• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Unable to Browse Domain

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Unable to Browse Domain Page: [1]
Login
Message << Older Topic   Newer Topic >>
Unable to Browse Domain - 14.Jan.2005 5:54:00 AM   
imax

 

Posts: 9
Joined: 8.Jan.2005
From: UK
Status: offline
Hi

I recently installed ISA server 2004. I am now unable to browse my internal network using My network places? I am able to get to servers if I use UNC path. I have DNS all working ok, I also have a working WINS server again working OK. I click on "My Network Places" and then click on "Microsoft Windows Network" and now if I click on my domain it tells me domain not accessible and that I do not have permissin, even though I am logged on as Domain Admins.

When I look at my ISA server monitoring it tells that "Netbios Datagram" traffic is being blocked by default rule. I have allowed Netbios Datagram FROM "All Networks and local host" TO all "All Networks and local host" but no joy.

Please help

Cheers

Simba
Post #: 1
RE: Unable to Browse Domain - 16.Jan.2005 12:23:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Simba,

Make sure to join the ISA firewall to the domain. This is a most secure configuration overall, and also will enable your domain browsing.

HTH,
Tom

(in reply to imax)
Post #: 2
RE: Unable to Browse Domain - 22.Jan.2005 1:58:00 AM   
grinn253

 

Posts: 76
Joined: 12.Jul.2004
From: Seattle
Status: offline
What was also necessary for us to browse the network is to ensure that the DCs (at least one) has an IP that has the "same network id" as the machine you want to browse the network from.

From what i can tell, "browsing the domain" broadcast to the "master browser" by sending a packet to a.network.id.255 type of address. If your client machine is on a different network, then ISA will block the .255 broadcast from reaching the master browser/DC in the other subnet.

Laters,
Edgardo

(in reply to imax)
Post #: 3
RE: Unable to Browse Domain - 22.Jan.2005 6:51:00 AM   
imax

 

Posts: 9
Joined: 8.Jan.2005
From: UK
Status: offline
Hi
Thank you for your time. Your input was very valuable and helped me look in the right direction for the solution.

simba

(in reply to imax)
Post #: 4
RE: Unable to Browse Domain - 26.Jan.2005 7:18:00 AM   
DonChino

 

Posts: 21
Joined: 27.Oct.2003
Status: offline
Um, Simba?
Why not POST YOUR SOLUTION because the above posts DO NOT help and I have the exact same problem that you are having...

ISA Server is/on the Domain Controller...
Client Machines and DC are all on the same subnet...

Machines CANNOT browse each other using Network Places and I basically did what you said which was allow ALL COMMUNICATION between Internal Network and Local Host...
Also, I am using the Single Adapter Configuration, so any ideas?

(in reply to imax)
Post #: 5
RE: Unable to Browse Domain - 12.Feb.2005 2:56:00 PM   
e-John

 

Posts: 3
Joined: 11.Feb.2005
From: Virginia USA
Status: offline
Interesting thread, and what seems to be a common problem. I am not sure this is an ISA issue, but it is an issue.

I have a similar problem, and for the life of me, I cannot figure out how some client PCs can browse the network and others cannot.

So far, the issue seems to WINS and IP configuration. For example, one offending PC has this is ipconfig /all: "WINS Proxy Enabled = no" An otherwise similar PC that can browse my Win2003 Domain has this variable set to "yes."

(in reply to imax)
Post #: 6
RE: Unable to Browse Domain - 12.Feb.2005 3:44:00 PM   
e-John

 

Posts: 3
Joined: 11.Feb.2005
From: Virginia USA
Status: offline
FYI, I just finished a dozen hours of working on the above issue, and found the problem to be a setting in Symantec Norton Internet Security -- Firewall. I disabled this firewall and all works fine.

I have both a hardware firewall as well as Windows ISA, so do not need.

(in reply to imax)
Post #: 7
RE: Unable to Browse Domain - 19.Feb.2005 4:14:00 PM   
DonChino

 

Posts: 21
Joined: 27.Oct.2003
Status: offline
Hello? Still waiting for a response...
Anyway, I can view the Network from the ISA Computer, so I can go to Network Places - Windows Network - etc and then see all the clients...
Also, when I browse the network from ANY client using the same method as above, I can see all the other clients.
The problem is that I cannot "browse" the ISA Server Computer, so how do I allow it to be "browsed". My "Network Places" is working but it seems that the ISA Computer is "cloaked" and I assume this is the firewall. Any way to turn this off? UNC Path resolution works to the ISA Computer, but not general browsing...

(in reply to imax)
Post #: 8
RE: Unable to Browse Domain - 22.Feb.2005 6:53:00 AM   
Gen.ISAnhower

 

Posts: 2
Joined: 22.Feb.2005
From: CA
Status: offline
Hi,
You have to check the firewall rules that you have running on your ISA. On default install it blocks everythin. hope this help

(in reply to imax)
Post #: 9
RE: Unable to Browse Domain - 28.Feb.2005 6:02:00 AM   
DonChino

 

Posts: 21
Joined: 27.Oct.2003
Status: offline
Anyway, Simba flaked out on us, but I finally got mine working and here it is... REMEMBER, I have a SINGLE NIC setup with AD, DNS, DHCP, and ISA...

1) Make sure when you CREATE YOUR INTERNAL NETWORK you click on ADD ADAPTER and include ALL those STUPID ranges that you USUALLY leave OUT... I added all those ranges like 0.0.0.0, etc, etc but usually I just add my client ranges like 192.168.1.0, etc, etc...

2) Create a Traffic Policy allowing Netbios Session, Ping, and Microsoft CIFS (TCP) protocols to contact the LOCAL HOST from the INTERNAL NETWORK. Although I allow ALL traffic from within the Internal Network so I just create a policy allowing ALL protocols from/to Internal from/to Local Host.

And now you should be able to "browse" the ISA Server from any client on the Network, including those in Workgroups. Sharing the wealth, that's all... [Big Grin]

[ February 28, 2005, 06:03 AM: Message edited by: DonChino ]

(in reply to imax)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Unable to Browse Domain Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts