DNS the problem??

[LESLIE]

I have two networks

10.5.100.x and
172.16.0.x

I have DNS running on 172.16.0.2 (my exchange server) I
also have 172.16.0.3 (file/print server, this is not
running DNS). That's all I have on 172.16.0.x

Then all my other pc 10.5.100.x (about 100, running
everything from win95 to xp)

All these are connected eventually through my router and
firewall, which are configured to allow these networks to
talk to each other.

Everyone can talk to each other, mail comes and goes, but
the problem comes with my print server. When I setup a
printer on any machine (that is on the 10.5.100.x) it
takes close to 1 min to find the printer, but it does
find it and connects and works. Everything that is on
that file/print server takes along time to access, but
does eventually get there.

I ping the 172.16.0.x (from a 10.5.100.x) and this is
what i get

Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=2ms TTL=127
Request timed out.
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=9ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127

It seems to time out but comes back. What can I do to
speed up access to files and printers?

The funny this is that if I set up a printer on say the
mail server, it finds it almost immediately.

I've checked to make sure DNS is running and it is. Is
this a DNS issue? If so, what should I be looking for?

I would really appreciate anybody's help.

Thanks so much in advance.
Leslie

 

[Steve Duff [MVP]]

DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning it up
and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

 

[Michael Johnston [MSFT]]

This is most likely a WINS netbios name resolution issue. Again this depends on how you are accessing the printer and what you are doing to "find" the
printer. Setup a WINS server on your server and point all clients and servers to this WINS server. Make sure that Netbios over TCP/IP is enabled.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

 

[Guest]

I have ran netdiag/fix and everything seemed to pass.
This is what it said for DNS
DNS test .................: Passed
PASS - All the DNS entries for DC are registered on DNS
server '172.16.0.2' and other DCs also have some of the
names registered.
[WARNING] The DNS entries for this DC are not registered
correctly on DNS server '205.171.3.65'. Please wait for 30
minutes for DNS server replication.

Now that 205... that is my ISPs DNS server. I use that
for them external name resolution.

All workstations including the dns servers and servers
are pointing to 172.16.0.2 and 205.

I still don't know why its dropping packets.

I do have WINS installed.

Other than that, I don't know what else to look for.

-----Original Message-----
DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning it up
and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

"LESLIE" <[email protected]> wrote in

message news:[email protected]...

 

[leslie]

I did run the netdiag/fix and everything seemed to pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS server
replication.

The 205. is the dns server for my isp. All the
workstations and servers including the
dns are pointing to 172.16.0.2 and 205...

Wins is installed and running on the servers.

The ping still continues to drop packets and I don't know
what else to look for.

-----Original Message-----
DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning it up
and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

"LESLIE" <[email protected]> wrote in

message news:[email protected]...

 

[Kevin D. Goodknecht]

In

I did run the netdiag/fix and everything seemed to pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS server
replication.

You should not use your ISP's DNS in TCP/IP properties, you don't need it,
your local DNS server can be configured to resolve internet names and should
be if you need internet. Using your ISP's DNS causes errors and slow network
resolution. 300202 - HOW TO Configure DNS for Internet Access in Windows
2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202&FR=1

 

[LESLIE]

I did run the netdiag/fix and everything seemed to pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS server
replication.

The 205. is the dns server for my isp. All the
workstations and servers including the
dns are pointing to 172.16.0.2 and 205...

Wins is installed and running on the servers.

The ping still continues to drop packets and I don't know
what else to look for.

-----Original Message-----
DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning it up
and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

"LESLIE" <[email protected]> wrote in

message news:[email protected]...

 

[Steve Duff [MVP]]

Are you saying that connecting to a printer share on the 10
side from the 172 side acts differently than connecting to a
file share in the same way? That would be really unusual.

Since you have an issue with the network, you might dig in to
that first to see if resolving that clears up this issue.

Steve Duff, MCSE
Ergodic Systems, Inc.

I did run the netdiag/fix and everything seemed to pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS server
replication.

The 205. is the dns server for my isp. All the
workstations and servers including the
dns are pointing to 172.16.0.2 and 205...

Wins is installed and running on the servers.

The ping still continues to drop packets and I don't know
what else to look for.

-----Original Message-----
DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning it up
and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

"LESLIE" <[email protected]> wrote in

message news:[email protected]...

.

 

[Guest]

I'm still trying to figure out the network problem. But
accessing printers/files from 172 to 172 is almost
immediate, accessing printers/files from 10 to 10 is
almost immediate. Accessing printers/files from 10 to
172 is what takes a very long time, but does eventually
get there.

-----Original Message-----
Are you saying that connecting to a printer share on the 10
side from the 172 side acts differently than connecting to a
file share in the same way? That would be really unusual.

Since you have an issue with the network, you might dig in to
that first to see if resolving that clears up this issue.

Steve Duff, MCSE
Ergodic Systems, Inc.

"leslie" <[email protected]> wrote in

message news:[email protected]...

I did run the netdiag/fix and everything seemed to pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS server
replication.

The 205. is the dns server for my isp. All the
workstations and servers including the
dns are pointing to 172.16.0.2 and 205...

Wins is installed and running on the servers.

The ping still continues to drop packets and I don't know
what else to look for.

-----Original Message-----
DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning it up
and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

"LESLIE" <[email protected]> wrote

in
message news:[email protected]...

I have two networks

10.5.100.x and
172.16.0.x

I have DNS running on 172.16.0.2 (my exchange server) I
also have 172.16.0.3 (file/print server, this is not
running DNS). That's all I have on 172.16.0.x

Then all my other pc 10.5.100.x (about 100, running
everything from win95 to xp)

All these are connected eventually through my router and
firewall, which are configured to allow these

networks
to

talk to each other.

Everyone can talk to each other, mail comes and

goes,
but

the problem comes with my print server. When I setup a
printer on any machine (that is on the 10.5.100.x) it
takes close to 1 min to find the printer, but it does
find it and connects and works. Everything that is on
that file/print server takes along time to access, but
does eventually get there.

I ping the 172.16.0.x (from a 10.5.100.x) and this is
what i get

Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=2ms TTL=127
Request timed out.
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=9ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127

It seems to time out but comes back. What can I do to
speed up access to files and printers?

The funny this is that if I set up a printer on say the
mail server, it finds it almost immediately.

I've checked to make sure DNS is running and it is. Is
this a DNS issue? If so, what should I be looking for?

I would really appreciate anybody's help.

Thanks so much in advance.
Leslie




.

.

 

[Steve Duff [MVP]]

OK - it's printers and files, which makes at least
a little sense.

I think I'd maybe work from the middle on this one --
try enabling netbios broadcast passthrough on the
router. If things work properly after an hour or so then
we have a WINS or browser problem. Otherwise it seems
reasonable to assume that the network issue is responsible.

What kind of router is this?

Steve Duff, MCSE
Ergodic Systems, Inc.

I'm still trying to figure out the network problem. But
accessing printers/files from 172 to 172 is almost
immediate, accessing printers/files from 10 to 10 is
almost immediate. Accessing printers/files from 10 to
172 is what takes a very long time, but does eventually
get there.

-----Original Message-----
Are you saying that connecting to a printer share on the 10
side from the 172 side acts differently than connecting to a
file share in the same way? That would be really unusual.

Since you have an issue with the network, you might dig in to
that first to see if resolving that clears up this issue.

Steve Duff, MCSE
Ergodic Systems, Inc.

"leslie" <[email protected]> wrote in

message news:[email protected]...

I did run the netdiag/fix and everything seemed to pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS server
replication.

The 205. is the dns server for my isp. All the
workstations and servers including the
dns are pointing to 172.16.0.2 and 205...

Wins is installed and running on the servers.

The ping still continues to drop packets and I don't know
what else to look for.

-----Original Message-----
DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning it up
and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

message I have two networks

10.5.100.x and
172.16.0.x

I have DNS running on 172.16.0.2 (my exchange server) I
also have 172.16.0.3 (file/print server, this is not
running DNS). That's all I have on 172.16.0.x

Then all my other pc 10.5.100.x (about 100, running
everything from win95 to xp)

All these are connected eventually through my router
and
firewall, which are configured to allow these networks
to
talk to each other.

Everyone can talk to each other, mail comes and goes,
but
the problem comes with my print server. When I setup a
printer on any machine (that is on the 10.5.100.x) it
takes close to 1 min to find the printer, but it does
find it and connects and works. Everything that is on
that file/print server takes along time to access, but
does eventually get there.

I ping the 172.16.0.x (from a 10.5.100.x) and this is
what i get

Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=2ms TTL=127
Request timed out.
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=9ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127

It seems to time out but comes back. What can I do to
speed up access to files and printers?

The funny this is that if I set up a printer on say the
mail server, it finds it almost immediately.

I've checked to make sure DNS is running and it is. Is
this a DNS issue? If so, what should I be looking for?

I would really appreciate anybody's help.

Thanks so much in advance.
Leslie




.

.

 

[Leslie]

We have a Cisco 1721 Router and a Nokia Checkpoint
Firewall. I'm thinking its the firewall (we have a
managed firewall, so i've been working with them to
figure it out and they say its not the firewall since all
traffic goes through) The firewall has three interfaces,
1 - Internet public ip 2 - 10.5.100.x 3 - 172.16.0.x.
All my pcs are on the 10.5 and my servers are 172.16. If
I ping anything from 10 to 10, immediate reply, I ping
172 to 172 immediate reply, I ping 172 from 10 thats were
I get the delay and the time outs. And the only thing
connecting them is the firewall.

I am not comfortable enough with routers to run the test
you suggested.

Worst comes to worst, we are thinking of moving the
servers to 10.5 since there is no delay and hope that
that fixes the problem. Since we think its not a server
configuration issue (since everything does seem to work
except that it is slow), we'd thought we'd give it a
try.

-----Original Message-----
OK - it's printers and files, which makes at least
a little sense.

I think I'd maybe work from the middle on this one --
try enabling netbios broadcast passthrough on the
router. If things work properly after an hour or so then
we have a WINS or browser problem. Otherwise it seems
reasonable to assume that the network issue is responsible.

What kind of router is this?

Steve Duff, MCSE
Ergodic Systems, Inc.

I'm still trying to figure out the network problem. But
accessing printers/files from 172 to 172 is almost
immediate, accessing printers/files from 10 to 10 is
almost immediate. Accessing printers/files from 10 to
172 is what takes a very long time, but does eventually
get there.

-----Original Message-----
Are you saying that connecting to a printer share on

the
10

side from the 172 side acts differently than

connecting
to a

file share in the same way? That would be really unusual.

Since you have an issue with the network, you might

dig
in to

that first to see if resolving that clears up this issue.

Steve Duff, MCSE
Ergodic Systems, Inc.

"leslie" <[email protected]> wrote

in
message news:[email protected]...

I did run the netdiag/fix and everything seemed to pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS server
replication.

The 205. is the dns server for my isp. All the
workstations and servers including the
dns are pointing to 172.16.0.2 and 205...

Wins is installed and running on the servers.

The ping still continues to drop packets and I don't know
what else to look for.

-----Original Message-----
DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning

it
up

and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

"LESLIE" <[email protected]>

wrote
in

message [email protected]...
I have two networks

10.5.100.x and
172.16.0.x

I have DNS running on 172.16.0.2 (my exchange server) I
also have 172.16.0.3 (file/print server, this is not
running DNS). That's all I have on 172.16.0.x

Then all my other pc 10.5.100.x (about 100, running
everything from win95 to xp)

All these are connected eventually through my router
and
firewall, which are configured to allow these networks
to
talk to each other.

Everyone can talk to each other, mail comes and goes,
but
the problem comes with my print server. When I setup a
printer on any machine (that is on the

10.5.100.x)
it

takes close to 1 min to find the printer, but it does
find it and connects and works. Everything that

is
on

that file/print server takes along time to

access,
but

does eventually get there.

I ping the 172.16.0.x (from a 10.5.100.x) and

this
is

what i get

Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=2ms TTL=127
Request timed out.
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=9ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127

It seems to time out but comes back. What can I

do
to

speed up access to files and printers?

The funny this is that if I set up a printer on

say
the

mail server, it finds it almost immediately.

I've checked to make sure DNS is running and it is. Is
this a DNS issue? If so, what should I be

looking
for?

I would really appreciate anybody's help.

Thanks so much in advance.
Leslie




.



.

.

 

[Ace Fekay [MVP]]

Is routing enabled between the two private interfaces on your checkpoint?

If the checkpoint firewall is installed on a Windows 2000 server, then I can
see why this is happening. It maybe due to H.323 support, which would need
to be disabled. This can cause issues with domain communication. Here's a
link on that:

261203 - Error Messages When Windows 2000 Client in Windows 2000 Domain
Attempts to Open Active Directory Snap-in [NAT, H.323, PDU size, Netsh and
LDAP issues wtih mutli NAT'ed NICs]:
http://support.microsoft.com/?id=261203

Now if it's not on a Windows machine, consult the documentation on enabling
routing between them and making sure MTU's are set to default or H.323
settings are disabled. Make sure routing between the interfaces are set wide
open, meaning no firewall packet filtering whatsoever between them.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

We have a Cisco 1721 Router and a Nokia Checkpoint
Firewall. I'm thinking its the firewall (we have a
managed firewall, so i've been working with them to
figure it out and they say its not the firewall since all
traffic goes through) The firewall has three interfaces,
1 - Internet public ip 2 - 10.5.100.x 3 - 172.16.0.x.
All my pcs are on the 10.5 and my servers are 172.16. If
I ping anything from 10 to 10, immediate reply, I ping
172 to 172 immediate reply, I ping 172 from 10 thats were
I get the delay and the time outs. And the only thing
connecting them is the firewall.

I am not comfortable enough with routers to run the test
you suggested.

Worst comes to worst, we are thinking of moving the
servers to 10.5 since there is no delay and hope that
that fixes the problem. Since we think its not a server
configuration issue (since everything does seem to work
except that it is slow), we'd thought we'd give it a
try.

-----Original Message-----
OK - it's printers and files, which makes at least
a little sense.

I think I'd maybe work from the middle on this one --
try enabling netbios broadcast passthrough on the
router. If things work properly after an hour or so then
we have a WINS or browser problem. Otherwise it seems
reasonable to assume that the network issue is responsible.

What kind of router is this?

Steve Duff, MCSE
Ergodic Systems, Inc.

I'm still trying to figure out the network problem. But
accessing printers/files from 172 to 172 is almost
immediate, accessing printers/files from 10 to 10 is
almost immediate. Accessing printers/files from 10 to
172 is what takes a very long time, but does eventually
get there.

-----Original Message-----
Are you saying that connecting to a printer share on the
10
side from the 172 side acts differently than connecting
to a
file share in the same way? That would be really unusual.

Since you have an issue with the network, you might dig
in to
that first to see if resolving that clears up this issue.

Steve Duff, MCSE
Ergodic Systems, Inc.

message I did run the netdiag/fix and everything seemed to
pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS
server
replication.

The 205. is the dns server for my isp. All the
workstations and servers including the
dns are pointing to 172.16.0.2 and 205...

Wins is installed and running on the servers.

The ping still continues to drop packets and I don't
know
what else to look for.

-----Original Message-----
DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning it
up
and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly
related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

in
message [email protected]...
I have two networks

10.5.100.x and
172.16.0.x

I have DNS running on 172.16.0.2 (my exchange
server) I
also have 172.16.0.3 (file/print server, this is not
running DNS). That's all I have on 172.16.0.x

Then all my other pc 10.5.100.x (about 100, running
everything from win95 to xp)

All these are connected eventually through my router
and
firewall, which are configured to allow these
networks
to
talk to each other.

Everyone can talk to each other, mail comes and
goes,
but
the problem comes with my print server. When I
setup a
printer on any machine (that is on the 10.5.100.x)
it
takes close to 1 min to find the printer, but it
does
find it and connects and works. Everything that is
on
that file/print server takes along time to access,
but
does eventually get there.

I ping the 172.16.0.x (from a 10.5.100.x) and this
is
what i get

Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=2ms TTL=127
Request timed out.
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=9ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127

It seems to time out but comes back. What can I do
to
speed up access to files and printers?

The funny this is that if I set up a printer on say
the
mail server, it finds it almost immediately.

I've checked to make sure DNS is running and it
is. Is
this a DNS issue? If so, what should I be looking
for?

I would really appreciate anybody's help.

Thanks so much in advance.
Leslie




.



.

.

 

[Leslie]

I have installed WINS on the server and All the clients
are pointing to it and Netbios over TCP/IP is enabled.
Still no luck.

-----Original Message-----
This is most likely a WINS netbios name resolution

issue. Again this depends on how you are accessing the
printer and what you are doing to "find" the

printer. Setup a WINS server on your server and point

all clients and servers to this WINS server. Make sure
that Netbios over TCP/IP is enabled.

Thank you,
Mike Johnston
Microsoft Network Support

confers no rights. Use of included script samples are
subject to the terms specified at

http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all

responses to this message are best directed to the
newsgroup/thread from which they originated.

 

[Leslie]

Thanks for the input. Although, since I don't have DHCP
setup, i'd have to go to every machine (about 100) and
reconfigure each one. (We don't have DHCP setup, because
some specific software that we have requires all machines
on static ip's. Makes my life harder) So I want to save
this as a last resort.

-----Original Message-----
In leslie <[email protected]> posted a question
Then Kevin replied below:

I did run the netdiag/fix and everything seemed to pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS server
replication.

You should not use your ISP's DNS in TCP/IP properties, you don't need it,
your local DNS server can be configured to resolve internet names and should
be if you need internet. Using your ISP's DNS causes errors and slow network
resolution. 300202 - HOW TO Configure DNS for Internet Access in Windows
2000
http://support.microsoft.com/default.aspx?scid=kb;en- us;300202&FR=1

The 205. is the dns server for my isp. All the
workstations and servers including the
dns are pointing to 172.16.0.2 and 205...

Wins is installed and running on the servers.

The ping still continues to drop packets and I don't know
what else to look for.
in
message news:[email protected]...

.

 

[Jeff Westhead [MS]]

I can't tell you the exact syntax but it may be possible for you to script
that kind of change with netsh.

Perhaps you should investigate using DHCP with static reservations to make
administration easier?

--

This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for the input. Although, since I don't have DHCP
setup, i'd have to go to every machine (about 100) and
reconfigure each one. (We don't have DHCP setup, because
some specific software that we have requires all machines
on static ip's. Makes my life harder) So I want to save
this as a last resort.

-----Original Message-----
In leslie <[email protected]> posted a question
Then Kevin replied below:

I did run the netdiag/fix and everything seemed to pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS server
replication.

You should not use your ISP's DNS in TCP/IP properties, you don't need it,
your local DNS server can be configured to resolve internet names and should
be if you need internet. Using your ISP's DNS causes errors and slow network
resolution. 300202 - HOW TO Configure DNS for Internet Access in Windows
2000
http://support.microsoft.com/default.aspx?scid=kb;en- us;300202&FR=1

The 205. is the dns server for my isp. All the
workstations and servers including the
dns are pointing to 172.16.0.2 and 205...

Wins is installed and running on the servers.

The ping still continues to drop packets and I don't know
what else to look for.

-----Original Message-----
DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning it up
and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

message I have two networks

10.5.100.x and
172.16.0.x

I have DNS running on 172.16.0.2 (my exchange server) I
also have 172.16.0.3 (file/print server, this is not
running DNS). That's all I have on 172.16.0.x

Then all my other pc 10.5.100.x (about 100, running
everything from win95 to xp)

All these are connected eventually through my router and
firewall, which are configured to allow these networks to
talk to each other.

Everyone can talk to each other, mail comes and goes, but
the problem comes with my print server. When I setup a
printer on any machine (that is on the 10.5.100.x) it
takes close to 1 min to find the printer, but it does
find it and connects and works. Everything that is on
that file/print server takes along time to access, but
does eventually get there.

I ping the 172.16.0.x (from a 10.5.100.x) and this is
what i get

Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=2ms TTL=127
Request timed out.
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=9ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127

It seems to time out but comes back. What can I do to
speed up access to files and printers?

The funny this is that if I set up a printer on say the
mail server, it finds it almost immediately.

I've checked to make sure DNS is running and it is. Is
this a DNS issue? If so, what should I be looking for?

I would really appreciate anybody's help.

Thanks so much in advance.
Leslie




.

.

 

[Kevin D. Goodknecht]

In

Thanks for the input. Although, since I don't have DHCP
setup, i'd have to go to every machine (about 100) and
reconfigure each one. (We don't have DHCP setup, because
some specific software that we have requires all machines
on static ip's. Makes my life harder) So I want to save
this as a last resort.

This is not optional, your ISP cannot resolve your local domain you must
only use your local DNS for your AD domain.
It will cause errors slow logons and slow network access in an AD
environment. In a Win2k domain network, resource locations are stored in
DNS, your DNS, when you access your network resources, DNS is where Win2k
looks, if it ain't there, which it is not on your ISP's DNS, you will get
errors.

 

[Steve Duff [MVP]]

What is the Cisco doing in this setup?

I don't think this is an MTU/MSS problem as the network is losing packets
randomly even with 32-byte pings), nor does it sound like RRAS/NAT is even being
used and H.323 shim interference wouldn't manifest like this. Possible, but
just doesn't seem likely to me given the symptoms.

A properly configured LAN-to-LAN router should never drop small pings. Occasionally
the first one might get dropped, but even then there usually is plenty of time to resolve
ARP and get a reply through.

Given that you have a managed firewall that has high ping delays and is losing
packets; I'd politely request that they fix it. LAN-to-LAN routing should not be dropping
ping packets. Maybe the first, but after that it should sail with 1-2ms kind of delays.

You can't just assume that if a router config is broken that it will just stop passing
data; it isn't nearly that simple. You can have a bad gateway mask or address for
example can cause response delays, a misapplied filter, even insufficient RAM.
At any rate, you have a defineable, low-level problem which is fixable (long delays
and dropped packets), so work on that and see what devolves higher up when that's
working.

Steve Duff, MCSE
Ergodic Systems, Inc.

Is routing enabled between the two private interfaces on your checkpoint?

If the checkpoint firewall is installed on a Windows 2000 server, then I can
see why this is happening. It maybe due to H.323 support, which would need
to be disabled. This can cause issues with domain communication. Here's a
link on that:

261203 - Error Messages When Windows 2000 Client in Windows 2000 Domain
Attempts to Open Active Directory Snap-in [NAT, H.323, PDU size, Netsh and
LDAP issues wtih mutli NAT'ed NICs]:
http://support.microsoft.com/?id=261203

Now if it's not on a Windows machine, consult the documentation on enabling
routing between them and making sure MTU's are set to default or H.323
settings are disabled. Make sure routing between the interfaces are set wide
open, meaning no firewall packet filtering whatsoever between them.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

We have a Cisco 1721 Router and a Nokia Checkpoint
Firewall. I'm thinking its the firewall (we have a
managed firewall, so i've been working with them to
figure it out and they say its not the firewall since all
traffic goes through) The firewall has three interfaces,
1 - Internet public ip 2 - 10.5.100.x 3 - 172.16.0.x.
All my pcs are on the 10.5 and my servers are 172.16. If
I ping anything from 10 to 10, immediate reply, I ping
172 to 172 immediate reply, I ping 172 from 10 thats were
I get the delay and the time outs. And the only thing
connecting them is the firewall.

I am not comfortable enough with routers to run the test
you suggested.

Worst comes to worst, we are thinking of moving the
servers to 10.5 since there is no delay and hope that
that fixes the problem. Since we think its not a server
configuration issue (since everything does seem to work
except that it is slow), we'd thought we'd give it a
try.

-----Original Message-----
OK - it's printers and files, which makes at least
a little sense.

I think I'd maybe work from the middle on this one --
try enabling netbios broadcast passthrough on the
router. If things work properly after an hour or so then
we have a WINS or browser problem. Otherwise it seems
reasonable to assume that the network issue is responsible.

What kind of router is this?

Steve Duff, MCSE
Ergodic Systems, Inc.


I'm still trying to figure out the network problem. But
accessing printers/files from 172 to 172 is almost
immediate, accessing printers/files from 10 to 10 is
almost immediate. Accessing printers/files from 10 to
172 is what takes a very long time, but does eventually
get there.

-----Original Message-----
Are you saying that connecting to a printer share on the
10
side from the 172 side acts differently than connecting
to a
file share in the same way? That would be really unusual.

Since you have an issue with the network, you might dig
in to
that first to see if resolving that clears up this issue.

Steve Duff, MCSE
Ergodic Systems, Inc.

message I did run the netdiag/fix and everything seemed to
pass.
This the result for DNS

DNS test ..........................assed
PASS - All the DNS entries for DC are registered on
DNS server '172.16.0.2'
and other DCc also have some of the names registered.
[WARNING] The DNS entries for this DC are not
registered correctly on DNS server
'205.171.3.65. Please wait for 30 minutes for DNS
server
replication.

The 205. is the dns server for my isp. All the
workstations and servers including the
dns are pointing to 172.16.0.2 and 205...

Wins is installed and running on the servers.

The ping still continues to drop packets and I don't
know
what else to look for.

-----Original Message-----
DNS and DDNS registration and resolution
problems would be the first thing to check. Make
sure that everyone is pointing only to the domain
DNS server for resolution. That includes the servers
and the DNS server(s) itself. Run a netdiag /fix
(from the resource kit) to make sure the core
domain records are registered correctly. Since
things are otherwise OK, DNS may not be the
problem.

If you are not running a WINS server, try turning it
up
and pointing everyone to it. As distasteful
as it may be, especially with a routed LAN, there
is little choice but to use it, even in a pure 2K/XP
environment, if you want to avoid problems
of this sort.

You should not be dropping packets on a
LAN-to-LAN routing; that is something
you definitely should investigate. And that 9ms
delay time bothers me too. But given all
you've described, I don't >think< it is directly
related
since other connections apparently work LAN-to-LAN.

Steve Duff, MCSE
Ergodic Systems, Inc.

in
message [email protected]...
I have two networks

10.5.100.x and
172.16.0.x

I have DNS running on 172.16.0.2 (my exchange
server) I
also have 172.16.0.3 (file/print server, this is not
running DNS). That's all I have on 172.16.0.x

Then all my other pc 10.5.100.x (about 100, running
everything from win95 to xp)

All these are connected eventually through my router
and
firewall, which are configured to allow these
networks
to
talk to each other.

Everyone can talk to each other, mail comes and
goes,
but
the problem comes with my print server. When I
setup a
printer on any machine (that is on the 10.5.100.x)
it
takes close to 1 min to find the printer, but it
does
find it and connects and works. Everything that is
on
that file/print server takes along time to access,
but
does eventually get there.

I ping the 172.16.0.x (from a 10.5.100.x) and this
is
what i get

Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=2ms TTL=127
Request timed out.
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127
Reply from 172.16.0.2: bytes=32 time=3ms TTL=127
Reply from 172.16.0.2: bytes=32 time=9ms TTL=127
Reply from 172.16.0.2: bytes=32 time=1ms TTL=127

It seems to time out but comes back. What can I do
to
speed up access to files and printers?

The funny this is that if I set up a printer on say
the
mail server, it finds it almost immediately.

I've checked to make sure DNS is running and it
is. Is
this a DNS issue? If so, what should I be looking
for?

I would really appreciate anybody's help.

Thanks so much in advance.
Leslie




.



.



.

 

[Ace Fekay [MVP]]

In

What is the Cisco doing in this setup?

I don't think this is an MTU/MSS problem as the network is losing
packets
randomly even with 32-byte pings), nor does it sound like RRAS/NAT is
even being
used and H.323 shim interference wouldn't manifest like this.
Possible, but
just doesn't seem likely to me given the symptoms.

A properly configured LAN-to-LAN router should never drop small
pings. Occasionally
the first one might get dropped, but even then there usually is
plenty of time to resolve
ARP and get a reply through.

Given that you have a managed firewall that has high ping delays and
is losing
packets; I'd politely request that they fix it. LAN-to-LAN routing
should not be dropping
ping packets. Maybe the first, but after that it should sail with
1-2ms kind of delays.

You can't just assume that if a router config is broken that it will
just stop passing
data; it isn't nearly that simple. You can have a bad gateway mask or
address for
example can cause response delays, a misapplied filter, even
insufficient RAM.
At any rate, you have a defineable, low-level problem which is
fixable (long delays
and dropped packets), so work on that and see what devolves higher up
when that's
working.

Steve Duff, MCSE
Ergodic Systems, Inc.

Hi Steve,

I agree. I was just making some suggestions from what I've encountered in
the past. You'r eright they need to consult with their ISP since they are
managing the firewall to see why pings are dropping. It could come down to a
bad local loop too. I've had that problem, but in my problem, squirrels were
the culprit. They chewed the line and caused Frame (CRC) errors on the loop.
Could just as well be a bad loop too. Seen that in one of my clients. Had to
get Verizon out there until they finally found after numerous tests that it
was the CO's card(HU-O card ? forget what they called it), and not the line
itself.

Cheers!

Ace

 

[Steve Duff [MVP]]

The thing is, he's losing packets on the LAN-to-LAN
routing which (I assume) is a couple of 10/100
Ethernet connections. Even if you unplug the WAN side
that should work. If the setup is more complex than I've
pictured it, there could be a spot in there for a problem.
Have to know more about the topology.

Anyway, it's hard to figure unless the router config is just hosed
(what I think) or there's an equipment or cabling issue
(which I don't think).

Steve

 

[Ace Fekay [MVP]]

In

The thing is, he's losing packets on the LAN-to-LAN
routing which (I assume) is a couple of 10/100
Ethernet connections. Even if you unplug the WAN side
that should work. If the setup is more complex than I've
pictured it, there could be a spot in there for a problem.
Have to know more about the topology.

Anyway, it's hard to figure unless the router config is just hosed
(what I think) or there's an equipment or cabling issue
(which I don't think).

Steve

Good point. Hard to tell with additional info, and besides, if their ISP is
administering the router, no telling what the settings are.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory