Windows 2003 and subsequent Home Network issues

I've recently upgraded our company domain server to 2003 server and use
this for DNS as well. Prior to this, we ran NT 4. Now several of us have
laptops (including myself) and home wireless/wired networks. All of which
worked flawlessly before the server upgrade. Now...when myself or others try
to connect to their home workgroups (to XP or Win2k boxes), we're getting
the error. "There are no logon servers available to service the logon
request". This happens whether I try to connect to a Win2K box or an XP box.
Both machines are on a wired/wireless b network using a Linksys Broadband
Router. Others that are having the same problem use Linksys as well as other
brands...same problem occurs. I assume this is a DNS issue. Also worthy of
noting is that we all run IpSec thru FreeSwan for our VPN and this of course
works fine. In any event...I've tried everything to try and fix this and
still no luck. I'm going a little nuts trying to resolve this. Strangely
enough though...I used "Net Use" once and it did work for one of my machines
but now...not anymore. Same error at the DOS prompt every time.

Am I missing something??

Please, need help!

TIA,
Pikk

 

can you ping the DNS server by ip? if yes, can you ping it by name? What do
you get if using nslookup?

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.

 

If your machine is configured to log into a domain and it is connected to
an IP network, it will try to do a domain login. So the delay you see is
caused by the machine trying to find the DNS server to get the location of
the login server.

Search Help for info on hardware profiles. You may need to set up a
different hardware profile for your home and office setup. There are also
third party software solutions such as netswitcher www.netswitcher.com

 

If you are running XP, you could also look at the alternate config option
on your NIC.

 

Bill

Thanks for the reply. I have to admit...I'm very new to DNS and Win2K3
so bear with me. This email may get a little long but I really need helpt o
fix this. My boss is threatening to hire an outside consutant for this now.
It appears that his wireless access at the airport fails now too.
Anyway...following is a breakdown of what my configuration is and whatI've
tried. I hope this is not too long.

Basically...what I said in my first email, stands. Last night I tried a new
HW profile to no avail. Same logon server error. I've also tried netswitcher
and this failed also. As well, I created a new lmhosts file and this...of
course, didn't work either. It appears to me that maybe I'm missing
something on my server. Or maybe our machine names screw it up. If I could
at least get it working when logged into the VPN...that'd be fine. But even
this fails to allow us to browse our home and/or "outside wireless" networks
although, access to our server and exchange mail works.

Here's my configuration.

Laptop w/ Win2K Pro. SP3 (all remote users...same config)
Machine connects to a Win2K3 Server that runs DNS and DHCP, at the office.
Machine names are "laptop.hq.mydomain.com"
IP config is standard...use DHCP and I add the Win2K3 server's IP for DNS
(which I think I need to change)
lmhosts file used for remote access to certian servers...mainly the Exchange
box.
My new lmhosts (I created last night for testing), looks like this
....
205.207.240.129 srv2k3
205.207.240.129 "srv2k3 \0x1b" #PRE
205.207.240.129 srv2k3 #PRE #DOM:srv2k3 #DII DC
....

My old lmhosts looks like this.
....
205.207.240.129 srv2k3 #PRE #DOM:server
205.207.240.179 unity #PRE #DOM server
205.207.240.129 srv2k3 #PRE
205.207.240.157 wdemo
....
nslookup returns this when I run it at work. ???
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 205.207.240.129: Timed out
*** Default servers are not available
Default Server: UnKnown
Address: 205.207.240.129

Anyway...that's all for now. Again, sorry for the huge reply.

Thanks Tons!!

P'

 

Are you trying to log on to your company domain from outside of your
companies LAN? Or are you simply trying to use the laptop for general
purpose use while away from the company headquarters?

 

Yes...well a bit of both.

All of us that have the issue run laptops. Under the old setup (NT 4.0 PDC),
we had no problems. When we are away from the network (home or on the road),
we run IpSec to FreeSwan for a VPN into the office. This gives my users and
myself access to Exchange and Goldmine server. This actually still works
except when trying to connect from certain access points like the airports
wireless zones. In any event, the problem follows us home too. I can no
longer gain access to my home network since the server upgrade. I get "No
logon servers available..." errors when I try. Same for all others.

So, to sum up...we use our LT's for VPN and for connecting across our home
networks.

Thanks for your time!

P

 

When you are away from the office, when logging in to your laptop, are you
using your normal domain account, or an alternate "local computer" account?

 

Hi Alan

I use my normal domain account. I have to do this because I want to be able
to connect to my Exchange server (via ourVPN). It's an interesting question
because my home network access is fine when I login locally on my laptop as
administrator...so as I suspect other users will work as well. Problem
is...we need to access the Exchange server and run Outlook. Logging in
locally creates another set of problems where that's concerned.

P

 

With NT, you find the login server by its Netbios name. With AD, you
find it through DNS.

If you want to do a domain login from your home network, your client will
need to have some way of finding the corporate DNS server. (If it can't,
there will be a long delay.) That is where the SRV records to identify the
logon server are stored. Is the VPN up when you try to login, or do you need
to log in first?

 

Bill

Actually...we're not trying to do a domain login from the home network. We
are simply trying to get onto our home networks. Logging into the domain is
not the problem. The problem is that when I'm at home, connected to my
router via my LT (logged in with my domain account)...I can't get on to my
home network. I get logon server errors. VPN works fine on most
networks...including home. And if I login locally on my laptop with the
admin account...I can see my home network fine.

I know..it's rather confusing.

THnx

P

 

I don't really find that bit confusing. If you are logged into your work
domain, you will not have valid credentials for your home network (and vice
versa). That is how it is supposed to work.

 

Hi Bill

Well, I beg to differ but perhaps this is how it works in the Win2K3 world.
It certainly worked fine when we were running NT 4.0 Server. So I'm assuming
it's a name resolution problem with DNS.

 

It would work OK in a pre-W2000 setup if the workgroup name and the
Netbios name of the domain were the same. In fact it would probably still
work OK now under those circumstances. A domain login would be all you need
to do.

The whole point of all this is that a username is linked to both the
password and the logon entity. A logon to a local machine/workgroup does not
give a user the right to access domain resources. The reverse is also true.
A logon to a domain does not give you access to workgroup resources.

If you want to access local resources while logged onto the domain, you
will need to make your domain credentials acceptable locally by modifying
the local user accounts database. Then to access local resources, you do not
need to do a local login. Your domain login credentials will be accepted
locally.

 

This whole matter is really too complex for a newsgroup discussion. But
here are a few tips. It is simplified and certainly doesn't cover everything
involved!

Workgroups and domains work very differently. With a workgroup, there is
no central database for users. Users log on locally. To access resources on
another workgroup machine, the target machine checks your logon machine for
credentials using IPC.

Domains have a central database and clients are authenticated against
that (domain login). Resource access is then controlled by the domain
database. You cannot belong to two domains, but access across domains can be
allowed using domain trusts. There is no way to extend this to workgroups
because of the lack of a central authority in a workgroup.

You can access domain resouces without actually doing a domain login as
long as your actual login credentials are valid in the domain. That is the
basis for the workgroup name matching the domain name method described in a
previous post.