Bizarre Windows 7 networking problem

[StewartR]

I'd appreciate a bit of help from the Windows networking gurus here. Hopefully it's just a little thing...

The office network here contains 5 Windows PCs:

• LFH-2 running Windows 7 Professional SP1 (32-bit)
• LFH-3 running Windows 7 Professional SP1 (32-bit)
• LFH-5 running Windows 7 Professional SP1 (64-bit)
• LFH-6 running Windows 7 Professional SP1 (64-bit)
• LFH-SERVER running Windows Home Server SP2

The network doesn't use domains or home groups. All machines are members of a workgroup called WORKGROUP. All machines have IP addresses of the form 10.0.4.xxx. When I run ipconfig, each machine reports that its DNS server is 10.0.4.254, its default gateway is 10.0.4.254, and its subnet mask is 255.255.255.0. So in short I can't see any obvious differences in the way they're set up.

Here's the problem. My machine is LFH-3. If I go into Windows Explorer on any of the other machines and click on the 'Network' icon, all 5 machines are listed, which is what I'd expect. However, if I go into Windows Explorer on my machine, only three of the machines are listed: -2, -3 and -SERVER. It doesn't list -5 or -6. This matters because I need to connect to a printer which is attached to -6 (and which, for practical reasons, can't be attached to any of the other machines). If Windows can't see the -6 machine, I can't connect to the printer.

At first I wondered whether it was some sort of 32-bit/64-bit issue, because the two machines I can't see are the 64-bit ones. But it's not that, because -2 which is also 32-bit can see the 64-bit machines.

I've tried pinging around the network to see what that uncovers. I don't have ready access to the -2 and -5 machines, but I've tried from the other three.

• From -3 I can ping -SERVER by name, but I can't ping any of the other machines by name. I can ping -2, -5 and -SERVER using their IP addresses, but if I try to ping -6 using its IP address, the request times out.
• From -SERVER I can't ping any machines by name. I can ping -2 and -5 using their IP addresses, but if I try to ping -3 or -6 using their IP addresses, the request times out.
• From -6 I can ping -SERVER by name, but I can't ping any of the other machines by name. However I can ping all of the machines using their IP addresses.

I'm completely stumped. Any suggestions? Any more diagnostics I should test?

 

[neil_g]

sounds like a mix of DNS and firewall issues maybe.

does home server have DNS server capability? If so try using that over any router based DNS.

 

[Sharky]

sounds like a mix of DNS and firewall issues maybe.

Agreed.

Make sure each machine has the firewall turned off for the LAN (assuming your router has a FW to protect devices from external sources) first. Then further troubleshoot the remaining issue(s) i.e. DNS.

 

[StewartR]

sounds like a mix of DNS and firewall issues maybe.

does home server have DNS server capability? If so try using that over any router based DNS.

I don't think Home Server does have DNS server capability.

All the PCs run Norton Internet Security which has a 'smart' firewall, and all of them have the Windows firewall turned off. On my machine the Norton network security map shows all the other machines, including -6 which I can't ping, and it confirms that they are all 'trusted'.

That last bit really has me confused. Norton can see the -6 machine and can tell me its IP address. But if I try to ping that IP address from a command line prompt, it times out.

 

[Sharky]

As a test (again assuming protected by router firewall) turn Norton off temporarily on each PC and try again. Make sure each PC also has networking / file sharing enabled.

 

[onomatopoeia]

All the PCs run Norton Internet Security which has a 'smart' firewall, and all of them have the Windows firewall turned off. On my machine the Norton network security map shows all the other machines, including -6 which I can't ping, and it confirms that they are all 'trusted'.

Disable / uninstall that on all of them. Try again. Report back. So many networking problems are down to personal firewalls.

One other thing to consider is the status of the guest account on each machine. Enabling it sometimes mysteriously fixes strange problems with SMB networking. I'm sure an IT person (which I'm not) would be able to explain why.

 

[neil_g]

One other thing to consider is the status of the guest account on each machine. Enabling it sometimes mysteriously fixes strange problems with SMB networking. I'm sure an IT person (which I'm not) would be able to explain why.

if the permissions arent set right then enabling the guest account may "resolve" them. although not something id leave enabled.

 

[PaulF]

You could try turning on Windows Network Discovery. Unless you have a DNS server sitting at 10.0.4.254 which is also your router that may be complicating the issue.
Do these pc's have Internet access?

 

[arad85]

You and network visibility eh Stewart

Right. This requires a logical approach. Firstly, it is unlikely to be a DNS issue as for DNS to be used, you have to have setup a DNS server, told it to manage a "domain" (where domain is an Internet domain as opposed to a Windows domain) and told it to tell all the DHCP machines to append a domain name suffix automatically. This may sound like gobbledy-gook, but I have 2 DNS servers here (one at home, the other in my partners business) so I can refer to a machine by name like: mainserver.home or shopserv.shop - this queries the DNS server and the IP address is returned and that is used. This is entirely different to windows network names which don't have a . in them. For windows networks (where you just use the name - such as mainserver in my example before) a different method is used to detect the network address. A "master browser" is elected on the network and that manages the names to IP addresses - if no master browser is available, a broadcast message is sent and machines respond if they have the correct name. Even onm well setup networks, this can be a complete PITA to get right if machines keep coming on and off line.

Whilst I appreciate it is frustrating for the moment, I would put the Windows name resolution on the back burner until you have pings working from all machines to all others.

Steps to debug.

• Disable ALL firewalls
• Check the router LAN settings are 10.0.4.254, netmask 255.255.255.0, with valid DNS servers (use 8.8.8.8 if you don't have a good one). It may also need a gateway which is usually its own address 10.0.4.254
• If any machines get their IP via DHCP, check and recheck the settings (i.e. that the network is indeed 10.0.4.<START> .. 10.0.4.<END>, the netmask is 255.255.255.0, the gateway is 10.0.4.254 (I assume this is your router) and that valid DNS servers are in the DNS entries. Personally, for the avoidance of confusion, I would turn off any DNS server/forwarder/service on your router (which one is it by the way).
• Check that no static IPs lie within the DHCP range
• Check (again!) that all STATIC IP machines are 10.0.4.x, netmask 255.255.255.0, gateway 10.0.4.254, with valid DNS servers (use 8.8.8.8 if you don't have a good one).
• Try pinging all individual IPs again. If you can't reach one, check there are no firewall services running AT ALL - including WIndows - I know you think it is disabled, but just in case. You will know none are running as Windows should alert you.
• If you still have no luck, post the IP configs of all 5 machines and the IP config of the souter here.
• Once all that is working, it's time to switch each firewall back on and see where you are. Personally, on a computer behind a firewall, I'd just run Windows Firewall and a free anti-virus such as Avast. My personal opinion is the all in one security solutions are too clever for their own good and sometimes trip up.

Once you have that all working, onto sorting the domains.... We can do that in another post as it involves debugging why all the PCs don't join the same domain.... BTW: you can get Windows to use an IP address instead of a network name if you want to attach a printer....

BTW2: are any of these laptops which get moved about and used on any other networks (at home for example?)

 

[afasoas]

My money would be on either:
a) Network Discovery not being fully enabled on all the machines (http://windows.microsoft.com/en-us/windows/what-is-network-discovery#1TC=windows-7)
b) A master browser problem (http://scottiestech.info/2009/02/14/how-to-determine-the-master-browser-in-a-windows-workgroup/)

When I've had similar problems in the past, the master browser PC has been switched off. Or another PC has been switched on and elected itself master browser. This can result in "network neighbourhood" on each local machine being out of sync.
I've resolved this by tweaking registry a setting that prevents PCs from electing themselves as master browser, so that functionality remains with the machine that is always switched on.

If all you are trying to do is map a printer, open Windows Explorer and type \\<computername> into the address bar and press enter. You should see all of the shared resources on that PC. You can right-click the printer icon and map the device.

Hope this helps.
Cheers
Dan

 

[Byker28i]

Another quick thought? Got any blank passwords? Windows 7 doesn't like connecting with blank passwords by default.

 

[pwhysall]

All the PCs run Norton Internet Security

Whilst maybe not the problem, this is certainly a problem.

 

[arad85]

b) A master browser problem (http://scottiestech.info/2009/02/14/how-to-determine-the-master-browser-in-a-windows-workgroup/)

Thanks. Always find getting this information difficult when I'm looking for it quickly.

 

[StewartR]

You and network visibility eh Stewart

Yeah. Sorry.

(For other observers, Andy / @arad85 made a HUGE effort to help me out with a similar issue about 3 years ago. I was having problems with visibility of machines on the network, and he eventually tracked it down to two separate issues. Firstly we had incompatibility in the subnet masks, whereby some machines were using 255.255.255.0 and others were using 255.0.0.0, so we effectively had two different logical networks. Secondly there was a Master Browser conflict. If anyone's interested, the 2011 thread is here and its resolution is here, but even that long thread doesn't tell the whole story because there were also about 30 emails and texts between Andy and me before he sorted it.)

Right. This requires a logical approach. ... Whilst I appreciate it is frustrating for the moment, I would put the Windows name resolution on the back burner until you have pings working from all machines to all others. ... Steps to debug. ...

OK, that's a lot of work and I need to have free access to all the machines in order to do it. I'm not sure when I'll be able to do that: maybe Saturday morning. It's not time critical because I have developed a simple workaround, which is asking one of my colleagues to do everything which I can't do from my machine. (All the other machines can see all machines, so that's a viable wworkaround.)

BTW2: are any of these laptops which get moved about and used on any other networks (at home for example?)

No. All fixed machines, all Windows 7 except the server, no laptops. It's a much simpler environment than last time when we had to deal with XP, laptops etc.

My money would be on either:
a) Network Discovery not being fully enabled on all the machines (http://windows.microsoft.com/en-us/windows/what-is-network-discovery#1TC=windows-7)
b) A master browser problem (http://scottiestech.info/2009/02/14/how-to-determine-the-master-browser-in-a-windows-workgroup/)

Thanks Dan. I had already zeroed in on the Master Browser because that's one of the problems which occurred last time. Then, I was using mostly XP machines and with Andy's help I used browstat to diagnose the MB issues. Now, I don't have XP so I can't run browstat, so I had searched for and found lanscan which you referenced.

Thing is, it doesn't seem to help.

Here's the output from running lanscan on the -6 machine and on my machine just now:

To my mind that seems to suffer from the same network visibility problems. The -6 machine can see all the other machines on the network (-5 is off currently) and can tell which one is the master browser, but my machine, -3, can't see -6 or the server. Weird.

Anyway, I'll work through the various suggestions posted here when I get a chance, and I'll report back.

Thanks again folks.

 

[arad85]

Hi Stewart,

You need to be careful with browsing. I've found here on (what I think is) a perfectly configured network - including only allowing a single master browser by registry changes, that sometimes things can get a little screwy as each machine keeps a cache of what the network is. Best first to concentrate on understanding why you can't ping all the machines. Doing that may simply solve all problems...

 

[afasoas]

For a machine that you can ping, what happens when you type:

nslookup <machine.ip.address>

Into a cmd prompt?
Ty

 

[arad85]

For a machine that you can ping, what happens when you type:

nslookup <machine.ip.address>

Into a cmd prompt?
Ty

That will be interesting. Also worth doing the same for one you can't.

It is also worth checking that you don't have a local hosts file overriding IP to machine name addresses somewhere.

You may fiond this document useful (or you may find it incredibly boring and sends you to sleep ): http://www.sdn.sap.com/irj/scn/inde...e1-3010-99a5-f05a441eb1d9&overridelayout=true (although you shouldn't turn off NetBIOS over TCP/IP unless you have a local DNS server and the *In a SAP installation..." stuff can be ignored....). It doesn't have the words "DON'T PANIC" printed in any form of lettering on the front cover though....