Solved

Connect to File Server on different subnet.

Posted on 2007-03-21
14
494 Views
Last Modified: 2010-03-17
Have a file server running on a Windows 2003 Enterprise server. I have three subnets in my environment.
192.168.5.xxx, 192.168.6.xxx, 192.168.7.xxx. I currently can communicate and see share folder on the same subnet of 192.168.6.xxx
I cannot see the server on the 5.xxx or 7.xxx by Server Name or IP address. I cannot ping the machine from the other two subnets.

 
0
Comment
Question by:vferreira71
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 18764661
It sounds like you have routing issues - Windows doesn't care what subnetting you do - just make sure your routing information is correct and your router is setup correctly.

What are your default gateways set to?
0
 

Author Comment

by:vferreira71
ID: 18765381
Hmmm, not sure its a routing issue.. i will give you more detail.
A couple of servers (including the files server we are having issue with) sit on the 5 network.
Then we have workstations on the 6 network and the 7 network.
As a test, i went to another windows Enterprise server 2003 on the 5 network..... created a shared drive..... then i jumped on pc's of the 6 AND 7 network... and I could map it fine.

Do the same thing...
map a shared folder I created in the new File Server (which also resides on the 5 network).... jump on the 6 and 7 network... and cannot see it.
I have read several articles about you can only map a drive on the subnet you are on.. is that true?
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 18765578
most of windows routing happens through a broadcast from the broadcast ip.  if it is a 24 bit subnet you are using then the broadcast ip is generally going to be the 255 ip on the same subnet.  and if the servers are located on different subnets, then you need your own internal dns server, a router which understands all such ip routing to handle this.

i dunno if changing the subnet mask on the ipconfig screen has any effect as it can chew into your own subnet broadcast ip.
0
 
LVL 1

Expert Comment

by:SunKnight0
ID: 18765753
If you can't ping the machine (assuming you don't intentionally block ICMP)  then your problem is in the IP connectivity level and not the file sharing/permissions level. Is there any firewalling or other network protection software running on the server in question? Some security solutions will block ports based on whether the source IP is on the same subnet of the destination machine or not.
0
 

Author Comment

by:vferreira71
ID: 18765927
I just went in to the File server and disabled the Windows Firewall. When I type in Server name or IP address I get a message that states "The network path was not found".
0
 
LVL 1

Expert Comment

by:SunKnight0
ID: 18765971
Let me make sure I understand the situation:

You have a test station on 192.168.6.xxx subnet and a file server on the 192.168.5.xxx subnet which you can't ping by IP (let's forget the name resolution for now and worry about the IP connectivity). But you did a test by sharing a folder on another server on the 192.168.5.xxx and that worked fine (both pings and actual file sharing) from the same test station on the 192.168.6.xxx. Am I correct?

Can you post ping and tracert results from your test station to both these servers without any intermediate configuration changes?

Also, are all your subnets on the same switch (or group of switches) or are there routers between them?
0
 

Author Comment

by:vferreira71
ID: 18766204
OK. below is a test off of one of my pc's in the7 network...


 
Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\vferreira>ipconfig
Windows IP Configuration

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.7.105
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.7.1



C:\Documents and Settings\vferreira>ping 192.168.5.21

Pinging 192.168.5.21 with 32 bytes of data:
Reply from 192.168.5.21: bytes=32 time<1ms TTL=127
Reply from 192.168.5.21: bytes=32 time<1ms TTL=127
Reply from 192.168.5.21: bytes=32 time<1ms TTL=127
Reply from 192.168.5.21: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.5.21:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\vferreira>tracert 192.168.5.21

Tracing route to firmimauditor.firmname.local [192.168.5.21]
over a maximum of 30 hops:
 1    <1 ms    <1 ms    <1 ms  192.168.7.1
 2    <1 ms    <1 ms    <1 ms  firmimauditor.firmname.local [192.168.5.21]

Trace complete.





C:\Documents and Settings\vferreira>ping 192.168.5.206

Pinging 192.168.5.206 with 32 bytes of data:

Reply from 192.168.5.206: bytes=32 time=3ms TTL=127
Reply from 192.168.5.206: bytes=32 time=35ms TTL=127
Reply from 192.168.5.206: bytes=32 time<1ms TTL=127
Reply from 192.168.5.206: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.5.206:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 35ms, Average = 9ms

C:\Documents and Settings\vferreira>tracert 192.168.5.206

Tracing route to firmfs2.firmname.local [192.168.5.206]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.7.1
  2    <1 ms    <1 ms    <1 ms  firmfs2.firmname.local [192.168.5.206]

Trace complete.

C:\Documents and Settings\vferreira>
0
 
LVL 1

Accepted Solution

by:
SunKnight0 earned 250 total points
ID: 18766269
Based on that you do have ping (and therefore IP communication) working to both the file server and the temporary test server.

The next step is to try accessing the file share by IP. On Start-Run (or the 'My Computer' address bar) type \\192.168.5.206 (or \\192.168.5.21 is that is the actual file server). You may also want to try \\192.168.5.21\[sharename] but it should work with just the IP, at least to the point of asking you for a username and password.
0
 

Author Comment

by:vferreira71
ID: 18766364
OK.. so i turned off the internal Firewall of File server... rebooted.. and NOW IT WORKS!
I feel like an ass! Sorry about all of this. lol

What in the internal firewall of the Server do i need to turn on/allow so i can put the firewall back on and still work?
0
 
LVL 1

Expert Comment

by:SunKnight0
ID: 18766392
There is no real need to firewall internal network interfaces, only external ones. Unless your server also has an interface with a public IP address, I would leave the firewall off.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 18766604
> There is no real need to firewall internal network interfaces,
> only external ones. Unless your server also has an interface
> with a public IP address, I would leave the firewall off.

Tell that to my client who was hit with an RBOT variant.  He was running updated Norton Antivirus and yet he was still hit... with a variant that 3 month Dr. Web definitions later caught - in the mean time, every non-firewalled client (mostly 2000 systems) was infected - and reinfected when we cleaned it.  Internal firewalls are just as important as external ones to protect against infection from Malware.
0
 

Author Comment

by:vferreira71
ID: 18766684
so what is it in the firewall that i need to turn on to allow mapped drives to work?
0
 
LVL 1

Expert Comment

by:SunKnight0
ID: 18766967
Taken from this http://support.microsoft.com/kb/298804/en-us

The following ports are associated with file sharing and server message block (SMB) communications:
• Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
• Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).
0
 
LVL 1

Expert Comment

by:SunKnight0
ID: 18767066
"Tell that to my client who was hit with an RBOT variant.  He was running updated Norton Antivirus and yet he was still hit... with a variant that 3 month Dr. Web definitions later caught - in the mean time, every non-firewalled client (mostly 2000 systems) was infected - and reinfected when we cleaned it.  Internal firewalls are just as important as external ones to protect against infection from Malware."

Well, not to start an argument here, but RBOT propagates using the file sharing ports*, so a firewall configured to allow file sharing would have no different effect whatsoever than no firewall at all.

There are many arguments for and against internal firewalls. In my opinion and experience dealing with random functionality problems (such as the one described here) and managing ports and permissions is worse than dealing with the small potential of security threats.

*In addition to other methods that require either the lack of security updates or the pre-existance of other malware
0

Join & Write a Comment

Suggested Solutions

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now