DNS issue : unable to ping computer by name
i have two computers.
computer 1: windows xp pro, joined on domain
computer 2: windows media center, NOT on domain
both computers are running service pack 2, with all updates. both computers have firewalls turned off.
from computer 1 i can ping computer 2 by IP and by name
from computer 2 i can ping computer 1 by IP only
how can i get computer 2 to ping computer 1 by name?
thanks
computer 1: windows xp pro, joined on domain
computer 2: windows media center, NOT on domain
both computers are running service pack 2, with all updates. both computers have firewalls turned off.
from computer 1 i can ping computer 2 by IP and by name
from computer 2 i can ping computer 1 by IP only
how can i get computer 2 to ping computer 1 by name?
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Pete Long
open the hosts file it with notepad
Hey Pete. Thought I lend a few words and complicate matters for absolutely no reason whatsoever. =)
Are you using DHCP or static addresses? If DHCP, what device is handing out the leases?
Your domain workstation is using a domain controller as a DNS server. You can configure your domain controller to service and register non-domain clients and then configure your non-domain client to use the DC as a DNS server. This would work once there is a DNS record for each computer. The record is probably inserted automatically into DNS if "Dynamic DNS" is enabled and configured. Dynamic DNS is a feature of DHCP.
Alternatively, if the two computers are on the same subnet, you simply turn on NetBIOS over TCP/IP and you should be able to resolve the names by broadcast. This option is located in the properties for TCP/IP in the network adapter properties. Once there, click the advanced button and goto the WINS tab.
Or you can just add static records to your HOSTS file as PeteLong said.
Are you using DHCP or static addresses? If DHCP, what device is handing out the leases?
Your domain workstation is using a domain controller as a DNS server. You can configure your domain controller to service and register non-domain clients and then configure your non-domain client to use the DC as a DNS server. This would work once there is a DNS record for each computer. The record is probably inserted automatically into DNS if "Dynamic DNS" is enabled and configured. Dynamic DNS is a feature of DHCP.
Alternatively, if the two computers are on the same subnet, you simply turn on NetBIOS over TCP/IP and you should be able to resolve the names by broadcast. This option is located in the properties for TCP/IP in the network adapter properties. Once there, click the advanced button and goto the WINS tab.
Or you can just add static records to your HOSTS file as PeteLong said.
ASKER
some updates to answer the questions posed:
1) i have the DNS server specified on both computers, and they both are pointing to the same server.
2) DHCP is running, and the leases are handed out by the sonicwall
2a) computer 1 has a static IP, as do the 3 servers in the network. The rest of the computers are dynamic IP.
3) both computers are on the same subnet.
4) i have enabled netbios over tcp/ip on computer 2 as suggested.
from computer 2, i can ping the name of computer 1 as long as i don't include the full name (name.domain). but computer 2 can ping any of the servers on the domain with their full names (name.domain).
i would prefer to not have to add entries manually to the hosts file...
also, is there any way to ping the name of a computer that is not on the same subnet and not on the domain without having to make manual entries in the hosts file?
1) i have the DNS server specified on both computers, and they both are pointing to the same server.
2) DHCP is running, and the leases are handed out by the sonicwall
2a) computer 1 has a static IP, as do the 3 servers in the network. The rest of the computers are dynamic IP.
3) both computers are on the same subnet.
4) i have enabled netbios over tcp/ip on computer 2 as suggested.
from computer 2, i can ping the name of computer 1 as long as i don't include the full name (name.domain). but computer 2 can ping any of the servers on the domain with their full names (name.domain).
i would prefer to not have to add entries manually to the hosts file...
also, is there any way to ping the name of a computer that is not on the same subnet and not on the domain without having to make manual entries in the hosts file?
ASKER
i want to clarify #2
DHCP is not running on the DC. it is running on the sonicwall, which is the router.
DHCP is not running on the DC. it is running on the sonicwall, which is the router.
Well NetBIOS name resolution only works with NetBIOS names, which is identical to the computer's hostname, but it doesn't do fqdns (Fully Qulaified Domain Name - name.computer.tld.) It will only do the computername. If you want to ping by fqdn then you will need DNS. The problem with that is that if the sonicwall leases the address to computer2, it would also have to update DNS, and I don't believe it will do that.(Called Dynamic DNS) You'd have to make a static entry into the DNS server, and then if the IP changes, the record would be wrong.
So basically, if you want to access a computer through fqdn you need to have an entry in a DNS. In order for DNS to update itself with no intervention, you need Dynamic DNS (DDNS). In order to have DDNS you need a DHCP server that supports it, and normally that is only Windows.
If you can get by with just the NetBIOS names, then I would do that.
As far as whether "you can ping the name of a computer that is not on the same subnet and not on the domain without having to make manual entries in hosts", the answer is yes. That's like when you ping www.yahoo.com. But to give you instructions, you'd have to tell me how the networks are connected if at all, and whether they are expected to communicate through the internet or not. If so, then do the DCs control the DNS for the public namespace as well as the private?
So basically, if you want to access a computer through fqdn you need to have an entry in a DNS. In order for DNS to update itself with no intervention, you need Dynamic DNS (DDNS). In order to have DDNS you need a DHCP server that supports it, and normally that is only Windows.
If you can get by with just the NetBIOS names, then I would do that.
As far as whether "you can ping the name of a computer that is not on the same subnet and not on the domain without having to make manual entries in hosts", the answer is yes. That's like when you ping www.yahoo.com. But to give you instructions, you'd have to tell me how the networks are connected if at all, and whether they are expected to communicate through the internet or not. If so, then do the DCs control the DNS for the public namespace as well as the private?
ASKER
computers are connected by site to site VPN implemented via two sonicwalls
the remote computer #3 is on a different subnet
computer #3 is not pointing to the DC server
computer #3's sonicwall runs DHCP for that subnet
computer #1 and #2 are behind the other sonicwall which is running DHCP for their subnet
computer 1 and 2 can ping computer 3 by IP address, but not by name or fqdns
thanks
the remote computer #3 is on a different subnet
computer #3 is not pointing to the DC server
computer #3's sonicwall runs DHCP for that subnet
computer #1 and #2 are behind the other sonicwall which is running DHCP for their subnet
computer 1 and 2 can ping computer 3 by IP address, but not by name or fqdns
thanks
well for fqdns, the computers would need to point to a DC that has the other computers in its DNS table.
Resolving netbios names through broadcast won't work because the different sites are in different broadcast domains. To resolve netbios names, you would have to configure to configure WINS and have all the computers on both sites point to a WINS server. It may require that they all point to the same one depending on the setup.
How many domains are we talking about altogether? how many non-domain clients? If there are more than 1 domain, are they child or sub-domains? i.e. yourcompany.com and subdomain.yourcompany.com?
Resolving netbios names through broadcast won't work because the different sites are in different broadcast domains. To resolve netbios names, you would have to configure to configure WINS and have all the computers on both sites point to a WINS server. It may require that they all point to the same one depending on the setup.
How many domains are we talking about altogether? how many non-domain clients? If there are more than 1 domain, are they child or sub-domains? i.e. yourcompany.com and subdomain.yourcompany.com?
ASKER
only 1 domain. only 1 computer at the location of the domain is not on the domain (computer #2 above)
5 remote sites and more than 30 computers at those sites (30 total). none of those computers at the remote sites are on a domain. each of the 5 sites is on its own subnet
how does an application like Look@LAN know the IP and name of the computers?
the reason why i'm asking all of this is that i want to be able to do a client install of symantec corporate antivirus. the antivirus server is a computer on the domain. i have no problems installing to clients on the domain. but i cant install to clients not on the domain. i called symantec support, and we worked on the computers i identified as computer #1 and #2 above (in order to rule out VPN issues since symantec does not support VPN communication).
there is some kind of permissions issue going on, and the symantec rep thought it had to do with a DNS problem with not being able to ping computer #1 from computer #2 by name.
i am not certain this is the problem, but i figured it was worth figuring out so that then i could call back and say that isn't the problem.
the symantec antivirus server has a shared folder on computer #1. i can see that folder in computer #2's network neighborhood, but i can not access it. when i look at the share permissions settings of the folder on computer #1, it shows Everyone.
i tried adding a share on a different folder on computer #1, and computer #2 will add it to network neighborhood, but can't access it.
error:
<<share>> is not accessible. you might not have permission to use this network resource. contact the administrator of this server to find out if you have access permissions. access is denied.
when i go to remove the share on computer #1, it tells me that 1 user is connected.
i am able to view shares on the servers from computer #2. these happen to be the computers that i can ping fqdns
ideas?
5 remote sites and more than 30 computers at those sites (30 total). none of those computers at the remote sites are on a domain. each of the 5 sites is on its own subnet
how does an application like Look@LAN know the IP and name of the computers?
the reason why i'm asking all of this is that i want to be able to do a client install of symantec corporate antivirus. the antivirus server is a computer on the domain. i have no problems installing to clients on the domain. but i cant install to clients not on the domain. i called symantec support, and we worked on the computers i identified as computer #1 and #2 above (in order to rule out VPN issues since symantec does not support VPN communication).
there is some kind of permissions issue going on, and the symantec rep thought it had to do with a DNS problem with not being able to ping computer #1 from computer #2 by name.
i am not certain this is the problem, but i figured it was worth figuring out so that then i could call back and say that isn't the problem.
the symantec antivirus server has a shared folder on computer #1. i can see that folder in computer #2's network neighborhood, but i can not access it. when i look at the share permissions settings of the folder on computer #1, it shows Everyone.
i tried adding a share on a different folder on computer #1, and computer #2 will add it to network neighborhood, but can't access it.
error:
<<share>> is not accessible. you might not have permission to use this network resource. contact the administrator of this server to find out if you have access permissions. access is denied.
when i go to remove the share on computer #1, it tells me that 1 user is connected.
i am able to view shares on the servers from computer #2. these happen to be the computers that i can ping fqdns
ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
SAC is supposed to allow the antivirus push to clients not on a domain. it requires ADMIN$ and C$ shares exist and installs on the Admin account (so you have to disable simple file sharing)
i will try pushing it from the server while logged in as local Admin and not on the domain from computer #1 .... which should meet the requirements you stated in your second point
as for your third point... no, i do not get prompted for a username and password. i just get the error i mentioned above.
i will try pushing it from the server while logged in as local Admin and not on the domain from computer #1 .... which should meet the requirements you stated in your second point
as for your third point... no, i do not get prompted for a username and password. i just get the error i mentioned above.
ASKER
long story short.... the issue was with the sharing. i had to put a password on the account for computer #2 and now i can access computer #1's shared files while computer #1 is on the domain.
how i figured this out...
i took computer #1 off the domain and joined a new workgroup. i was still unable to access shares, with the same error as listed above.
i tried SAC while computer #1 was off the domain... and it acted exactly how it did when computer #1 is on the domain. the crazy message states that you have to enter in the username and password for an account on computer #2's domain... stupid SAC! computer #2 isn't on a domain! so i just put the username for computer #2's local account into the SAC box... got a message stating that blank passwords aren't allowed or you dont have permission... this is the same error i was getting when troubleshooting with symantec tech support on the phone. so i figured... what the heck, i'll put a password on computer #2's account... and whaalaa... SAC worked correctly. i then put computer #1 back on the domain and tried SAC again... and again, it works fine now. too back symantec support couldn't tell me that. it was an easy enough solution... instead, symantec tech support said i had a DNS problem, which is where this whole thread started.
thanks for all the help EE :)
how i figured this out...
i took computer #1 off the domain and joined a new workgroup. i was still unable to access shares, with the same error as listed above.
i tried SAC while computer #1 was off the domain... and it acted exactly how it did when computer #1 is on the domain. the crazy message states that you have to enter in the username and password for an account on computer #2's domain... stupid SAC! computer #2 isn't on a domain! so i just put the username for computer #2's local account into the SAC box... got a message stating that blank passwords aren't allowed or you dont have permission... this is the same error i was getting when troubleshooting with symantec tech support on the phone. so i figured... what the heck, i'll put a password on computer #2's account... and whaalaa... SAC worked correctly. i then put computer #1 back on the domain and tried SAC again... and again, it works fine now. too back symantec support couldn't tell me that. it was an easy enough solution... instead, symantec tech support said i had a DNS problem, which is where this whole thread started.
thanks for all the help EE :)
ASKER
oh! and one more question to bring this topic back on point.
where does an application like Look@LAN get its information from? it shows both IP and computer name for all computers on the network (across all subnets). so it is getting that information from some table somewhere, right?
where does an application like Look@LAN get its information from? it shows both IP and computer name for all computers on the network (across all subnets). so it is getting that information from some table somewhere, right?
Thanks for the points, I've been really busy. Glad to hear you got everything working, but I'm not sure I was entitled to the points. Thanks again, though.
I'm not sure how look@lan works. A lot of node discovery software just pings every address in a range. There is no table that can be completely relied upon.
I'm not sure how look@lan works. A lot of node discovery software just pings every address in a range. There is no table that can be completely relied upon.
ThanQ