Can't see (most) shares over the WAN. System Error 53

I am having trouble seeing machines over a WAN Link. I am trying to install
two new servers in a Windows 2003 network. I didn't setup this network, and
this is the first time I've worked on it. It is located in two different
cities connected by a T1 WAN Link. I have setup a new server as a Domain
Controller and I have also setup the server as their primary DNS for their
network. This machine is also the DHCP server for the local network in what
we'll call “City A� (137.10.0.0). Everything works fine locally, and people
are resolving names, attaching to shares and peacefully processing. However,
the remote network(137.101.0.0) in “City B�, across the WAN link cannot
access shares on the new server. The new server's name is DC1-2k3, and the
other two older servers on that network are named 00SERVER and APPLICATIONS.
When I physically go to the remote network(137.101.0.0) in city B, I can ping
and resolve the name of any of the servers in City A. DC1-2k3, APPLICATIONS,
and 00SERVER all respond to a ping of either their name or IP address.
However, if I try and attach to a share on the new server, DC1-2K3, I am told
that I cannot see the server. I can attach fine to shares on either of the
other servers in City A from City B. If I do:

net view \\DC1-2K3

I get an
“System error 53 has occurred. The network path was not found�

When I do a “net view� of any of the other older City A machines from the
City B network I also have trouble. It is just the two older servers in City
A that I can see. I checked for HOSTS files on the machines, and there were
none. I noticed that the DHCP server in City B (137.101.0.0 network) was
handing out a WINS server address, which corresponds to the 00SERVER in City
A. I thought this was my problem, so I setup my new server (DC1-2K3
137.100.10.6) with the WINS information and rebooted. I then had entries in
my WINS database that reflected that there was a machine at 137.100.10.6 that
was named DC1-2K3. Unfortunately, I still can't see any resources on the new
server in City A, from City B. I am completely unfamiliar with WINS servers,
so i thought this was my problem, but then I did this net view

net view 137.100.10.6

and I still got an error 53. I cannot map to the new server or “net view� it
via it's IP address OR it's name. The person that contacted me to help them
with this told me that “they had a real hard time� getting the two networks
to see each other when it was originally setup. The guy wants me to clean up
his network and fix any problems that I find, and I am wondering what this
problem could be. It is clearly not just name resolution, as my DNS is
working fine and I can ping any machine by it's name. If I configure a
machine in City B without a WINS server, it can't resolve any local names on
the City A network, even though it resolves Internet names correctly.

This is the layout of the network.

City A -137.10.0.0 class B
with three servers DC1-2k3(windows 2003 R2 server) @ 137.100.10.6,
00SERVER(windows 200 Server) @ 137.100.10.5 and APPLICATIONS(windows 203
Server) @ 137.100.10.185

City B - 137.101.0.0 class B with one server 01SERVER(Windows 2000 Server) @
137.101.10.5

The T1 wan link is connected by a Lucent Superpipe 155 on each end. The T1
is a point to point and it isn't carrying any voice or any other
transmission.

I have found that the SYN TCP packets on port 445 (microsoft-ds) and port
139 (netbios ssn) are NOT being responded to when I do a “net view� or “net
use� to DC1-2k3 (new server) over the WAN (from city B to City A), but they
DO receive an ACK when I do the “net view� or “net use� to 00SERVER (old
server) over the WAN from the same PC. This made me think that the firewall
had somehow been activated on my new server. This was NOT the case.

If I physically drive to City A and do a net view and a net use to either
DC1-2k3 or 00server, they both work beautifully.

I have run the portqry command on ports 139 and 445 on the new server
(DC1-2k3) and the old server (00server). If I am on the local network with
those servers ( physically in City A ) then both commands respond with
"Listening".
However, if I drive to City B, and then do the same portqry over the wan,
00SERVER responds with "Listening", but DC1-2K3 responds with "Filtered".

This makes it pretty clear to me that something external to my new server,
is filtering ports 139 and 445. If it was a setting on the new server, I
shouldn't be able to map drives on the local network, and I should see
"filtered" on a portqry from the local network. However, if something on the
two Lucent superpipes were blocking the port 139 and port 445 traffic, then I
wouldn't be able to see my older servers. I have been through the settings
on the routers a number of times, and though it is a bit of a cryptic telnet
interface, I was able to find a section for "filters" and "firewalls", but
neither seems to be configured to either pass through certain ports to
certain machines, or to block certain ports over the WAN link.

Because it seems to be a netbios session issue, I have setup an LMHOSTS file
on a client in City B that had no effect on the problem. the DC1-2k3 server
shows up in an nbtstat -c and I seem to be resolving it's netbios name just
fine, with or without the LMHOSTS file.

Thanks so much for ANY help you can give me. All suggestions will be
carefully considered. My best suggestion right now, is to turn around and
run from this place screaming.

System error 53 is name resolution issue or master browser issue. try to use
browstat.exe to troubleshoot it first. Or these links may help,
Computer Browser
The computer browser is to display a directory of all known computers
or domains that the computer can reach. The purpose of the browser service
is to ...
www.chicagotech.net/browser.htm - Similar pages

Troubleshooting computer browsing issues
The Computer Browser service on local computer started and stopped ·
The Computer Browser service terminated with the following error: This
operation ...
www.chicagotech.net/computerbrowsingissues.htm


--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com


"scampisi" <(E-Mail Removed)> wrote in message
news:BE3F6FF3-EBEB-470A-BAB1-(E-Mail Removed)...
>I am having trouble seeing machines over a WAN Link. I am trying to install
> two new servers in a Windows 2003 network. I didn't setup this network,
> and
> this is the first time I've worked on it. It is located in two different
> cities connected by a T1 WAN Link. I have setup a new server as a Domain
> Controller and I have also setup the server as their primary DNS for their
> network. This machine is also the DHCP server for the local network in
> what
> we'll call “City A� (137.10.0.0). Everything works fine locally, and
> people
> are resolving names, attaching to shares and peacefully processing.
> However,
> the remote network(137.101.0.0) in “City B�, across the WAN link cannot
> access shares on the new server. The new server's name is DC1-2k3, and the
> other two older servers on that network are named 00SERVER and
> APPLICATIONS.
> When I physically go to the remote network(137.101.0.0) in city B, I can
> ping
> and resolve the name of any of the servers in City A. DC1-2k3,
> APPLICATIONS,
> and 00SERVER all respond to a ping of either their name or IP address.
> However, if I try and attach to a share on the new server, DC1-2K3, I am
> told
> that I cannot see the server. I can attach fine to shares on either of the
> other servers in City A from City B. If I do:
>
> net view \\DC1-2K3
>
> I get an
> “System error 53 has occurred. The network path was not found�
>
> When I do a “net view� of any of the other older City A machines from the
> City B network I also have trouble. It is just the two older servers in
> City
> A that I can see. I checked for HOSTS files on the machines, and there
> were
> none. I noticed that the DHCP server in City B (137.101.0.0 network) was
> handing out a WINS server address, which corresponds to the 00SERVER in
> City
> A. I thought this was my problem, so I setup my new server (DC1-2K3
> 137.100.10.6) with the WINS information and rebooted. I then had entries
> in
> my WINS database that reflected that there was a machine at 137.100.10.6
> that
> was named DC1-2K3. Unfortunately, I still can't see any resources on the
> new
> server in City A, from City B. I am completely unfamiliar with WINS
> servers,
> so i thought this was my problem, but then I did this net view
>
> net view 137.100.10.6
>
> and I still got an error 53. I cannot map to the new server or “net view�
> it
> via it's IP address OR it's name. The person that contacted me to help
> them
> with this told me that “they had a real hard time� getting the two
> networks
> to see each other when it was originally setup. The guy wants me to clean
> up
> his network and fix any problems that I find, and I am wondering what this
> problem could be. It is clearly not just name resolution, as my DNS is
> working fine and I can ping any machine by it's name. If I configure a
> machine in City B without a WINS server, it can't resolve any local names
> on
> the City A network, even though it resolves Internet names correctly.
>
> This is the layout of the network.
>
> City A -137.10.0.0 class B
> with three servers DC1-2k3(windows 2003 R2 server) @ 137.100.10.6,
> 00SERVER(windows 200 Server) @ 137.100.10.5 and APPLICATIONS(windows 203
> Server) @ 137.100.10.185
>
> City B - 137.101.0.0 class B with one server 01SERVER(Windows 2000 Server)
> @
> 137.101.10.5
>
> The T1 wan link is connected by a Lucent Superpipe 155 on each end. The
> T1
> is a point to point and it isn't carrying any voice or any other
> transmission.
>
> I have found that the SYN TCP packets on port 445 (microsoft-ds) and port
> 139 (netbios ssn) are NOT being responded to when I do a “net view� or
> “net
> use� to DC1-2k3 (new server) over the WAN (from city B to City A), but
> they
> DO receive an ACK when I do the “net view� or “net use� to 00SERVER (old
> server) over the WAN from the same PC. This made me think that the
> firewall
> had somehow been activated on my new server. This was NOT the case.
>
> If I physically drive to City A and do a net view and a net use to either
> DC1-2k3 or 00server, they both work beautifully.
>
> I have run the portqry command on ports 139 and 445 on the new server
> (DC1-2k3) and the old server (00server). If I am on the local network with
> those servers ( physically in City A ) then both commands respond with
> "Listening".
> However, if I drive to City B, and then do the same portqry over the wan,
> 00SERVER responds with "Listening", but DC1-2K3 responds with "Filtered".
>
> This makes it pretty clear to me that something external to my new server,
> is filtering ports 139 and 445. If it was a setting on the new server, I
> shouldn't be able to map drives on the local network, and I should see
> "filtered" on a portqry from the local network. However, if something on
> the
> two Lucent superpipes were blocking the port 139 and port 445 traffic,
> then I
> wouldn't be able to see my older servers. I have been through the
> settings
> on the routers a number of times, and though it is a bit of a cryptic
> telnet
> interface, I was able to find a section for "filters" and "firewalls", but
> neither seems to be configured to either pass through certain ports to
> certain machines, or to block certain ports over the WAN link.
>
> Because it seems to be a netbios session issue, I have setup an LMHOSTS
> file
> on a client in City B that had no effect on the problem. the DC1-2k3
> server
> shows up in an nbtstat -c and I seem to be resolving it's netbios name
> just
> fine, with or without the LMHOSTS file.
>
> Thanks so much for ANY help you can give me. All suggestions will be
> carefully considered. My best suggestion right now, is to turn around and
> run from this place screaming.
>

Browsing a routed network is never easy, whether it is a WAN or not. The
browser service works on LAN broadcasts, and these usually are blocked by
routers an WAN links. Getting your DNS setup working properly is very
important but has no effect on the browser service because it uses Netbios
names, not DNS names.

If you have a DNS server as a primary at the second site, I would
recommend that you also make it a secondary for the other site so that it
can resolve the machines in the "other" site for your local machines. You
could also make the main site a secondary for the smaller site to avoid DNS
lookups going over the WAN link. Have you configured Active Directory Sites
so that machines use their local DC for login?

Browsing routed networks really needs WINS. The master browser in each
site can build a browse list of the local network, but you need WINS to
allow the master browsers in each site to be able to communicate with each
other. If all machines are set up as WINS clients and register with WINS the
master browsers can work together across the WAN. They use WINS to find each
other's IP address and communicate directly. The Domain Master Browser can
then build a network-wide browse list for the WAN.

"scampisi" <(E-Mail Removed)> wrote in message
news:BE3F6FF3-EBEB-470A-BAB1-(E-Mail Removed)...
>I am having trouble seeing machines over a WAN Link. I am trying to install
> two new servers in a Windows 2003 network. I didn't setup this network,
> and
> this is the first time I've worked on it. It is located in two different
> cities connected by a T1 WAN Link. I have setup a new server as a Domain
> Controller and I have also setup the server as their primary DNS for their
> network. This machine is also the DHCP server for the local network in
> what
> we'll call “City A� (137.10.0.0). Everything works fine locally, and
> people
> are resolving names, attaching to shares and peacefully processing.
> However,
> the remote network(137.101.0.0) in “City B�, across the WAN link cannot
> access shares on the new server. The new server's name is DC1-2k3, and the
> other two older servers on that network are named 00SERVER and
> APPLICATIONS.
> When I physically go to the remote network(137.101.0.0) in city B, I can
> ping
> and resolve the name of any of the servers in City A. DC1-2k3,
> APPLICATIONS,
> and 00SERVER all respond to a ping of either their name or IP address.
> However, if I try and attach to a share on the new server, DC1-2K3, I am
> told
> that I cannot see the server. I can attach fine to shares on either of the
> other servers in City A from City B. If I do:
>
> net view \\DC1-2K3
>
> I get an
> “System error 53 has occurred. The network path was not found�
>
> When I do a “net view� of any of the other older City A machines from the
> City B network I also have trouble. It is just the two older servers in
> City
> A that I can see. I checked for HOSTS files on the machines, and there
> were
> none. I noticed that the DHCP server in City B (137.101.0.0 network) was
> handing out a WINS server address, which corresponds to the 00SERVER in
> City
> A. I thought this was my problem, so I setup my new server (DC1-2K3
> 137.100.10.6) with the WINS information and rebooted. I then had entries
> in
> my WINS database that reflected that there was a machine at 137.100.10.6
> that
> was named DC1-2K3. Unfortunately, I still can't see any resources on the
> new
> server in City A, from City B. I am completely unfamiliar with WINS
> servers,
> so i thought this was my problem, but then I did this net view
>
> net view 137.100.10.6
>
> and I still got an error 53. I cannot map to the new server or “net view�
> it
> via it's IP address OR it's name. The person that contacted me to help
> them
> with this told me that “they had a real hard time� getting the two
> networks
> to see each other when it was originally setup. The guy wants me to clean
> up
> his network and fix any problems that I find, and I am wondering what this
> problem could be. It is clearly not just name resolution, as my DNS is
> working fine and I can ping any machine by it's name. If I configure a
> machine in City B without a WINS server, it can't resolve any local names
> on
> the City A network, even though it resolves Internet names correctly.
>
> This is the layout of the network.
>
> City A -137.10.0.0 class B
> with three servers DC1-2k3(windows 2003 R2 server) @ 137.100.10.6,
> 00SERVER(windows 200 Server) @ 137.100.10.5 and APPLICATIONS(windows 203
> Server) @ 137.100.10.185
>
> City B - 137.101.0.0 class B with one server 01SERVER(Windows 2000 Server)
> @
> 137.101.10.5
>
> The T1 wan link is connected by a Lucent Superpipe 155 on each end. The
> T1
> is a point to point and it isn't carrying any voice or any other
> transmission.
>
> I have found that the SYN TCP packets on port 445 (microsoft-ds) and port
> 139 (netbios ssn) are NOT being responded to when I do a “net view� or
> “net
> use� to DC1-2k3 (new server) over the WAN (from city B to City A), but
> they
> DO receive an ACK when I do the “net view� or “net use� to 00SERVER (old
> server) over the WAN from the same PC. This made me think that the
> firewall
> had somehow been activated on my new server. This was NOT the case.
>
> If I physically drive to City A and do a net view and a net use to either
> DC1-2k3 or 00server, they both work beautifully.
>
> I have run the portqry command on ports 139 and 445 on the new server
> (DC1-2k3) and the old server (00server). If I am on the local network with
> those servers ( physically in City A ) then both commands respond with
> "Listening".
> However, if I drive to City B, and then do the same portqry over the wan,
> 00SERVER responds with "Listening", but DC1-2K3 responds with "Filtered".
>
> This makes it pretty clear to me that something external to my new server,
> is filtering ports 139 and 445. If it was a setting on the new server, I
> shouldn't be able to map drives on the local network, and I should see
> "filtered" on a portqry from the local network. However, if something on
> the
> two Lucent superpipes were blocking the port 139 and port 445 traffic,
> then I
> wouldn't be able to see my older servers. I have been through the
> settings
> on the routers a number of times, and though it is a bit of a cryptic
> telnet
> interface, I was able to find a section for "filters" and "firewalls", but
> neither seems to be configured to either pass through certain ports to
> certain machines, or to block certain ports over the WAN link.
>
> Because it seems to be a netbios session issue, I have setup an LMHOSTS
> file
> on a client in City B that had no effect on the problem. the DC1-2k3
> server
> shows up in an nbtstat -c and I seem to be resolving it's netbios name
> just
> fine, with or without the LMHOSTS file.
>
> Thanks so much for ANY help you can give me. All suggestions will be
> carefully considered. My best suggestion right now, is to turn around and
> run from this place screaming.
>

The current network design (or glaring lack of a design) contains ONLY one DC
and that is at the main site. (City A). All authentication for city b is
done across the WAN. I have not setup site, because this is my first dealing
with their network, and I didn't want to go changing things until I had a
better grasp of what my main problem is. The DC in city A is also the ONLY
DNS server and the ONLY WINS server. All that traffic flows across the WAN
all the time. This new server that I put in was supposed to replace the
existing DC ( 00server). I had asked them what they were going to do with
the Old DC and they said retire it. I asked if we could set it up in City B,
so that is GOING to be our plan. however, as of now, I have to leave the old
server in City A, because it is the only way for the users to get to any
shares. It is a pitiful mess, but I can't start re-arranging things until I
can see my new server. I'm not a big fan of them accessing their shares over
the WAN myself. Their "My Pictures" folder and everything is stored over the
WAN link. ugh.
Anyay, your comment made me consider this. Is it possible that the Master
Browser in City B is not registered in the WINS database in the WINS server
in City A, and so the WINS database is NOT giving it the updated WINS
information, which would include the new server. This would leave the MAster
Browser in City B "on an island" and it would be able to see hosts that it
knew about from the last update it had from the WINS server, however long ago
that is? Is that a possible scenarion that would create the mess I'm in?

I will go to the city B site tomorrow (Friday) and check out any suggestions
you guys have. Thanks.

"Bill Grant" wrote:

> Browsing a routed network is never easy, whether it is a WAN or not. The
> browser service works on LAN broadcasts, and these usually are blocked by
> routers an WAN links. Getting your DNS setup working properly is very
> important but has no effect on the browser service because it uses Netbios
> names, not DNS names.
>
> If you have a DNS server as a primary at the second site, I would
> recommend that you also make it a secondary for the other site so that it
> can resolve the machines in the "other" site for your local machines. You
> could also make the main site a secondary for the smaller site to avoid DNS
> lookups going over the WAN link. Have you configured Active Directory Sites
> so that machines use their local DC for login?
>
> Browsing routed networks really needs WINS. The master browser in each
> site can build a browse list of the local network, but you need WINS to
> allow the master browsers in each site to be able to communicate with each
> other. If all machines are set up as WINS clients and register with WINS the
> master browsers can work together across the WAN. They use WINS to find each
> other's IP address and communicate directly. The Domain Master Browser can
> then build a network-wide browse list for the WAN.
>
> "scampisi" <(E-Mail Removed)> wrote in message
> news:BE3F6FF3-EBEB-470A-BAB1-(E-Mail Removed)...
> >I am having trouble seeing machines over a WAN Link. I am trying to install
> > two new servers in a Windows 2003 network. I didn't setup this network,
> > and
> > this is the first time I've worked on it. It is located in two different
> > cities connected by a T1 WAN Link. I have setup a new server as a Domain
> > Controller and I have also setup the server as their primary DNS for their
> > network. This machine is also the DHCP server for the local network in
> > what
> > we'll call “City A� (137.10.0.0). Everything works fine locally, and
> > people
> > are resolving names, attaching to shares and peacefully processing.
> > However,
> > the remote network(137.101.0.0) in “City B�, across the WAN link cannot
> > access shares on the new server. The new server's name is DC1-2k3, and the
> > other two older servers on that network are named 00SERVER and
> > APPLICATIONS.
> > When I physically go to the remote network(137.101.0.0) in city B, I can
> > ping
> > and resolve the name of any of the servers in City A. DC1-2k3,
> > APPLICATIONS,
> > and 00SERVER all respond to a ping of either their name or IP address.
> > However, if I try and attach to a share on the new server, DC1-2K3, I am
> > told
> > that I cannot see the server. I can attach fine to shares on either of the
> > other servers in City A from City B. If I do:
> >
> > net view \\DC1-2K3
> >
> > I get an
> > “System error 53 has occurred. The network path was not found�
> >
> > When I do a “net view� of any of the other older City A machines from the
> > City B network I also have trouble. It is just the two older servers in
> > City
> > A that I can see. I checked for HOSTS files on the machines, and there
> > were
> > none. I noticed that the DHCP server in City B (137.101.0.0 network) was
> > handing out a WINS server address, which corresponds to the 00SERVER in
> > City
> > A. I thought this was my problem, so I setup my new server (DC1-2K3
> > 137.100.10.6) with the WINS information and rebooted. I then had entries
> > in
> > my WINS database that reflected that there was a machine at 137.100.10.6
> > that
> > was named DC1-2K3. Unfortunately, I still can't see any resources on the
> > new
> > server in City A, from City B. I am completely unfamiliar with WINS
> > servers,
> > so i thought this was my problem, but then I did this net view
> >
> > net view 137.100.10.6
> >
> > and I still got an error 53. I cannot map to the new server or “net view�
> > it
> > via it's IP address OR it's name. The person that contacted me to help
> > them
> > with this told me that “they had a real hard time� getting the two
> > networks
> > to see each other when it was originally setup. The guy wants me to clean
> > up
> > his network and fix any problems that I find, and I am wondering what this
> > problem could be. It is clearly not just name resolution, as my DNS is
> > working fine and I can ping any machine by it's name. If I configure a
> > machine in City B without a WINS server, it can't resolve any local names
> > on
> > the City A network, even though it resolves Internet names correctly.
> >
> > This is the layout of the network.
> >
> > City A -137.10.0.0 class B
> > with three servers DC1-2k3(windows 2003 R2 server) @ 137.100.10.6,
> > 00SERVER(windows 200 Server) @ 137.100.10.5 and APPLICATIONS(windows 203
> > Server) @ 137.100.10.185
> >
> > City B - 137.101.0.0 class B with one server 01SERVER(Windows 2000 Server)
> > @
> > 137.101.10.5
> >
> > The T1 wan link is connected by a Lucent Superpipe 155 on each end. The
> > T1
> > is a point to point and it isn't carrying any voice or any other
> > transmission.
> >
> > I have found that the SYN TCP packets on port 445 (microsoft-ds) and port
> > 139 (netbios ssn) are NOT being responded to when I do a “net view� or
> > “net
> > use� to DC1-2k3 (new server) over the WAN (from city B to City A), but
> > they
> > DO receive an ACK when I do the “net view� or “net use� to 00SERVER (old
> > server) over the WAN from the same PC. This made me think that the
> > firewall
> > had somehow been activated on my new server. This was NOT the case.
> >
> > If I physically drive to City A and do a net view and a net use to either
> > DC1-2k3 or 00server, they both work beautifully.
> >
> > I have run the portqry command on ports 139 and 445 on the new server
> > (DC1-2k3) and the old server (00server). If I am on the local network with
> > those servers ( physically in City A ) then both commands respond with
> > "Listening".
> > However, if I drive to City B, and then do the same portqry over the wan,
> > 00SERVER responds with "Listening", but DC1-2K3 responds with "Filtered".
> >
> > This makes it pretty clear to me that something external to my new server,
> > is filtering ports 139 and 445. If it was a setting on the new server, I
> > shouldn't be able to map drives on the local network, and I should see
> > "filtered" on a portqry from the local network. However, if something on
> > the
> > two Lucent superpipes were blocking the port 139 and port 445 traffic,
> > then I
> > wouldn't be able to see my older servers. I have been through the
> > settings
> > on the routers a number of times, and though it is a bit of a cryptic
> > telnet
> > interface, I was able to find a section for "filters" and "firewalls", but
> > neither seems to be configured to either pass through certain ports to
> > certain machines, or to block certain ports over the WAN link.
> >
> > Because it seems to be a netbios session issue, I have setup an LMHOSTS
> > file
> > on a client in City B that had no effect on the problem. the DC1-2k3
> > server
> > shows up in an nbtstat -c and I seem to be resolving it's netbios name
> > just
> > fine, with or without the LMHOSTS file.
> >
> > Thanks so much for ANY help you can give me. All suggestions will be
> > carefully considered. My best suggestion right now, is to turn around and
> > run from this place screaming.
> >
>
>

That sounds very possible. All machines in both sites should be set up as
WINS clients.

"scampisi" <(E-Mail Removed)> wrote in message
news:A6D50F49-6CFB-4082-A943-(E-Mail Removed)...
> The current network design (or glaring lack of a design) contains ONLY one
> DC
> and that is at the main site. (City A). All authentication for city b is
> done across the WAN. I have not setup site, because this is my first
> dealing
> with their network, and I didn't want to go changing things until I had a
> better grasp of what my main problem is. The DC in city A is also the
> ONLY
> DNS server and the ONLY WINS server. All that traffic flows across the
> WAN
> all the time. This new server that I put in was supposed to replace the
> existing DC ( 00server). I had asked them what they were going to do with
> the Old DC and they said retire it. I asked if we could set it up in City
> B,
> so that is GOING to be our plan. however, as of now, I have to leave the
> old
> server in City A, because it is the only way for the users to get to any
> shares. It is a pitiful mess, but I can't start re-arranging things until
> I
> can see my new server. I'm not a big fan of them accessing their shares
> over
> the WAN myself. Their "My Pictures" folder and everything is stored over
> the
> WAN link. ugh.
> Anyay, your comment made me consider this. Is it possible that the Master
> Browser in City B is not registered in the WINS database in the WINS
> server
> in City A, and so the WINS database is NOT giving it the updated WINS
> information, which would include the new server. This would leave the
> MAster
> Browser in City B "on an island" and it would be able to see hosts that it
> knew about from the last update it had from the WINS server, however long
> ago
> that is? Is that a possible scenarion that would create the mess I'm in?
>
> I will go to the city B site tomorrow (Friday) and check out any
> suggestions
> you guys have. Thanks.
>
> "Bill Grant" wrote:
>
>> Browsing a routed network is never easy, whether it is a WAN or not.
>> The
>> browser service works on LAN broadcasts, and these usually are blocked by
>> routers an WAN links. Getting your DNS setup working properly is very
>> important but has no effect on the browser service because it uses
>> Netbios
>> names, not DNS names.
>>
>> If you have a DNS server as a primary at the second site, I would
>> recommend that you also make it a secondary for the other site so that it
>> can resolve the machines in the "other" site for your local machines. You
>> could also make the main site a secondary for the smaller site to avoid
>> DNS
>> lookups going over the WAN link. Have you configured Active Directory
>> Sites
>> so that machines use their local DC for login?
>>
>> Browsing routed networks really needs WINS. The master browser in
>> each
>> site can build a browse list of the local network, but you need WINS to
>> allow the master browsers in each site to be able to communicate with
>> each
>> other. If all machines are set up as WINS clients and register with WINS
>> the
>> master browsers can work together across the WAN. They use WINS to find
>> each
>> other's IP address and communicate directly. The Domain Master Browser
>> can
>> then build a network-wide browse list for the WAN.
>>
>> "scampisi" <(E-Mail Removed)> wrote in message
>> news:BE3F6FF3-EBEB-470A-BAB1-(E-Mail Removed)...
>> >I am having trouble seeing machines over a WAN Link. I am trying to
>> >install
>> > two new servers in a Windows 2003 network. I didn't setup this network,
>> > and
>> > this is the first time I've worked on it. It is located in two
>> > different
>> > cities connected by a T1 WAN Link. I have setup a new server as a
>> > Domain
>> > Controller and I have also setup the server as their primary DNS for
>> > their
>> > network. This machine is also the DHCP server for the local network in
>> > what
>> > we'll call “City A� (137.10.0.0). Everything works fine locally, and
>> > people
>> > are resolving names, attaching to shares and peacefully processing.
>> > However,
>> > the remote network(137.101.0.0) in “City B�, across the WAN link cannot
>> > access shares on the new server. The new server's name is DC1-2k3, and
>> > the
>> > other two older servers on that network are named 00SERVER and
>> > APPLICATIONS.
>> > When I physically go to the remote network(137.101.0.0) in city B, I
>> > can
>> > ping
>> > and resolve the name of any of the servers in City A. DC1-2k3,
>> > APPLICATIONS,
>> > and 00SERVER all respond to a ping of either their name or IP address.
>> > However, if I try and attach to a share on the new server, DC1-2K3, I
>> > am
>> > told
>> > that I cannot see the server. I can attach fine to shares on either of
>> > the
>> > other servers in City A from City B. If I do:
>> >
>> > net view \\DC1-2K3
>> >
>> > I get an
>> > “System error 53 has occurred. The network path was not found�
>> >
>> > When I do a “net view� of any of the other older City A machines from
>> > the
>> > City B network I also have trouble. It is just the two older servers in
>> > City
>> > A that I can see. I checked for HOSTS files on the machines, and there
>> > were
>> > none. I noticed that the DHCP server in City B (137.101.0.0 network)
>> > was
>> > handing out a WINS server address, which corresponds to the 00SERVER in
>> > City
>> > A. I thought this was my problem, so I setup my new server (DC1-2K3
>> > 137.100.10.6) with the WINS information and rebooted. I then had
>> > entries
>> > in
>> > my WINS database that reflected that there was a machine at
>> > 137.100.10.6
>> > that
>> > was named DC1-2K3. Unfortunately, I still can't see any resources on
>> > the
>> > new
>> > server in City A, from City B. I am completely unfamiliar with WINS
>> > servers,
>> > so i thought this was my problem, but then I did this net view
>> >
>> > net view 137.100.10.6
>> >
>> > and I still got an error 53. I cannot map to the new server or “net
>> > view�
>> > it
>> > via it's IP address OR it's name. The person that contacted me to help
>> > them
>> > with this told me that “they had a real hard time� getting the two
>> > networks
>> > to see each other when it was originally setup. The guy wants me to
>> > clean
>> > up
>> > his network and fix any problems that I find, and I am wondering what
>> > this
>> > problem could be. It is clearly not just name resolution, as my DNS is
>> > working fine and I can ping any machine by it's name. If I configure a
>> > machine in City B without a WINS server, it can't resolve any local
>> > names
>> > on
>> > the City A network, even though it resolves Internet names correctly.
>> >
>> > This is the layout of the network.
>> >
>> > City A -137.10.0.0 class B
>> > with three servers DC1-2k3(windows 2003 R2 server) @ 137.100.10.6,
>> > 00SERVER(windows 200 Server) @ 137.100.10.5 and APPLICATIONS(windows
>> > 203
>> > Server) @ 137.100.10.185
>> >
>> > City B - 137.101.0.0 class B with one server 01SERVER(Windows 2000
>> > Server)
>> > @
>> > 137.101.10.5
>> >
>> > The T1 wan link is connected by a Lucent Superpipe 155 on each end.
>> > The
>> > T1
>> > is a point to point and it isn't carrying any voice or any other
>> > transmission.
>> >
>> > I have found that the SYN TCP packets on port 445 (microsoft-ds) and
>> > port
>> > 139 (netbios ssn) are NOT being responded to when I do a “net view� or
>> > “net
>> > use� to DC1-2k3 (new server) over the WAN (from city B to City A), but
>> > they
>> > DO receive an ACK when I do the “net view� or “net use� to 00SERVER
>> > (old
>> > server) over the WAN from the same PC. This made me think that the
>> > firewall
>> > had somehow been activated on my new server. This was NOT the case.
>> >
>> > If I physically drive to City A and do a net view and a net use to
>> > either
>> > DC1-2k3 or 00server, they both work beautifully.
>> >
>> > I have run the portqry command on ports 139 and 445 on the new server
>> > (DC1-2k3) and the old server (00server). If I am on the local network
>> > with
>> > those servers ( physically in City A ) then both commands respond with
>> > "Listening".
>> > However, if I drive to City B, and then do the same portqry over the
>> > wan,
>> > 00SERVER responds with "Listening", but DC1-2K3 responds with
>> > "Filtered".
>> >
>> > This makes it pretty clear to me that something external to my new
>> > server,
>> > is filtering ports 139 and 445. If it was a setting on the new server,
>> > I
>> > shouldn't be able to map drives on the local network, and I should see
>> > "filtered" on a portqry from the local network. However, if something
>> > on
>> > the
>> > two Lucent superpipes were blocking the port 139 and port 445 traffic,
>> > then I
>> > wouldn't be able to see my older servers. I have been through the
>> > settings
>> > on the routers a number of times, and though it is a bit of a cryptic
>> > telnet
>> > interface, I was able to find a section for "filters" and "firewalls",
>> > but
>> > neither seems to be configured to either pass through certain ports to
>> > certain machines, or to block certain ports over the WAN link.
>> >
>> > Because it seems to be a netbios session issue, I have setup an LMHOSTS
>> > file
>> > on a client in City B that had no effect on the problem. the DC1-2k3
>> > server
>> > shows up in an nbtstat -c and I seem to be resolving it's netbios name
>> > just
>> > fine, with or without the LMHOSTS file.
>> >
>> > Thanks so much for ANY help you can give me. All suggestions will be
>> > carefully considered. My best suggestion right now, is to turn around
>> > and
>> > run from this place screaming.
>> >
>>
>>

I am onsite and running a browstat right now. When I do a browstat status
from City A, it lists the master browser and three backup browsers. all on
the local network.

Status for domain MCDOMAIN on transport
\Device\NetBT_Tcpip_{E5D5AFCD-DACC-4A90-89CA-B5C36CC7B250}
Browsing is active on domain.
Master browser name is: DC1-2K3
Master browser is running build 3790
3 backup servers retrieved from master DC1-2K3
\\DC1-2K3
\\EXCHANGE
\\NAS1
There are 35 servers in domain MCNB on transport
\Device\NetBT_Tcpip_{E5D5AFCD-DACC-4A90-89CA-B5C36CC7B250}
There are 2 domains in domain MCNB on transport
\Device\NetBT_Tcpip_{E5D5AFCD-DACC-4A90-89CA-B5C36CC7B250}

When I do a browstat status from City B, it has no reference to the other
city, and shows a different server as the master browser for the domain. It's
only backup is itself.

Status for domain MCDOMAIN on transport
\Device\NetBT_Tcpip_{BADE8544-F5D4-4DC9-A679-5E95DB7397A3}
Browsing is active on domain.
Master browser name is: 01SERVER
Master browser is running build 2195
1 backup servers retrieved from master 01SERVER
\\01SERVER
There are 14 servers in domain MCNB on transport
\Device\NetBT_Tcpip_{BADE8544-F5D4-4DC9-A679-5E95DB7397A3}
There are 1 domains in domain MCNB on transport
\Device\NetBT_Tcpip_{BADE8544-F5D4-4DC9-A679-5E95DB7397A3}


Is this saying that the two MAster browsers are unaware of one another, and
that is what my problem is? or is this standard for Master Browser's in a
WAN environment?


If I do a "browstat view"
in City B of EITHER the 00server, which I can attach to shares on, OR the
DC1-2K3 server, I get NO RESPONSE! Both of these machines are in the other
city, and this browser is completely unaware of them. I did a browstat view
of a local client PC in city b and got this response

\\QCLS1 NT 05.01 (W,S,SQL,NT,PBR) QC Loans












"Robert L. (MS-MVP)" wrote:

> System error 53 is name resolution issue or master browser issue. try to use
> browstat.exe to troubleshoot it first. Or these links may help,
> Computer Browser
> The computer browser is to display a directory of all known computers
> or domains that the computer can reach. The purpose of the browser service
> is to ...
> www.chicagotech.net/browser.htm - Similar pages
>
> Troubleshooting computer browsing issues
> The Computer Browser service on local computer started and stopped ·
> The Computer Browser service terminated with the following error: This
> operation ...
> www.chicagotech.net/computerbrowsingissues.htm
>
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
>
>
> "scampisi" <(E-Mail Removed)> wrote in message
> news:BE3F6FF3-EBEB-470A-BAB1-(E-Mail Removed)...
> >I am having trouble seeing machines over a WAN Link. I am trying to install
> > two new servers in a Windows 2003 network. I didn't setup this network,
> > and
> > this is the first time I've worked on it. It is located in two different
> > cities connected by a T1 WAN Link. I have setup a new server as a Domain
> > Controller and I have also setup the server as their primary DNS for their
> > network. This machine is also the DHCP server for the local network in
> > what
> > we'll call “City A� (137.10.0.0). Everything works fine locally, and
> > people
> > are resolving names, attaching to shares and peacefully processing.
> > However,
> > the remote network(137.101.0.0) in “City B�, across the WAN link cannot
> > access shares on the new server. The new server's name is DC1-2k3, and the
> > other two older servers on that network are named 00SERVER and
> > APPLICATIONS.
> > When I physically go to the remote network(137.101.0.0) in city B, I can
> > ping
> > and resolve the name of any of the servers in City A. DC1-2k3,
> > APPLICATIONS,
> > and 00SERVER all respond to a ping of either their name or IP address.
> > However, if I try and attach to a share on the new server, DC1-2K3, I am
> > told
> > that I cannot see the server. I can attach fine to shares on either of the
> > other servers in City A from City B. If I do:
> >
> > net view \\DC1-2K3
> >
> > I get an
> > “System error 53 has occurred. The network path was not found�
> >
> > When I do a “net view� of any of the other older City A machines from the
> > City B network I also have trouble. It is just the two older servers in
> > City
> > A that I can see. I checked for HOSTS files on the machines, and there
> > were
> > none. I noticed that the DHCP server in City B (137.101.0.0 network) was
> > handing out a WINS server address, which corresponds to the 00SERVER in
> > City
> > A. I thought this was my problem, so I setup my new server (DC1-2K3
> > 137.100.10.6) with the WINS information and rebooted. I then had entries
> > in
> > my WINS database that reflected that there was a machine at 137.100.10.6
> > that
> > was named DC1-2K3. Unfortunately, I still can't see any resources on the
> > new
> > server in City A, from City B. I am completely unfamiliar with WINS
> > servers,
> > so i thought this was my problem, but then I did this net view
> >
> > net view 137.100.10.6
> >
> > and I still got an error 53. I cannot map to the new server or “net view�
> > it
> > via it's IP address OR it's name. The person that contacted me to help
> > them
> > with this told me that “they had a real hard time� getting the two
> > networks
> > to see each other when it was originally setup. The guy wants me to clean
> > up
> > his network and fix any problems that I find, and I am wondering what this
> > problem could be. It is clearly not just name resolution, as my DNS is
> > working fine and I can ping any machine by it's name. If I configure a
> > machine in City B without a WINS server, it can't resolve any local names
> > on
> > the City A network, even though it resolves Internet names correctly.
> >
> > This is the layout of the network.
> >
> > City A -137.10.0.0 class B
> > with three servers DC1-2k3(windows 2003 R2 server) @ 137.100.10.6,
> > 00SERVER(windows 200 Server) @ 137.100.10.5 and APPLICATIONS(windows 203
> > Server) @ 137.100.10.185
> >
> > City B - 137.101.0.0 class B with one server 01SERVER(Windows 2000 Server)
> > @
> > 137.101.10.5
> >
> > The T1 wan link is connected by a Lucent Superpipe 155 on each end. The
> > T1
> > is a point to point and it isn't carrying any voice or any other
> > transmission.
> >
> > I have found that the SYN TCP packets on port 445 (microsoft-ds) and port
> > 139 (netbios ssn) are NOT being responded to when I do a “net view� or
> > “net
> > use� to DC1-2k3 (new server) over the WAN (from city B to City A), but
> > they
> > DO receive an ACK when I do the “net view� or “net use� to 00SERVER (old
> > server) over the WAN from the same PC. This made me think that the
> > firewall
> > had somehow been activated on my new server. This was NOT the case.
> >
> > If I physically drive to City A and do a net view and a net use to either
> > DC1-2k3 or 00server, they both work beautifully.
> >
> > I have run the portqry command on ports 139 and 445 on the new server
> > (DC1-2k3) and the old server (00server). If I am on the local network with
> > those servers ( physically in City A ) then both commands respond with
> > "Listening".
> > However, if I drive to City B, and then do the same portqry over the wan,
> > 00SERVER responds with "Listening", but DC1-2K3 responds with "Filtered".
> >
> > This makes it pretty clear to me that something external to my new server,
> > is filtering ports 139 and 445. If it was a setting on the new server, I
> > shouldn't be able to map drives on the local network, and I should see
> > "filtered" on a portqry from the local network. However, if something on
> > the
> > two Lucent superpipes were blocking the port 139 and port 445 traffic,
> > then I
> > wouldn't be able to see my older servers. I have been through the
> > settings
> > on the routers a number of times, and though it is a bit of a cryptic
> > telnet
> > interface, I was able to find a section for "filters" and "firewalls", but
> > neither seems to be configured to either pass through certain ports to
> > certain machines, or to block certain ports over the WAN link.
> >
> > Because it seems to be a netbios session issue, I have setup an LMHOSTS
> > file
> > on a client in City B that had no effect on the problem. the DC1-2k3
> > server
> > shows up in an nbtstat -c and I seem to be resolving it's netbios name
> > just
> > fine, with or without the LMHOSTS file.
> >
> > Thanks so much for ANY help you can give me. All suggestions will be
> > carefully considered. My best suggestion right now, is to turn around and
> > run from this place screaming.
> >
>