Windows XP networking problem

[Goi]

Hi,
I have 2 PCs both on WinXP connected toa Linksys wireless router and I wish to do simple file sharing between them. I've renamed them under the same workgroup and shared the drives that I wanna share, and I'm able to ping 1 from the other fine, but they don't show up under the workgroup. In fact, in my PC(PC1) I'm not even able to browse the workgroup. I get an error "Error: xxx is not accessible. You might not have permission to use this network resource...Access is denied." I can't even see myself on the network. On the other PC(PC2) it's able to see itself but not PC1.

Does anyone know what's wrong?

 

[TC10284]

What are the share permissions and NTFS permissions for the folder (assuming the drive is formatted with NTFS)? NTFS permissions override share permissions.

Do you have passwords for the user accounts you are logging into the system with? I think the default Win XP security setting is to disallow anonymous users (such as users with no password).

 

[Goi]

Yes all my drives are NTFS formatted. How do I find out the share permissions?

There are no passwords for the windows user accounts if that's what you mean. Both are automatic logins to XP.

 

[Lemon law]

To Goi,

The thing that grabs me is the "I renamed then under the same workgroup."

Maybe I am guessing, but if you set up the network with two computers from different workgroups,
you may not be able to rename them later---so the cure may be to start from scratch, name each computer as being in the same workgroup, and see if that then works.

And no, having a password is not a win XP requirement---as I have a two PC network using two xp
computers and no password is required.

And random other question---do you have a software firewall on one or both computers---many brand name software firewalls will just default kill a network---I use sygate 5.5 on both my XP computers which plays well with my network. Not sure---but even the sp2 firewall may need extra settings to network correctly. So try disabling any and all software firewalls and see if you then have a workgroup where the computers suddenly see each other---which will hand you the diagnosis right there if that proves to be the case.---then you can see if you can get your firewalls to play nice with your network--or find other software firewalls that will.

 

[Goi]

I don't think it's a problem renaming workgroups since I remember doing that before. Besides, how am I suppsoed to start from scratch? Reinstall Windows? Sounds kinda a chore just to get 2 computers to be in the same network. I do have Kerio installed on my PC. I'll try disabling that to see if it makes any difference.

Just a recap of the symptoms:

On my PC(PC1)
Able to ping the PC1/2's IP address
Able to ping my own computer name
Unable to ping the PC2's computer name
Unable to even browse the workgroup(access denied)

On the other PC(PC2)
Able to ping the PC1/2's IP address
Able to ping my own computer name
Unable to ping the PC2's computer name
Able to even browse the workgroup. Sees its own shared drives but not PC1

 

[Goi]

OK, I disabled Kerio and now it works. Does anyone know how to get it to play nice with windows networking? It's Kerio 2.1.5

 

[nweaver]

Originally posted by: Lemon law
To Goi,

The thing that grabs me is the "I renamed then under the same workgroup."

Maybe I am guessing, but if you set up the network with two computers from different workgroups,
you may not be able to rename them later---so the cure may be to start from scratch, name each computer as being in the same workgroup, and see if that then works.

workgroups have so little to do with actual filesharing that it doesn't matter. It DOES have something to do with network BROWSING, but that is so freaking broken that you should ignore network neighborhood.

To the OP, use UNC paths to alleviate the borked browsing, UNC paths are \\computername\sharename

 

[Lemon law]

To Goi,

Google the "spywarewarriors forums" without the quotes---many there use the Kerio firewall and would know what rules to set up for networking---or gasp---actually read the help section
regarding networking-----but since you now know its the firewall that is borking your network---the next step is to set the firewall up to not bork your network. The kerio firewall is very configerable from what I read.---and very good when set up properly.

 

[Goi]

Thanks. It seems to be working now, better on PC2. On PC1 I'm still unable to ping PC1 by name, but I'm able to access it by \\PC2. I'm also unable to browse the workgroup, despite Kerio Firewall being closed. On PC2 I can do everything.

 

[Lemon law]

To Goi,

Since I am not familar with the Kerio firewall, what I say may be speculation, but I still think its your firewall. The one advantage a hardware firewall has over a software one is that you just can't hack hardware---and the Kerio firewall, even when shut down or closed could still be somewhat active---so the true test is actually going to add remove programs and totally uninstalling Kerio---and then test your pinging and access---then reinstall Kerio.

But I have a similar problem with my network----the client PC can ping itself and ping the host computer and get returns---the host computer can ping itself---but not the client computer. If shut down the firewall--the host computer can then ping the client computer.

Some time ago I went to that firewall's forum and learned to write a convoluted rule to permit that pinging while the firewall was running---later my firewall got corrupted, I had to delete it and reinstall a fresh copy---and I did not keep a record of the rule---so as I write this I can't ping the client from the host---but since I am only sharing internet access, I have never bothered to go back and get instructions on how to permit pinging because it effects my network not a bit.

But if the Kerio firewall is hurting your network, you are just going to have to learn how to write that rule that permits access to what you need----but that assumes you have tested , totally uninstalled Kerio, and confirmed that it is the Kerio firewall blocking you.----or it could be the copy on PC2 that is blocking you and it needs a rule.---you might check if block ICM traffic is checked. But if simply closing both firewalls permit the access you need---you know the problem is 100% firewall related.---and on the bright side---not at some unknown and undisclosed location.

If its not 100% firewall related----it could be damn near anywhere---and might take awhile to find.

 

[nova2]

could always try ditching kerio FW and try some other firewalls.
(unless all other FWs aren't acceptable to you)

 

[Lemon law]

Well,

Nova 2 has a point---lots of other fish in the sea---and kerio also has a newer version 4. something as I recall. I use sygate 5.5 build 2710---there is a newer sygate 5.6 that I hear has some issues with some users so I never tried it. But both Sygate and Kerio are dead--both bought out by companies that will not further develop those platforms.

But also its important to not try firewalls that are known death to networks if you need networking---the highly touted comodo one is one such that will not network---I think zone alarm is still in the same boat. The networkable firewall almost certainly must be rule based----and that gasp---takes user understanding, learning, and monitoring.

Once the user invests the time and effort to train their firewall, and gets it to play nice with their network, few will be eagar to willy nilly try something else at random.

 

[Goi]

Well, I'm using Kerio 2.x because I read it was better than the newer versions(no bloat, less system intensive, etc) and it's free. I was under the impression that it's better than ZA/etc, and I believe it's rules based as well. I just must've clicked "deny" some time back and checked the "don't ask me again" box or something. If only I can find that process(es) so I can remove it from the blacklist...

 

[cleverhandle]

As nweaver has stated, Network Neighborhood browsing is really a mess, a relic of the days where ports were wide open and firewalls inside LAN's were uncommon. If you really want to get it working, you'll probably need ports 139tcp, 138udp, and maybe 445tcp open between the two machines. I would definitely allow those ports only for the single IP address and not open to everyone. The fact that PC1 can't ping PC2 by name implies that NetBIOS is getting blocked on one machine or another. I believe that's the 138udp port, but everytime I look at the details of browsing my head starts spinning. Might give you something to start on, though...

 

[Lemon law]

To Goi,

If you think you clicked on something and then clicked on don't ask me again---and now can't find it,
there is one quick cure for that---go to add remove programs---delete the firewall---then nuke the directory it was in---and reinstall.---a royal pain in the pootie because you have to retrain it but effetive,

But I---on a lark googled Kerio forums and got a hit---so I would advise you to go there where you will likely find knowlegable people who really know that firewall inside out. They should be able to advise you on network settings and where to reverse any changes you made.

But at this point it might be helpful for others to weigh in on what firewalls are and are not able to play nice with networks. Having such a list would help many.

 

[cleverhandle]

Originally posted by: Lemon law
But at this point it might be helpful for others to weigh in on what firewalls are and are not able to play nice with networks. Having such a list would help many.

The purpose of a firewall is filter traffic. If traffic is being blocked, it's not because the firewall isn't "playing nice", it's because it's doing what it's supposed to do. Whether or not the user understands how to operate it is a different story.

 

[Lemon law]

IF a firewall can't network and there exists no user settings to allow networking---isn't it logical to know that in advance if you do need networking?

Rather than waste hours of time trying the impossible?

But to start a known good list for networking-----so far its Kerio---and Sygate.

I know the comodo firewall is known bad for networking---I have read the older zone alarm ones are also--not sure about the newer ones.

 

[cleverhandle]

Originally posted by: Lemon law
IF a firewall can't network and there exists no user settings to allow networking---isn't it logical to know that in advance if you do need networking?

Rather than waste hours of time trying the impossible?

Please stop theorizing about things you clearly don't understand. A firewall blocks what you tell it to block, and permits what you tell it to permit. If a firewall is "not networking", as you put it, then the problem exists between the keyboard and the chair.

@OP: For each machine, with Kerio 2.1.5, click Adminstration->Advanced->Microsoft Networking. Check all the boxes except maybe the last one (your preference there). Click Add to create a new trusted network or Edit to change one if one already exists. Enter the appropriate IP address and netmask there - for most home setups, this is 192.168.0.0/255.255.0.0. Works fine.

 

[Lemon law]

cleverhandle,

As a practical test of your theory, I suggest you switch to the new comodo firewall---I do hear its a very good firewall---then post back with the setting you used to network. I will then post your settings on the forum where I was told comodo would not network.---or try some of the old zone alarm free firewalls---where there is not a single user selectable setting to set.

As I stated in my last post---Kerio--which is a rule based firewall is known good for networking.---your setting while helpful only proves the point that it is settable for networking--even though the defaults may kill a network.-----to prove your allegation you must prove ALL firewalls are similarly settable to allow networking---I submit many are not.

 

[cleverhandle]

Originally posted by: Lemon law
As a practical test of your theory, I suggest you switch to the new comodo firewall---I do hear its a very good firewall---then post back with the setting you used to network.

Using the newest Comodo, in Network Monitor, with other settings as default...

Allow TCP out from IP[Any] to IP MASK:[Trusted] where Source Port is in[Any]
and Remote Port is in[139,445]

Allow TCP in from IP MASK:[Trusted] to IP[Any] where Source Port is in[Any]
and Remote Port is in[139,445]

Allow UDP out from IP[Any] to IP MASK:[Trusted] where Source Port is in[Any] and Remote Port is in[137,138]

Allow UDP in from IP MASK:[Trusted] to IP[Any] where Source Port is in[Any]
and Remote Port is in[137,138]

...where "Trusted" should be set to whatever address/netmask pair is appropriate for your network. Make sure the default BLOCK IP IN is at the end of the list. Rules 2 and 4 above should be covered by the default rule #1 (ALLOW IP OUT) - they're included for the sake of completeness. There may be other redundancies or some simpler way to accomplish the same thing, but I didn't feel like poking around to find out.

Now, go do some homework and stop making stuff up as you go along.

 

[Lemon law]

Well cleverhandle,

Looks like you dodged that bullet on comodo--which was something I saw reported---it may take some time for me to find out if that solution you propose will work long term.

Nor do I want to appear argumenative----but I still maintain that some firewalls flat out can't be networked---you have to prove EVERY firewall can,
I just have to find one that can't to make my point.---by as you say---doing my homework.

But I will leave you in charge of the field---I will be back when I have better evidence---but who knows what some one else will post meanwhile.