lefty431
asked on
Firewall iss or Network issue or Server issue
I have an issue
2 networks. Â
hardware firewall between the two networks. Â no windows firewalls
network 1 (wordstations) can only access network shares from a server in network 2 with the short name only.
\\servername
IP address works but it takes about 5 minutes for it to pop up and the
full DNS name does not work
\\servename.servernetwork. com
spoke to the network security people here and there seems to be no firewall issues. Â no traffic is bing dropped. Â Netbios is allowed.
DNS servers report information correctly.
I can telnet to all Netbios ports, I can ping the server
The only thing that doesn't work is the UNC path to the fully quailifed DNS name. Â
This needs to work so that we can use our SSLVPN connection to map drives.
thanks
2 networks. Â
hardware firewall between the two networks. Â no windows firewalls
network 1 (wordstations) can only access network shares from a server in network 2 with the short name only.
\\servername
IP address works but it takes about 5 minutes for it to pop up and the
full DNS name does not work
\\servename.servernetwork.
spoke to the network security people here and there seems to be no firewall issues. Â no traffic is bing dropped. Â Netbios is allowed.
DNS servers report information correctly.
I can telnet to all Netbios ports, I can ping the server
The only thing that doesn't work is the UNC path to the fully quailifed DNS name. Â
This needs to work so that we can use our SSLVPN connection to map drives.
thanks
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Specifically, since NETBIOS isn't routable, I am guessing that when you try to make the connection via FQDN, netbios is being blocked at the layer 3 device. What have you got in the middle?
Either that, or it is a DNS zone issue.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
If this is the case, you may have replication problems between sites. Check the FRS logs.
ASKER
ChiefIT,
DNS seems to be fine. Â This is a University. Â DNS is done centrally. Â The University helpdesk checked DNS and seemed to be fine.
There is QIP which does the public DNS and then there is Active Directory DNS. Â
I did a NSlookup on the IP and on the FQDN and they all match....
both computers look at the same DNS server. Â There are 3 DNS server actually... Â I don't manage any of them. Â
I can ping and telnet to all of the ports
\\FQDN Â doesn't work or takes like 10 min to come up.
\\shortname works quickly...
DNS seems to be fine. Â This is a University. Â DNS is done centrally. Â The University helpdesk checked DNS and seemed to be fine.
There is QIP which does the public DNS and then there is Active Directory DNS. Â
I did a NSlookup on the IP and on the FQDN and they all match....
both computers look at the same DNS server. Â There are 3 DNS server actually... Â I don't manage any of them. Â
I can ping and telnet to all of the ports
\\FQDN Â doesn't work or takes like 10 min to come up.
\\shortname works quickly...
Anything in the hosts file?
ASKER
no.. Â just the standard loop back.. Â
ASKER
let me ask. Â when you just use the short name, does it just query Active Directory? NetBios?
and if you use the FQDN it goes to the dns server?
and if you use the FQDN it goes to the dns server?
How many protocols do you have bound to the adaptor?
It spams the LAN with netbios. Fqdn goes to DNS.
ASKER
netbios seems to work from a computer within the same network>> Â
ip address doesn't work
fqdn doesn't work.
from a VPN tunnel, the IP address DOES work but short name doesn't (expected) and FQDN doesn't.
TCP/IP is bound and Client for MS Networks, File and Printer Sharing.. Â
ip address doesn't work
fqdn doesn't work.
from a VPN tunnel, the IP address DOES work but short name doesn't (expected) and FQDN doesn't.
TCP/IP is bound and Client for MS Networks, File and Printer Sharing.. Â
When the tunnel is established, can you contact a useful DNS server? (this I have seen before)
ASKER
when I do an IPconfig/all it pulls the same DNS servers that my clients do.
everything goes to 3 dns servers. Â all clients University wide and all VPN tunnels.
everything goes to 3 dns servers. Â all clients University wide and all VPN tunnels.
Can you run an actual nslookup?
ASKER
Yes, it first tries to query my ISP DNS, then it goes to the tunnel DNS and resolves.
That was not the answer I was expecting. Hmm. What type f VPN?
ASKER
SSL VPN. Â University system... Â uses Juniper
one of the other admins here was thinking something in AD. Â or on the NIC for the server itself. Â
one of the other admins here was thinking something in AD. Â or on the NIC for the server itself. Â
I am doubting it is the nic. I would be more likely to think it was the stack.
ssl VPN... Might be the ruleset for interesting traffic.
ssl VPN... Might be the ruleset for interesting traffic.
ASKER
but doesn't explain the pc that is in the same network having the issue.
As there is a lot of guessing, I would take the time and effort to perform a network capture (e.g. with WireShark), to see what's wrong with normal FQDN queries.
ASKER
Not sure how WireShark works. Â I will look into it.. Â
ASKER
I downloaded wireshark. Â let me mess with it to capture some data.. Â
Capture filter (not display filter! It's defined in the settings for the network card capture dialog) should be set to
port 53 or port 135 or port 137
to be sure to capture all relevant data, and not to much other traffic.
port 53 or port 135 or port 137
to be sure to capture all relevant data, and not to much other traffic.
ASKER
how about relevant to the destination only? Â I will connect to the VPN, then launch the software and try to connect to the server..???
That way you won't see what other IPs are involved in name resolution process.
ASKER
new information
it seems to work now if you use the IP address. Â if you use the FQDN it tries to login to the server using the credentials I am logged into the laptop with. Â (this won't work) Â it doesn't prompt me for a login box to type my credentials.
when I use the IP address, it prompts me within 5 seconds...
.
it seems to work now if you use the IP address. Â if you use the FQDN it tries to login to the server using the credentials I am logged into the laptop with. Â (this won't work) Â it doesn't prompt me for a login box to type my credentials.
when I use the IP address, it prompts me within 5 seconds...
.
That would be windows making your life easier. Same domain names?
ASKER
completely different.. Â
I am at a loss... Machine vpns in from outside subnet, connects. DNS resolves through the tunnel, and shortnames and fqdn don't work. IP address does. That sounds right?
Is it possible to connect with a different application via ip and fqdn?
Is it possible to connect with a different application via ip and fqdn?
ASKER
there are no other applications on this server. Â it is just a file server.. Â
so the summary is.. Â
On campus within the same firewall:
shortname works
FQDN works but takes 10 min for it to pop up.
Off campus through VPN:
Short name doesn't work
FQDN doesn't work
IP address works..
so the summary is.. Â
On campus within the same firewall:
shortname works
FQDN works but takes 10 min for it to pop up.
Off campus through VPN:
Short name doesn't work
FQDN doesn't work
IP address works..
And from outside the network, VPN established, DNS resolves "hostname" to "ipaddress". If you take that ip address, and pop it into the run dialogue, \\ipaddress\c$, or whatever, it works, but \\hostname\c$ doesn't?. Is the machine nat'd accross the firewall? I could see what you are saying not working if the NAT is wrong, or if it resolves to the internal ip, but is nat'd to a different ip.
ASKER
When I establish an IP address from the tunnel I do get another IP address from the tunnel range.
Your describing above is the case. Â ipaddress works, hostname doesn't.. Â
The tunnel if firewall to firewall. Â You still type in the public IP address of the server to access it. Â Just need to have the tunnel active or it won't connect.. Â not that it does now..
we have other tunnels set up the same way and it works fine. Â Â security team here on campus thought it maybe the server. Â I don't see how.. I think it is their tunnel or something with the network routing..
Your describing above is the case. Â ipaddress works, hostname doesn't.. Â
The tunnel if firewall to firewall. Â You still type in the public IP address of the server to access it. Â Just need to have the tunnel active or it won't connect.. Â not that it does now..
we have other tunnels set up the same way and it works fine. Â Â security team here on campus thought it maybe the server. Â I don't see how.. I think it is their tunnel or something with the network routing..
The tunnel is firewall to firewall? You have a site-to-site VPN, then?
ASKER
yes, site to site.
With split tunneling?
ASKER
Yes
That doesn't make any sense. Have your network guys check their routing and rules. Have them verify them against other sites, if you have them.
That doesn't make any sense. Have your network guys check their routing and rules. Have them verify them against other sites, if you have them.
ASKER
they said they have. Â but who knows. Â this is why I have been trying to troubleshoot myself.. Â some of the network guys are good, some are not.. Â
Speaking as a good network guy, with a 105 site wan, something isn't right...
ports to be aware of:
File sharing:
445/TCP SMB over TCP
137/TCP WINS/Netbios Broadcast ports
138/UDP Netbios datagram port
139/UDP Netbios datagram port (used for Netbios over SMB and Netbios over WINS)
Authentication through kerberose: (too many to list)
http://www.erdc.hpc.mil/hardSoft/Kerberos/ports
Remote procedure call:
135/TCP
DNS port:
53/TCP.
from the site  you can not contact the other try a port query to see if DNS is reachable from one site to another. However, It appears like a problem with authentication whenever you use a DNS connection. You may have a ONE-WAY trust relationship between one site and the other. OR, site DNS transfers are not working from one site to the other. This means the DNS records of one site are not on the other. So, when you query on the side that can't contact the remote site, the DNS host A records are not there and  your query goes to outside servers. Are these sites trusted sites of one another? Are the DNS zone transfers making it from one site to the other? These are questions you might ask yourself.
If Netbios works, ((//servername/share)), then DNS connections certainly work if not blocked or if it is trusted.
If not, you may look and see if your DNS port allows communications on the DNS port (of the site you can not contact)
File sharing:
445/TCP SMB over TCP
137/TCP WINS/Netbios Broadcast ports
138/UDP Netbios datagram port
139/UDP Netbios datagram port (used for Netbios over SMB and Netbios over WINS)
Authentication through kerberose: (too many to list)
http://www.erdc.hpc.mil/hardSoft/Kerberos/ports
Remote procedure call:
135/TCP
DNS port:
53/TCP.
from the site  you can not contact the other try a port query to see if DNS is reachable from one site to another. However, It appears like a problem with authentication whenever you use a DNS connection. You may have a ONE-WAY trust relationship between one site and the other. OR, site DNS transfers are not working from one site to the other. This means the DNS records of one site are not on the other. So, when you query on the side that can't contact the remote site, the DNS host A records are not there and  your query goes to outside servers. Are these sites trusted sites of one another? Are the DNS zone transfers making it from one site to the other? These are questions you might ask yourself.
If Netbios works, ((//servername/share)), then DNS connections certainly work if not blocked or if it is trusted.
If not, you may look and see if your DNS port allows communications on the DNS port (of the site you can not contact)
ASKER
Not sure if this will help..
here is a WireShark log from the time I typed in \\FQDN until it finally connected. Â almost 10 minutes later...
here is a WireShark log from the time I typed in \\FQDN until it finally connected. Â almost 10 minutes later...
ASKER
sorry.. Â with the file in EXCEL
lefty.zip
lefty.zip
Which ip is which?
You have a spanning tree loop going on. Only two retransmissions, though...
Nothing went on in that capture. From start to end no more than 4 seconds have passed. First packet is 440 seconds (0:07:20) after start of capture. Either the problematic packets are not send via that interface, or the capture filter was too restricitive.
ASKER
the server we are trying to connect to is 136.142.142.216
the server the software is on is 136.142.142.217 Â (source)
sorry.
the server the software is on is 136.142.142.217 Â (source)
sorry.
ASKER
it was an open capture. Â I can see everything in there...
7 Â Â Â Â Â 10.023558 Â Â Â Â Â Cisco_8d:70:e9 Â Â Â Â Â Spanning-tree-(for-bridges )_00 Â Â Â Â Â STP Â Â Â Â Â Conf. Root = 2239/00:d0:04:6a:80:00 Â Cost = 8 Â Port = 0x8029
8 Â Â Â Â Â 10.118324 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â ICMP Â Â Â Â Â Echo (ping) request
9 Â Â Â Â Â 10.118428 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â ICMP Â Â Â Â Â Echo (ping) reply
10 Â Â Â Â Â 10.118559 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â TCP Â Â Â Â Â 4476 >Â microsoft-ds [SYN] Seq=0 Win=65535 Len=0 MSS=1460
11 Â Â Â Â Â 10.118699 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â ICMP Â Â Â Â Â Echo (ping) request
12 Â Â Â Â Â 10.118879 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â TCP Â Â Â Â Â microsoft-ds >Â 4476 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460
13 Â Â Â Â Â 10.118908 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â TCP Â Â Â Â Â 4476 >Â microsoft-ds [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
14 Â Â Â Â Â 10.118978 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â ICMP Â Â Â Â Â Echo (ping) reply
15 Â Â Â Â Â 10.119083 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Negotiate Protocol Request
16 Â Â Â Â Â 10.11964 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Negotiate Protocol Response
17 Â Â Â Â Â 10.120343 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Request, NTLMSSP_NEGOTIATE
18 Â Â Â Â Â 10.120826 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQ UIRED
19 Â Â Â Â Â 10.121157 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Request, NTLMSSP_AUTH, User: \
20 Â Â Â Â Â 10.122018 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Response
21 Â Â Â Â Â 10.122274 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Tree Connect AndX Request, Path: \\OCD-DATA.OCD.PITT.EDU\IP C$
22 Â Â Â Â Â 10.122777 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Tree Connect AndX Response
23 Â Â Â Â Â 10.123028 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Trans2 Request, GET_DFS_REFERRAL, File: \ocd-data.ocd.pitt.edu\.
24 Â Â Â Â Â 10.123202 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Trans2 Response, GET_DFS_REFERRAL, Error: STATUS_NO_SUCH_DEVICE
25 Â Â Â Â Â 10.123869 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Request, NTLMSSP_NEGOTIATE
26 Â Â Â Â Â 10.124193 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQ UIRED
27 Â Â Â Â Â 10.124424 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Request, NTLMSSP_AUTH, User: OCD\Administrator
28 Â Â Â Â Â 10.249701 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â TCP Â Â Â Â Â microsoft-ds >Â 4476 [ACK] Seq=1298 Ack=1574 Win=65535 Len=0
7 Â Â Â Â Â 10.023558 Â Â Â Â Â Cisco_8d:70:e9 Â Â Â Â Â Spanning-tree-(for-bridges
8 Â Â Â Â Â 10.118324 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â ICMP Â Â Â Â Â Echo (ping) request
9 Â Â Â Â Â 10.118428 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â ICMP Â Â Â Â Â Echo (ping) reply
10 Â Â Â Â Â 10.118559 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â TCP Â Â Â Â Â 4476 >Â microsoft-ds [SYN] Seq=0 Win=65535 Len=0 MSS=1460
11 Â Â Â Â Â 10.118699 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â ICMP Â Â Â Â Â Echo (ping) request
12 Â Â Â Â Â 10.118879 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â TCP Â Â Â Â Â microsoft-ds >Â 4476 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460
13 Â Â Â Â Â 10.118908 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â TCP Â Â Â Â Â 4476 >Â microsoft-ds [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
14 Â Â Â Â Â 10.118978 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â ICMP Â Â Â Â Â Echo (ping) reply
15 Â Â Â Â Â 10.119083 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Negotiate Protocol Request
16 Â Â Â Â Â 10.11964 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Negotiate Protocol Response
17 Â Â Â Â Â 10.120343 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Request, NTLMSSP_NEGOTIATE
18 Â Â Â Â Â 10.120826 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQ
19 Â Â Â Â Â 10.121157 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Request, NTLMSSP_AUTH, User: \
20 Â Â Â Â Â 10.122018 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Response
21 Â Â Â Â Â 10.122274 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Tree Connect AndX Request, Path: \\OCD-DATA.OCD.PITT.EDU\IP
22 Â Â Â Â Â 10.122777 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Tree Connect AndX Response
23 Â Â Â Â Â 10.123028 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Trans2 Request, GET_DFS_REFERRAL, File: \ocd-data.ocd.pitt.edu\.
24 Â Â Â Â Â 10.123202 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Trans2 Response, GET_DFS_REFERRAL, Error: STATUS_NO_SUCH_DEVICE
25 Â Â Â Â Â 10.123869 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Request, NTLMSSP_NEGOTIATE
26 Â Â Â Â Â 10.124193 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQ
27 Â Â Â Â Â 10.124424 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â SMB Â Â Â Â Â Session Setup AndX Request, NTLMSSP_AUTH, User: OCD\Administrator
28 Â Â Â Â Â 10.249701 Â Â Â Â Â 136.142.142.216 Â Â Â Â Â 136.142.142.217 Â Â Â Â Â TCP Â Â Â Â Â microsoft-ds >Â 4476 [ACK] Seq=1298 Ack=1574 Win=65535 Len=0
ASKER
right around line 521 is where it finally connects...
@qlemo: Scroll up.
@lefty431: You have my bet as to what is causing this. Even with only two retransmissions, I am guessing that you have 75 or 80 percent spanning tree in that capture.
@lefty431: You have my bet as to what is causing this. Even with only two retransmissions, I am guessing that you have 75 or 80 percent spanning tree in that capture.
ASKER
so no ideas?
ASKER
I am going to post the log from the VPN tunnel to the destination.. Â maybe that will help.. I am just going to past the stuff right in there..
Is there more than one path between the client and server?
ASKER
meaning file share?
layer 2. That much spanning tree is a big problem.
ASKER
what is the spanning tree?
It is a layer 2 protocol that breaks switching loops.
ASKER
hmm.. Â is there a way to update the WireShark capture? Â I tried zipping it and it wouldnt let me, Â I figured it would be easier to read...
Not sure. Maybe just attach a new file?
ASKER
here is the capture from the vpn tunnel.
at first it didn't work at all. Â then I used the IP address and got a prompt....
leftyfromvpn.xls
at first it didn't work at all. Â then I used the IP address and got a prompt....
leftyfromvpn.xls
Silly me :-(
Â
 In the last capture are a lot of login errors for JIM-IPC\jim using NTLM. The last attempt works. This is really strange, as long as you did not re-enter your password ...
About Spanning Tree: Yes, I reckon this is a real problem here. Multicasts to check for STP are ok every now and then, but the captured stuff looks like a multilink not configured correctly (as Cisco is detecting loops). If loops are detected, packets might (will) be discarded silently, as they are expected to come on more than one network port. NetBIOS has to time out then to resend requests. Might fit here.
Â
Â
 In the last capture are a lot of login errors for JIM-IPC\jim using NTLM. The last attempt works. This is really strange, as long as you did not re-enter your password ...
About Spanning Tree: Yes, I reckon this is a real problem here. Multicasts to check for STP are ok every now and then, but the captured stuff looks like a multilink not configured correctly (as Cisco is detecting loops). If loops are detected, packets might (will) be discarded silently, as they are expected to come on more than one network port. NetBIOS has to time out then to resend requests. Might fit here.
Â
ASKER
I didn't not enter anything, nor did I get prompted to. Â Vista is trying to use the credentials that I am logged into the laptop with.
Conneting with NetBIOS works right away.
meaning if I click on \\netbios name it connects in about 2 seconds. (from a computer in the same filewall) Â If I try to connect with that same computer using the \\FQDN it doesn't work. Â IP address does work.
form the VPN tunnel it is a different story I suspect maybe related in some way.
from the tunnel I can get it to work with an IP address about 80% of the time. Â using the FQDN it usually doesn't work and we all know the short name isn't going to work...
Conneting with NetBIOS works right away.
meaning if I click on \\netbios name it connects in about 2 seconds. (from a computer in the same filewall) Â If I try to connect with that same computer using the \\FQDN it doesn't work. Â IP address does work.
form the VPN tunnel it is a different story I suspect maybe related in some way.
from the tunnel I can get it to work with an IP address about 80% of the time. Â using the FQDN it usually doesn't work and we all know the short name isn't going to work...
@qlemo: It's the only thing I can think of. I am guessing that with the tunnel established, there is some problem with vlan trunking, and it is trying to prune excessivly.
ASKER
anything I can test on the server? Â if I can't rule out the Univeristies equipment, I can rule out mine.. Â
Your server would have nothing to do with STP. It is a layer 2 protocol.
I would hand that packet cap to your cisco guy, and ask him to look into the spanning tree.
ASKER
Cisco guy.. Â Now that's funny.....
:)
Well, who ever it is that is responsible for the cisco switches.
Well, who ever it is that is responsible for the cisco switches.
ASKER
Can someone tell me what happens when you do
\\servername
vs.
\\servername.domainname.ed u
?
\\servername
vs.
\\servername.domainname.ed
?
http://articles.techrepubl ic.com.com /5100-1087 8_11-50342 39.html
This explains netbios, and a bit of DNS. Shortnames are netbios, fqdn are dns.
This explains netbios, and a bit of DNS. Shortnames are netbios, fqdn are dns.
After the server is identified, the actual data is moved via CIFS, which is an updated SMB.
ASKER
so if there were a routing issue, how can I narrow down to DNS vs. Netbios?
It's not a routing issue. Not really. The issue, I suspect, is that STP is pruning too much. Are your vlans trunked?
ASKER
good question.. Â I will find out. Â they should be...
""so if there were a routing issue, how can I narrow down to DNS vs. Netbios?""
Use NSlookup to troubleshoot DNS issues. NSLookup is strictly a DNS troubleshooting utility.
Many folks don't realize this, but Ping is a multi-protocol troubleshooting utility.
Ping xxx.xxx.xxx.xxx can help troubleshoot ARP
Ping servername helps troubleshoot netbios
Ping servername.domainname helps troubleshoot DNS.
This is the same idea with UNC paths: (UNC stands for Universal Naming Convention for a reason)
//xxx.xxx.xxx.xxx/share is mapping by an IP
//servername/share is mapping by the netbios name
//servername.domain.name/s hare is mapping by DNS
Your current issue is with DNS: The FQDN doesn't work all the time. So, either your client's preferred DNS servers are not the School's DNS servers or you have a configured Host file on the client:
I wrote an article on how to simplify the troubleshooting of DNS for Experts Exchange:
The article is called "DNS TROUBLESHOOTING MADE EASY"
http://beta.experts-exchange.com/articles/Networking/Protocols/DNS/DNS-TROUBLESHOOTING-MADE-EASY.html
If you go to the articles section of EE, then you will be able to find and open the article.
1) Check your preferred DNS server list on the client:
2) Check your host file to make sure it is NOT configured with anything except the loopback address
3) Flush your DNS cache by going to the command prompt and typing IPconfig /flushDNS
Then, lets see if you have these issues with DNS.
Use NSlookup to troubleshoot DNS issues. NSLookup is strictly a DNS troubleshooting utility.
Many folks don't realize this, but Ping is a multi-protocol troubleshooting utility.
Ping xxx.xxx.xxx.xxx can help troubleshoot ARP
Ping servername helps troubleshoot netbios
Ping servername.domainname helps troubleshoot DNS.
This is the same idea with UNC paths: (UNC stands for Universal Naming Convention for a reason)
//xxx.xxx.xxx.xxx/share is mapping by an IP
//servername/share is mapping by the netbios name
//servername.domain.name/s
Your current issue is with DNS: The FQDN doesn't work all the time. So, either your client's preferred DNS servers are not the School's DNS servers or you have a configured Host file on the client:
I wrote an article on how to simplify the troubleshooting of DNS for Experts Exchange:
The article is called "DNS TROUBLESHOOTING MADE EASY"
http://beta.experts-exchange.com/articles/Networking/Protocols/DNS/DNS-TROUBLESHOOTING-MADE-EASY.html
If you go to the articles section of EE, then you will be able to find and open the article.
1) Check your preferred DNS server list on the client:
2) Check your host file to make sure it is NOT configured with anything except the loopback address
3) Flush your DNS cache by going to the command prompt and typing IPconfig /flushDNS
Then, lets see if you have these issues with DNS.
ASKER
Used NSlookup and everything resolved correctly.
able to Ping domain name and ip address. Â resolves correctly.
flushed DNS on both servers and check the host file.
It seems to work a little better. Â Still takes about 5 minutes for it to connect with an IP address for FQDN. Â but short name works in seconds...
saw something on a blog about the NVidia network card drivers.. Â so looking into that, however I have no idea how to even troubleshoot a driver outside of just upgrading it.
the server does have 4 network ports in it so I configured one of the other ports on a different IP address with a different DNS name.
same thing. it connect.
yesturday I took the 3rd network port and configured it to a different VLAN. Â from that vlan I tried to connect and it had the same issue.
from the server I am having problems with I tried to connect to a data server and it connected with FQDN, IP and short name within seconds.
so it seems to only be when connecting to THIS server. Â
I have a rebuild scheduled on Friday but I want to rule EVERY thing else out. Â
anything in the OS you know of I can check? Â
able to Ping domain name and ip address. Â resolves correctly.
flushed DNS on both servers and check the host file.
It seems to work a little better. Â Still takes about 5 minutes for it to connect with an IP address for FQDN. Â but short name works in seconds...
saw something on a blog about the NVidia network card drivers.. Â so looking into that, however I have no idea how to even troubleshoot a driver outside of just upgrading it.
the server does have 4 network ports in it so I configured one of the other ports on a different IP address with a different DNS name.
same thing. it connect.
yesturday I took the 3rd network port and configured it to a different VLAN. Â from that vlan I tried to connect and it had the same issue.
from the server I am having problems with I tried to connect to a data server and it connected with FQDN, IP and short name within seconds.
so it seems to only be when connecting to THIS server. Â
I have a rebuild scheduled on Friday but I want to rule EVERY thing else out. Â
anything in the OS you know of I can check? Â
I can't think of anything.
ASKER
Going to upgrade to 2008 server. Â See if that does anything. Â Then rebuild.
Did it help?
Hello?
ASKER
No nothing.. Â stil the same thing.. I even put a second computer in the same vlan as this and tried to connect to that and that doesn't work either. Â The University doesn't want to admit there is an issue and they just point fingers back and forth at each other.
So, I was right, and it is a network problem.
ASKER
I guess if your going for right and wrong. Â yeah.. Â :-)
:)
You really shoudl find someone to look at those STP problems... There is a loop, and that is no good.
You really shoudl find someone to look at those STP problems... There is a loop, and that is no good.
I think this has to do with the server's preferred DNS server.
Can you provide a IPconfig /all of the problem child server?
Also run a DCdiag /verbose and look for errors on that server. Further, look in event logs for DNS issues. Post any discrepancies with the IPconfig for us and we should be able to correct the issue.
Those two things would go a long way to troubleshooting this issue before a rebuild.
Can you provide a IPconfig /all of the problem child server?
Also run a DCdiag /verbose and look for errors on that server. Further, look in event logs for DNS issues. Post any discrepancies with the IPconfig for us and we should be able to correct the issue.
Those two things would go a long way to troubleshooting this issue before a rebuild.
ASKER
I will look into it tonight and see what I can come up with. Â The University 3 DNS servers. Â No one else is reporting an issue that I know of..
I will look and let you know..
I will look and let you know..
ASKER
Cisco looked at the network, microsoft looked at the server. Â it is a network issues with spanning tree. Â they are replacing the equipment this weekend. Â thanks for all that helped.