What is wrong with my new Windows Server?
April 26, 2007 8:52 AM Subscribe
New server in Active Directory. Can't see shares on it (or the server, for that matter) from other subnets. Of course, there's
We bought a new Poweredge 2950, installed Windows Server 2003 SP2, and joined the domain. DCPROMO'd it, made it a Global Catalog Server, then created a share on it.
Users in one subnet (10.0.0.x) can browse to it, map a drive, or get there via unc path.
Users in the remainder of the company (192.168.x.x, several subnets) can PING it, but cannot browse to it, get there via unc or otherwise see the server or the share.
Then we noticed that there's no SYSVOL on it. DCPROMO'd it down, removed the metadata, and now it sits as a member server, but it still is invisible outside the 10.0.0.x subnet.
One other thing: After the initial DCPROMO up, we had a weird day where it could ping anything on the network, but nothing could ping it. I could even mstsc into other servers and computers FROM IT, but could not even see it or ping it from any other network resource. I disabled and re-enabled the NIC and rebooted it, and then it played nice.
So, the question is, Is it the NIC? I was thinking of putting a PCI NIC in for a simple A/B test, or is it some weirdness in AD?
We bought a new Poweredge 2950, installed Windows Server 2003 SP2, and joined the domain. DCPROMO'd it, made it a Global Catalog Server, then created a share on it.
Users in one subnet (10.0.0.x) can browse to it, map a drive, or get there via unc path.
Users in the remainder of the company (192.168.x.x, several subnets) can PING it, but cannot browse to it, get there via unc or otherwise see the server or the share.
Then we noticed that there's no SYSVOL on it. DCPROMO'd it down, removed the metadata, and now it sits as a member server, but it still is invisible outside the 10.0.0.x subnet.
One other thing: After the initial DCPROMO up, we had a weird day where it could ping anything on the network, but nothing could ping it. I could even mstsc into other servers and computers FROM IT, but could not even see it or ping it from any other network resource. I disabled and re-enabled the NIC and rebooted it, and then it played nice.
So, the question is, Is it the NIC? I was thinking of putting a PCI NIC in for a simple A/B test, or is it some weirdness in AD?
Response by poster: I forgot to mention that I have another DC in the 10.0.0.x subnet. It's been there a long time, and other subnets have no trouble seeing it.
Default gateway on the subject server is correct. Forward and reverse dns lookups contain correct records.
posted by gnz2001 at 11:41 AM on April 26, 2007
Default gateway on the subject server is correct. Forward and reverse dns lookups contain correct records.
posted by gnz2001 at 11:41 AM on April 26, 2007
You've hit a lot of the software /network management stuff, but I'd try these too:
Yes, absolutely try a different NIC.
Try a different port on the switch/different cable/different switch.
WINS and netbios
Add a static route between subnets.
posted by disclaimer at 5:29 PM on April 26, 2007
Yes, absolutely try a different NIC.
Try a different port on the switch/different cable/different switch.
WINS and netbios
Add a static route between subnets.
posted by disclaimer at 5:29 PM on April 26, 2007
This doesn't sound like a routing issue, as your other server is contactable. Also, the fact that you can get OUT suggests to me the NIC is fine. I think you might be hitting one of the 2003 SP2 new features. I haven't played with SP2 myself, but the release notes mention it comes with new IP policy settings and whatnot.
I had a similar issue with a box someone else had configured with an IP policy setting to only go to two or three sites, and reject all other connections. I suspect your new box has either an IP policy in place, or the Windows Firewall is doing something funky.
Also, bear in mind that 2003 (since the release of R2) by default installs in a locked-down state, where it doesn't allow ANY incoming traffic at all apart from Windows updates (for to let you patch your box before you let it loose on the big bad world). It's possible this mode is still enabled....
posted by coriolisdave at 6:41 PM on April 26, 2007
I had a similar issue with a box someone else had configured with an IP policy setting to only go to two or three sites, and reject all other connections. I suspect your new box has either an IP policy in place, or the Windows Firewall is doing something funky.
Also, bear in mind that 2003 (since the release of R2) by default installs in a locked-down state, where it doesn't allow ANY incoming traffic at all apart from Windows updates (for to let you patch your box before you let it loose on the big bad world). It's possible this mode is still enabled....
posted by coriolisdave at 6:41 PM on April 26, 2007
« Older A travel site that includes all airlines, or a... | Need to carry a toolbox for boxen Newer »
This thread is closed to new comments.
posted by yomimono at 9:46 AM on April 26, 2007