simplyamazing
asked on
Cannot browse workgroup computers or domain computers on SBS2003 domain
Hi all,
I replace a Win2000 domain w/ a Win2003 SBS domain a while back, but have yet to solve a problem with browsing on the network.
Originally, all 4 clients could browse with no problem, now all 4 clients (or any machine connected to the network as part of ANY workgroup) allways get the same error message when simply browsing the network in Windows (all clients are either WinXP or Win2K).
"JoeDomain is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept."
On Win 2000 networks, I don't recall ever needing permission to see the network computers (regardless of whether they are in a domain or workgroup).
None of the clients even get a chance to see a listing of the available workgroups or domains (there are 2 workgroups and 1 domain).
Somehow, SBS has completely taken over the network browsing ability of ANY client.
The only machine that can browse the network is the SBS2003 server itself. It also makes no difference whether the client(s) are logged into the domain or logged into the workstation - no one can browse.
Mapping drives works fine.
TCP/IP forward and reverse resolution works just fine.
The only thing is that browsing stopped once SBS2003 became the DC (so it appears to be a "feature" of SBS2003 )
Windows IP Configuration
Host Name . . . . . . . . . . . . : delta
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : joedomain.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : joedomain.local
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 47-A8-A2-00-03-3D
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.250
DNS Servers . . . . . . . . . . . : 192.168.1.250
Lease Obtained. . . . . . . . . . : Tuesday, June 13, 2006 1:00:11 AM
Lease Expires . . . . . . . . . . : Wednesday, June 21, 2006 1:00:11 AM
If this is a license issue (there are 5 client licenses and 4 domain clients), then maybe it's not installed correctly. But why on Earth would SBS kill browsing for non-domain machines?
I replace a Win2000 domain w/ a Win2003 SBS domain a while back, but have yet to solve a problem with browsing on the network.
Originally, all 4 clients could browse with no problem, now all 4 clients (or any machine connected to the network as part of ANY workgroup) allways get the same error message when simply browsing the network in Windows (all clients are either WinXP or Win2K).
"JoeDomain is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept."
On Win 2000 networks, I don't recall ever needing permission to see the network computers (regardless of whether they are in a domain or workgroup).
None of the clients even get a chance to see a listing of the available workgroups or domains (there are 2 workgroups and 1 domain).
Somehow, SBS has completely taken over the network browsing ability of ANY client.
The only machine that can browse the network is the SBS2003 server itself. It also makes no difference whether the client(s) are logged into the domain or logged into the workstation - no one can browse.
Mapping drives works fine.
TCP/IP forward and reverse resolution works just fine.
The only thing is that browsing stopped once SBS2003 became the DC (so it appears to be a "feature" of SBS2003 )
Windows IP Configuration
Host Name . . . . . . . . . . . . : delta
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : joedomain.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : joedomain.local
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 47-A8-A2-00-03-3D
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.250
DNS Servers . . . . . . . . . . . : 192.168.1.250
Lease Obtained. . . . . . . . . . : Tuesday, June 13, 2006 1:00:11 AM
Lease Expires . . . . . . . . . . : Wednesday, June 21, 2006 1:00:11 AM
If this is a license issue (there are 5 client licenses and 4 domain clients), then maybe it's not installed correctly. But why on Earth would SBS kill browsing for non-domain machines?
ASKER
That is a workstation IPCONFIG.
The SBS Server was a new domain and holder of all the FSMO roles.
I knew SBS was handicapped, so I did not take any chances and built an entirely new domain. It was not transferred.
The installation is a "default" installation and I followed all the wizards, though it's had errors since its first virgin install so I figure either I did the wizards in the wrong order. Who knows?
I've never dealt with SBS before, so I am sure my ignorance of all the features that were removed from the standard server version has a lot to do with many of these problems as I set it up as if it were a large company
I've run dcdiag and addiag - no errors (though the 1058 and 1030 errors still keep coming up!) - go figure.
I've never heard of a "connectcomputer" wizard. My real point is that I have 2 machines that are in a workgroup that is completely different than the domain - they will NEVER login to the server. But SBS makes an assumption that they will and somehow blocks these computers from seeing the network (workgroups, domains, printers, anything). Is this the way it's supposed to work?
This makes no sense at all to me.
I'll check out your links.
Thanks
The SBS Server was a new domain and holder of all the FSMO roles.
I knew SBS was handicapped, so I did not take any chances and built an entirely new domain. It was not transferred.
The installation is a "default" installation and I followed all the wizards, though it's had errors since its first virgin install so I figure either I did the wizards in the wrong order. Who knows?
I've never dealt with SBS before, so I am sure my ignorance of all the features that were removed from the standard server version has a lot to do with many of these problems as I set it up as if it were a large company
I've run dcdiag and addiag - no errors (though the 1058 and 1030 errors still keep coming up!) - go figure.
I've never heard of a "connectcomputer" wizard. My real point is that I have 2 machines that are in a workgroup that is completely different than the domain - they will NEVER login to the server. But SBS makes an assumption that they will and somehow blocks these computers from seeing the network (workgroups, domains, printers, anything). Is this the way it's supposed to work?
This makes no sense at all to me.
I'll check out your links.
Thanks
ASKER
Those links basically answered my question. It does consider all devices on that network to be a client, regardless.
I'll just break up the network into 2 subnets, 1 for SBS, 1 for everything else. (hopefully this will work)
I'll just break up the network into 2 subnets, 1 for SBS, 1 for everything else. (hopefully this will work)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks again.
The 1058 issue is because the "\\joedomain.local\sysvol"
I can ping "joedomain.local" fine, so it's resolving correctly. (omega is name of the server)
The share security and folder security for "sysvol" share and folder are set to Administrators=Full, Authenticated Users=Full, Everyone=Read (the default setup).
The WINS was not installed - I'll install it and try again.
I did a little test with SBS running and not running. When it is running, non-domain workstations (that have never joined the domain before - ie brand spankin' new) cannot browse network neighborhood.
After shutting down SBS, the workstations can browse again.
I'll try removing the DNS server address from the workstations (maybe SBS requires a license for each DNS query?)
As far as the 1030/1058 errors and the group policy (which I can't change as the snap-in does not work either), the drive mapping will suffice until I completely rebuild the server from scratch to get it to work correctly (I've learned my lesson to ONLY use wizards for SBS from now on ;).
The 1058 issue is because the "\\joedomain.local\sysvol"
I can ping "joedomain.local" fine, so it's resolving correctly. (omega is name of the server)
The share security and folder security for "sysvol" share and folder are set to Administrators=Full, Authenticated Users=Full, Everyone=Read (the default setup).
The WINS was not installed - I'll install it and try again.
I did a little test with SBS running and not running. When it is running, non-domain workstations (that have never joined the domain before - ie brand spankin' new) cannot browse network neighborhood.
After shutting down SBS, the workstations can browse again.
I'll try removing the DNS server address from the workstations (maybe SBS requires a license for each DNS query?)
As far as the 1030/1058 errors and the group policy (which I can't change as the snap-in does not work either), the drive mapping will suffice until I completely rebuild the server from scratch to get it to work correctly (I've learned my lesson to ONLY use wizards for SBS from now on ;).
I should have noticed in your IPCONFIG above that you didn't have a WINS server listed... you souldn't have to install it... it should already be installed. But you will have to designate it in the NIC settings. After doing that, rerun the CEICW to get everything else configured properly with it.
The reason that the workstations can't browse network neighborhood is WINS again. When the SBS is running they are using DNS, but when it's not they need WINS which you don't have configured.
Legend has it that you will only get SBS to work after your THIRD install. (It took me four times).
Jeff
TechSoEasy
The reason that the workstations can't browse network neighborhood is WINS again. When the SBS is running they are using DNS, but when it's not they need WINS which you don't have configured.
Legend has it that you will only get SBS to work after your THIRD install. (It took me four times).
Jeff
TechSoEasy
ASKER
It's a WINS thing then, I've never used WINS before - never needed to with the standard and enterprise editions before, at least not to browse (I thought MS was going to get rid of WINS once and for all).
This will be the third install (the first one, I really botched).
Thanks again for all the input.
This will be the third install (the first one, I really botched).
Thanks again for all the input.
ASKER
I thought wrong. I'm just going to reinstall the whole thing (the time I've wasted on SBS has now exceeded the cost savings - geez!)
ASKER
I figured it out. I disabled the other network card and all the errors went away.
Apparently, SBS did not know where to look for the domain name, so it was picking the wrong NIC.
(The DNS Server appeared to be set up correctly and did reverse lookups without any problems on both NICs, but it appears that the NIC chosen by windows when the file share was created was the NIC w/ file sharing turned off - counter-intuitive, but maybe on the next version of server, MS could provide a way to pick which NIC goes with which share).
The reason for the additional NIC was to be able to have a backup "backbone" (just like a SAN, but w/o the insane cost) completely isolated from the regular network (I do this at the datacenters as well for both speed and security) - SBS must be designed to prevent this configuration as well, but I have no more time to mess with it.
Apparently, SBS did not know where to look for the domain name, so it was picking the wrong NIC.
(The DNS Server appeared to be set up correctly and did reverse lookups without any problems on both NICs, but it appears that the NIC chosen by windows when the file share was created was the NIC w/ file sharing turned off - counter-intuitive, but maybe on the next version of server, MS could provide a way to pick which NIC goes with which share).
The reason for the additional NIC was to be able to have a backup "backbone" (just like a SAN, but w/o the insane cost) completely isolated from the regular network (I do this at the datacenters as well for both speed and security) - SBS must be designed to prevent this configuration as well, but I have no more time to mess with it.
It's actually the binding order of your NICS, which you can change in Network Connections > Advanced > Advanced Settings.
If you have two nics, then you need to configure your SBS according to this recommendation: http://sbsurl.com/twonics
The cost savings is long term if you configure it properly.
Jeff
TechSoEasy
If you have two nics, then you need to configure your SBS according to this recommendation: http://sbsurl.com/twonics
The cost savings is long term if you configure it properly.
Jeff
TechSoEasy
But the bigger question is, "How did you "replace" the domain"? You cannot just add an SBS to a network, it must be installed as the root of the forest and the holder of all FSMO roles. (what used to be called a Primary Domain Controller). SBS has very specific deployment requirements and it's important to follow all instructions regarding any sort of migration from a previous domain. There is a specific paper about migrating from a Windows 2000 domain which you can find here: http://sbsurl.com/migrate.
If you did not follow that procedure, then there may be many more issues than just browsing the network.
Specifically, workstations must be joined to an SBS domain using the connectcomputer wizard.
I'd suggest that you review http://sbsurl.com/itpro and you can find all sorts of documentation at http://sbsurl.com/techguide
Jeff
TechSoEasy