Windows Small Business Server(SBS), SBS2003 Firewall disconnecting workstations

microsoft.public.windows.server.sbs - Microsoft Small Business Server


Windows Small Business Server(SBS) >> SBS2003 Firewall disconnecting workstations

by QW5kcmV3 » Tue, 15 Aug 2006 09:17:01 GMT

We have a problem with some new XP Pro workstations being added to a SBS2003
domain. When joined, the firewall option on the PC is greyed out, and appears
to be controlled by Group Policy from the server . The workstations work
fine; can print, access the Internet, and read and write to files. However,
if we try an application installatiion from the server, the server appears to
firewall the workstation from the network. The workstation cannot ping any
other device on the network, nor can any device ping to it. Unplugging the
ethernet cable and pluggin it back in again brings the PC back on the network
immediately. Logging on locally brings the firewall options back.... Have
tried changing cabling, the network switch, and formatting the PC (couple of
times), but each time the problem recurrs. Any ideas as to what might be
happening ? Older PCs are okay, but the "greyed out" firewall was not there
when we installed the applications.

Top

Windows Small Business Server(SBS) >> RE: SBS2003 Firewall disconnecting workstations

by v-yanniw » Wed, 16 Aug 2006 20:07:43 GMT


i Andrew,

Thanks for posting here.

From your post, my understanding of this issue is: After join a Windows XP
SP2 based computer into a domain, the computer has problem to install
applications located on the server. If this is not correct, please feel
free to let me know.

I. Generally, the option in Windows Firewall on the computer is grayed out,
that indicates that the Windows Firewall is controlled by Windows firewall
group policy. Please refer to the following steps to check:

1. On SBS 2003 server, log on as administrator.
2. Open the Default domain policy in Group policy object Management console.
3. Navigate to Computer Configuration\Administrative
Templates\Network\Network Connections\Windows Firewall\Domain Profile.
4. On the right pane, set the "Windows Firewall: Protect all network
connections" setting to Not Configured. Then run command "gpupdate /force"
on the server box.
5. Restart the XP machine to check the settings of Windows firewall on the
computer.

II. If the issue persists, you should apply the following fix to the XP
machine to resolve the issue. It is a known issue addressed in SBS 2003
environment. Please check into the following article to get detail
information and hotfix:

You cannot configure Windows Firewall settings or Security Center settings
on a Windows XP Service Pack 2-based client computer that is in a Windows
Small Business Server 2003-based network
http://support.microsoft.com/default.aspx?scid=kb;en-us;872769

Please also apply the following hotfix to the XP machine:
An exception may not show up in the Windows Firewall graphical user
interface if you create the exception by modifying the registry
http://support.microsoft.com/?id=897663

Then please test the issue to see if it resolved.

III. How you joined the computer to SBS domain? Using the connectcomputer
wizard or manually joined? If joined manually, I suggest that you re-join
the XP machine to domain to see if it helps. To do so:

1. Quit the client computer from the domain. To do so, see:

Locate in Client Computers in Server Management console and choose the
computer in right panel. Click Remove from network link to delete the
computer from domain.

2. Logon the client computer with Administrator permissions and join it to
"Workgroup", and reboot the computer.

Right click My Computer to open its properties page, click Computer Name
tab, click Change button to re-join the computer to Workgroup.

3. Reset the TCP/IP stack by using the suggestion in the following KB
article:

299357 How to Reset Internet Protocol (TCP/IP) in Windows XP
http://support.microsoft.com/?id=299357

4. Setup the client computer by running Setup Client Computer wizard to
setup computer account and assign related user account to the laptop.

6. Logon the computer with Administrator permissions and join it to domain
by running http://servername/connectcomputer. And assign appropriate user
accounts to the computer.

Note: Please ensure you have added the SBS Site (http://FQDN/*) in trusted
site in IE of the laptop.

Then please test the issue and let me know the result.

If the issue persists, please help me collect the following information to
isolate the issue:

1. What is the exact error message you received when attempting an
application installation from the server? Please capture a screen shot of
the error message and send to me for analyze.

2. What

Top
Similar Threads

1. Security check on firewall and workstations behind the firewall

2. Workstations getting disconnected from server 

Have a Windows 2000 server setup.  Windows 98, ME, 2000, and XP Pro clients.
About 19 connections to the server.  25 user license on the server.

Server was Novel 3.2 then upgraded to 2000.

Having problems with some workstations getting locked out of the server.
They will suddenly not have connections to the mapped drives.  Trying to
reconnect will give them a security error.  Logging off and then back on
does not help.  The workstations have to be rebooted to get the connection
back on.

Has anyone seen this.  Had a friend of mine say that he had a problem with
this on a server he was managing.  He had been using VB scripts for logon.
He said once he swapped to just batch files he was good to go.  Currently we
are not running any scripts on the network.  There are not enough mapped
drives to make this neccessary.

Any help will be greatly appreciated.

Thanks,

Jon

3. Server disconnects NT workstations

4. mapped drives disconnected at boot on workstations 

Hi,

We loaded Windows 2000 server advanced last night and are just still using 
the workgroup.  We loaded server with 15 cals to bypass 10 connection issue.  
We did not setup a domain and are still using the workgroup.  Everything 
seems to be working; but the mapped drives are disconnected at boot.  Once 
the drive is clicked on and password is entered.  The problem is gone.  I 
know I am just missing something.  Any help would be appreciated.  We will be 
setting up the domain; but this is for a tax office and limited on downtime.  
The workstations are running Windows Xp Home.

Thanks,

Sandra

5. Workstations disconnecting, but leaving sessions active

6. workstations disconnect from server 

Hello,

I have 3 winxp home & 2 win 2000 pro connected to win2003 server in a 
workgroup setting, whenever workstations restart or shut down, network 
connection to server doesn't get restored automatically, users are logging on 
to server with same  user name and password stored on server, any help is 
greatly appreciated

Thank for your time

7. workstations randomly disconnected from Active Directory

8. Workstations Offline - Disconnected from DC 

I am sure this is has a simple solution but I've butted my head against this 
that I am nearly brain dead so I thought I'd put this out there. I have 
several workstations that are joined to a single domain hosted by a single 
DC. The workstations are Win XP Pro and the server OS is Windows 2003 
Standard, it is set as the preferred DNS for all three workstations and all 
three workstations do show as computers listed in AD and I've been able to 
add domain accounts to the machine power groups and myself to the workstation 
administrator groups however I continue to get "You are offline from the 
<server machine name>." 

So I am frustrated because I know the typical things to check and have 
repeatedly checked them, I have checked all IP and DNS settings and they are 
the same across all three machines, the DC is pointing to itself as the 
preferred DNS, all machines are able to get out to the web. I'm hoping 
someone can point me in the right direction I am almost positive this is 
something simple but I have exhausted myself looking deeper.

Thanks in advance!