Hi, I have a problem with my VLANs. Ive tryed to explain as below. Hopefully understandable. Domain environment. VLAN1 192.168.0.x (Any computer which joined domain or workgroup has no problem) VLAN2 192.168.10.x (Any computer which joined domain has no problem but workgroup computers cannot ping with the name or access any source) VLAN3 192.168.20.x (Any computer which joined domain has no problem but workgroup computers cannot ping with the name or access any source) For example; If I want to install OS with Acronis, I booting the computer (with Acronis CD ) which belong VLAN2 and VLAN3, I cannot access any network resources but with VLAN1, no problem.

ICBL, When troubleshooting I would suggest using a fully built machine. I would put the machine on either Vlan2 or Vlan3 and attempt to connect to a resource on Vlan1. To start you will need to make sure that the computers on all the subnets have correct IP config. This would include an IP, a correct mask (not overlaping with any other subnet) and a default gateway (the router interface for the Vlan). To be truthful, a missing or incorrect default gateway, is the most common cause of this problem. After you have confirmed these settings, to start this I would suggest using the telnet client from the test machine to the servers using SMB (as it is a commonly allowed connection). At a command prompt enter Telnet <ip> 445. If the Screen goes black this worked, otherwise you will see the failure. If this works we know that network connectivity is solid between the subnets, and it may just be an issue with the Pre-load Environment. If this fails then we only know that we cannot connect to 445. If you have access to the server resources, you can find out what ports it is listening on by using Netstat -ano at the command line (you can use any port listed as "listening: after the "unspecified IP, such as 0.0.0.0:445). If you do not have access, or want to try to shortcut things, here are some other commonly used network ports to try: 135, 139, 3268.... If after testing this all out, you still cannot connect, then you need some help from the network infrastructure owner, as the vlans, or the router may not be configured correctly. Let me know if you are using RRAS or IAS, and I can probably help out here further. If you want a detailed step by step through the network to explain how a packet gets from a-to-b see: http://cbfive.com/blog/post/Follow-the-Bouncing-Packet.aspxIf you need extra help, you can reach us at: InitialAssist@cbfive.com See my blogs at http://www.cbfive.com/blog Don't forget to give credit where credit is due, vote this as helpful if it helped you Jared

icbl, thanks for the post. in addition to the troubleshooting steps that Jared has laid out above, you may want to take a look at the client-side firewalls. on one of the target resources, disable the client-side firewall's service (your best bet is to reboot because many firewalls, even when stopped, still have their hooks in) and then attempt to connect from the workgroup machines. hth /rich http://cbfive.com/blog

Hi, Thanks for detailed answer, I really appreciated that. Telnet 192.168.0.66 445 worked fine screen gone black VLAN1 192.168.0.x and they using gateway as 192.168.0.254 VLAN1 192.168.10.x and they using gateway as 192.168.10.254 VLAN1 192.168.20.x and they using gateway as 192.168.20.254 I dont have RRAS or IAS. netstat -ano results on PDC (Win 2003 Ent) (Made list shorter) Proto Local Address Foreign Address State PID TCP 0.0.0.0:53 0.0.0.0:0 LISTENING 1920 TCP 0.0.0.0:81 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 564 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 860 TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 564 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 564 TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 860 TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 564 TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 564 TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING 564 TCP 0.0.0.0:1079 0.0.0.0:0 LISTENING 2208 TCP 0.0.0.0:1087 0.0.0.0:0 LISTENING 1920 TCP 0.0.0.0:1096 0.0.0.0:0 LISTENING 3068 TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING 2476 TCP 0.0.0.0:2139 0.0.0.0:0 LISTENING 4784 TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 564 TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 564 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 3580 TCP 127.0.0.1:389 127.0.0.1:1061 ESTABLISHED 564 TCP 127.0.0.1:389 127.0.0.1:1062 ESTABLISHED 564 TCP 127.0.0.1:389 127.0.0.1:1063 ESTABLISHED 564 TCP 127.0.0.1:389 127.0.0.1:1081 TIME_WAIT 0 TCP 127.0.0.1:389 127.0.0.1:3946 ESTABLISHED 564 TCP 127.0.0.1:1061 127.0.0.1:389 ESTABLISHED 2096 TCP 127.0.0.1:1062 127.0.0.1:389 ESTABLISHED 2096 TCP 127.0.0.1:1063 127.0.0.1:389 ESTABLISHED 2096 TCP 127.0.0.1:1106 0.0.0.0:0 LISTENING 3912 TCP 127.0.0.1:3946 127.0.0.1:389 ESTABLISHED 1920 TCP 192.168.0.21:139 0.0.0.0:0 LISTENING 4 TCP 192.168.0.21:389 192.168.0.21:1082 TIME_WAIT 0 TCP 192.168.0.21:389 192.168.0.21:1083 TIME_WAIT 0 TCP 192.168.0.21:389 192.168.0.21:3947 ESTABLISHED 564 TCP 192.168.0.21:389 192.168.0.21:3953 ESTABLISHED 564 TCP 192.168.0.21:389 192.168.0.27:61760 ESTABLISHED 564 TCP 192.168.0.21:389 192.168.0.27:61761 ESTABLISHED 564 TCP 192.168.0.21:1026 192.168.0.20:51345 ESTABLISHED 564 TCP 192.168.0.21:1026 192.168.0.21:1388 ESTABLISHED 564 TCP 192.168.0.21:1026 192.168.0.21:2599 ESTABLISHED 564 TCP 192.168.0.21:1026 192.168.0.21:2613 ESTABLISHED 564 TCP 192.168.0.21:1026 192.168.0.22:34328 ESTABLISHED 564 TCP 192.168.0.21:1067 192.168.0.22:1025 ESTABLISHED 564 TCP 192.168.0.21:1077 192.168.0.20:49155 ESTABLISHED 564 TCP 192.168.0.21:1078 192.168.0.27:445 ESTABLISHED 4 TCP 192.168.0.21:1084 192.168.0.21:445 TIME_WAIT 0 TCP 192.168.0.21:1085 192.168.0.21:135 TIME_WAIT 0 TCP 192.168.0.21:1388 192.168.0.21:1026 ESTABLISHED 564 TCP 192.168.0.21:2138 192.168.0.21:389 CLOSE_WAIT 4784 TCP 192.168.0.21:2599 192.168.0.21:1026 ESTABLISHED 2208 TCP 192.168.0.21:2613 192.168.0.21:1026 ESTABLISHED 3068 TCP 192.168.0.21:3268 192.168.0.22:31647 ESTABLISHED 564 TCP 192.168.0.21:3268 192.168.0.22:31650 ESTABLISHED 564 TCP 192.168.0.21:3268 192.168.0.22:31654 ESTABLISHED 564 TCP 192.168.0.21:3268 192.168.0.25:10047 ESTABLISHED 564 TCP 192.168.0.21:3268 192.168.0.25:13371 ESTABLISHED 564 TCP 192.168.0.21:3268 192.168.0.25:19613 ESTABLISHED 564 TCP 192.168.0.21:3268 192.168.0.25:33662 ESTABLISHED 564 TCP 192.168.0.21:3268 192.168.0.25:56419 ESTABLISHED 564 TCP 192.168.0.21:3268 192.168.0.25:56446 ESTABLISHED 564 TCP 192.168.0.21:3947 192.168.0.21:389 ESTABLISHED 2208 TCP 192.168.0.21:3953 192.168.0.21:389 ESTABLISHED 3068 TCP 192.168.0.21:4971 192.168.0.21:389 CLOSE_WAIT 4784 TCP 192.168.0.21:49225 192.168.0.22:53 TIME_WAIT 0 TCP 192.168.0.21:50704 192.168.0.20:53 TIME_WAIT 0 TCP 192.168.0.21:59423 192.168.0.21:53 TIME_WAIT 0 TCP 192.168.0.21:61313 192.168.0.20:53 TIME_WAIT 0 UDP 0.0.0.0:161 *:* 2496 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 564 UDP 0.0.0.0:1088 *:* 1668 UDP 0.0.0.0:1153 *:* 2496 UDP 0.0.0.0:4500 *:* 564 UDP 0.0.0.0:7845 *:* 2496 UDP 0.0.0.0:49153 *:* 1920 UDP 0.0.0.0:49155 *:* 1920 UDP 0.0.0.0:49166 *:* 1920 UDP 0.0.0.0:49168 *:* 1920 UDP 0.0.0.0:49169 *:* 1920 UDP 0.0.0.0:49170 *:* 1920 UDP 0.0.0.0:49178 *:* 1920 UDP 0.0.0.0:49182 *:* 1920 UDP 0.0.0.0:49185 *:* 1920 UDP 0.0.0.0:49189 *:* 1920 UDP 0.0.0.0:49191 *:* 1920 UDP 0.0.0.0:49203 *:* 1920 UDP 0.0.0.0:49217 *:* 1920 UDP 0.0.0.0:49227 *:* 1920 UDP 0.0.0.0:49229 *:* 1920 UDP 0.0.0.0:49243 *:* 1920 UDP 0.0.0.0:49244 *:* 1920 UDP 0.0.0.0:49251 *:* 1920 UDP 0.0.0.0:49263 *:* 1920 UDP 0.0.0.0:49264 *:* 1920 UDP 0.0.0.0:49272 *:* 1920 UDP 0.0.0.0:49289 *:* 1920 UDP 0.0.0.0:49293 *:* 1920 UDP 0.0.0.0:49314 *:* 1920 UDP 0.0.0.0:49315 *:* 1920 UDP 0.0.0.0:49317 *:* 1920 UDP 0.0.0.0:49318 *:* 1920 UDP 0.0.0.0:49327 *:* 1920 UDP 0.0.0.0:49339 *:* 1920 UDP 0.0.0.0:49341 *:* 1920 UDP 0.0.0.0:49352 *:* 1920 UDP 0.0.0.0:49353 *:* 1920 UDP 0.0.0.0:49356 *:* 1920 UDP 0.0.0.0:49361 *:* 1920 UDP 0.0.0.0:49367 *:* 1920 UDP 0.0.0.0:49370 *:* 1920 UDP 0.0.0.0:49371 *:* 1920 UDP 0.0.0.0:49378 *:* 1920 UDP 0.0.0.0:49389 *:* 1920 UDP 0.0.0.0:49396 *:* 1920 UDP 0.0.0.0:49400 *:* 1920 UDP 0.0.0.0:49414 *:* 1920 UDP 0.0.0.0:49417 *:* 1920 UDP 0.0.0.0:49421 *:* 1920 UDP 0.0.0.0:49453 *:* 1920 UDP 0.0.0.0:49458 *:* 1920 UDP 0.0.0.0:49460 *:* 1920 UDP 0.0.0.0:49461 *:* 1920 UDP 0.0.0.0:49462 *:* 1920 UDP 0.0.0.0:49463 *:* 1920 UDP 0.0.0.0:49468 *:* 1920 UDP 0.0.0.0:49469 *:* 1920 UDP 0.0.0.0:49476 *:* 1920 UDP 0.0.0.0:49488 *:* 1920 UDP 0.0.0.0:49492 *:* 1920 UDP 0.0.0.0:49504 *:* 1920 UDP 0.0.0.0:49510 *:* 1920 UDP 0.0.0.0:49511 *:* 1920 UDP 0.0.0.0:49517 *:* 1920 UDP 0.0.0.0:49527 *:* 1920 UDP 0.0.0.0:49530 *:* 1920 UDP 0.0.0.0:49531 *:* 1920 UDP 0.0.0.0:49545 *:* 1920 UDP 0.0.0.0:49548 *:* 1920 UDP 0.0.0.0:65525 *:* 1920 UDP 127.0.0.1:53 *:* 1920 UDP 127.0.0.1:123 *:* 1052 UDP 127.0.0.1:1028 *:* 564 UDP 127.0.0.1:1045 *:* 1068 UDP 127.0.0.1:1059 *:* 932 UDP 127.0.0.1:1060 *:* 2096 UDP 127.0.0.1:1066 *:* 1920 UDP 127.0.0.1:1080 *:* 2208 UDP 127.0.0.1:1084 *:* 1900 UDP 127.0.0.1:1100 *:* 488 UDP 127.0.0.1:1123 *:* 1668 UDP 127.0.0.1:1188 *:* 3068 UDP 127.0.0.1:1204 *:* 1536 UDP 127.0.0.1:2137 *:* 4784 UDP 127.0.0.1:63665 *:* 1920 UDP 192.168.0.21:53 *:* 1920 UDP 192.168.0.21:67 *:* 4784 UDP 192.168.0.21:68 *:* 4784 UDP 192.168.0.21:88 *:* 564 UDP 192.168.0.21:123 *:* 1052 UDP 192.168.0.21:137 *:* 4 UDP 192.168.0.21:138 *:* 4 UDP 192.168.0.21:389 *:* 564 UDP 192.168.0.21:464 *:* 564 UDP 192.168.0.21:2535 *:* 4784

icbl, thanks for the post. in addition to the troubleshooting steps that Jared has laid out above, you may want to take a look at the client-side firewalls. on one of the target resources, disable the client-side firewall's service (your best bet is to reboot because many firewalls, even when stopped, still have their hooks in) and then attempt to connect from the workgroup machines. hth /rich http://cbfive.com/blog Hi Rich, Thanks for reply. Ive disabled firewalls on servers and tryed still same. While booting the client with an Acronis CD or third party program already we dont have firewall on the client! Ive freshly installed an OS and tryed again same result. Additionally Ive noticed if I ping with IP address ones, later on I can ping with the name of machine!

ICBL, Thank you for the quick response and the data. Did you test connection to the file shares while on the full OS client (on either Vlan2 or Vlan3)? Did this work? To be clear, that Telnet command you listed above was from a PC on Vlan2 or Vlan3, right? If this is the case then you should be free and clear from that Vlan to the server on Vlan1. Telnet effectively tests the routable path from the client to the TCP protocol running on the server (meaning that it does not necessary test the application listening on the TCP port, in this case the file system). So, if that is the case, I echo Rich's suggestion in looking at the server. I would ensure that the windows firewall is not just turned off on the server and the client (for the purpose of troubleshooting this), but that you disable the service through the services.msc all together. You will need to reboot for it to take effect. If you have AV on the box, in the last few years there has been a trend to include a firewall mini-port driver. Some of those hooks can be deep so I would recommend, after making sure I have the latest network drivers booting the server into Safe Mode w/ Networking (hit F8 while booting). After you reboot into Safe Mode w/ Networking Check to make sure services like you AV (especially if you use Symantec or McAfee) is not running. From there I would try the connection to the file share from a PC on Vlan2 or Vlan3. If this works, we need to work out what service is causing the problem (after rebooting normally). One way is to use MSConfig (enter name at run prompt to launch). On the services tab check the box for "hide all Microsoft services". Then go through them one by one (or in programmatic groups) to work out when it works and when it fails. Ultimately, if neither of these help, we may need to take a set of network traces to figure out what is happening. If you do not have the expertise in house to look at these, I may be able to help. Just send an email to the contact listed below, and I will see what I can do. If you need extra help, you can reach us at: InitialAssist@cbfive.com See my blogs at http://www.cbfive.com/blog /jared

Hi ,I would fall back to the vlan logs and the wireshark / netmon tracing and this should be simultaneous traces.