Solved

Network Discovery - Each network in the domain seems isolated after switching to Windows Server 2008 AD

Posted on 2009-07-08
8
330 Views
Last Modified: 2012-05-07
We recently replaced our Windows Server 2003 Active Directory with a Windows Server 2008 one.

The problem we're facing is that suddenly each network seems isolated (in the Microsoft Windows Network domain) and workstations/servers can only see their own network (for example 192.168.2.* can only see PCs on the 192.168.2.* and so on).

This doesn't affect the overall network since most of the services between servers and workstations work fine but certain software rely on the Windows Network to discover PCs (most importantly McAfee ePolicy orchestrator).

I'm not pointing the Windows Server 2008 AD as the source of the problem but it immediately occurred after switching to the new AD.
0
Comment
Question by:fbmeit
  • 4
  • 2
8 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 24803202

The information you've given seems to imply that it is NetBIOS browsing which is failing. If most services are working and being routed correctly between subnets, then it is not a network issue.

Standard NetBIOS announcement broadcast traffic does not cross between subnets, so the browse list from one subnet will not present itself to another.

To resolve this issue, you'll need to install the WINS Server role onto one of your servers. You then point (through DHCP for dynamic addressed clients) all the workstations and servers at the WINS server, and you should find your browse list comes back properly.

I expect the migration of servers failed to migrate WINS, which would explain this issue.

-Matt
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24811079
Can you ping between subnets by ip address?

Maybe a firewall issue?
You can try temporarily disabling the upgraded servers firewall since on 2008 it is turned on by default.

What was doing the routing of traffic between the subnets before the upgrade?
0
 
LVL 1

Author Comment

by:fbmeit
ID: 24811224
We can ping between subnets with no problem and its not a WINS either.
The problem should be something on the active directory, as after the movement of FSMO roles from 2003 to 2008 the issue started.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24817880

None of the 5 FSMO roles do any form of tracking of network browsing themselves, although it is quite common for the holder of the PDC Emulator role to be nominated the 'Master Browser' for the domain automatically.

On the PDC Emulator role holder, check the Computer Browser service is set to 'Automatic' and is Started. This maintains the browse lists so must be running at all times.

If you wish to obtain browsing across subnets - or you have some sort of routing device between two segments of the network - a WINS server is required because the broadcast traffic cannot cross the subnet-boundaries and is not relayed by any routers.

-Matt
0
 
LVL 1

Author Comment

by:fbmeit
ID: 24970763
Eventually the problem has nothing to do with Netbios, Nothing to do with WINS, the issue was resolved by enabling the Computer Browser service from windows services.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24971334
"...the issue was resolved by enabling the Computer Browser service from windows services..."

That is what I stated in my comment http:#a24817880:

"...check the Computer Browser service is set to 'Automatic' and is Started..."
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24978684
Objecting per my last comment (http:#a24971334)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question