 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Networking and Web / September 2004Access Denied Browsing XP Home & XP Pro Workgroup
This is the setup. XP Home (not sp2) "host computer" with modem and running ICS XP Pro (not sp2) "client computer" XP Pro (not sp2) "client computer" Both XP Pro boxes able to browse to shares on XP Home, Neither XP Pro able to browse to each other. XP Home unable to browse to either XP Pro. Have gone around the loop with checking firewall settings, etc. If you enter the path in Start->RUN as \\computername\share\ you can get to the shares as expected. However printing to a shared printer on one of the XP Pro machines is non-functional. I have checked security settings in the Local security policies and the Access computer from network has the veryone group in it. One hotfix on the XP home box has (SP2) in the name it references Q329115. I am not sure if this is the issue or not. Any suggestions. http://support.microsoft.com/default.aspx?scid=kb;en-us;318030&Product=winxp That cured my sharing problems Try it on all three computers. If it's not the cure for you nothing will be lost by trying. > This is the setup. > [quoted text clipped - 22 lines] > > Any suggestions. >This is the setup. > [quoted text clipped - 22 lines] > >Any suggestions. Robb, Please provide ipconfig information for each computer. Start - Run - "cmd". Type "ipconfig /all >c:\ipconfig.txt" into the command window - Open c:\ipconfig.txt in Notepad, copy and paste into your next post. Identify operating system (by name and version) with each ipconfig listing. Make sure the browser service is running on each computer. Control Panel - Administrative Tools - Services. Verify that the Computer Browser, and the TCP/IP NetBIOS Helper, services both show with Status = Started. The Microsoft Browstat program will show us what browsers you have in your domain / workgroup, at any time. http://support.microsoft.com/?id=188305 You can download Browstat from either: <http://www.dynawell.com/reskit/microsoft/win2000/browstat.zip> <http://rescomp.stanford.edu/staff/manual/rcc/tools/browstat.zip> Browstat is very small (40K), and needs no install. Just unzip the downloaded file, copy browstat.exe to any folder in the Path, and run it from a command window. Please provide browstat information for each computer. Start - Run - "cmd". Type "browstat status >c:\browstat.txt" into the command window - Open c:\browstat.txt in Notepad, copy and paste into your next post. For more information about the browser subsystem (very intricate), see: http://support.microsoft.com/?id=188001 http://support.microsoft.com/?id=188305 <http://www.microsoft.com/technet/prodtechnol/winntas/deploy/prodspecs/ntbrowse.mspx> And Robb, please don't contribute to the spread and success of email address mining viruses. Learn to munge your email address properly, to keep yourself a bit safer when posting to open forums. Protect yourself and the rest of the internet - read this article. http://www.mailmsg.com/SPAM_munging.htm Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. I tried the steps in Q318030, no change. XP Home Ipconfig: Windows IP Configuration Host Name . . . . . . . . . . . . : Gideon Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce MCP Networking Adapter Physical Address. . . . . . . . . : 00-40-CA-2F-A8- 8D Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : PPP adapter TC3net: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . . . . . . : 00-53-45-00-00- 00 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 64.112.197.138 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 64.112.197.138 DNS Servers . . . . . . . . . . . : 64.112.192.34 64.112.204.187 NetBIOS over Tcpip. . . . . . . . : Disabled XP Home Browstat: Status for domain MSHOME on transport \Device\NetBT_Tcpip_ {6540D47B-8972-40C4-9649-7A53533DC688} Browsing is active on domain. Master browser name is: GIDEON Master browser is running build 2600 2 backup servers retrieved from master GIDEON \\ABIGAIL \\GIDEON There are 3 servers in domain MSHOME on transport \Device\NetBT_Tcpip_{6540D47B-8972-40C4-9649-7A53533DC688} There are 1 domains in domain MSHOME on transport \Device\NetBT_Tcpip_{6540D47B-8972-40C4-9649-7A53533DC688} XP Pro 1 Ipconfig: Windows IP Configuration Host Name . . . . . . . . . . . . : Abigail Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Office Network: Connection-specific DNS Suffix . : mshome.net Description . . . . . . . . . . . : 3Com 3C905TX- based Ethernet Adapter (Generic) Physical Address. . . . . . . . . : 00-60-08-CB-CD- 1C Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.184 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : Monday, September 27, 2004 4:19:18 PM Lease Expires . . . . . . . . . . : Monday, October 04, 2004 4:19:18 PM XP Pro 1 Browstat: Status for domain MSHOME on transport \Device\NetBT_Tcpip_ {D8320D94-74DA-4BC0-AC07-488C90BE73E1} Browsing is active on domain. Master browser name is: GIDEON Could not connect to registry, error = 53 Unable to determine build of browser master: 53 \\\\GIDEON . Version:05.01 Flags: 51203 NT POTENTIAL MASTER 2 backup servers retrieved from master GIDEON \\GIDEON \\ABIGAIL There are 3 servers in domain MSHOME on transport \Device\NetBT_Tcpip_{D8320D94-74DA-4BC0-AC07-488C90BE73E1} There are 1 domains in domain MSHOME on transport \Device\NetBT_Tcpip_{D8320D94-74DA-4BC0-AC07-488C90BE73E1} XP Pro 2 Ipconfig: Windows IP Configuration Host Name . . . . . . . . . . . . : USER Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : mshome.net Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX) Physical Address. . . . . . . . . : 00-50-04-D4-CB- F4 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.225 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : Monday, September 27, 2004 4:22:33 PM Lease Expires . . . . . . . . . . : Monday, October 04, 2004 4:22:33 PM Xp Pro 2 Browstat: Status for domain MSHOME on transport \Device\NetBT_Tcpip_ {779CAB87-A559-4F07-9137-DB3B58F8F172} Browsing is active on domain. Master browser name is: GIDEON Could not connect to registry, error = 53 Unable to determine build of browser master: 53 \\\\GIDEON . Version:05.01 Flags: 51203 NT POTENTIAL MASTER 2 backup servers retrieved from master GIDEON \\ABIGAIL \\GIDEON There are 3 servers in domain MSHOME on transport \Device\NetBT_Tcpip_{779CAB87-A559-4F07-9137-DB3B58F8F172} There are 1 domains in domain MSHOME on transport \Device\NetBT_Tcpip_{779CAB87-A559-4F07-9137-DB3B58F8F172} Any suggestions helpful. TIA, Robb >I tried the steps in Q318030, no change. <SNIP> >Any suggestions helpful. > >TIA, >Robb Robb, Browstat's and IPConfigs all look normal. Do any of the computers have a software firewall (ICF or third party) ever installed? If so, you need to configure them for file sharing, by opening ports TCP 139, 445 and UDP 137, 138, 445, or by identifying the other computers as present in the Local (Trusted) zone. Firewall configurations are a very common cause of (network) browser, and file sharing, problems. If it's not a firewall issue, then let's look at authorisation issues. On each XP Pro computer, check to see if Simple File Sharing (Control Panel - Folder Options - View - Advanced settings) is enabled or disabled. With XP Pro, you need to have SFS properly set on each computer. With XP Pro, if SFS is disabled, check the Local Security Policy (Control Panel - Administrative Tools). Under Local Policies - Security Options, look at "Network access: Sharing and security model", and ensure it's set to "Classic - local users authenticate as themselves". With XP Pro, if you set the above Local Security Policy to "Guest only", enable the Guest account, using Start - Run - "cmd" - type "net user guest /active:yes" in the command window. If "Classic", setup and use a common non-Guest account on all computers. Whichever account is used, give it an identical, non-blank password on all computers. For XP Home, OR for XP Pro with Simple File Sharing enabled, make sure that the Guest account is enabled, on each computer. Enable Guest with Start - Run - "cmd" - type "net user guest /active:yes" in the command window. More about file sharing, between all different versions of Windows: <http://www.microsoft.com/downloads/details.aspx?FamilyID=87c0a6db-aef8-4bef-925e -7ac9be791028&DisplayLang=en> Let's verify shares visibility. From each computer, from a command window: "net view abigail" "net view gideon" "net view user" Report visibility of shares / exact error displayed in each test (9 tests total). Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. <snip> >Do any of the computers have a software firewall (ICF or third party) ever >installed? <snip> The computer in question is acting like there is one there, but I am unable to find it. ICF is turned off, and as far as I can tell there is not a third party firewall on the system. <snip> >On each XP Pro computer, check to see if Simple File Sharing (Control Panel - >Folder Options - View - Advanced settings) is enabled or disabled. With XP Pro, >you need to have SFS properly set on each computer. Yes SFS is enabled. >With XP Pro, if SFS is disabled, check the Local Security Policy (Control Panel >- Administrative Tools). Under Local Policies - Security Options, look at [quoted text clipped - 6 lines] >on all computers. Whichever account is used, give it an identical, non-blank >password on all computers. Set to Guest Only >For XP Home, OR for XP Pro with Simple File Sharing enabled, make sure that the >Guest account is enabled, on each computer. Enable Guest with Start - Run - >"cmd" - type "net user guest /active:yes" in the command window. Guest account active >More about file sharing, between all different versions of Windows: ><http://www.microsoft.com/downloads/details.aspx?FamilyID=87c0a6db-aef8-4bef-925e- 7ac9be791028&DisplayLang=en> Downloaded, haven't read it yet. >Let's verify shares visibility. From each computer, from a command window: >"net view abigail" >"net view gideon" >"net view user" >Report visibility of shares / exact error displayed in each test (9 tests >total). Report Follows: Run on USER net view abigail System error 5 has occurred. Access is denied. --------- net view gideon All shares visible (not including here) ----------- net view user All shares visible (not including here) --------------- Run on Gideon net view abigail System error 5 has occurred. Access is denied. --------- net view gideon All shares visible (not including here) ----------- net view user All shares visible (not including here) --------------- Run on abigail net view abigail All shares visible (not including here) ------------ net view gideon All shares visible (not including here) ----------- net view user All shares visible (not including here) --------------- Will begin reading MS doc. Thanks much. Robb <SNIP> >Report Follows: >Run on USER > [quoted text clipped - 59 lines] > >--------------- Well, Robb, When you start looking in detail, you need to start IMHO with Abigail. Once you get Abigail accessible from User, then figure out if there's a problem with Gideon. In addition to any possibilities you might find in the article, look at registry key [HKLM\System\CurrentControlSet\Control\Lsa], value restrictanonymous. <http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/wind ows2000/techinfo/reskit/en-us/regentry/46688.asp> The above article is for Windows 2000. Remember WinXP is NT V5.1, and Win2K is NT V5.0. Have you used the Registry Editor before? If not, it's a scary tool, but it's pretty simple once you get used to it. Here are a couple articles that might help: <http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/win dowsxp/home/using/productdoc/en/tools_regeditors.asp> <http://www.annoyances.org/exec/show/registry> Just remember to backup the key (create a registry patch) for [HKLM\System\CurrentControlSet\Control\Lsa] before making any changes, if appropriate. From the Annoyances article: You can create a Registry patch by opening the Registry Editor, selecting a branch, and choosing Export from the File menu. Then, specify a filename, and press OK. You can then view the Registry patch file by opening it in Notepad (right-click on it and select Edit). Again, just double-click on a Registry patch file (or use Import in the Registry Editor's File menu) to apply it to the registry. Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. <snip> >Have you used the Registry Editor before? If not, it's a scary tool, but it's >pretty simple once you get used to it. Here are a couple articles that might >help: ><http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp? url=/windowsxp/home/using/productdoc/en/tools_regeditors.as p> ><http://www.annoyances.org/exec/show/registry> > >Just remember to backup the key (create a registry patch) for >[HKLM\System\CurrentControlSet\Control\Lsa] before making any changes, if >appropriate. <snip> Chuck thanks for the additional info. I had already pretty much figured the problem was on abigail, but hadn't a clue where to look. So much happens in the background when that "Set Up Network" wizard runs. It's nice for people who don't know anything, but when it breaks... LOOK OUT BELOW! I'll check out the registry settings, and articles, and post back if I still can't find it. There are already issues on that computer like System Restore causes errors and will not run, so there may be justification for starting over. Thanks, Robb Chuck, I changed the registry entry to 0 which did not change anything. I then went into Local Security Policy and set: Network Access: Do not allow anonymous enumeration of SAM accounts - Disabled Network Access: Do not allow anonymous enumeration of SAM accounts and shares - Enabled Network Access: Let Everyone permissions apply to anonymous users - Enabled Can now browse to abigail from USER and GIDEON Thanks for the help. I really appreciate it. The only thing I can think of is that somehow the permissions for the guest account got screwed up. I realize the potential danger in this from a security point of view, but it does get them back working as expected. Thanks. Robb >Chuck, > [quoted text clipped - 26 lines] > >Robb Robb, I'm still reading the articles myself, and trying to figure out what those registry keys do, and if they are the same as the LSP settings. I presume you made those changes on Abigail? What then are the corresponding values on Gideon and User? Maybe check both the LSP settings, and the registry values? What you did may educate us all, so maybe if we can analyse your setup this information may be of use to further readers here. Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. >I presume you made those changes on Abigail? What then are the corresponding >values on Gideon and User? Maybe check both the LSP settings, and the registry >values? Yes changes were made to Abigail. Registry keys follow. Gideon does not have the LSP plug- in, I tried to install it in the mmc, but it must not work with XP home. Abigail: HKLM/system/currentcontrolset/control/lsa everyoneincludesanonymous = 0x00000001(1) restrictanonymous = 0x00000001(1) restrictanonymoussam = 0x00000000(0) Gideon: HKLM/system/currentcontrolset/control/lsa everyoneincludesanonymous = 0x00000000(0) restrictanonymous = 0x00000000(0) restrictanonymoussam = 0x00000001(1) USER: HKLM/system/currentcontrolset/control/lsa everyoneincludesanonymous = 0x00000000(0) restrictanonymous = 0x00000000(0) restrictanonymoussam = 0x00000001(1) LSP Settings USER: Network Access: Do not allow anonymous enumeration of SAM accounts - Enabled Network Access: Do not allow anonymous enumeration of SAM accounts and shares - Disabled Network Access: Let everyone permissions apply to anonymous users - Disabled LSP Settings Abigail: Network Access: Do not allow anonymous enumeration of SAM accounts - Disabled Network Access: Do not allow anonymous enumeration of SAM accounts and shares - Enabled Network Access: Let everyone permissions apply to anonymous users - Enabled No functional LSP plugin for Gideon - XP Home I hope that helps, Robb >>I presume you made those changes on Abigail? What then >are the corresponding [quoted text clipped - 47 lines] > >Robb Robb, That's VERY interesting. And you have shares on all 3 computers, and all 3 computers able to access shares on each of the other 2? Even though the settings for Abigail and User (the 2 Pro computers) have totally opposite settings? And making these settings on Abigail resolved the problem there? If you have any future observations on this issue, various folks would benefit from your postings here. Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. >Robb, > >That's VERY interesting. And you have shares on all 3 computers, and all 3 >computers able to access shares on each of the other 2? Even though the >settings for Abigail and User (the 2 Pro computers) have totally opposite >settings? And making these settings on Abigail resolved the problem there? Yes all the shares are usable as expected from the other computers in the workgroup. The changes resolved the issue on Abigail. My guess is that there is still something wrong in the permissions settings for at least the guest account, but I don't have any more time to dig further at this time. It would help if I could find some documentation on what all the network setup wizard does... that's what started this whole mess. >If you have any future observations on this issue, various folks would benefit >from your postings here. [quoted text clipped - 3 lines] >Paranoia comes from experience - and is not necessarily a bad thing. >. If I see any more weird things I'll be sure to pass them along. Thanks for the help Chuck, Robb > net view abigail > [quoted text clipped - 57 lines] > > --------------- Try mapping the shared folders as a network drive - that is \\abigail\{shared folder} |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.