gjirvine3000
asked on
Machine will not see network at other site
Hi,
Excuse my ignorance - not that good with networking but trying to learn!
We have two sites, both on Win2K network, both joined to the same domain called FELDOM. They are joined by a leased 2MB pipe, with Watchguard Fibrebox's at each end.
I am at site A, which has the domain controller for both sites.
My problem is - I have a Windows 2000 laptop that I am trying to enable to see the network at Site B.
However the machine cannot ping either the fileserver or the firebox at the other site. It just responds with "Request Timed Out". I have added the IP addresses and names of the machines at the other site to the laptop's HOSTS file.
No joy.
Any ideas?
Thanks.
Excuse my ignorance - not that good with networking but trying to learn!
We have two sites, both on Win2K network, both joined to the same domain called FELDOM. They are joined by a leased 2MB pipe, with Watchguard Fibrebox's at each end.
I am at site A, which has the domain controller for both sites.
My problem is - I have a Windows 2000 laptop that I am trying to enable to see the network at Site B.
However the machine cannot ping either the fileserver or the firebox at the other site. It just responds with "Request Timed Out". I have added the IP addresses and names of the machines at the other site to the laptop's HOSTS file.
No joy.
Any ideas?
Thanks.
ASKER
Hi there,
Ping works fine from every other machine. We have about 50 machines here that have no problem at all in seeing the network at the other site.
So I assumed it must be a problem with the laptop...
Ping works fine from every other machine. We have about 50 machines here that have no problem at all in seeing the network at the other site.
So I assumed it must be a problem with the laptop...
ASKER
Do I need to add a route on the laptop? We had to do this to some other machines a while back but that was to see a different server at the other site... not sure on the theory behind it all...
If so, what is the syntax for the route? Thanks.
If so, what is the syntax for the route? Thanks.
gjirvine3000,
OK can the laptop ping other resources on the same LAN?
Pete
OK can the laptop ping other resources on the same LAN?
Pete
ASKER
Hi Pete,
Yes the laptop can ping our domain server here and all other machines on our network here - just can't see across to the other site.
Yes the laptop can ping our domain server here and all other machines on our network here - just can't see across to the other site.
gjirvine3000,
also run
ipconfig /all
on the laptop and make sure it has the SAME default gateway as all the other PC's on the same site (that work)
if still no joy run (connectivity wise) run this http://www.petenetlive.com/Downloads/software/WinsockFix.exe
Pete
also run
ipconfig /all
on the laptop and make sure it has the SAME default gateway as all the other PC's on the same site (that work)
if still no joy run (connectivity wise) run this http://www.petenetlive.com/Downloads/software/WinsockFix.exe
Pete
PeteLong,
if its the only machine that cant access the other side
then either
the subnet mask is wrong on the laptop
the default gateway is wrong on the client
The clients IP address id blocked on the firewall
go toy a working Client and get its IP address (ipconfig/ all) turn that client off!
put the IP address you got above on the laptop - if it suddenly starts working then you have a routing/firewall problem
if it still doesnt work the problem is on the laptop
Pete
if its the only machine that cant access the other side
then either
the subnet mask is wrong on the laptop
the default gateway is wrong on the client
The clients IP address id blocked on the firewall
go toy a working Client and get its IP address (ipconfig/ all) turn that client off!
put the IP address you got above on the laptop - if it suddenly starts working then you have a routing/firewall problem
if it still doesnt work the problem is on the laptop
Pete
How's pinging the ip address of the other side's machines? What is the network mask and default gateway of the laptop? Have you installed w2k sp4 on laptop?
ASKER
Hello chaps,
Thanks for your responses. Further investigation has shown that:
- It makes no difference if I add a static IP to the laptop that I know is working
- I cannot ping any machine at the other site
- the network mask of the laptop is 255.255.255.0 and the default gateway is 192.9.200.254 (same as a working machine)
- w2k sp4 is installed on the laptop
- the IP we are trying to reach is 192.10.200.94 (or any 192.10.200.x address)
- I think that the route is at fault but don't know what the syntax should be for the route?
Thanks
Thanks for your responses. Further investigation has shown that:
- It makes no difference if I add a static IP to the laptop that I know is working
- I cannot ping any machine at the other site
- the network mask of the laptop is 255.255.255.0 and the default gateway is 192.9.200.254 (same as a working machine)
- w2k sp4 is installed on the laptop
- the IP we are trying to reach is 192.10.200.94 (or any 192.10.200.x address)
- I think that the route is at fault but don't know what the syntax should be for the route?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi there,
I have been using the wrong default gateway in the route I was setting up on the machine.
I did actually add a route with the right default gateway to try it out and it didn't work, I hadn't realised I needed to also delete the route with the wrong default gateway!
Thanks for all your help. Sorted and working now.
I have been using the wrong default gateway in the route I was setting up on the machine.
I did actually add a route with the right default gateway to try it out and it didn't work, I hadn't realised I needed to also delete the route with the wrong default gateway!
Thanks for all your help. Sorted and working now.
ThanQ
for ping to work ICMP needs to be open on both firewalls in both directions
to actually see domain resources theres a raft of other ports that need to be open
Logging into the domain through a Firewall
Note this is to log in - NOT for Exchange, SQL or a Domain Controller, I’ve not tried those so I can't comment.
The following ports have to be open from the outside (or DMZ) to the domain controllers.
NB: I know having these open from outside/DMZ has security implications but sometimes it needs to be done.
Ports open from DMZ\Outside
UDP domain 53
TCP domain 53
UDP Kerberos 88
TCP Kerberos 88
UDP Time 123
TCP Kerberos Auth 135
UDP netbios-ns 137
TCP netbios-ssn 139
TCP ldap 389
UDP ldap 389
TCP microsoft-ds 445
TCP ldap to GC 3268
However the process still fails (or runs like a two legged dog and appears to work) this is because
of the RPC system that runs on the domain controllers, when you log in the client fires up a
communication over port 135 the Domain controller, which then fires back a port number it wants to communicate
with the client over (this can be any number over 1024) your firewall lets this through outbound.
When it hits your client, it tries to open comms on that port, which is inevitably blocked on the firewall
When this happens you will see errors like
Error 1053
There are no more endpoints available from the endpoint mapper.
if you run netdiag on the machine you will see errors like
[WARNING] Cannot call DsBind to servername.domain_name.com
There are two ways to solve the problem
1. Open every port above 1024 on your firewall, however this is about as sensible as eating yellow snow.
2. Change the way your domain controller handles RPC requests,
NOTE this must be done on EVERY domain controller
Click Start > Run > regedit {enter}
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\
Create a new DWORD value called "TCP/IP Port" (remove the quotes and include the space)
double click it and change the "base" to decimal type in a port number (between 1024 and 64000) for the sake of argument use 1024
Exit the Registry Editor and you MUST reboot the server.
Now go back to the Firewall and open the following port
TCP static RPC 1024
Now the process will work.