprep /domainprep from the 2003 installation cd with an account that is

member of the schema admins

 

- run dcpromo on the 2003 server, make it DNS server and check that DNS is

active directory integrated, let it time for replication from DNS

 

- if the new one is ready so far, run dcdiag and netdiag against the new

server to check for errors

 

- if no errors make it a global catalog server

Open Active directory site and services, go to Sites, default first site

name, servers, choose the server, right click NTDS settings, open properties

and checkmark Global catalog (check event viewer after it, in Directory

service

you must find event id 1110 and 1119)

 

- move the 5 FSMO roles to the new 2003 machine, check in

eventviewer>directory

services for entries about success or failure

http://support.microsoft.com/kb/324801

 

- check again with dcdiag and netdiag for errors

 

- change DNS settings from the new server to point to itself as primary

server,

change the 2000 machine to point to the new 2003 server as primary DNS

server

 

- give it some time and test that your environment it still running, web,

shares, login etc. Also again dcdiag and netdiag

 

- do not forget to reconfigure your clients for the new DNS server

 

- if you have done all your server preparation, you can copy your data to

new locations with keeping your security settings with xcopy or robocopy

 

- if everything is ok, you can start demoting the old server, do NOT delete

them from AD, run dcpromo on the 2000 DC and follow the wizard, read

carefully.

 

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

> Can anyone point me to a references for replacing a Windows 2000

> server with a Windows 2003 server?

>

> I need a step by step guide - since this project was inherited and my

> credentials right now are just an MCP.

>

> The current server is in a mixed mode Active Directory structure.

> It is the PDC, DNS and file server. The new Windows 2003 server will

> replace all these functions.

> So far, I have installed the server in the rack, assigned the two NICS

> with IP's, and gotten all service packs. It is still in WORKGROUP - I

> have not added it to the domain.

>

> Without disrupting logins, DNS, etc, I need to know the sequence of

> how to proceed.

>

> I do not want DHCP on, or any other services that are not absolutely

> essential.

>

> I also realize that this answer might already be somewhere on these

> forums, and I will look, it's just that I do not want this to linger,

> as the old server has hardly any disk space - the new one has 400

> gigs.

>

> Any and all answers will be gratefully appreciated.

>

> Jim Lyons

>

> J P C LYONS AT GEE MAIL DOT COM

>

...........................................................................................................................

(/paste)

 

 

 

<swu30@hotmail.com> wrote in message

news:1189360842.994457.43950@r34g2000hsd.googlegroups.com...

> Hi -

>

> Ok, both of my AD servers are W2k in mixed mode. Given that, and that

> I want to replace them both from a hardware level, can I install two

> new W2k3 servers in "2000 mode", then retire the old hardware leaving

> me with new w2k3 servers in "2000 mode" and then up both W2k3 AD

> servers to "2003 mode"?

>

> If not, what's a good strategy for replacing and upgrading my W2k AD

> servers?

>

> Thx again!

>

>

> On Sep 5, 12:57 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

> wrote:

>> Hi! :-)

>>

>> Yes you can mix 2000 DCs with 2003 DCs, as long as your domain functional

>> level remains at 2000. Doing this however you dont gain some of the new

>> domain features of 2003. http://support.microsoft.com/kb/322692

>>

>> If you were to raise your domain functional level to take advantage of

>> the

>> 2003 features, you would not be able to use any 2000 DCs...so you would

>> have

>> to upgrade them all to 2003. You would also have to buy 2003 client

>> access

>> licenses...http://www.microsoft.com/windowsserver2003/howtobuy/licensing/priclic...

>>

>> Hope this helps.

>>

>> Coraleigh Miller

>>

>> <sw...@hotmail.com> wrote in message

>>

>> news:1188878736.086728.274450@50g2000hsm.googlegroups.com...

>>

>> > On Aug 27, 12:07 am, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

>> > wrote:

>> >> On the clients you should disable the Computer Browser service since

>> >> this

>> >> would take precedence over WINS browsing. You can use Group Policy to

>> >> do

>> >> this if you wish..http://support.microsoft.com/kb/297789

>> >> Also make sure the clients have the WINS server IP in their tcpip

>> >> settings.

>> >> If you use DHCP for your workstations, add both the WINS server IP and

>> >> node

>> >> type (0x8, hybrid) to your DHCP scope options.

>>

>> >> Let me know how it goes. :-)

>>

>> >> Coraleigh Miller

>>

>> >> <sw...@hotmail.com> wrote in message

>>

>> >>news:1188183273.619497.37010@o80g2000hse.googlegroups.com...

>>

>> >> > On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@yahoo.com>

>> >> > wrote:

>> >> >> Ahh ok. Try the Browstat tool to troubleshoot a possible Browser

>> >> >> problem,

>> >> >> it could be that the new pcs are trying to be the Master Browser

>> >> >> and

>> >> >> confusing the browser

>> >> >> service.http://support.microsoft.com/kb/188305/en-us

>>

>> >> >> Do any of your Master Browsers have two network

>> >> >> cards?http://support.microsoft.com/kb/191611/en-us

>>

>> >> >> You might really want to consider using WINS for your "my network

>> >> >> places"

>> >> >> browsing, it is far less broadcast chatty on your network and

>> >> >> performs

>> >> >> more

>> >> >> efficiently with multi-subnet

>> >> >> networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05...

>>

>> >> >> Are you using Trend Micro

>> >> >> antivirus?http://support.microsoft.com/kb/318245

>>

>> >> >> Do you have any issue related event ids in your Event Log?

>>

>> >> >> Coraleigh Miller

>>

>> >> >> <sw...@hotmail.com> wrote in message

>>

>> >> >>news:1188132357.554349.105140@57g2000hsv.googlegroups.com...

>>

>> >> >> > On Aug 25, 10:38 pm, "Coraleigh Miller"

>> >> >> > <CoraleighMil...@yahoo.com>

>> >> >> > wrote:

>> >> >> >> Hiswu30,

>>

>> >> >> >> Since you mentioned that you imaged these new pcs, did you

>> >> >> >> account

>> >> >> >> in

>> >> >> >> your

>> >> >> >> clone process for each pc getting an unique SID? Check that

>> >> >> >> they

>> >> >> >> do

>> >> >> >> in

>> >> >> >> fact

>> >> >> >> have their own sids, if not there are tools to help fix this

>> >> >> >> including

>> >> >> >> NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx

>> >> >> >> and

>> >> >> >> Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html

>>

>> >> >> >> Are there any related event ids in your event logs?

>>

>> >> >> >> Coraleigh Miller

>>

>> >> >> >> <sw...@hotmail.com> wrote in message

>>

>> >> >> >>news:1188075487.914197.146470@57g2000hsv.googlegroups.com...

>>

>> >> >> >> > We recently imaged a small (< 25) number of laptops for use in

>> >> >> >> > our

>> >> >> >> > office. Our basic setup is a routed network with servers on a

>> >> >> >> > 192.168.10.x network, clients on 3 diff subnets. We have a

>> >> >> >> > number

>> >> >> >> > of

>> >> >> >> > W2k and W2k3 servers, clients are WinXP desk and laptops. We

>> >> >> >> > have

>> >> >> >> > two

>> >> >> >> > AD servers doing DNS & DHCP.

>>

>> >> >> >> > What we're running into is with the new laptops, they can't

>> >> >> >> > always

>> >> >> >> > browse the Microsoft Network. We have an app that we need to

>> >> >> >> > browse

>> >> >> >> > in

>> >> >> >> > order to setup correctly. On the same subnet I can have

>> >> >> >> > clients

>> >> >> >> > that

>> >> >> >> > can browse, while others (usually the new laptops, but not

>> >> >> >> > always)

>> >> >> >> > can't. They get the "xDomain is not accessible. You might not

>> >> >> >> > have

>> >> >> >> > permission to use this network resource....

>>

>> >> >> >> > We've gone through all the network settings, firewall and

>> >> >> >> > others

>> >> >> >> > on

>> >> >> >> > the clients and they seem the same. They can auth to the AD

>> >> >> >> > and

>> >> >> >> > login

>> >> >> >> > just fine. DNS and access to IP resources not a problem. We

>> >> >> >> > can

>> >> >> >> > map

>> >> >> >> > a

>> >> >> >> > drive to the same server that we can't browse to (well, we

>> >> >> >> > can't

>> >> >> >> > browse to anything).

>>

>> >> >> >> > Are we having a master browser issue on this subnet? We do not

>> >> >> >> > have

>> >> >> >> > WINS running. There are rare times when one of the laptops

>> >> >> >> > that

>> >> >> >> > can't

>> >> >> >> > browse, can, for a while. We can have on the same subnet,

>> >> >> >> > machines

>> >> >> >> > that can browse and others that can't. And they may "flip

>> >> >> >> > flop".

>>

>> >> >> >> > ANY help would be greatly appreciated. Thx!

>>

>> >> >> > Hi -

>>

>> >> >> > Yes, they have their own SID. The odd thing is that sometimes

>> >> >> > there

>> >> >> > are "older" PCs/laptops on the same subnet that have been able to

>> >> >> > browse and then they can't either. So it' not just limited to the

>> >> >> > newly imaged laptops. Although it is far more often with them.

>>

>> >> > Will check out the browse tool. No, they are all single NIC

>> >> > machines.

>> >> > The non-browse issue seems to come into play after we load Sophos

>> >> > AV.

>> >> > We have to browse to the server that has Sophos, we do a network

>> >> > install. After the install is complete, browsing is still OK - until

>> >> > we reboot. Then the laptop cannot browse the same network.

>>

>> >> > No matter if we login as the local admin, domain user, or domain

>> >> > admin, we get the "xDomain is not accessible. You might not have

>> >> > permission to use this network..." error. All net services are good

>> >> > except browsing. Nothing in the event log of the client or AD

>> >> > servers. Arg!

>>

>> >> > I can easily turn on WINS, do I need to disable/enable anything on

>> >> > the

>> >> > clients?

>>

>> >> > Thx!- Hide quoted text -

>>

>> >> - Show quoted text -

>>

>> > Thanks for the help so far. I'll give this a try and let you know. If

>> > I can bounce one more question off of you, I would like to replace one

>> > of our aging AD servers. Our AD is currently on W2k, can I have AD on

>> > a W2k3 server if the other

>> > is W2k AD? I heard you can't mix. True? If so, can you migrate from

>> > W2k to W2k3?

>>

>> > Thx!

>

>

 Share
Go to topic listing
×
×
  • Create New...