Cannot find web server from DC

Hi
I have a PDC running W2000 and a web server running W2k3. The web server
locates in the DMZ whereas the PDC is behind the firewall. When I tried to
search the web server from my PDC, it failed but it can find all other PCs
in the domain. The strange thing is that I can find the web server from any
other PCs in the domain, including the secondary DC, but just not from the
PDC. The web server can also find the PDC. We have checked the firewall
and we have not particulary blocked any ports from the PDC to the web
server.
What would be the possible reasons?

Edwin

remember that in ad there is no longer a pdc/bdc dynamic, all domain
controllers are peers. the closest thing in ad are the fsmo roles, but they
can be transferred to other dc's.
as far as your problem, can you access the web server by its ip address? is
the dc multihommed? is it running dns? have you modified the hosts file? do
you have trouble accessing other web sites? trouble accessing other dmz
machines?

Dan

"Edwin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
> I have a PDC running W2000 and a web server running W2k3. The web server
> locates in the DMZ whereas the PDC is behind the firewall. When I tried
to
> search the web server from my PDC, it failed but it can find all other PCs
> in the domain. The strange thing is that I can find the web server from
any
> other PCs in the domain, including the secondary DC, but just not from the
> PDC. The web server can also find the PDC. We have checked the firewall
> and we have not particulary blocked any ports from the PDC to the web
> server.
> What would be the possible reasons?
>
> Edwin
>
>

Hi Dan
Thank you for your reply.
I can ping the IP of the web server. I can open the web page using the full
url from the PDC. What I can't is to browse the server in windows explorer.
The PDC is running dns. I do not have other machines inside DMZ. The
lmhost file in the PDC is not modified.
Any idea on what is happening?

Edwin


"Dan DeStefano" <augur5ATyahooDOTcom> wrote in message
news:(E-Mail Removed)...
> remember that in ad there is no longer a pdc/bdc dynamic, all domain
> controllers are peers. the closest thing in ad are the fsmo roles, but
they
> can be transferred to other dc's.
> as far as your problem, can you access the web server by its ip address?
is
> the dc multihommed? is it running dns? have you modified the hosts file?
do
> you have trouble accessing other web sites? trouble accessing other dmz
> machines?
>
> Dan
>
> "Edwin" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi
> > I have a PDC running W2000 and a web server running W2k3. The web
server
> > locates in the DMZ whereas the PDC is behind the firewall. When I tried
> to
> > search the web server from my PDC, it failed but it can find all other
PCs
> > in the domain. The strange thing is that I can find the web server from
> any
> > other PCs in the domain, including the secondary DC, but just not from
the
> > PDC. The web server can also find the PDC. We have checked the
firewall
> > and we have not particulary blocked any ports from the PDC to the web
> > server.
> > What would be the possible reasons?
> >
> > Edwin
> >
> >
>
>

Edwin wrote:

> Hi
> I have a PDC running W2000 and a web server running W2k3. The web
> server locates in the DMZ whereas the PDC is behind the firewall.
> When I tried to search the web server from my PDC, it failed but it
> can find all other PCs in the domain. The strange thing is that I
> can find the web server from any other PCs in the domain, including
> the secondary DC, but just not from the PDC. The web server can also
> find the PDC. We have checked the firewall and we have not
> particulary blocked any ports from the PDC to the web server.
> What would be the possible reasons?
>
> Edwin

What do you mean by "find"?

If the web server is in a firewall DMZ, the only things that should
work from anywhere are whatever you've configured to be allowed to the
DMZ in the firewall configuration (the usual choices would be port 80
and perhaps 443, possibly FTP, plus whatever management option you
desired [TS/VNC/pcAnywhere/etc]).

If anything is allowed from the internal network to the DMZ and vice
versa, that's not a DMZ. You might be calling it one, but the whole
point of a DMZ is to isolate servers from both internal and external
access and only allow the bare minimum of connectivity.

The net result of this is you would by default only expect the internal
workstations to be able to browse the web server via
IE/Opera/Mozilla/etc using the same URLs that would work for external
access.

If one internal device is unable to reach the web server using the same
methods that work on another internal device, I'd start looking for
variations in the configuration of those devices - ie checking IP
configuration, DNS settings, etc.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

o, so you cannot browse the web server's shares through network
neighborhood, right? do you have wins installed on the network? are both
machines configured as wins clients? getting cross-subnet browsing to work
reliably without wins can be an excercise in futility. i recommend
installing a wins server on your network (though try to avoid installing
wins on a rras server) and configuring all clients/servers to use it. unless
you are going to disable netbios over tcp/ip on your network, it is strongly
recommended that you deploy wins.

Dan

"Edwin" <(E-Mail Removed)> wrote in message
news:eMc$(E-Mail Removed)...
> Hi Dan
> Thank you for your reply.
> I can ping the IP of the web server. I can open the web page using the
full
> url from the PDC. What I can't is to browse the server in windows
explorer.
> The PDC is running dns. I do not have other machines inside DMZ. The
> lmhost file in the PDC is not modified.
> Any idea on what is happening?
>
> Edwin
>
>
> "Dan DeStefano" <augur5ATyahooDOTcom> wrote in message
> news:(E-Mail Removed)...
> > remember that in ad there is no longer a pdc/bdc dynamic, all domain
> > controllers are peers. the closest thing in ad are the fsmo roles, but
> they
> > can be transferred to other dc's.
> > as far as your problem, can you access the web server by its ip address?
> is
> > the dc multihommed? is it running dns? have you modified the hosts file?
> do
> > you have trouble accessing other web sites? trouble accessing other dmz
> > machines?
> >
> > Dan
> >
> > "Edwin" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Hi
> > > I have a PDC running W2000 and a web server running W2k3. The web
> server
> > > locates in the DMZ whereas the PDC is behind the firewall. When I
tried
> > to
> > > search the web server from my PDC, it failed but it can find all other
> PCs
> > > in the domain. The strange thing is that I can find the web server
from
> > any
> > > other PCs in the domain, including the secondary DC, but just not from
> the
> > > PDC. The web server can also find the PDC. We have checked the
> firewall
> > > and we have not particulary blocked any ports from the PDC to the web
> > > server.
> > > What would be the possible reasons?
> > >
> > > Edwin
> > >
> > >
> >
> >
>
>

Dan
I already have wins installed. Finally I add an entry in the lmhosts file
and it worked.

Thanks
Edwin

"Dan DeStefano" <augur5ATyahooDOTcom> wrote in message
news:%(E-Mail Removed)...
> o, so you cannot browse the web server's shares through network
> neighborhood, right? do you have wins installed on the network? are both
> machines configured as wins clients? getting cross-subnet browsing to work
> reliably without wins can be an excercise in futility. i recommend
> installing a wins server on your network (though try to avoid installing
> wins on a rras server) and configuring all clients/servers to use it.
unless
> you are going to disable netbios over tcp/ip on your network, it is
strongly
> recommended that you deploy wins.
>
> Dan
>
> "Edwin" <(E-Mail Removed)> wrote in message
> news:eMc$(E-Mail Removed)...
> > Hi Dan
> > Thank you for your reply.
> > I can ping the IP of the web server. I can open the web page using the
> full
> > url from the PDC. What I can't is to browse the server in windows
> explorer.
> > The PDC is running dns. I do not have other machines inside DMZ. The
> > lmhost file in the PDC is not modified.
> > Any idea on what is happening?
> >
> > Edwin
> >
> >
> > "Dan DeStefano" <augur5ATyahooDOTcom> wrote in message
> > news:(E-Mail Removed)...
> > > remember that in ad there is no longer a pdc/bdc dynamic, all domain
> > > controllers are peers. the closest thing in ad are the fsmo roles, but
> > they
> > > can be transferred to other dc's.
> > > as far as your problem, can you access the web server by its ip
address?
> > is
> > > the dc multihommed? is it running dns? have you modified the hosts
file?
> > do
> > > you have trouble accessing other web sites? trouble accessing other
dmz
> > > machines?
> > >
> > > Dan
> > >
> > > "Edwin" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > > Hi
> > > > I have a PDC running W2000 and a web server running W2k3. The web
> > server
> > > > locates in the DMZ whereas the PDC is behind the firewall. When I
> tried
> > > to
> > > > search the web server from my PDC, it failed but it can find all
other
> > PCs
> > > > in the domain. The strange thing is that I can find the web server
> from
> > > any
> > > > other PCs in the domain, including the secondary DC, but just not
from
> > the
> > > > PDC. The web server can also find the PDC. We have checked the
> > firewall
> > > > and we have not particulary blocked any ports from the PDC to the
web
> > > > server.
> > > > What would be the possible reasons?
> > > >
> > > > Edwin
> > > >
> > > >
> > >
> > >
> >
> >
>
>

you shouldnt have to add lmhosts entries if wins is set up properly and
clients are registering properly. is the web server multihommed? is it
registered in the wins database?

Dan

"Edwin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Dan
> I already have wins installed. Finally I add an entry in the lmhosts file
> and it worked.
>
> Thanks
> Edwin
>
> "Dan DeStefano" <augur5ATyahooDOTcom> wrote in message
> news:%(E-Mail Removed)...
> > o, so you cannot browse the web server's shares through network
> > neighborhood, right? do you have wins installed on the network? are both
> > machines configured as wins clients? getting cross-subnet browsing to
work
> > reliably without wins can be an excercise in futility. i recommend
> > installing a wins server on your network (though try to avoid installing
> > wins on a rras server) and configuring all clients/servers to use it.
> unless
> > you are going to disable netbios over tcp/ip on your network, it is
> strongly
> > recommended that you deploy wins.
> >
> > Dan
> >
> > "Edwin" <(E-Mail Removed)> wrote in message
> > news:eMc$(E-Mail Removed)...
> > > Hi Dan
> > > Thank you for your reply.
> > > I can ping the IP of the web server. I can open the web page using
the
> > full
> > > url from the PDC. What I can't is to browse the server in windows
> > explorer.
> > > The PDC is running dns. I do not have other machines inside DMZ. The
> > > lmhost file in the PDC is not modified.
> > > Any idea on what is happening?
> > >
> > > Edwin
> > >
> > >
> > > "Dan DeStefano" <augur5ATyahooDOTcom> wrote in message
> > > news:(E-Mail Removed)...
> > > > remember that in ad there is no longer a pdc/bdc dynamic, all domain
> > > > controllers are peers. the closest thing in ad are the fsmo roles,
but
> > > they
> > > > can be transferred to other dc's.
> > > > as far as your problem, can you access the web server by its ip
> address?
> > > is
> > > > the dc multihommed? is it running dns? have you modified the hosts
> file?
> > > do
> > > > you have trouble accessing other web sites? trouble accessing other
> dmz
> > > > machines?
> > > >
> > > > Dan
> > > >
> > > > "Edwin" <(E-Mail Removed)> wrote in message
> > > > news:(E-Mail Removed)...
> > > > > Hi
> > > > > I have a PDC running W2000 and a web server running W2k3. The web
> > > server
> > > > > locates in the DMZ whereas the PDC is behind the firewall. When I
> > tried
> > > > to
> > > > > search the web server from my PDC, it failed but it can find all
> other
> > > PCs
> > > > > in the domain. The strange thing is that I can find the web
server
> > from
> > > > any
> > > > > other PCs in the domain, including the secondary DC, but just not
> from
> > > the
> > > > > PDC. The web server can also find the PDC. We have checked the
> > > firewall
> > > > > and we have not particulary blocked any ports from the PDC to the
> web
> > > > > server.
> > > > > What would be the possible reasons?
> > > > >
> > > > > Edwin
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>