DNS issue : unable to ping computer by name

i have two computers.
computer 1:  windows xp pro, joined on domain
computer 2:  windows media center, NOT on domain

both computers are running service pack 2, with all updates.  both computers have firewalls turned off.

from computer 1 i can ping computer 2 by IP and by name
from computer 2 i can ping computer 1 by IP only

how can i get computer 2 to ping computer 1 by name?

LVL 44
zephyr_hex (Megan)DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
on both machines

start > run > cmd {enter}
ipconfig /all {enter}

make sure computer 2 is using the same DNS server as computer 1


on computer 2 navigate to

double click the host file


<ip address>          computer1

to the bottom of the file (below      localhost)
Pete LongTechnical ConsultantCommented:
open the hosts file it with notepad
Hey Pete.  Thought I lend a few words and complicate matters for absolutely no reason whatsoever. =)

Are you using DHCP or static addresses?  If DHCP, what device is handing out the leases?

Your domain workstation is using a domain controller as a DNS server.  You can configure your domain controller to service and register non-domain clients and then configure your non-domain client to use the DC as a DNS server.  This would work once there is a DNS record for each computer.  The record is probably inserted automatically into DNS if "Dynamic DNS" is enabled and configured.  Dynamic DNS is a feature of DHCP.

Alternatively, if the two computers are on the same subnet, you simply turn on NetBIOS over TCP/IP and you should be able to resolve the names by broadcast.  This option is located in the properties for TCP/IP in the network adapter properties.  Once there, click the advanced button and goto the WINS tab.

Or you can just add static records to your HOSTS file as PeteLong said.
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

zephyr_hex (Megan)DeveloperAuthor Commented:
some updates to answer the questions posed:

1)  i have the DNS server specified on both computers, and they both are pointing to the same server.
2) DHCP is running, and the leases are handed out by the sonicwall
2a)  computer 1 has a static IP, as do the 3 servers in the network.  The rest of the computers are dynamic IP.
3)  both computers are on the same subnet.
4)  i have enabled netbios over tcp/ip on computer 2 as suggested.

from computer 2, i can ping the name of computer 1 as long as i don't include the full name (name.domain).  but computer 2 can ping any of the servers on the domain with their full names (name.domain).

i would prefer to not have to add entries manually to the hosts file...

also, is there any way to ping the name of a computer that is not on the same subnet and not on the domain without having to make manual entries in the hosts file?
zephyr_hex (Megan)DeveloperAuthor Commented:
i want to clarify #2

DHCP is not running on the DC.  it is running on the sonicwall, which is the router.
Well NetBIOS name resolution only works with NetBIOS names, which is identical to the computer's hostname, but it doesn't do fqdns (Fully Qulaified Domain Name - name.computer.tld.)  It will only do the computername.  If you want to ping by fqdn then you will need DNS.  The problem with that is that if the sonicwall leases the address to computer2, it would also have to update DNS, and I don't believe it will do that.(Called Dynamic DNS)  You'd have to make a static entry into the DNS server, and then if the IP changes, the record would be wrong.

So basically, if you want to access a computer through fqdn you need to have an entry in a DNS.  In order for DNS to update itself with no intervention, you need Dynamic DNS (DDNS).  In order to have DDNS you need a DHCP server that supports it, and normally that is only Windows.

If you can get by with just the NetBIOS names, then I would do that.

As far as whether "you can ping the name of a computer that is not on the same subnet and not on the domain without having to make manual entries in hosts", the answer is yes.  That's like when you ping www.yahoo.com.  But to give you instructions, you'd have to tell me how the networks are connected if at all, and whether they are expected to communicate through the internet or not.  If so, then do the DCs control the DNS for the public namespace as well as the private?
zephyr_hex (Megan)DeveloperAuthor Commented:
computers are connected by site to site VPN implemented via two sonicwalls
the remote computer #3 is on a different subnet
computer #3 is not pointing to the DC server
computer #3's sonicwall runs DHCP for that subnet
computer #1 and #2 are behind the other sonicwall which is running DHCP for their subnet

computer 1 and 2 can ping computer 3 by IP address, but not by name or fqdns

well for fqdns, the computers would need to point to a DC that has the other computers in its DNS table.  

Resolving netbios names through broadcast won't work because the different sites are in different broadcast domains.  To resolve netbios names, you would have to configure to configure WINS and have all the computers on both sites point to a WINS server.  It may require that they all point to the same one depending on the setup.

How many domains are we talking about altogether?  how many non-domain clients?  If there are more than 1 domain, are they child or sub-domains? i.e. yourcompany.com and subdomain.yourcompany.com?  If not, is there a trust relationship between them?
zephyr_hex (Megan)DeveloperAuthor Commented:
only 1 domain.  only 1 computer at the location of the domain is not on the domain (computer #2 above)
5 remote sites and more than 30 computers at those sites (30 total).  none of those computers at the remote sites are on a domain.  each of the 5 sites is on its own subnet

how does an application like Look@LAN know the IP and name of the computers?

the reason why i'm asking all of this is that i want to be able to do a client install of symantec corporate antivirus.  the antivirus server is a computer on the domain.  i have no problems installing to clients on the domain.  but i cant install to clients not on the domain.  i called symantec support, and we worked on the computers i identified as computer #1 and #2 above (in order to rule out VPN issues since symantec does not support VPN communication).

there is some kind of permissions issue going on, and the symantec rep thought it had to do with a DNS problem with not being able to ping computer #1 from computer #2 by name.

i am not certain this is the problem, but i figured it was worth figuring out so that then i could call back and say that isn't the problem.

the symantec antivirus server has a shared folder on computer #1.  i can see that folder in computer #2's network neighborhood, but i can not access it.  when i look at the share permissions settings of the folder on computer #1, it shows Everyone.

i tried adding a share on a different folder on computer #1, and computer #2 will add it to network neighborhood, but can't access it.
<<share>> is not accessible.  you might not have permission to use this network resource.  contact the administrator of this server to find out if you have access permissions.  access is denied.

when i go to remove the share on computer #1, it tells me that 1 user is connected.

i am able to view shares on the servers from computer #2.  these happen to be the computers that i can ping fqdns

I'll have to make some assumptions about SAC from my experience with it.

First of all, is that the server needs to be able to locate the client thru DNS which rules out NetBIOS resolution.  (again, these are just assumptions.

Second, I'm not sure if you can push Symantec Antivirus Corporate to clients who are not on a domain, but I know for a fact that you will at least need local admin priveledges for the client computers.  SAC probably uses the current login credentials, so that means you will have to push it from a computer where you are logged in as a user that has the same username and password as a local administrator on the clients.

Thirdly, As far as accessing the domain share, are you getting a prompt for username and password?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
zephyr_hex (Megan)DeveloperAuthor Commented:
SAC is supposed to allow the antivirus push to clients not on a domain.  it requires ADMIN$ and C$ shares exist and installs on the Admin account (so you have to disable simple file sharing)

i will try pushing it from the server while logged in as local Admin and not on the domain from computer #1 .... which should meet the requirements you stated in your second point

as for your third point...  no, i do not get prompted for a username and password.  i just get the error i mentioned above.
zephyr_hex (Megan)DeveloperAuthor Commented:
long story short.... the issue was with the sharing.  i had to put a password on the account for computer #2 and now i can access computer #1's shared files while computer #1 is on the domain.

how i figured this out...
i took computer #1 off the domain and joined a new workgroup.  i was still unable to access shares, with the same error as listed above.

i tried SAC while computer #1 was off the domain... and it acted exactly how it did when computer #1 is on the domain.  the crazy message states that you have to enter in the username and password for an account on computer #2's domain... stupid SAC!  computer #2 isn't on a domain!  so i just put the username for computer #2's local account into the SAC box... got a message stating that blank passwords aren't allowed or you dont have permission...  this is the same error i was getting when troubleshooting with symantec tech support on the phone.  so i figured... what the heck, i'll put a password on computer #2's account...  and whaalaa... SAC worked correctly.  i then put computer #1 back on the domain and tried SAC again...  and again, it works fine now.  too back symantec support couldn't tell me that.  it was an easy enough solution...  instead, symantec tech support said i had a DNS problem, which is where this whole thread started.

thanks for all the help EE :)
zephyr_hex (Megan)DeveloperAuthor Commented:
oh!  and one more question to bring this topic back on point.

where does an application like Look@LAN get its information from?  it shows both IP and computer name for all computers on the network (across all subnets).  so it is getting that information from some table somewhere, right?
Thanks for the points, I've been really busy.  Glad to hear you got everything working, but I'm not sure I was entitled to the points.  Thanks again, though.

I'm not sure how look@lan works.  A lot of node discovery software just pings every address in a range.  There is no table that can be completely relied upon.
Pete LongTechnical ConsultantCommented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.