 |
|
07-12-2005, 06:00 PM
|
|
#1
|
|
|
Mister Admin to you
Join Date: Jul 2001
Posts: 30,708
|
Workgroup is not accessible
ok, here is a tough one for you guys. I have read the Tech document as M$. this one
http://support.microsoft.com/default...b;en-us;318030
I have both checked
NetBIOS over TCP/IP is not turned on (enabled) on one or more computers in the workgroup.
The Computer Browser service is not started or is turned off on one or more computers in the workgroup.
I even reformatted and it still does it. services are running, netbios is enabled over tcp/ip
anybody have any clues? win2003 server - no patches yet after reformat. we have 2 other ones in the same "workgroup" and they work fine. |
|
 Add to del.icio.us
 Can you digg it?
|
|
|
|
|
07-28-2005, 11:50 PM
|
|
#2
|
|
|
Dissapearing act
Join Date: May 2004
Location: In my house
Posts: 1,866
|
What's the error message it gives, is it just that there are no other computers when you look inside the workgroup folder? Or does it reject the permissions.
__________________
Blink
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
07-29-2005, 12:22 AM
|
|
#3
|
|
|
Mister Admin to you
Join Date: Jul 2001
Posts: 30,708
|
oh I forgot about this thread.
the ext error is jus tthis
Quote:
|
Workgroup Name is not accessible. You may not have permission to use this network resource.
|
I cannot see the workgroup folder when this happens. yes, there should be many computers in here.
the final answer was using "browstat" a little program that will find the "Master Browser". this happened to be a Win 2000 server and it thought it dominated. I had to disable "anonymous login" in the registery on that computer. this allows other computers to browse the workgroup.
stupid winodws, especially win2000 servers.
it is also considered a bug in win2000 server and ther eis a hotfix for it |
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 10:29 AM
|
|
#4
|
|
|
Can't say much here
Join Date: May 2004
Location: 29.1º N by 81º W
Posts: 2,830
|
Check the event logs on the computer you are trying to access. It should give details of the error on its side.
Try the firewall also, maybe blocking file and print sharing.
__________________
ASP.net nice bits
Code Smith rocking tool for Code Generation in any language (Written in .net)
Red Gate SQL tools for DBA
.afterburn
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 11:35 AM
|
|
#5
|
|
|
Mister Admin to you
Join Date: Jul 2001
Posts: 30,708
|
it was a "blocking" that was causing it. it was restircting anonymous login to get the browser list. win2000 server is buggy like that. had to set the registry to allow anonymous login.
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 11:41 AM
|
|
#6
|
|
|
Can't say much here
Join Date: May 2004
Location: 29.1º N by 81º W
Posts: 2,830
|
Ahhh sounds like you changed the registery setting using group policy for requiring authentication for enumeration of Sam's and Share access.
__________________
ASP.net nice bits
Code Smith rocking tool for Code Generation in any language (Written in .net)
Red Gate SQL tools for DBA
.afterburn
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 11:49 AM
|
|
#7
|
|
|
Mister Admin to you
Join Date: Jul 2001
Posts: 30,708
|
nope, it was acutally in the controlset key under localmachine, but it may have something to do with that you suggest.
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 11:58 AM
|
|
#8
|
|
|
Can't say much here
Join Date: May 2004
Location: 29.1º N by 81º W
Posts: 2,830
|
Yes its under controlset\lsa if i remember which lanman server authetication if i recall the issue.
__________________
ASP.net nice bits
Code Smith rocking tool for Code Generation in any language (Written in .net)
Red Gate SQL tools for DBA
.afterburn
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 02:05 PM
|
|
#9
|
|
|
Mister Admin to you
Join Date: Jul 2001
Posts: 30,708
|
yup, the exact key was
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
restrictanonymous = 0
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 02:18 PM
|
|
#10
|
|
|
Can't say much here
Join Date: May 2004
Location: 29.1º N by 81º W
Posts: 2,830
|
Yes for future reference that key change is only needed for Internet Facing NT Machines. It prohibits enumeration of sams accounts with NetBios. Netbios is the windows Version of Lanman, where lanman is left over from novell and the name has carried.
__________________
ASP.net nice bits
Code Smith rocking tool for Code Generation in any language (Written in .net)
Red Gate SQL tools for DBA
.afterburn
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 03:23 PM
|
|
#11
|
|
|
Mister Admin to you
Join Date: Jul 2001
Posts: 30,708
|
neither machine is able to get to the internet, not but any bug, but internally cut off for security reasons. I read on M$ that in server 2000 it is a bug. it thinks it has to be a browser master and it runs over server 2003. even if you tell 2000 not to be browser master.
I wish I would have know all this beofore I reformattted the 2003 server  |
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 03:38 PM
|
|
#12
|
|
|
Can't say much here
Join Date: May 2004
Location: 29.1º N by 81º W
Posts: 2,830
|
well it because master browser is anonymous while it runs so it can not authenticate against a remote machine.
Master browser work that way in work group, if you had a domain controller, only domain controllers are master browsers and work stations do not broadcast browser requests.
It could be considered a bug but really is a security setting for webservers and such that have external IP's bound to them.
Otherwise i could ask you machine for all users that are on it, and that is half of the access that I need, just password, with most people a small sample of about 2000 words would crack it.
The setting is to stop allowing Lanman Server from answering un-authenticated requests for information.
__________________
ASP.net nice bits
Code Smith rocking tool for Code Generation in any language (Written in .net)
Red Gate SQL tools for DBA
.afterburn
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 03:49 PM
|
|
#13
|
|
|
Mister Admin to you
Join Date: Jul 2001
Posts: 30,708
|
yeah, we do have a domain controller, but this particular machine isn't. all was fine until they upgraded that machine to 2000 then I had issues with my 2003 server. all is fine now. 
that for the clearing up of how it is suppose to work. I had am idea but you assured me of some of it.
how would you have fixed it without that setting? is it possible? is there any risk, besides from the internet, of having that setting open like that? |
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
08-01-2005, 04:43 PM
|
|
#14
|
|
|
Can't say much here
Join Date: May 2004
Location: 29.1º N by 81º W
Posts: 2,830
|
place another nic in the machine and actually join it to domain so that it can't use master browser. or just what you did.
There is no risk unless it dials to internet directly or gets external IP address. There are very remote security concerns but that would have to have a user execute a virus that enumerates them then trys to crack accounts but then if you are in firewall it would ahve to break that. Otherwise it can only then transfer the data to another server. but these are very remote as viruses of this nature are caught fast.
__________________
ASP.net nice bits
Code Smith rocking tool for Code Generation in any language (Written in .net)
Red Gate SQL tools for DBA
.afterburn
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
KEEP TABS |
|
SPONSORS |
| |
|
| |
|
|
| |
|
Linear Mode
