W2008 Server Network and Sharing Center

Is there a way to turn this off and have networking and file sharing the way
w2003 works?

Devil of a time getting a W2008 server with the file server role to share
folders and drives on the network. I can publishe them in Active Directory,
they can be searchable via Active Directory, I can assign permissions to
allow domain users to access them but users can not map a drive or even open
the share even with their firewall, the w2008 server firewall turns off.

The only message I get is network path not found and diagonstics simply says
no problems with connection to the internet.

additional information:

The problem appears to be that the W2008 Server does not allow any network
connection to it, but it will connect to other computers on the network.
Even from a domain controller, I can manage the DC from the W2008 Server but
I can not manage the W2008 from the DC. It's as if there is something
blocking all inbound traffic, but allowing all outbound traffic and that's
with the firewall turned off.

"DRasmussen" wrote:

> Is there a way to turn this off and have networking and file sharing the way
> w2003 works?
>
> Devil of a time getting a W2008 server with the file server role to share
> folders and drives on the network. I can publishe them in Active Directory,
> they can be searchable via Active Directory, I can assign permissions to
> allow domain users to access them but users can not map a drive or even open
> the share even with their firewall, the w2008 server firewall turns off.
>
> The only message I get is network path not found and diagonstics simply says
> no problems with connection to the internet.
>
>

When a server is made a DC, packet-signing is also enforced:

http://technet.microsoft.com/en-us/l...81(WS.10).aspx

In principle this shouldn't be a problem with XP clients, but it might be
worth changing the policy and doing 'gpupdate /force' to see if it clears the
problem.

General symptom of this setting causing trouble is the share being visible
but appearing to be empty.

If you are on a single-site LAN with little opportunity for clandestine
computers to connect, signing is not essential.

"DRasmussen" wrote:

> additional information:
>
> The problem appears to be that the W2008 Server does not allow any network
> connection to it, but it will connect to other computers on the network.
> Even from a domain controller, I can manage the DC from the W2008 Server but
> I can not manage the W2008 from the DC. It's as if there is something
> blocking all inbound traffic, but allowing all outbound traffic and that's
> with the firewall turned off.
>
> "DRasmussen" wrote:
>
> > Is there a way to turn this off and have networking and file sharing the way
> > w2003 works?
> >
> > Devil of a time getting a W2008 server with the file server role to share
> > folders and drives on the network. I can publishe them in Active Directory,
> > they can be searchable via Active Directory, I can assign permissions to
> > allow domain users to access them but users can not map a drive or even open
> > the share even with their firewall, the w2008 server firewall turns off.
> >
> > The only message I get is network path not found and diagonstics simply says
> > no problems with connection to the internet.
> >
> >

"DRasmussen" <> wrote in message
news:2E29AD9C-6906-4554-9F10-...
> additional information:
>
> The problem appears to be that the W2008 Server does not allow any network
> connection to it, but it will connect to other computers on the network.
> Even from a domain controller, I can manage the DC from the W2008 Server
> but
> I can not manage the W2008 from the DC. It's as if there is something
> blocking all inbound traffic, but allowing all outbound traffic and that's
> with the firewall turned off.
>
> "DRasmussen" wrote:
>
>> Is there a way to turn this off and have networking and file sharing the
>> way
>> w2003 works?
>>
>> Devil of a time getting a W2008 server with the file server role to share
>> folders and drives on the network. I can publishe them in Active
>> Directory,
>> they can be searchable via Active Directory, I can assign permissions to
>> allow domain users to access them but users can not map a drive or even
>> open
>> the share even with their firewall, the w2008 server firewall turns off.
>>
>> The only message I get is network path not found and diagonstics simply
>> says
>> no problems with connection to the internet.
>>
>>


Please post an ipconfig /all from the 2008 machine and a sample client
machine. This will help allow us to evaluate the current config and provide
recommendations and suggestions.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

They, meaning the workstations and the server are all on the same subnet.
This is in a W2003 AD domain with W2008 member server with the file server
role installed and shares created and published in AD and a Windows XP as
well as Windows 7 clients. Connectivity on the member server file server is
fine. Can actually map shares on the W2008 file server to another file server
without problems. Clients however can not map a drive to the new W2008 file
server. Even when firewalls are turned off on both clients and W2008 server.
ping works just fine.

This isn't the first problem I've had with Network and Sharing Center in a
domain environment. The solution the last time was reinstall the server o/s
but in this case it's not an option.

"Ace Fekay [MCT]" wrote:

> "DRasmussen" <> wrote in message
> news:2E29AD9C-6906-4554-9F10-...
> > additional information:
> >
> > The problem appears to be that the W2008 Server does not allow any network
> > connection to it, but it will connect to other computers on the network.
> > Even from a domain controller, I can manage the DC from the W2008 Server
> > but
> > I can not manage the W2008 from the DC. It's as if there is something
> > blocking all inbound traffic, but allowing all outbound traffic and that's
> > with the firewall turned off.
> >
> > "DRasmussen" wrote:
> >
> >> Is there a way to turn this off and have networking and file sharing the
> >> way
> >> w2003 works?
> >>
> >> Devil of a time getting a W2008 server with the file server role to share
> >> folders and drives on the network. I can publishe them in Active
> >> Directory,
> >> they can be searchable via Active Directory, I can assign permissions to
> >> allow domain users to access them but users can not map a drive or even
> >> open
> >> the share even with their firewall, the w2008 server firewall turns off.
> >>
> >> The only message I get is network path not found and diagonstics simply
> >> says
> >> no problems with connection to the internet.
> >>
> >>
>
>
> Please post an ipconfig /all from the 2008 machine and a sample client
> machine. This will help allow us to evaluate the current config and provide
> recommendations and suggestions.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit among
> responding engineers, and to help others benefit from your resolution.
>
> Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
> Messaging
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
>

"DRasmussen" <> wrote in message
news:FF96D8EE-7AC2-41F6-BDF6-...
> They, meaning the workstations and the server are all on the same subnet.
> This is in a W2003 AD domain with W2008 member server with the file server
> role installed and shares created and published in AD and a Windows XP as
> well as Windows 7 clients. Connectivity on the member server file server
> is
> fine. Can actually map shares on the W2008 file server to another file
> server
> without problems. Clients however can not map a drive to the new W2008
> file
> server. Even when firewalls are turned off on both clients and W2008
> server.
> ping works just fine.
>
> This isn't the first problem I've had with Network and Sharing Center in a
> domain environment. The solution the last time was reinstall the server
> o/s
> but in this case it's not an option.
>


I can understand being reluctant to post an ipconfig /all. You can hide the
domain name. The ipconfigs help to rule out basic configuration errors.

It is quite unfortunate to hear that you've had to resolve to a
reinstallation to fix such an issue. I have numerous customers on 2008 in an
all 2008 and mixed 2003/2008 environment with various clients (9x, XP, Vista
and Mac OSx), where I haven't seen this issue yet.

Without any config data to go on, such as the ipconfigs, what antivirus is
in use, etc, what I can suggest is to disable the TCP Chimney feature on
2008. Another suggestion is to reduce SMB to v1. XP uses SMB v1.0, but Vista
and newer including 2008, uses SMB v2. I remember a similar issue with 2003
servers with using CA antivirus. It tool CA support 3 months to figure it
out after lots of testing and time on the phone with them. What prompted us
that it was CA was when we disabled CA services, there were no problems, but
once the service was started, problems resurfaced. They updated their
scanner DLL, which took care of it.

If using Symantec Endpoint:
http://service1.symantec.com/support...8?Open&seg=ent

This can also be due to system resource depletion. The following (including
how to disable the TCP Chimney RSS feature, was quoted from (which appears
to be similar to what you are experiencing):
http://social.technet.microsoft.com/...c-5ad06018ef35

====
1) please follow the steps to create or adjust the following registries on
the problematic server and then reboot the server to test again.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Lanmanserver\parameters

added the following DWORD registry values:

a) Description: Maximum Work Items
Value Name: MaxWorkItems
Data Type: REG_DWORD
Value data: 0x2000 or 8192 (decimal)

b) Description: Size of a Requested Buffer
Value Name: SizReqBuf
Data Type: REG_DWORD
Value data: 0x4104 or 16644 (decimal)

2) Please run the following commands on the problematic Windows 2008 server
and then reboot it:

netsh int tcp set global RSS=disabled
netsh interface tcp set global autotuninglevel=disabled
netsh int tcp set global chimney=disabled
====

I hope that helps.

Ace

The ipconfig/all results show a subnet 192.168.X.X Default gateway
192.168.X.X which is the internal network router, DNS is 192.168.X.X which is
the AD DNS server. DHCP server provides clients with with addresses on the
192.168.X.X subnet with servers having reserved addresses in DHCP [all
servers have static addresses]. Again ping works on the lan meaning clients
can ping the W2008 server but can not map a network drive to shared folders.
This is a domain environment so Network and Sharing Center classifies the
connection as domain, not public. The AV is Avast without the firewall
component. What I've done to try and resolve the problem is uninstall all
roles, unshared all shares [required to remove fileserver role, except admin]
then reinstall file server role and create shares. Turned off the Windows
Firewall on both server and clients and the problem persists. As I've said,
this is not the first time I've run across this problem with Windows Server
2008. The previous problem happened as the result of retasking a W2008 server
from a multi-homed remote access server to a DFS file server role. Once the
RRAS role was removed, could not have clients access the W2008 server no
matter what I tried. The result was to reinstall W2008 to fix the problem.
This current situation was not retasking a RRAS server but a demotion of a DC
to a file server. The event logs do not have any errors or security alerts
which indicate residual configurations that might block inbound traffic. My
thinking is that retasking a server to a different role might leave some
residual configurations that the role wizards don't get rid of that interfer
with the new role. What I haven't done is change the NIC address to try and
have Network and Sharing Center reclassify the Network. Note: Network
Discovery and Sharing are all enabled in Network and Sharing Center.



"Ace Fekay [MCT]" wrote:

> "DRasmussen" <> wrote in message
> news:FF96D8EE-7AC2-41F6-BDF6-...
> > They, meaning the workstations and the server are all on the same subnet.
> > This is in a W2003 AD domain with W2008 member server with the file server
> > role installed and shares created and published in AD and a Windows XP as
> > well as Windows 7 clients. Connectivity on the member server file server
> > is
> > fine. Can actually map shares on the W2008 file server to another file
> > server
> > without problems. Clients however can not map a drive to the new W2008
> > file
> > server. Even when firewalls are turned off on both clients and W2008
> > server.
> > ping works just fine.
> >
> > This isn't the first problem I've had with Network and Sharing Center in a
> > domain environment. The solution the last time was reinstall the server
> > o/s
> > but in this case it's not an option.
> >
>
>
> I can understand being reluctant to post an ipconfig /all. You can hide the
> domain name. The ipconfigs help to rule out basic configuration errors.
>
> It is quite unfortunate to hear that you've had to resolve to a
> reinstallation to fix such an issue. I have numerous customers on 2008 in an
> all 2008 and mixed 2003/2008 environment with various clients (9x, XP, Vista
> and Mac OSx), where I haven't seen this issue yet.
>
> Without any config data to go on, such as the ipconfigs, what antivirus is
> in use, etc, what I can suggest is to disable the TCP Chimney feature on
> 2008. Another suggestion is to reduce SMB to v1. XP uses SMB v1.0, but Vista
> and newer including 2008, uses SMB v2. I remember a similar issue with 2003
> servers with using CA antivirus. It tool CA support 3 months to figure it
> out after lots of testing and time on the phone with them. What prompted us
> that it was CA was when we disabled CA services, there were no problems, but
> once the service was started, problems resurfaced. They updated their
> scanner DLL, which took care of it.
>
> If using Symantec Endpoint:
> http://service1.symantec.com/support...8?Open&seg=ent
>
> This can also be due to system resource depletion. The following (including
> how to disable the TCP Chimney RSS feature, was quoted from (which appears
> to be similar to what you are experiencing):
> http://social.technet.microsoft.com/...c-5ad06018ef35
>
> ====
> 1) please follow the steps to create or adjust the following registries on
> the problematic server and then reboot the server to test again.
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Lanmanserver\parameters
>
> added the following DWORD registry values:
>
> a) Description: Maximum Work Items
> Value Name: MaxWorkItems
> Data Type: REG_DWORD
> Value data: 0x2000 or 8192 (decimal)
>
> b) Description: Size of a Requested Buffer
> Value Name: SizReqBuf
> Data Type: REG_DWORD
> Value data: 0x4104 or 16644 (decimal)
>
> 2) Please run the following commands on the problematic Windows 2008 server
> and then reboot it:
>
> netsh int tcp set global RSS=disabled
> netsh interface tcp set global autotuninglevel=disabled
> netsh int tcp set global chimney=disabled
> ====
>
> I hope that helps.
>
> Ace
>
>
>

"DRasmussen" <> wrote in message
news:91F2EE29-24DF-435F-AD68-...
> The ipconfig/all results show a subnet 192.168.X.X Default gateway
> 192.168.X.X which is the internal network router, DNS is 192.168.X.X which
> is
> the AD DNS server. DHCP server provides clients with with addresses on the
> 192.168.X.X subnet with servers having reserved addresses in DHCP [all
> servers have static addresses]. Again ping works on the lan meaning
> clients
> can ping the W2008 server but can not map a network drive to shared
> folders.
> This is a domain environment so Network and Sharing Center classifies the
> connection as domain, not public. The AV is Avast without the firewall
> component. What I've done to try and resolve the problem is uninstall all
> roles, unshared all shares [required to remove fileserver role, except
> admin]
> then reinstall file server role and create shares. Turned off the Windows
> Firewall on both server and clients and the problem persists. As I've
> said,
> this is not the first time I've run across this problem with Windows
> Server
> 2008. The previous problem happened as the result of retasking a W2008
> server
> from a multi-homed remote access server to a DFS file server role. Once
> the
> RRAS role was removed, could not have clients access the W2008 server no
> matter what I tried. The result was to reinstall W2008 to fix the problem.
> This current situation was not retasking a RRAS server but a demotion of a
> DC
> to a file server. The event logs do not have any errors or security alerts
> which indicate residual configurations that might block inbound traffic.
> My
> thinking is that retasking a server to a different role might leave some
> residual configurations that the role wizards don't get rid of that
> interfer
> with the new role. What I haven't done is change the NIC address to try
> and
> have Network and Sharing Center reclassify the Network. Note: Network
> Discovery and Sharing are all enabled in Network and Sharing Center.

I see. You've changed the role of the server in both scenarios, which caused
the problem. The rule of thumb with demotions is to reinstall the machine.
As for RRAS, and being multihomed at one point then removing the RRAS role,
shouldn't have residual effects. I assume you've removed the role, then made
sure the RRAS services were not running, then disabled the additional NIC or
teamed it to one logical interface? This should normally be ok after
removing the RRAS role. It also could be an IPSec rule or TCP filtering from
RRAS that has lingered from the RRAS interfaces, or even a static route
entry that RRAS put in (in a cmd prompt, type in 'route print'), although it
shouldn't. But then again, I usually fall back to my rule of thumb. Same
goes when someone asks about upgrading a machine from 2000 to 2003, or 2003
to 2008. I usually say it's not a good idea.

You can take a look at what I mentioned, or even try to change the IP to a
different subnet IP, then change it back.

Ace

Is this the rule of thumb for W2008? In retasking servers in Windows 2003,
I've never had to reinstall the operating system. A domain controller demoted
to a member server and then used for file services never had this problem.
Same with a RRAS server. It's a simple method to share out some folders and
Volia you can find the shares in Network or browse for them.

While the enhanced security is a good idea, if they made it where the server
is unusable if retasked,...... griping here doesn't solve the problem.....

Any other ideas before I tell the company I have to reinstall the operating
system?


"Ace Fekay [MCT]" wrote:

> "DRasmussen" <> wrote in message
> news:91F2EE29-24DF-435F-AD68-...
> > The ipconfig/all results show a subnet 192.168.X.X Default gateway
> > 192.168.X.X which is the internal network router, DNS is 192.168.X.X which
> > is
> > the AD DNS server. DHCP server provides clients with with addresses on the
> > 192.168.X.X subnet with servers having reserved addresses in DHCP [all
> > servers have static addresses]. Again ping works on the lan meaning
> > clients
> > can ping the W2008 server but can not map a network drive to shared
> > folders.
> > This is a domain environment so Network and Sharing Center classifies the
> > connection as domain, not public. The AV is Avast without the firewall
> > component. What I've done to try and resolve the problem is uninstall all
> > roles, unshared all shares [required to remove fileserver role, except
> > admin]
> > then reinstall file server role and create shares. Turned off the Windows
> > Firewall on both server and clients and the problem persists. As I've
> > said,
> > this is not the first time I've run across this problem with Windows
> > Server
> > 2008. The previous problem happened as the result of retasking a W2008
> > server
> > from a multi-homed remote access server to a DFS file server role. Once
> > the
> > RRAS role was removed, could not have clients access the W2008 server no
> > matter what I tried. The result was to reinstall W2008 to fix the problem.
> > This current situation was not retasking a RRAS server but a demotion of a
> > DC
> > to a file server. The event logs do not have any errors or security alerts
> > which indicate residual configurations that might block inbound traffic.
> > My
> > thinking is that retasking a server to a different role might leave some
> > residual configurations that the role wizards don't get rid of that
> > interfer
> > with the new role. What I haven't done is change the NIC address to try
> > and
> > have Network and Sharing Center reclassify the Network. Note: Network
> > Discovery and Sharing are all enabled in Network and Sharing Center.
>
> I see. You've changed the role of the server in both scenarios, which caused
> the problem. The rule of thumb with demotions is to reinstall the machine.
> As for RRAS, and being multihomed at one point then removing the RRAS role,
> shouldn't have residual effects. I assume you've removed the role, then made
> sure the RRAS services were not running, then disabled the additional NIC or
> teamed it to one logical interface? This should normally be ok after
> removing the RRAS role. It also could be an IPSec rule or TCP filtering from
> RRAS that has lingered from the RRAS interfaces, or even a static route
> entry that RRAS put in (in a cmd prompt, type in 'route print'), although it
> shouldn't. But then again, I usually fall back to my rule of thumb. Same
> goes when someone asks about upgrading a machine from 2000 to 2003, or 2003
> to 2008. I usually say it's not a good idea.
>
> You can take a look at what I mentioned, or even try to change the IP to a
> different subnet IP, then change it back.
>
> Ace
>
>
>
>
>

"DRasmussen" <> wrote in message
news:0E80CBED-3CB4-46D2-8A62-...
> Is this the rule of thumb for W2008? In retasking servers in Windows
> 2003,
> I've never had to reinstall the operating system. A domain controller
> demoted
> to a member server and then used for file services never had this problem.
> Same with a RRAS server. It's a simple method to share out some folders
> and
> Volia you can find the shares in Network or browse for them.
>
> While the enhanced security is a good idea, if they made it where the
> server
> is unusable if retasked,...... griping here doesn't solve the problem.....
>
> Any other ideas before I tell the company I have to reinstall the
> operating
> system?
>


No, it's not a defacto rule of thumb. It's just a personal thing. Besides
being a consultant, I'm also a trainer, and have had numerous corporate IT
students recall issues with machines only to find after some questioning
that it was previously this type of server or that type of server, or it was
an upgraded server from a previous OS and wasn't reinstalled. It just
happens. Personally, I've been using this mindset to eliminate any
possibility of issues, especially a production machine, whether 2008 or
previous operating systems, especially domain controllers. Haven't had any
problems.

It helps me sleep better at nights.

As for why or what is going on with a previously roled RRAS server, I can't
think of anything otehr than previously mentioned with possible lingerig TCP
filtering or IPSec rule, especailly if it was a NAP server. You would have
to go through the security policies to make sure nothing is not default, or
even reapply the default server INF to reset it just to make sure all
settings are fresh.

Ace