Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 551
  • Last Modified:

How to acces shares and printers on Server 2008 across subnets

I've been scratching my head on this one for a while. It used to work when the DC/File/Print server was Windows 2003, but now that it is Server 2008 R2, I'm running into problems.

Servers are located at head office, subnet 10.247.1.x
Branch offices are on subnets 10.247.y.x (class C subnet mask)
Branches are connected to head office via ISP provided private network.
All printers in all offices are shared off the DC, running Windows 2008 R2
Most branch office users use a terminal server, also at head office, which has all the printers listed as shares from the DC, and that all works fine.

However, I have 1 user that regularly moves around between offices with his laptop, which is domain joined, running Windows 7 Business.

I've modified the hosts files on the laptop with both NetBios and FQDN mappings to the DC.
When the laptop is in the head office, it can "see" and access all printers and folder shares.
When it's in a branch office, it cannot see the printer shares, nor folder shares.
I can ping the server via IP, NetBios Name and FQDN from the laptop when it is in a branch office.
If I go to start =>run and type \\server2008 I see only his offline cached user share.
If I do the same with \\server2008.domain.com I see all the shares and printers, but if I try to access a share I get an error, and if I try to connect to a printer it tells me the spooler service is not running, although it is running on both the DC and the laptop.

The network is a Private network provided by the ISP. I asked their support to add the DC as the primary DNS entry on the branch router's DHCP server, and hand down the Prefered Subnet name, but this had no effect.

It's not simply a NetBios doesn't route across subnets issue, because the hosts file should take care of that, and I CAN ping by NetBios name.

Windows Firewall is disabled on the laptop, and enabled on the server, but the SMB ports are open in both directions on it. I don't know where to look next?
0
Logic Managed IT
Asked:
Logic Managed IT
  • 4
  • 2
2 Solutions
 
BeghemotCommented:
Wow.  Can the laptop user use the terminal server the way the others at the branch office use it?  Do the Branch office machines behave the same way as the laptop iof they try to connect directly the way the laptop user does? (Not through the terminal server)

If the branch office machines do exibit the same behavior when you try to connect directly to shares, I would lean towards it still being the firewall.  The advanced firewall settings could allow the home office IPs but not the Branch office.  There are lots of settings in there for file and print.

If on the other hand the Branch office PCs can do a \\server2008.domain.com and connect without the errors, then Hmmm.

Sorry for the conversational tone of this or if I am not making sense.
0
 
mchieffCommented:
In the 7 machine ensure you have set the network profiles correctly when the laptop is connected to each segment (network and sharing centre>Advaced sharing settings). I'd have network discovery on, file and print sharing on, public folder off and file sharing at 40-56 bit encryption.
You could also try appending the DNS suffix for the connection in the network properties for TCP/IP but this might cause issues away from the site.
0
 
Logic Managed ITSystems AdministrationAuthor Commented:
Beghemot:
No need to appologize for the conversational tone. Unfortunately, AFAIK, the regular branch office users are all on thin clients, so the terminal server is their only option and I don't know and cannot test if they would otherwise be able to access the shares. I will check though to see if anyone is still running an XP based PC I can test with.
The laptop user is one of the owners of the company, and he's used to working directly on his laptop, so doubt he would want to start using the terminal server now, especially when his previous machine (XP) and the previous DC (Server 2003) worked fine.
Mchieff:
I did check the Advanced sharing settings, and they are set as you recommended. I did also try appending the DNS suffix for the connection, but it had no effect. Weird thing though, Network & Sharing does see the branch office subnet as a "Domain network" and not a "Work network". Mind you I did recently have the ISP add the DC to the branch office DNS settings handed out by DHCP, so the laptop should be able to find the DC at login now.
Any other ideas? Thanks both for your responses.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
mchieffCommented:
If they are network printers then i'd set the queues locally on the laptop. Its a workaround but it has very few drawbacks.
0
 
Logic Managed ITSystems AdministrationAuthor Commented:
Mchieff:

That is one possibility, but I'd rather not go that route if I don't have to as I don't like having one-off annomalous configurations. I'd also have to do something about the GPO that maps the printers in the first place. I'm currently working with the ISP to see if it's a simple matter of port 445 /139 traffic being blocked on the private network.
0
 
Logic Managed ITSystems AdministrationAuthor Commented:
Just a quick update, the user has not been in the branch office in question for the last little while, but will be there again next week. I will post here when I have the solution, and will award points at that time.
0
 
Logic Managed ITSystems AdministrationAuthor Commented:
The problem apparently resolved itself. When I got a chance to follow up with the user he said it's all working correctly now. I don't know why. The ISP managing the private network may have fixed something and not told me, or Windows 7 may have corrected itself, or a Windows update may have fixed it, or perhaps user error? At any rate it's working now, so I'm awarding points equally for those who tried to help even though we never pinned down the cause/solution.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now