Solved

Symantec AV Remote Client Install

Posted on 2007-11-25
12
828 Views
Last Modified: 2013-12-09
I have Symantec Anti Virus 10 Corp Edition on my Windows 2003 SBS with AD running. I have been able to remote install domain clients on my own sub-net (192.168.1.x), but when adding a machine (called Home) that is on the other end of a (linksys hardware) VPN, which is on 192.168.2.x subnet, I get an error message from the remote install utility "Network Name Not Found. Unable to detect the standard network share, ADMIN$, on <Home>"

The Home machine is able to log in to the domain, and access network resources, such as Exchange Mailboxes and Public Folders. I can see the other machines in the Domain, including the Server, in the Entire Network.

I have disabled hardware firewalls on both ends, and added TCP port 2967 exception on Windows Firewall on Home client. I have primary DNS set to the Server (192.188.1.2) and two external DNS servers (Comcast) on the Home cleint. WINS is set to 192.168.1.2, and Enable NETBIOS is checked.

I can not connect to the Home client from a different workstation on the domain, however, since it says //Home is not accessible. You might not have permission, the network path was not found. Not sure if this is related. I can RWW into the Home client.

Any ideas? Thanks.
0
Comment
Question by:Rich
  • 7
  • 5
12 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20346171
  I assume you can connect via ip address like \\192.168.2.x
    *Make sure windows firewall is disabled in home computer
    *Make sure ucp 137-138 tcp 139 and 445 ports are not blocked by any device/software
    *Can you ping the home client by its name?
0
 

Author Comment

by:Rich
ID: 20346313
I can not connect (using Add Network Place Wizard) to \\Home since there is no shared resource (I get the error "Windows requires a share to publish to. Please try another location.") When I browse to a Network place, the Home client is in the list, but does not expand to show any shared resources.

"ping 192.168.2.100" is successful from Server side of VPN
"ping home.GagnonConsulting.local" is successful from Server side of VPN

The Windows Firewall on the client is set in Group Policy from Server. I attempted to manually add exceptions for the 4 ports you mentioned, but got the following messages, indicating that they were already open.
137 UDP - NetBIOS Name Service already exists for this port
138 UDP - NetBIOS Datagram Service
139 TCP - NetBios Session Service
445 TCP - SMP over TCP
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20346331
 Wait a minute, Is home computer not a domain member?
  Can you reach \\192.168.2.100 from server side?
  If home computer is not a member of domain, then you should enable simple file and printer sharing
  http://support.microsoft.com/kb/304040/en
0
 

Author Comment

by:Rich
ID: 20346452
Home computer is a member of the domain. Simple file sharing is disabled. I can see it listed under the domain in Entire Network/Microsoft Windows Network/Gagnonconsultin/Home, but when I click on it, it does not open (like the other domain computers do.) The error message is that \\Home is not accessible. You might not have permission to use this network resoucre. The network path was not found.

What is the best way to test if I can reach \\192.168.2.100 from server side? I can ping it.
0
 

Author Comment

by:Rich
ID: 20346467
If if type in \\192.168.2.100 in the address bar, I get the error that Windows cannot find '\\192.168.2.100'.

The search for Computer Name: \\192.168.2.100 displays no results, nor does searching for \\Home.GagnonConsulting.local
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20347030
 type it in start>run not address bar
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:Rich
ID: 20347637
OK, tried that and it returns (after a wait) "The Network Path was not found"
0
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 500 total points
ID: 20348798
if ping 192.168.2.100 successfull from server side and you can not reach via \\192.168.2.100 , that means one of the above ports I mentioned is somehow blocked, either by a firewall or by tunnel ACL
0
 

Author Comment

by:Rich
ID: 20349913
Do you know a way to test a specific port for comms? I don't think that I can Ping on a specific port, but I am going to check the man pages.
0
 

Author Comment

by:Rich
ID: 20350052
I just checked out the Shields UP program from GRC, and had it check my network from the outside. It only shows ports 80, 443 and 444 open, and the ports 25, 135, 136, 137, 138, 139 and 445 in the list as Stealth. Apparently, stealth means that these ports are blocked somewhere my computer and the Pulbic Internet. Given I have disabled the hardware Firewall and specifically opened these ports on the client PC, I guess that Comcast must be blocking the ports. If this is true, I guess it is out of my control, and I will have to install the AV client manually, from the disk.
0
 

Author Comment

by:Rich
ID: 20350063
Thanks for you help with this, MrHusy. I have at least learned something.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20350161
 For more learning, you can use telnet for testing ports. For example, if you type the following
    telnet 192.168.1.200 137
   You get a blank black screen if the 137 port is open in 192.168.1.200.

You are welcome :)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now