net send /domain messages not being rec'd by remote sites

I have 4 sites.  All computers are on the same domain.  The three remote sites are connected via vpn to the main site and are in a different subnet.

main site ips 192.168.20.xx
remote a 192.168.10.xx
remote b 192.168.40.xx
remote c 192.168.60.xx

all on same domain.  

when type net send /domain msg, only the computers in 192.168.20.xx subnet get the net send.  

messenger service is enabled on the remote site pcs

i can type net send computername msg and the computer gets the net send

help
LVL 12
David Scott, MCSENetwork AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
it is by design, because commonly internal broadcast traffic is not forwarded by routers or VPN gateways. the following two MSKB articles gives more inforamtion. Q168893 gives the overview of NET SEND, Q150881 particularlly explains the reason of your question.

Messenger Service of Windows
http://support.microsoft.com/kb/168893

Local NetBIOS Name Query Broadcast Not Forwarded by Router
http://support.microsoft.com/kb/150881

hope it helps,
bbao
0
David Scott, MCSENetwork AdministratorAuthor Commented:
i opened those ports on all my firewalls (routers) and tried again and it didn't work.  

i'm trying to find a good way to communicate with my users when i need them to sign off a system.

i guess i'll implement msn messenger for internal use

they have outlook 03 with the desktop mail alert.  i guess i could call each office......
0
grayeCommented:
...not just the firewall... on the VPN configuration too

What kind of VPN solution are you using... Software-based?  Hardware-based?  Brand? Model? etc...
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

bbaoIT ConsultantCommented:
> i opened those ports on all my firewalls (routers)

i suppose you mean port forwarding for incoming traffic and port filtering for outgoing traffic on your firewall. they are not helpful to your problem. what you need is to enable BROADCAST forwarding which is commonly disabled on most routers.
0
David Scott, MCSENetwork AdministratorAuthor Commented:
sonicwall tz 170 at main site
sonicwall tele 3s at remotes
vpn is created by the firewalls

i'll look at the broadcast forwarding and post back
0
grayeCommented:
On the "Fireall", "Access Rules", "Advanced" tab there is a checkbox called "Windows Networking (NetBIOS) Broadcast Pass Through"
0
David Scott, MCSENetwork AdministratorAuthor Commented:
what firmware are you talking about?  i have sonic os standard on my tz170 and standard firmware on the tele3s and i find no option in any of them that you are referring to
0
David Scott, MCSENetwork AdministratorAuthor Commented:
ok wait, i see it in the tele3s, but i can't find the tz170
0
David Scott, MCSENetwork AdministratorAuthor Commented:
i did that on the tele3s and also checked enable windows messenger service and tried again, and no go

wouldn't there be something in the logs that saying they are being blocked? b/c i don't see anything
0
David Scott, MCSENetwork AdministratorAuthor Commented:
ok, i found it on the tz170 as well.  i sent a test, and this was in my firewall log, but the workstations did not receive the broadcast message:

UTC 04/14/2006 14:34:11.272 SENDING>>>> ISAKMP OAK INFO (InitCookie 0xf51e62921bdc87e2, MsgID: 0x71AD240A) *(HASH, NOTIFY:DPD_ACK) xx.xx.xx.xx, 500 xx.xx.xx.xx, 500    
UTC 04/14/2006 14:34:11.272 RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xf51e62921bdc87e2, MsgID: 0x3BE602E9) *(HASH, NOTIFY:DPD_REQUEST) xx.xx.xx.xx, 500 xx.xx.xx.xx, 500

(ips masked)
0
bbaoIT ConsultantCommented:
two related groups of settings:

Network > IP Helper:
* Enable IP Helper
* Enable NetBIOS Support
* Add an IP Helper Policy

VPN > Advanced:
Enable Windows Networking (NetBIOS) Broadcast
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David Scott, MCSENetwork AdministratorAuthor Commented:
i don't have ip helper

i enabled netbios support on group vpn and tested no good

when i enable it on the individual vpn connections, the vpn tunnel goes down
0
David Scott, MCSENetwork AdministratorAuthor Commented:
never mind, i got it working by enabling net bios broadcast on the firewall and on the vpn
0
bbaoIT ConsultantCommented:
good to know. enjoy your broadcasting. :)
0
David Scott, MCSENetwork AdministratorAuthor Commented:
i will, it really irks my users
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.