Announcement

Collapse
No announcement yet.

New Server 2003 user, can't add pc to DC/AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Server 2003 user, can't add pc to DC/AD

    Greets all. I'll start with the background info:

    I read on the main site how to get filesharing working, which works great - no issues. I also read on the site how to get DNS and AD setup on the site, which also works pretty well - no issues there either. Internet still works (phew!) and I had to go over the steps twice to get it right but at least now I understand it.

    I have a netgear G wireless router, my wired server 03 desktop with DNS/AD configured on it, and a wireless capable laptop. My laptop can see the fileserver wired/wirelessly no problem, though i'll say it's pretty slow xferring files wirelessly - haven't tried wired. When i attach the laptop to the router and do an NSLOOKUP all it will find is my router, and I cannot ping my desktop. Also, I tried having the router make my server 03 desktop the DMZ server but after that didn't work I took it back off.


    I do have Symantec Endpoint Protection on my server though, and I haven't seen anything come up referring to blocking outside interests. I have blocked windows applications from accessing the internet because I don't find it necessary, but maybe it could be my problem: (Blocking) svchost.exe, lsass.exe, searchfilterhost.exe, hh.exe, and ntoskrnl.exe

    I'm probably just missing some basic stuff here, but to the point - I can't get my laptop to communicate with my desktop through the router. Help :]

  • #2
    Re: New Server 2003 user, can't add pc to DC/AD

    This is just a swag [stupid wild ass guess]

    Check the TCP/IP settings of your laptop and server. Make sure they're in the same subnet. Sounds to me like you might be getting a DHCP address from the router and something with it is wrong. As far as nslookup, you should be using your DC's DNS and if you're not seeing it in nslookup that's because it wasn't assigned by DHCP.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: New Server 2003 user, can't add pc to DC/AD

      My DC servers IP was set statically, that connects to the router which is functioning as DHCP server, and both pc's have the same default gateway and subnet mask.

      What's really strange, is that after resetting the computer the first time to change the computer name, it would not find my domain or ping my server ip. Doing it from my server, at first try it timed out and did not display the computer name, just the IP that it couldn't reach.

      The second time, i went into my router settings and re-arranged the IP address reservation list since the names and MAC's had changed from the last time I edited that table and now I can ping my (wireless) laptop from my server and it will respond (after a 200ms latency) and display the computer's name. Very strange. My laptop can't ping my server however wireless or wired to the router.

      Progress at least!
      Server IP - 25.50.75.130
      Laptop IP - 25.50.75.126
      Subnet on both PCs - 255.255.255.0
      Default Gateways on both PCs - 25.50.75.100
      Router IP = Default Gateway

      Really weird.

      Comment


      • #4
        Re: New Server 2003 user, can't add pc to DC/AD

        Hmmm using public addresses you don't own can give you some weird problems and in that case it isn' smart to use it.
        First I would change that to private addresses.

        Second, some more questions
        Is there any firewall blocking the ICMP packets?
        What are the OSes of all machines?
        Also Symantec may cause some weird issues, replace it with a descent AV
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: New Server 2003 user, can't add pc to DC/AD

          You mean the IP's i'm using should be set to the usual 192's? The router is my point of entry from my ISP and everything else connects to that - those IP's are just the range that I told my router to give my PCs.

          I haven't checked at the moment, i'll edit this post when I find out on the ICMP block.

          Laptop - XP Pro / ZoneAlarm Security Suite 7 (I don't like ver8 )
          Desktop - Windows Server 2003 / Symantec Endpoint Security

          If there's a decent AV/AS/Firewall suite I can use - I don't like having all these programs running amok with processes and 100 threads and such. I know my quad core has more than enough power to handle it but it still bothers me.

          Also - While i'm learning this, I recently got a VMware program and am looking to learn a linux or unix build. Any recommendations for a beginner with semi-advanced windows/mac/dos skills?

          Edit: Nothing I can find on symantec firewall/settings blocking ICMP (as in, there isn't any options to let me block or not block)
          Last edited by korsen; 2nd January 2009, 19:37.

          Comment


          • #6
            Re: New Server 2003 user, can't add pc to DC/AD

            Originally posted by korsen View Post
            You mean the IP's i'm using should be set to the usual 192's?
            Yes. Or if not those, another private IP range - take your pick http://www.jpsdomain.org/networking/nat.html
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: New Server 2003 user, can't add pc to DC/AD

              I have a kind of similar setup to you and I'd firstly recommend configuring the router to do as little as possible. I'd get the server doing DHCP rather than the router, and use a private range rather than a public range.

              I've got a linksys router and it is perfectly happy with a static external IP address (That's the way my ISP is configured) and a static internal doing DHCP relay from the server. I've got both wired and wireless clients and they can all ping and fileshare from each other.
              BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
              sigpic
              Cruachan's Blog

              Comment


              • #8
                Re: New Server 2003 user, can't add pc to DC/AD

                Ok on the private range, but as far as your network config goes, do you have two NICs in your server? Or do you have Modem->Router->Everything else?

                I just have the one NIC on my server. I'm going to install DHCP role on here and see if i can figure out how to get that to work too. Spose I should read an article on the site how to get it to work huh? :P

                I just figured out how to add users and change password policy to suit what I wanted but I still can't get my laptop to find my domain controller even over LAN. Guess we'll start with DHCP and private ranges then eh?

                Thanks for your help guys.

                Comment


                • #9
                  Re: New Server 2003 user, can't add pc to DC/AD

                  One NIC in the server. I have a combined ADSL Modem/Router (linksys WAG300N) which connects to an 8 port gigabit switch and the server and wired clients connect from there. My laptop connects wirelessly to the Router.

                  Ideally what you'd want (and what I'd setup if I wasn't a cheapskate ) is have the router feeding into the server, then a second NIC on the server with switches and a seperate wireless access point that's not on the perimeter of the network. Ideally I'd want either a hardware firewall as part of the perimeter router or ISA Server installed on the server.
                  BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                  sigpic
                  Cruachan's Blog

                  Comment


                  • #10
                    Re: New Server 2003 user, can't add pc to DC/AD

                    So here's what i've done so far (after talking to a friend who took network administration classes):

                    I've changed all my IP addresses to 172.16's
                    Updated my DNS/DHCP roles
                    Added WINS role for the heck of it

                    After removing my routers role as DHCP, my server could still access the net but my wireless laptop will get limited or no connectivity. I have the option of static routes and DMZ server in my router.

                    I still have a problem getting my laptop to see or be referred to my server.

                    Comment


                    • #11
                      Re: New Server 2003 user, can't add pc to DC/AD

                      Looks like the router is not relaying DHCP traffic. On my Linksys there is an option to tell the router to do DHCP relay and and specify the IP address of the local DHCP server, I don't know if Netgears have this though.
                      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                      sigpic
                      Cruachan's Blog

                      Comment


                      • #12
                        Re: New Server 2003 user, can't add pc to DC/AD



                        Originally posted by cruachan View Post
                        a seperate wireless access point that's not on the perimeter of the network
                        There are arguments for and against installing the WAP at the network edge, outside of the network firewall. It mainly depends on which users (and which machines) are to be connected wirelessly. At our site, normal users use desktops (two abnormal users use laptops) and connect with a cable. One of them never leaves her desk during the working day, the other rarely, so little point configuring their machines to connect wirelessly - we'd rather they get gigabit speeds.

                        The IT staff on the other hand wander all over the place with their laptops and therefore connect wirelessly. The AP is installed outside of the ISA firewall and we VPN into the network - we use our own laptops.
                        Gareth Howells

                        BSc (Hons), MBCS, MCP, MCDST, ICCE

                        Any advice is given in good faith and without warranty.

                        Please give reputation points if somebody has helped you.

                        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                        Comment


                        • #13
                          Re: New Server 2003 user, can't add pc to DC/AD

                          You say your notebook can see the fileserver but it can not ping it- so how does it "see" the server?

                          Run the command "IPCONFIG /ALL" in a CMD session and post the results here.

                          I take it the network settings on your notebook are set to DHCP? As a test, set the IP address, subnet and gateway as static addresses instead. Your gateway should be your router. DNS needs to be the IP of the server.

                          Can you ping both the server and notebook from the router?

                          Disable ALL firewalls whether hardware or software on both machines- I've had many issues with these and once disabled all works fine.
                          |
                          +-- JDMils
                          |
                          +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
                          |

                          Comment


                          • #14
                            Re: New Server 2003 user, can't add pc to DC/AD

                            Originally posted by gforceindustries View Post

                            There are arguments for and against installing the WAP at the network edge, outside of the network firewall. It mainly depends on which users (and which machines) are to be connected wirelessly. At our site, normal users use desktops (two abnormal users use laptops) and connect with a cable. One of them never leaves her desk during the working day, the other rarely, so little point configuring their machines to connect wirelessly - we'd rather they get gigabit speeds.

                            The IT staff on the other hand wander all over the place with their laptops and therefore connect wirelessly. The AP is installed outside of the ISA firewall and we VPN into the network - we use our own laptops.
                            The only time we've used an edge WAP is to allow Internet Access to visitors without them being on the corporate network. Any other time we advocate 802.1x authentication, seeing as we're supposed to be security experts.

                            Back on topic, what is the Netgear product? I've seen more than a few forum posts around indicating DHCP relay issues with Netgear routers, so there may be a firmware upgrade available.
                            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                            sigpic
                            Cruachan's Blog

                            Comment


                            • #15
                              Re: New Server 2003 user, can't add pc to DC/AD

                              The router is a WGR614v9 having it check for firmware updates now.

                              @JDMils: It was able to see the server when I had everything going through a workgroup, sorry for not posting that. Ever since I changed everything over to domain, the server has been able to see and ping the laptop but not vice versa.

                              Like I posted before, I turned the DHCP server off on my router and configured the new IP address and authorized my DHCP/DNS stuff in AD and my server could still get online, but only because I think the server has a forwarder and clients don't have anything like that, that i'm aware of.

                              Ah, my routers current firmware is 1.0.15, i'll be updating that now to 1.2.2 - Good cal cruachan. I'll see how this pans out and post updates on everyone's suggestions tomorrow.

                              EDIT: At this point, after updating, I allow my Internet IP to be obtained automatically from the router. For the DNS, I have the primary server as my server, and secondary as my ISP DNS. (Have to use router as DHCP server for now as my wife can't wait all day for me to fiddle with this server business) We do have port forwarding on here with a server IP address option. Aside from DMZ server that's all I can really see about DHCP relay. I'll post all the available menu screens here so you can see what needs to be done.

                              Sorry for the large crappy screenshots, at least it's legible!






                              Last edited by korsen; 6th January 2009, 03:23.

                              Comment

                              Working...
                              X