How to acces shares and printers on Server 2008 across subnets
I've been scratching my head on this one for a while. It used to work when the DC/File/Print server was Windows 2003, but now that it is Server 2008 R2, I'm running into problems.
Servers are located at head office, subnet 10.247.1.x
Branch offices are on subnets 10.247.y.x (class C subnet mask)
Branches are connected to head office via ISP provided private network.
All printers in all offices are shared off the DC, running Windows 2008 R2
Most branch office users use a terminal server, also at head office, which has all the printers listed as shares from the DC, and that all works fine.
However, I have 1 user that regularly moves around between offices with his laptop, which is domain joined, running Windows 7 Business.
I've modified the hosts files on the laptop with both NetBios and FQDN mappings to the DC.
When the laptop is in the head office, it can "see" and access all printers and folder shares.
When it's in a branch office, it cannot see the printer shares, nor folder shares.
I can ping the server via IP, NetBios Name and FQDN from the laptop when it is in a branch office.
If I go to start =>run and type \\server2008 I see only his offline cached user share.
If I do the same with \\server2008.domain.com I see all the shares and printers, but if I try to access a share I get an error, and if I try to connect to a printer it tells me the spooler service is not running, although it is running on both the DC and the laptop.
The network is a Private network provided by the ISP. I asked their support to add the DC as the primary DNS entry on the branch router's DHCP server, and hand down the Prefered Subnet name, but this had no effect.
It's not simply a NetBios doesn't route across subnets issue, because the hosts file should take care of that, and I CAN ping by NetBios name.
Windows Firewall is disabled on the laptop, and enabled on the server, but the SMB ports are open in both directions on it. I don't know where to look next?
Servers are located at head office, subnet 10.247.1.x
Branch offices are on subnets 10.247.y.x (class C subnet mask)
Branches are connected to head office via ISP provided private network.
All printers in all offices are shared off the DC, running Windows 2008 R2
Most branch office users use a terminal server, also at head office, which has all the printers listed as shares from the DC, and that all works fine.
However, I have 1 user that regularly moves around between offices with his laptop, which is domain joined, running Windows 7 Business.
I've modified the hosts files on the laptop with both NetBios and FQDN mappings to the DC.
When the laptop is in the head office, it can "see" and access all printers and folder shares.
When it's in a branch office, it cannot see the printer shares, nor folder shares.
I can ping the server via IP, NetBios Name and FQDN from the laptop when it is in a branch office.
If I go to start =>run and type \\server2008 I see only his offline cached user share.
If I do the same with \\server2008.domain.com I see all the shares and printers, but if I try to access a share I get an error, and if I try to connect to a printer it tells me the spooler service is not running, although it is running on both the DC and the laptop.
The network is a Private network provided by the ISP. I asked their support to add the DC as the primary DNS entry on the branch router's DHCP server, and hand down the Prefered Subnet name, but this had no effect.
It's not simply a NetBios doesn't route across subnets issue, because the hosts file should take care of that, and I CAN ping by NetBios name.
Windows Firewall is disabled on the laptop, and enabled on the server, but the SMB ports are open in both directions on it. I don't know where to look next?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If they are network printers then i'd set the queues locally on the laptop. Its a workaround but it has very few drawbacks.
ASKER
Mchieff:
That is one possibility, but I'd rather not go that route if I don't have to as I don't like having one-off annomalous configurations. I'd also have to do something about the GPO that maps the printers in the first place. I'm currently working with the ISP to see if it's a simple matter of port 445 /139 traffic being blocked on the private network.
That is one possibility, but I'd rather not go that route if I don't have to as I don't like having one-off annomalous configurations. I'd also have to do something about the GPO that maps the printers in the first place. I'm currently working with the ISP to see if it's a simple matter of port 445 /139 traffic being blocked on the private network.
ASKER
Just a quick update, the user has not been in the branch office in question for the last little while, but will be there again next week. I will post here when I have the solution, and will award points at that time.
ASKER
The problem apparently resolved itself. When I got a chance to follow up with the user he said it's all working correctly now. I don't know why. The ISP managing the private network may have fixed something and not told me, or Windows 7 may have corrected itself, or a Windows update may have fixed it, or perhaps user error? At any rate it's working now, so I'm awarding points equally for those who tried to help even though we never pinned down the cause/solution.
ASKER
No need to appologize for the conversational tone. Unfortunately, AFAIK, the regular branch office users are all on thin clients, so the terminal server is their only option and I don't know and cannot test if they would otherwise be able to access the shares. I will check though to see if anyone is still running an XP based PC I can test with.
The laptop user is one of the owners of the company, and he's used to working directly on his laptop, so doubt he would want to start using the terminal server now, especially when his previous machine (XP) and the previous DC (Server 2003) worked fine.
Mchieff:
I did check the Advanced sharing settings, and they are set as you recommended. I did also try appending the DNS suffix for the connection, but it had no effect. Weird thing though, Network & Sharing does see the branch office subnet as a "Domain network" and not a "Work network". Mind you I did recently have the ISP add the DC to the branch office DNS settings handed out by DHCP, so the laptop should be able to find the DC at login now.
Any other ideas? Thanks both for your responses.