none
Domain Scans with Multiple VLans - Only can see PCs within the Same VLan

    Question

  • Hello,

    I have about 150 machines in my Domain.  If I go to browse my domain I can only see a handful on machines and I realized they are the machines that are on the domain in the same Vlan as my PC is.  Basically it is unable to browser past the Vlans it appears. 

    This is causing me some problems with some applications trying to scan these PCs.  I read that most likely this is because the network browser uses Netbios rather than DNS and suggested to run a WINS server.  Doing this did not appear to make any changes.

    My access list allow the traffic through but obviously are either blocking something or the system just doesn't know to scan the other subnets/vlans.  Is there a way I can get around this?

    Thursday, March 29, 2012 2:56 PM

Answers

  • NetBIOS is blocked across routers, and that includes switched VLANs. WINS does overcome this, but you're saying it didn't work? Maybe it was the way it was setup.

    Can you elaborate on exactly how you setup WINS server and the clients, servers and other machines?

    .

    You would need to make sure that NetBIOS is not disabled, and the Computer Browser Service is enabled and Started on ALL machines, otehrwise it will negate what WINS is trying to do.

    The Computer Browser service, a complex service that involves many machines working together, is how the "browse" list (Network Neighborhood), is compiled and presented to a user machine when they click on it. There many dynamics in the process, too much to explain in this post. Read the "Browser Electiion" section in my blog - link below.

    .

    As for WINS setup:

    Basically, you would install one or more WINS servers. If you install more than one, you would configure them as replication partners. Whether one or more, when you install a WINS server, you configure the WINS server itself to only point to itself.

    Then you configure the WINS server IP address in ALL machine's NIC properties. That means every machine. If using DHCP, configure DHCP Option 044 (for the WINS server address) & 046 (for the Node type), which is usually 0x8.

    .

    More specifics here:

    WINS - What Is It, How To Install It, and how to Configure DHCP Scopes For WINS Client Distribution
    http://msmvps.com/blogs/acefekay/archive/2010/10/27/wins-what-is-it-how-to-install-it-and-how-to-configure-dhcp-scopes-for-wins-client-distribution.aspx 

    .

    Late Edit: Also make sure antivirus applications are not blocking necessary NetBIOS traffic (TCP 139).

    In addition, if the WINS server is multihomed, that will cause numerous problems, especially if it is a DC. A Multihomed DC (multihoming means having more than one NIC, IP address, RRAS or iSCSI installed), causes numerous problems with AD, as well as many services that may fail with multihoming, including WINS. That is one thing we ask everyone to not do.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn



    • Edited by Ace Fekay [MCT]MVP Thursday, March 29, 2012 3:56 PM - See LATE EDIT above
    • Marked as answer by PCGUY1184 Thursday, March 29, 2012 7:10 PM
    Thursday, March 29, 2012 3:52 PM

All replies

  • NetBIOS is blocked across routers, and that includes switched VLANs. WINS does overcome this, but you're saying it didn't work? Maybe it was the way it was setup.

    Can you elaborate on exactly how you setup WINS server and the clients, servers and other machines?

    .

    You would need to make sure that NetBIOS is not disabled, and the Computer Browser Service is enabled and Started on ALL machines, otehrwise it will negate what WINS is trying to do.

    The Computer Browser service, a complex service that involves many machines working together, is how the "browse" list (Network Neighborhood), is compiled and presented to a user machine when they click on it. There many dynamics in the process, too much to explain in this post. Read the "Browser Electiion" section in my blog - link below.

    .

    As for WINS setup:

    Basically, you would install one or more WINS servers. If you install more than one, you would configure them as replication partners. Whether one or more, when you install a WINS server, you configure the WINS server itself to only point to itself.

    Then you configure the WINS server IP address in ALL machine's NIC properties. That means every machine. If using DHCP, configure DHCP Option 044 (for the WINS server address) & 046 (for the Node type), which is usually 0x8.

    .

    More specifics here:

    WINS - What Is It, How To Install It, and how to Configure DHCP Scopes For WINS Client Distribution
    http://msmvps.com/blogs/acefekay/archive/2010/10/27/wins-what-is-it-how-to-install-it-and-how-to-configure-dhcp-scopes-for-wins-client-distribution.aspx 

    .

    Late Edit: Also make sure antivirus applications are not blocking necessary NetBIOS traffic (TCP 139).

    In addition, if the WINS server is multihomed, that will cause numerous problems, especially if it is a DC. A Multihomed DC (multihoming means having more than one NIC, IP address, RRAS or iSCSI installed), causes numerous problems with AD, as well as many services that may fail with multihoming, including WINS. That is one thing we ask everyone to not do.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn



    • Edited by Ace Fekay [MCT]MVP Thursday, March 29, 2012 3:56 PM - See LATE EDIT above
    • Marked as answer by PCGUY1184 Thursday, March 29, 2012 7:10 PM
    Thursday, March 29, 2012 3:52 PM
  • Ace,

    About 15 minutes after I posted this I caught my issue.  I did not start up the Computer Browser Service on the DC.  As soon as I turned it on everything started showing up.  Are there any adverse effects that running this server could cause to my environment?  Security loop-holes or unwanted additional traffic?  I realize its going to put a little more traffic across the network I just want to make sure that running these tools isn't going to open me up to something crazy that I was not thinking about.

    Thursday, March 29, 2012 5:02 PM
  • Nope, nothing adverse as long as your environment is secured.

    But if you don't turn it on, your other things that need the browse service enabled won't work.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, March 29, 2012 6:08 PM