Name Resolution Win2000 Domain

atreus769 · 10 Dec 2010

Right now we have a Server 2003 as a PDC & a BDC. We also have a Win2000 server that we pretty much just use as a file server. Our domain is a 2000 level also. All the workstations are XP and we are starting our migration to Windows 7 Pro.

We are just starting with one machine right now and everything is going well except for folder redirection. It acts different for different users also. What we did was create a whole new folder on our PDC for Windows 7 user folders. Setup a GPO for folder redirection and we had to set Sync Offline files to the user directory in order to use it for redirection.

The issue is though that it doesn't always work, and if we create a new user we have to log into a XP machine for the new folders to be created before they are usable in Win7. For some users they can get to the folder via \\SERVERNAME\users7\. Some other users can only get to it by \\SERVER_FQDN\users7\. And some can and some can't use the server ip also.

I have tried enabling NetBIOS, hosts file, WINS server, and different DNS servers all with the same result. Any ideas of how to get this resolved?

Thanks!

chev65 · 10 Dec 2010

Have you tried adjusting the Lan manager authentication levels in the Win 7 security policy's yet?

It sounds like you are using the XP machine to navigate around the problem.

In general you need to make these adjustment on the Win 7 machines in order to get them working with older servers.

Control Panel - Administrative Tools - Local Security Policy

Local Policies - Security Options

Network security: LAN Manager authentication level
Set to Send LM & NTLM responses only

Set the Minimum session security for NTLM SSP
Disable Require 128-bit encryption

As for name resolution, it gets a bit more complicated but the link at the bottom of the page explains it pretty well.

Keep in mind, Win2000 and newer machines uses the DNS (hostname) process
FIRST before the NetBIOS resolution process. If it does not get resolved
using the DNS process, then it uses theh NetBIOS process. Legacy clients use
the NetBIOS process FIRST, and if it does not get resolved using NetBIOS, it
uses the DNS process.

If you are using an NBNS (NetBIOS Nameserver, such as WINS), that changes it
a bit, and it also depends on what Node it is in. H-Node is default, but can
be changed. There are four NetBIOS Nodes:

B-Node - Broadcast ONLY
P-Node - NBNS (Netbios Nameserver) or WINS ONLY
M-Node- Mixed NBNS and Broadcast, but uses Broadcast FIRST.
H-Node - Mixed NBNS and Broadcast, but uses WINS FIRST.

E.g. If you ping "machinename" on a Win2000 or newer machine, it will
attempt to use DNS FIRST:

1. Checks it is own name.
2. Local cache.
3. HOSTS file
4. It will then suffix the Search Suffix configured on the machine, then
query DNS
5. WINS
6. Broadcast
7. LMHOSTS

http://www.eggheadcafe.com/software/...windows-7.aspx

brady · 10 Dec 2010

Have you disabled Ipv6 on the windows 7 machine? What version OS are you running DNS/DHCP From?

atreus769 · 13 Dec 2010

Sorry it has taken me so long to get back to you. I think I have found my issue. I am trying to get folder redirection working over an IpSEC tunnel.

What I did was take a PC to the main branch, where the tunnel goes, and put it right on the network there. Everything works fine, I just found that I had to use the FQDN in order to have access to the network shares.

But when I try to use the FQDN for network share access over the IpSEC tunnel it fails saying I do not have permission error. And I am using the same user that I was when I was at the main branch. Is there any specific protocol that I need to open or different ports that I need to open for Windows 7 access over the tunnel?

Thanks again!

chev65 · 13 Dec 2010

atreus769 said:

Sorry it has taken me so long to get back to you. I think I have found my issue. I am trying to get folder redirection working over an IpSEC tunnel.

What I did was take a PC to the main branch, where the tunnel goes, and put it right on the network there. Everything works fine, I just found that I had to use the FQDN in order to have access to the network shares.

But when I try to use the FQDN for network share access over the IpSEC tunnel it fails saying I do not have permission error. And I am using the same user that I was when I was at the main branch. Is there any specific protocol that I need to open or different ports that I need to open for Windows 7 access over the tunnel?

Thanks again!

Have you tried to loosen up the security settings and encryption for your server like I showed in the first post?

atreus769 · 14 Dec 2010

Yes I have made the changes on both the Win7 and Server machine but still nothing over the tunnel.

The server is 2003 R2 x64, would that be making a difference? I have read a lot about people having to use 2008R2 with Win7 machines, is this true?

chev65 · 14 Dec 2010

atreus769 said:

Yes I have made the changes on both the Win7 and Server machine but still nothing over the tunnel.

The server is 2003 R2 x64, would that be making a difference? I have read a lot about people having to use 2008R2 with Win7 machines, is this true?

Yes server 2008R2 is supposed to work better.
Most of the problems with server 03 are worked around with the lan manager adjustments and changing the encryption level but I havn't had to work with a tunnel yet so I can't say what would work for that. You may need to open up a specific port for that.