Solved

How to acces shares and printers on Server 2008 across subnets

Posted on 2010-08-17
7
540 Views
Last Modified: 2012-06-27
I've been scratching my head on this one for a while. It used to work when the DC/File/Print server was Windows 2003, but now that it is Server 2008 R2, I'm running into problems.

Servers are located at head office, subnet 10.247.1.x
Branch offices are on subnets 10.247.y.x (class C subnet mask)
Branches are connected to head office via ISP provided private network.
All printers in all offices are shared off the DC, running Windows 2008 R2
Most branch office users use a terminal server, also at head office, which has all the printers listed as shares from the DC, and that all works fine.

However, I have 1 user that regularly moves around between offices with his laptop, which is domain joined, running Windows 7 Business.

I've modified the hosts files on the laptop with both NetBios and FQDN mappings to the DC.
When the laptop is in the head office, it can "see" and access all printers and folder shares.
When it's in a branch office, it cannot see the printer shares, nor folder shares.
I can ping the server via IP, NetBios Name and FQDN from the laptop when it is in a branch office.
If I go to start =>run and type \\server2008 I see only his offline cached user share.
If I do the same with \\server2008.domain.com I see all the shares and printers, but if I try to access a share I get an error, and if I try to connect to a printer it tells me the spooler service is not running, although it is running on both the DC and the laptop.

The network is a Private network provided by the ISP. I asked their support to add the DC as the primary DNS entry on the branch router's DHCP server, and hand down the Prefered Subnet name, but this had no effect.

It's not simply a NetBios doesn't route across subnets issue, because the hosts file should take care of that, and I CAN ping by NetBios name.

Windows Firewall is disabled on the laptop, and enabled on the server, but the SMB ports are open in both directions on it. I don't know where to look next?
0
Comment
Question by:log138
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 2

Accepted Solution

by:
Beghemot earned 250 total points
ID: 33461117
Wow.  Can the laptop user use the terminal server the way the others at the branch office use it?  Do the Branch office machines behave the same way as the laptop iof they try to connect directly the way the laptop user does? (Not through the terminal server)

If the branch office machines do exibit the same behavior when you try to connect directly to shares, I would lean towards it still being the firewall.  The advanced firewall settings could allow the home office IPs but not the Branch office.  There are lots of settings in there for file and print.

If on the other hand the Branch office PCs can do a \\server2008.domain.com and connect without the errors, then Hmmm.

Sorry for the conversational tone of this or if I am not making sense.
0
 
LVL 3

Assisted Solution

by:mchieff
mchieff earned 250 total points
ID: 33461247
In the 7 machine ensure you have set the network profiles correctly when the laptop is connected to each segment (network and sharing centre>Advaced sharing settings). I'd have network discovery on, file and print sharing on, public folder off and file sharing at 40-56 bit encryption.
You could also try appending the DNS suffix for the connection in the network properties for TCP/IP but this might cause issues away from the site.
0
 

Author Comment

by:log138
ID: 33470120
Beghemot:
No need to appologize for the conversational tone. Unfortunately, AFAIK, the regular branch office users are all on thin clients, so the terminal server is their only option and I don't know and cannot test if they would otherwise be able to access the shares. I will check though to see if anyone is still running an XP based PC I can test with.
The laptop user is one of the owners of the company, and he's used to working directly on his laptop, so doubt he would want to start using the terminal server now, especially when his previous machine (XP) and the previous DC (Server 2003) worked fine.
Mchieff:
I did check the Advanced sharing settings, and they are set as you recommended. I did also try appending the DNS suffix for the connection, but it had no effect. Weird thing though, Network & Sharing does see the branch office subnet as a "Domain network" and not a "Work network". Mind you I did recently have the ISP add the DC to the branch office DNS settings handed out by DHCP, so the laptop should be able to find the DC at login now.
Any other ideas? Thanks both for your responses.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:mchieff
ID: 33481148
If they are network printers then i'd set the queues locally on the laptop. Its a workaround but it has very few drawbacks.
0
 

Author Comment

by:log138
ID: 33505481
Mchieff:

That is one possibility, but I'd rather not go that route if I don't have to as I don't like having one-off annomalous configurations. I'd also have to do something about the GPO that maps the printers in the first place. I'm currently working with the ISP to see if it's a simple matter of port 445 /139 traffic being blocked on the private network.
0
 

Author Comment

by:log138
ID: 33666002
Just a quick update, the user has not been in the branch office in question for the last little while, but will be there again next week. I will post here when I have the solution, and will award points at that time.
0
 

Author Closing Comment

by:log138
ID: 33810793
The problem apparently resolved itself. When I got a chance to follow up with the user he said it's all working correctly now. I don't know why. The ISP managing the private network may have fixed something and not told me, or Windows 7 may have corrected itself, or a Windows update may have fixed it, or perhaps user error? At any rate it's working now, so I'm awarding points equally for those who tried to help even though we never pinned down the cause/solution.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring Remote Assistance for use with SCCM
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question