LAN and IE connection disabled for domain users

Discussion in 'Windows Small Business Server' started by Vidar, Aug 9, 2004.

  1. Vidar

    Vidar Guest

    I have just reinstalled a SBS2003Pre with all the updates. ISA is not in use.
    The domain client communicate OK with the server. But the LAN connection is
    no longer available when using IE (only the VPN). Local users can access the
    LAN and Internet as normal.
    Is there a policy restriction that makes a NIC unavailable?
    How can I make the LAN available for domain clients?
     
    Vidar, Aug 9, 2004
    #1
    1. Advertisements

  2. Hi Vidar,

    Can you post the ipconfig/all from the server?
     
    Marina Roos [SBS-MVP], Aug 9, 2004
    #2
    1. Advertisements

  3. Vidar

    Vidar Guest

    Hi Marina
    Yes, there is a suspicious occurrence. The listing says that LAN is not DHCP
    enabled. How do I enable it? (Or should I look for something else?)
     
    Vidar, Aug 9, 2004
    #3
  4. Hi Vidar,

    The servernics should be static, so not DHCP enabled anyway. Can you post it
    please?

    --
    Regards,

    Marina
    Microsoft SBS-MVP
     
    Marina Roos [SBS-MVP], Aug 9, 2004
    #4
  5. Hi Vidar,

    How many nics do you have in the server? 3? Disable the 3rd one. You might
    consider putting a router between your external nic and the DSL-connection,
    so you can give the external nic a static IP. The DNS suffix on your
    external nic might cause problems too. You should only have one suffix.
    Check DHCP-server, Scope options. 015 should only point to your local AD
    domain name.
    Check out www.smallbizserver.net, Network.

    --
    Regards,

    Marina
    Microsoft SBS-MVP
     
    Marina Roos [SBS-MVP], Aug 9, 2004
    #5
  6. Vidar

    Vidar Guest

    Hi again Marina

    Well yes, there is an unplugged additional NIC that I now have disabled. I
    am also aware of the risk with WAN dynamic address.
    However, the LAN NIC for domain users is still unavailable. It was available
    at the previous SBS installation and I still suspect it is a policy/security
    related setting (maybe set with an SBS update). Is there a policy concerning
    NICs, and where can I find it?
    Best regards
     
    Vidar, Aug 10, 2004
    #6
  7. Hi Vidar,

    Can you post a fresh ipconfig/all? Make sure that netbios over tcp/ip is
    enabled on the internal LAN-nic (it should be disabled on the external nic).
    Are the clients joined to the domain after the reinstall? Do their
    ipconfig/all show that everything is pointing to the server-IP?

    --
    Regards,

    Marina
    Microsoft SBS-MVP
     
    Marina Roos [SBS-MVP], Aug 10, 2004
    #7
  8. Vidar,

    1. In addition to what Marina has already asked you to do, open the Network Connections Applet in control panel.
    2. Click on Advanced on the Menu Bar, select Advanced settings... from the drop down list.
    3. The server's LAN connection should be the topmost connection in the top window. Use the Arrow buttons to move the LAN connection
    to the top of the list if it is not already there, followed by the WAN connection, disabled connections and remote access, in that order, top
    to bottom.
    4. Select the server's WAN connection in the top window. Uncheck all items bound to it in the bottom window.
    5. Click OK to close the Advanced Settings dialog box.
    6. Open the properties of the WAN connection. Uncheck all items checked on the general tab except Internet protocol.
    7. Select Internet Protocol, click on the properties button.
    9. The server should point to its internal IP for DNS and no others.
    10. Click on the advanced button.
    11. On the DNS tab, uncheck "Append parent suffixes of the primary DNS suffix" and "register this connection's addresses in DNS."
    12. On the WINS tab, ensure that no WINS server address is listed, that "Enable LMHOSTS lookup" is checked and "Disable NetBIOS over
    TCP/IP" is selected. OK out of the properties of the WAN connection.
    13. Bring up the properties of any disabled connections. Set their IP address to an a bogus IP in the range 172.16.0.1 to 172.31.255.254,
    mask 255.255.255.0, no DG, no DNS server address, no WINS server address. Disable "NetBIOS over TCP/IP" but leave "Enable LMHOSTS
    lookup" checked.
    14. Open properties of the DHCP server. Go to the Advanced tab. Click on the bindings button. Verify that DHCP is bound only to the LAN
    connection.
    15. Restart the server.
    16. Test connectivity.

    Best Regards,

    Ricky Morris
    Microsoft Small Business Server Support
    This posting is provided "AS IS" with no warranties, and confers no rights.

    Newsgroups:
    SBS v4.x : microsoft.public.backoffice.smallbiz
    SBS 2000: microsoft.public.backoffice.smallbiz2000
    SBS 2003: microsoft.public.windows.server.sbs


    --------------------
    Thread-Topic: LAN and IE connection disabled for domain users
    thread-index: AcR+19yEQGdzzvCxSd2h5+QXx5RInQ==
    X-WBNR-Posting-Host: 195.47.166.25
    From: "=?Utf-8?B?VmlkYXI=?=" <>
    References: <> <#> <443D691C-
    > <> <81C69484-2AAD-44F0-9C4E-
    > <>
    Subject: Re: LAN and IE connection disabled for domain users
    Date: Tue, 10 Aug 2004 05:45:05 -0700
    Lines: 152
    Message-ID: <>
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset="Utf-8"
    Content-Transfer-Encoding: 7bit
    X-Newsreader: Microsoft CDO for Windows 2000
    Content-Class: urn:content-classes:message
    Importance: normal
    Priority: normal
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    Newsgroups: microsoft.public.windows.server.sbs
    NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
    Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA03.phx.gbl
    Xref: cpmsftngxa06.phx.gbl microsoft.public.windows.server.sbs:95482
    X-Tomcat-NG: microsoft.public.windows.server.sbs

    Hi again Marina

    Well yes, there is an unplugged additional NIC that I now have disabled. I
    am also aware of the risk with WAN dynamic address.
    However, the LAN NIC for domain users is still unavailable. It was available
    at the previous SBS installation and I still suspect it is a policy/security
    related setting (maybe set with an SBS update). Is there a policy concerning
    NICs, and where can I find it?
    Best regards
     
    Ricky Morris [MSFT], Aug 10, 2004
    #8
  9. Vidar

    Vidar Guest

    Hi Marina and Ricky

    I have done all you suggested. Most was OK but the disabled NIC needed some
    resetting. However, the domain client can still not connect via LAN by IE.

    I suspect the http://<server>/connectcomputer procedure was not successful
    the first time. Now I get the messages (server) "An error occurred when
    configuring networking settings. See your network administrator" and (client)
    "The selected computer is already a member of this domain.
    There is no need to run the SBS Network Wizard again."

    Is there a way to reset the connectcomputer settings and do the procedure
    from scratch?

    Anyway, here is the listing you asked for:

    SBS 2003 PRE.

    C:\>ipconfig /all
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : xxxxxx
    Primary Dns Suffix . . . . . . . : xxx.local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : Yes
    DNS Suffix Search List. . . . . . : xxx.local
    tele2adsl.dk

    Ethernet adapter WAN ISP:
    Connection-specific DNS Suffix . : tele2adsl.dk
    Description . . . . . . . . . . . : D-Link DFE-530TX PCI Fast Ethernet
    Adapte
    r (rev.C)
    Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 195.47.xxx.xx
    Subnet Mask . . . . . . . . . . . : 255.255.224.0
    Default Gateway . . . . . . . . . : 195.47.xxx.x
    DHCP Server . . . . . . . . . . . : 130.227.xxx.xx
    DNS Servers . . . . . . . . . . . : 192.168.16.2
    NetBIOS over Tcpip. . . . . . . . : Disabled
    Lease Obtained. . . . . . . . . . : 11. august 2004 13:13:00
    Lease Expires . . . . . . . . . . : 11. august 2004 13:43:00

    Ethernet adapter LAN HUB:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
    Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.16.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.16.2
    Primary WINS Server . . . . . . . : 192.168.16.2

    ----------------
    CLIENT COMPUTER:

    C:\>ipconfig /all
    Windows IP-konfiguration
    Værtsnavn. . . . . . . . . . . . . . . . . . : xxxLT1
    Primært DNS-suffiks. . . . . . . . . . . . . : xxx.local
    Nodetype . . . . . . . . . . . . . . . . . . : Hybrid
    IP-routing aktiveret . . . . . . . . . . . . : Nej
    WINS-proxy aktiveret . . . . . . . . . . . . : Nej
    Søgeliste for DNS-suffiks. . . . . . . . . . : xxx.local

    Ethernet-netværkskort LANWAN:
    Forbindelsesspecifikt DNS-suffiks. . . . . . : xxx.local
    Beskrivelse. . . . . . . . . . . . . . . . . : Broadcom 440x 10/100
    Integr
    ated Controller
    Fysisk adresse . . . . . . . . . . . . . . . : xx-xx-xx-xx-xx-xx
    Dhcp aktiveret . . . . . . . . . . . . . . . : Ja
    Automatisk konfiguration aktiveret . . . . . : Ja
    IP-adresse . . . . . . . . . . . . . . . . . : 192.168.16.10
    Undernetmaske. . . . . . . . . . . . . . . . : 255.255.255.0
    Standardgateway. . . . . . . . . . . . . . . : 192.168.16.2
    DHCP-server. . . . . . . . . . . . . . . . . : 192.168.16.2
    DNS-servere. . . . . . . . . . . . . . . . . : 192.168.16.2
    Primær WINS-server . . . . . . . . . . . . . : 192.168.16.2
    Rettigheden opnået . . . . . . . . . . . . . : 11. august 2004 13:16:23
    Rettigheden udløber. . . . . . . . . . . . . : 19. august 2004 13:16:23


     
    Vidar, Aug 11, 2004
    #9
  10. Hi Vidar,

    Can you connect to the internet from the server without problems? If not,
    you might consider putting a router between your external nic and the
    internetdevice. That way you can give your external nic a static IP.
    Still a bit worried about that extra dns suffix.

    You can rerun the connectcomputer. Delete the computeraccount and recreate
    it, than rerun servername/connectcomputer from the workstation.

    --
    Regards,

    Marina
    Microsoft SBS-MVP

     
    Marina Roos [SBS-MVP], Aug 11, 2004
    #10
  11. Vidar

    Vidar Guest

    Hi Marina

    I finally figured out why the LAN NIC was unavailable for the client. The
    Connectcomputer procedure did not complete, because it SBS thought it already
    had done it. However, it was the previous SBS installation that created the
    <user>.<computer> document folder.
    I had to rename the document folder so the new SBS installation could do the
    complete user migration.

    (I must say that some messages and options could be more helpful, when
    trying to migrate a client for the second time.)

    Thanks for the info, I learned a lot about NICs and that it was not policy
    related.


     
    Vidar, Aug 11, 2004
    #11
  12. Hi Vidar,

    Glad you have got that solved. Thanks for reporting back.

    --
    Regards,

    Marina
    Microsoft SBS-MVP
     
    Marina Roos [SBS-MVP], Aug 11, 2004
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.