Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How do I configure my domains so that I can see them with network places

Posted on 2004-10-19
Medium Priority
Last Modified: 2010-04-14
I have a 2 domains each running windows 2000 server.
They are connected with VPN
The ips scopes are different for each 192.168.1 and 192.168.2
I can ping the remote site and workstations
I can connect to the domain and computers with unc (\\computer name.domain)
I have AD, DNS and DHCP set up on each domain
I have established a secondary dns forward lookup of the remote domain and did the same for the local.
What I can't do is see the network on the my network places.
Can anyone help?

Question by:intruderblue
  • 6
  • 5
LVL 20

Expert Comment

ID: 12353473

Assuming it's a secure site to site vpn - look at permitting traffic over the vpn from both sites using netbios, and enabling netbios over tcp/ip on nics. It resolved our network browsing issue,

UDP ports
137: NetBIOS name resolution (name service), WINS
138 and 139: NetBIOS datagram (browsing)
TCP port
139: NetBIOS session (NET USE)

Deb :))

Author Comment

ID: 12360306
NetBios ports are open.  Our SonicWall appliance that runs the VPN on both sites has an option to allow netbios thru. This is selected for both sites.  In addition I set up a rule on the firewall to allow this port to be open on the Lan to VPN tunnel
LVL 20

Expert Comment

ID: 12360430
Sorry - I had meant to add that you might try using a wins server in conjunction with this, are you running wins at all?

Deb :))
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.


Author Comment

ID: 12360738
I thought that if DNS is set up correctly it would resolve the names and that WINS would not be necessary.  
I just downloaded a tool called nbtscan that scans the netbios ports on the network.  I tried it and it shows all the ip's, domain\computername as well as what user is logged on.  

I also checked it over my remote connection and it worked as well.
This tool is similar to nbtstat but it will scan multiple computers instead of just one.

I checked my logs on both firewalls to see if any 137 - 139 ports were being dropped and they aren't

I does show that DNS on port 53 is allowed
LVL 20

Expert Comment

ID: 12360817
The problem's with computer browser service - Using wins was the only way I could get browsing working on our network through network places across a site-to-site vpn. We have wins server running on both site servers, and replicating across it,
What is the Microsoft Computer Browser service?

Deb :))

Author Comment

ID: 12361070
i set up the wins server on each site and they have replicated to the other site.
I ran the find by name and it listed the computers from both domains.
I would assume that it is working correctly.
I also check the DNS records in the event logs and they show that the dns is being replicated to the opposite site with out error.

Author Comment

ID: 12361256
I am checking on the browstat utility to verify what master browser I have.

Author Comment

ID: 12361637
This the information that I got after running browstat.exe to check what my master browser was.

Status for domain WCS on transport \Device\NetBT_Tcpip_{F2D16E06-1100-4872-BB6D-
    Browsing is active on domain.
    Master browser name is: SERVER
        Master browser is running build 2195
    1 backup servers retrieved from master SERVER
    There are 33 servers in domain WCS on transport \Device\NetBT_Tcpip_{F2D16E0
    There are 2 domains in domain WCS on transport \Device\NetBT_Tcpip_{F2D16E06


I don't know why it shows that I have 33 servers in the domain.
I have two servers on this site.
I still can't  view the other remote domain with network neighboorhood.
LVL 20

Expert Comment

ID: 12362061

That's probably due to any machine being able to be browse master in an election. Basically browser elections can be a pain on any network, so you can set a registry key on client pc's to prevent them winning a browser election (IsDomainMaster value set to No or False). However if you're not getting any problems with elections (you'll see them in event logs) then leave it as it is. The dc should be automatically browser master, so you shouldn't need to change anything on it. You also need to make sure that wins servers are replicating across the sites - am not at work right now so haven't got direct access, but the wins article is pretty good,

Controlling network master browser elections

"To control network master browser elections:
Use a registry editing tool to navigate to the following key:

Insert or change a value with the following details:
Data Type: SZ
Value Name: IsDomainMaster

Yes: Is the master browser
No: Is not the master browser
Auto: Resolve through browser elections (default) "

Windows 2000 WINS

Deb :))


Author Comment

ID: 12363415
I restarted a client computer and opened up Network Places and viewed entire network.
Both domains showed up.
I clicked on the remote domain and got a message.
"Matmor is not accessible
The list of servers for this workgroup is not currently available".
Matmor is the name of the remote domain
When I clicked ok and then exited out and back in to this network browser the domain was gone.
Each time I restart the computer it does the same.
Any Ideas why it shows the network but will not list the servers or client on the network?
LVL 20

Accepted Solution

Debsyl99 earned 750 total points
ID: 12363591

Have you successfully replicated wins across the domains? - you can check by looking for the records in wins on the local server for the remote network.
Have you got a wins server (the local wins server) specified as the wins server in the client nic?
Have you got netbios enabled over tcp/ip on the client nic, and also check use lmhosts?

As a troubleshoot/workaround you could add the remote ip addresses to the lmhosts file on the client to see if that helps - search for lmhosts.sam (lmhosts sample file), open it in notepad, add some remote addresses,

ie servername <tab> ipaddress


Then save the lmhosts file to it's original location, but as lmhosts ie without the .sam extension. You could also try using the fqdn is the lmhosts file to see if that helps better if the above doesn't work, but my experience doesn't run into multiple domains in this kind of scenario (single domains spanning sites) so I'd have to do some further looking into it,

Hope that helps

Deb :))

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
As a matter of fact, Outlook OST files are of much importance in relation to Exchange mailbox. OST files are independent as they are simply copy of data of a user’s mailbox on Exchange Server. Though, if the server’s status is changed or it is dama…
Loops Section Overview
Screencast - Getting to Know the Pipeline

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question