Go Premium for a chance to win a PS4. Enter to Win


Cannot login to NW5 after removing IPX

Posted on 2001-06-12
Medium Priority
Last Modified: 2012-05-04
The only server in the tree is a NW5 with SP6a, Border Manager 3, SP3.

After removing IPX binding on internal LANs NIC on server, the clients can no longer login to the tree. They are able to ping the server but the NW client (ver 3.3) cannot see the tree or server.

We've tried to add the servers name/ip to the nwhost file
We've also tried to load slpda.nlm at the server and configure Service location tab at the clients.

Any ideas out there?
Question by:1610
  • 4
  • 3
  • 2
  • +1

Expert Comment

ID: 6182794
Did you check the protocol order on the clients?? Perhaps you need to have NWHOST listed first with IPX deleted as an available protocol.
LVL 10

Expert Comment

ID: 6182813
Also - when installing the clients, you are prompted for the Protocol to use (either IPX or IP or both) - if you originally selected IPX without IP, then you will have to reinstall the client software and select IP.  Even if you have TCP/IP installed on the workstation, unless you told the NetWare Client to use IP, it won't be able to connect to a Pure IP environment.

Author Comment

ID: 6184655
Thanks for your response!

The clients are installed with IP only.
I haven't checked the Name resolution order, but I think the client puts the nwhosts first as default, then it uses SLP...? (This problem occurs on a site fare away, so I'm not able to check it)

In both ways, shouldn't it work with the settings in nwhost or the settings in Service location?

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.


Expert Comment

ID: 6196350
Is your BM config allowing authentication of IP packets in?Unload IPFLT.NLM. Then try.
set tcp ip debug = 1 ... see what requests (if any) are getting to the private interface, and what it's doing with them.


Author Comment

ID: 6209570
Jsrb01 - thank you for your respons. I'm not any good on BorederMangaer or filtering of packets, but I will try what you suggest.

Is the filtering relevant, when I tell you that the server and the client is on the same LAN, in the same zone and no routers between them?


Expert Comment

ID: 6219628
1610- Yes it could be relevant if you are authenticating via TCP/IP. BM(or netware for that matter) Can be configured to filter ANY packets from anywhere. Regardless of hops, etc. So if you sent a NCP login request to your private NIC, and filtering was enabled to prevent that, it would discard the packet, and the login request. It sounds like when you removed your private IPX interface binding, IPX was the only allowed protocol on your internal NIC/network.

You stated that your clients are all using IP only. And the problem occured when you removed the IPX binding? Why were you running IPX?

Why are you running BM?


Author Comment

ID: 6223453

This server is running strictly as a firewall / gateway in the network. The reason IPX was active, was because of the ArceServe Manager. The earlier versions of ArcServe was operating on IPX, now it's able to use IP.

The users don't really have to log on to the server, only admin for administrative tasks.

I know the filters are set up to filter everything, with exceptions turned on. What packets do I need to allow?
LVL 10

Expert Comment

ID: 6224693
technically, ARCserve Manager (ARCserve 7 for NetWare) cannot use IP.  The reason I say this is because you can have a host entry in your nameserver for your ARCserve server and ARCserve Manager can't see it.  However, if you put the exact same entry into your HOSTS file on your local workstation THEN ARCserve Manager can see it.

Go figure.


Accepted Solution

Jsrb01 earned 800 total points
ID: 6225877
The exceptions may already be there. First you need to confirm the problem is filtering. Have you unloaded IPFLT.NLM yet? If you do, and you are able to login, then filtering is most likely the problem.

If the below filters do not help, isolate the BM server on it's own segment with one client. Then SET TCP IP DEBUG = 1 on the console, and try to login.

(This is what it looks like when I block my Soldier of Fortune server packets)
RECIEVE:pktid:17128> ttl:128 (UDP) UDP:Source Port:1038Destination Port:28910
(DISCARD)- Reason(Filtering)

You will need to add whatever it's filtering during your login to the exception list.

Personally, I would jsut add an exception that states - <ANY> traffic from your local ( is allowed to you private interface, and vise-versa. Remember , the more filters you add, the more resources IPFLT will consume.

From TID: 10050135(allowed packets nw5)
TCP 524 - NCP Requests - Source port will be a high port (1024-65535)
UDP 524 - NCP for time synchronization - Source port will be a high port
UDP 123 - NTP for time synchronization - Source port will be the same
UDP 427 - SLP Requests - Source port will be the same (427)
TCP 427 - SLP Requests - Source port will be the same (427)
TCP 2302 - CMD - Source port will be a high port
UDP 2645 - CMD - Source port will be the same (2645)


Author Comment

ID: 6226571

Jsrb01 : Thanks, you cleared things up a great deal for me. I will try this, but I will not able to for at least a week.

Then I will get back to you all.



Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Access has a limit of 255 columns in a single table; SQL Server allows tables with over 255 columns, but reading that data is not necessarily simple.  The final solution for this task involved creating a custom text parser and then reading…
Take a look at these 6 Outlook Email management tools which can augment the working and performance of Microsoft Outlook to give you a more rewarding emailing experience.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question