lee_frost 0 Posted November 1, 2001 Hi, Using XP Pro and NT Server, Can get sytem to logon to a domain piece of cake but want to get system to be located within a workgroup within the domain. Any hints Cheers. Share this post Link to post
lee_frost 0 Posted November 1, 2001 Right, XP Box is loggin on to the NT4 domain where it is authenticated fine. However it is showing up in the Domain workgroup. Being displayed with the various servers. I have got around 10 workgroups, and I ideally dont want to be forced into this workgroup. I would like to be in a different workgroup, is there a way i can tell it what workgroup i want to be in. Thanx for your help. Share this post Link to post
TaoArcher 0 Posted November 1, 2001 On the XP box, you should probably disable the "Computer Browser" service. The criteria to become the master browser has alot to do with OS version...a news OS will always win a browser election, even if it's only a work station. now I dont know this to be fact, but it's possible there's some incompatibility with Win95/XP browser functions. At least by disabling the CompBrowser service, you'll know that your NT server will be the master browser. Are all these computers on the same subnet? If not it's possible that the Master Browser has not reported yet to the Domain Master Browser about the new machine on the local subnet. Share this post Link to post
clutch 1 Posted November 1, 2001 Quote: On the XP box, you should probably disable the "Computer Browser" service. The criteria to become the master browser has alot to do with OS version...a news OS will always win a browser election, even if it's only a work station. Wrong. Primary domain controllers ALWAYS have the master browse lists, which are then replicated to the BDCs. Also, a server OS will rank higher than a workstation OS (i.e. NT 4.0 Server will outrank a Win2K workstation). This applies to WinXP as well. You can get the scoop here:http://www.microsoft.com/technet/treevie...rt4/tcpappi.asp Quote: now I dont know this to be fact, but it's possible there's some incompatibility with Win95/XP browser functions. At least by disabling the CompBrowser service, you'll know that your NT server will be the master browser. I am not even sure what he means by "workgroups", let alone if he is more concerned about browser functionality. What is the "workgroup" layout you are currently using? Are you using sub/resource domains? Quote: Are all these computers on the same subnet? If not it's possible that the Master Browser has not reported yet to the Domain Master Browser about the new machine on the local subnet. Huh? The PDC is ALWAYS the Domain Master Browser, and the BDCs will report the logon traffic during syncs if the BDC (which would be regular Master Browsers since they are servers and have been online the longest) can validate locally. You want the best name resolution method? Install WINS on one of the NT servers, and name resolutions go away. Like DNS? Install that as well, and allow for WINS queries by the DNS server to resolve things like "pc1.mydomain.com" internally. This will go a long way to working with AD as this is like a primative DDNS setup. Share this post Link to post
clutch 1 Posted November 1, 2001 Well, sub/resource domains have been before AD/W2K, so I was wondering if he was using some sort of multi-domain model with trusts, and the workstation was supposed to belong to a certain domain yet isn't showing up. Are you able to get to shares on the server that you are logging in to? The reason I ask, is that Win2K would not advise the user that he/she couldn't be authenticated with a domain controller if: A. It can't find a DC (duh ), and B. The person has logged on previously, hence caching his/her authenticated credentials on the system You might be "logged on", but in reality not connecting to your DC at all. Share this post Link to post
clutch 1 Posted November 2, 2001 Yeah, it's more than likely a single-master domain model, and that's simple enough. The part that's throwing me off is that he can log onto his domain, but wants to change the workgroup WITHIN the domain. Now, I am somewhat familiar with using OUs in AD (somewhat as in I covered it in a class, but didn't have to use it, yet), but I am not familiar with switching workgroups from with a domain. You either have a domain, or a workgroup. Machines can JOIN domains, and hence show up in them. Users can be placed in global and local groups within the domain. I have seen multiple NT workgroups used within a Novell Forest, and would then show up in the browse list (network neighborhood) as separate network containers. But for the life of me, I can't understand by what he means here: Quote: XP Box is loggin on to the NT4 domain where it is authenticated fine. However it is showing up in the Domain workgroup. Being displayed with the various servers. I have got around 10 workgroups, and I ideally dont want to be forced into this workgroup. I would like to be in a different workgroup, is there a way i can tell it what workgroup i want to be in. I see it as "I have an NT domain with several workgroups of machines contained within, and I would like to have my machine be shown within a specific workgroup". So, am I reading this correctly, or am I not seeing the forest for the trees? Share this post Link to post
clutch 1 Posted November 2, 2001 Well, you think we could hurry him up a bit, the suspense is killing me... Share this post Link to post
TaoArcher 0 Posted November 2, 2001 Wait lets back up here. A computer showing up in the Workgroup list, has nothing to do with Name Resolution, WINS, DNS, Domains or trusts. I'm assuming here that he cant get the WinXP machine to show up in the NetworkNeighborhood Workgroup list, cause that's how i read it. The network neighborhood is created purely using the browse list. (and possibly the local name cache?). My guess as to what's happening, is that the WindowsXP machine became the Master Browser for the network, and the PDC, being the domain master browser, cannot resolve the name of the WindowsXP box, and therefor cant retreive updated information about what computers should be on the browse list. Though it could be alot of things. Lee_frost - try to access the WindowsXp machine from the PDC and make sure you can. Share this post Link to post
clutch 1 Posted November 2, 2001 Quote: Wait lets back up here. A computer showing up in the Workgroup list, has nothing to do with Name Resolution, WINS, DNS, Domains or trusts. I'm assuming here that he cant get the WinXP machine to show up in the NetworkNeighborhood Workgroup list, cause that's how i read it. Actually, name resolution is an integral part of the browse list. That's why the WINS box has its own ranking in the browser selection. Also, it is used in DC location and credential validation. Quote: The network neighborhood is created purely using the browse list. (and possibly the local name cache?). And the machine names are mapped to network locations by...NAME RESOLUTION. NetBIOS translation also includes machine role, which is a function of LMHOST files, WINS boxes, and NetBIOS broadcasting over the chosen protocol (in this case, probably TCP/IP). Quote: My guess as to what's happening, is that the WindowsXP machine became the Master Browser for the network, and the PDC, being the domain master browser, cannot resolve the name of the WindowsXP box, and therefor cant retreive updated information about what computers should be on the browse list. Though it could be alot of things. I don't see how the WinXP box could become the master browser when it is able to "log on" with the PDC (hence my request for validation of the connection). All it has to do is request a browse master, and then (if set to "auto" or "maintain") sync its own list. However, with any servers on the network (especially DCs), that point is moot. Quote: Lee_frost - try to access the WindowsXp machine from the PDC and make sure you can. We are anxiously awaiting the result from the eariler request as well. Share this post Link to post
TaoArcher 0 Posted November 2, 2001 Quote: Actually, name resolution is an integral part of the browse list. That's why the WINS box has its own ranking in the browser selection. Also, it is used in DC location and credential validation. Better go back to school. The browser service is only responsible for showing the list of computer names on the nearby network for user display, and it uses NetBIOS to do so. If you had an empty Browse list, but you still had your WINS server setup properly, the network would all fucntion properly. It serves NO purpose but for a *USER* to be able to see a list of what network services are available.....when a user selects a resource off of the browse list, the client PC then tries to resolve the name. This guy was only asking how come his PC didnt show up on the list,....which means name resolution has not even played a part yet. Quote: And the machine names are mapped to network locations by...NAME RESOLUTION. NetBIOS translation also includes machine role, which is a function of LMHOST files, WINS boxes, and NetBIOS broadcasting over the chosen protocol (in this case, probably TCP/IP). Exactly, and since this guy is only explaining that his computer does not show up on the list....the problem only lies in the browser service....if he never saw the PC on the browse list, than his PC never tried to resolve the name now did it? Quote: I don't see how the WinXP box could become the master browser when it is able to "log on" with the PDC (hence my request for validation of the connection). All it has to do is request a browse master, and then (if set to "auto" or "maintain") sync its own list. However, with any servers on the network (especially DCs), that point is moot. Not true, if he has a single, PDC, then the PDC is the Domain master browser, and the WinXP box could concievably be on a different subnet than the server....thus being the newst version of the browse service, and assuming the role of the master browser for that subnet. --------- I'm sorry to say this, and i'm not trying to be mean, but you should setup a home network for come trouble shooting, because its hard to teach that in a class. It sounds to me that you have all the words right, but dont see how they all fit in the puzzle. Share this post Link to post
clutch 1 Posted November 2, 2001 Huh? Funny, I was just thinking the same thing about you. How long have you been an NT sysadmin? You seem to be completely hung up on the browser service, and you don't seem to follow the name resolution chain or credential validation scheme at all. The link I posted shows name resolution being involved, and every MS manual points to name resolution and NETLOGON be tightly intertwined. Also, if there were multiple subnets involved, then there is a STRONG possibility that he wouldn't be asking this question as: A. There might be multiple BDCs along each subnet, or B. If a person did configure the router between clients and DCs, then the person would also have a more thorough knowledge of this schema Now, as for "going back to school", I was wondering where you came up with the browse list promotion chain, and that WinXP Pro is higher up than Win2K Server. I mean, where did that come from? Everything I wrote can be backed up in that link I posted before, and in many other documents relating to the NT Browser service. So, how about you back up what you have to say. You had a condesending attitude with one user who posted a poll asking about Open-Source w32 programs, so let's see you back up your words. Share this post Link to post
clutch 1 Posted November 2, 2001 Here's a little highlight from that link that I posted a while ago. I jut thought I would help you out: Name Resolution Name resolution is critical for distributed browsing to operate properly. All computers that have the potential to become master browsers on an IP internetwork must be able to resolve the DomainName<1b> entry for the domain master browser. After receiving a positive response to the datagram Query for Primary DC, the master browsers must also be able to resolve the ComputerName<00> of the domain master browser. For the domain master browser to connect with each of the master browsers, it must be able to resolve the names of all servers that have the potential to become master browsers. The domain master browser listens for the directed MasterBrowserAnnouncement datagram sent by the master browsers over UDP port 138. These announcements cause the domain master browser to resolve the ComputerName<00> of the master browser and request from the master browser its locally collected browse list. It is also important to understand that once a browse list is presented to the client, the client must resolve the ComputerName<20> of any server in the list in order to view its shared resources. Therefore, all clients in the domain must be able to resolve the IP address of any server in the domain. For most networks this means that the distributed WINS or DNS infrastructure must be working properly. For information about name resolution through WINS, DNS, or LMHOSTS files, see "Windows Internet Name Service" in this book. I am wondering what classes you attended to NOT know the tightly integrated nature of name resolution and resource handling. So, maybe you got the impression that I was saying the Browse list is some sort of DDNS/WINS solution, and I never did. Take away name resolution and NetBIOS over <insert protocol here>, and you wont get anywhere with your browse list as there will be TONS of them everywhere managing their own little worlds. Share this post Link to post
clutch 1 Posted November 2, 2001 Quote: Better go back to school. The browser service is only responsible for showing the list of computer names on the nearby network for user display, and it uses NetBIOS to do so. If you had an empty Browse list, but you still had your WINS server setup properly, the network would all fucntion properly. First, LOL on the intro sentence. Hehehehe... Anyway, I am dying to know when was the last time that you completely disabled the browser service on all systems to test this theory. I would LOVE to know how NETLOGON replication worked out between the DCs. Quote: It serves NO purpose but for a *USER* to be able to see a list of what network services are available.....when a user selects a resource off of the browse list, the client PC then tries to resolve the name. This guy was only asking how come his PC didnt show up on the list,....which means name resolution has not even played a part yet. Actually, he DOES see his name in the "domain", but he wants to be grouped elsewhere. Starting to trail off a bit from the original question? Quote: Exactly, and since this guy is only explaining that his computer does not show up on the list....the problem only lies in the browser service....if he never saw the PC on the browse list, than his PC never tried to resolve the name now did it? Well, it does show up on *a* list, we are still waiting for the specifics. Quote: Not true, if he has a single, PDC, then the PDC is the Domain master browser, and the WinXP box could concievably be on a different subnet than the server....thus being the newst version of the browse service, and assuming the role of the master browser for that subnet. Umm, I can't really recall a reason why anybody would want to subnet a network that uses only a single PDC (unless it's a remote office on a low-cost network, but then again he wouldn't see the servers now would he?). If that was the case, then I am sure that all the resources would show up in the single group anyway, and we wouldn't be here having this discussion. Also, he says that he can see his system grouped with the servers, so I don't think that the WinXP box is the Master Browser for anything. Quote: --------- I'm sorry to say this, and i'm not trying to be mean, but you should setup a home network for come trouble shooting, because its hard to teach that in a class. It sounds to me that you have all the words right, but dont see how they all fit in the puzzle. Wow, now that takes a lot of balls, especially considering the large holes in your theory that the browser service and name resolution are totally independent, and that each can work fine without the other. I have been jacking around with NT for the last 5 years in full NT domains, Novell networks, and peer-to-peer configurations using WinNT/2K/XP, 9x, DOS, and *nix. And I can tell you, I am a bit familiar with how NT likes to do things. At least MS seems to think so, I did manage to get my MCSE and MCP+I using these abilities. Share this post Link to post
lee_frost 0 Posted November 2, 2001 Right here goes, Currently have aprox just over 200 pc's on an NT4 network with 7 servers plus a unix,xenix & exhange server. My system is the only system running XP Pro. These systems are divided into around 15 workgroups. Dependant upon department. I used to be in the HEATHCOAT group along with my fellow IT memebers. However now I am set up in the DOMAIN group which houses all of our important bits. As you prblably guessed networking isn't my forte, but i hope this has helped a little. Cheers Gents. Share this post Link to post
clutch 1 Posted November 2, 2001 So, you don't have a formal NT Domain that encompasses all of these workgroups, but rather a cluster of workgroups that you keep all of your resources in? Can you directly connect to the other systems in the IT workgroup? I believe APK covered that here: Quote: A different workgroup, than the generic WORKGROUP, I take it? (I believe you do that on the client box you want to hit that DOMAIN & particular workgroup... by using Control Panel, System Icon, Computer Name tab... there you can change a GREAT DEAL about an XP rig, in regard to its DOMAIN it signs into as well as the workgroup name also! Plus, it's machine name as well, & also other things & even have a wizard to help you out if needed!) * Try that first... APK P.S.=> I believe you will have to have the Server & Workstation services up & running for that to work first of all, & also need your Client for Microsoft Networks client bound to the NIC you use that communicates with your other clients/servers on that LAN, but it sounds like you do already anyhow... apk Basically, the same method that you used to connect to your DOMAIN (is that the real name of the NT Domain that you are attached to? Because if it is then you are attached to it because of the default domain name given during installation) you would use to connect to any domain or workgroup: 1. Right click on "My Computer" (either on the desktop in "Classic" mode, or in the Start Menu in "Crush my computer's will to live" mode ) and select "Properties" 2. Select the "Computer Name" tab 3. Click on the "Change" button 4. Enter the new domain/workgroup name that you want to be in, and you will then be asked for vali[censored] credentials. Make sure that the client can FIND this other workgroup correctly first (just make sure you can browse the senior server in that group, or PDC if it is a domain). Share this post Link to post
