ICS and FS trouble



km
07-10-2005, 01:51 AM
Hi,

got a strange phenomenon. LAN is built as infrastructure WLAN. ISC host is
connected via UMTS (G3 GSM) PCMCIA cardmodem and holds the manually set IP
192.166.116.20 (cannot use 192.168.0.1.), subnet 255.255.255.0. file sharing
and ics enabled. protocols, services and clients established at WLAN side:
client for ms networks, service advertising protocol, file and printer
sharing for ms networks, QoS packet sheduler, internet protcol (TCP/IP). Same
machine on the WAN side has established service advertising protocol, QoS
packet sheduler, internet protocol (TCP/IP) with DHCP. OS on this machines is
WXP PRO SP2 build 1519. Firewall off.

client machine, same OS, same protocols on the WLAN side, IP 192.166.116.40,
same subnet, gateway is set to 192.116.116.20. ping and tracert of internet
adresses works just fine, i.e. physical connections is there, DNS works but I
cannot browse any site as well as updater of virus and spyware tool fails,
execept that the MS beta AntiSpyware connects to the internet and recognises
that a new update is available, even displays the new version number but then
fails to dl same.

So, what the heck is wrong?

Cheers

Steve Winograd [MVP]
07-10-2005, 01:51 AM
In article <224C8C90-2824-4EB8-8CB3-401ED28BEE09@microsoft.com>, "km"
<km@discussions.microsoft.com> wrote:
>Hi,
>
>got a strange phenomenon. LAN is built as infrastructure WLAN. ISC host is
>connected via UMTS (G3 GSM) PCMCIA cardmodem and holds the manually set IP
>192.166.116.20 (cannot use 192.168.0.1.), subnet 255.255.255.0. file sharing
>and ics enabled. protocols, services and clients established at WLAN side:
>client for ms networks, service advertising protocol, file and printer
>sharing for ms networks, QoS packet sheduler, internet protcol (TCP/IP). Same
>machine on the WAN side has established service advertising protocol, QoS
>packet sheduler, internet protocol (TCP/IP) with DHCP. OS on this machines is
>WXP PRO SP2 build 1519. Firewall off.
>
>client machine, same OS, same protocols on the WLAN side, IP 192.166.116.40,
>same subnet, gateway is set to 192.116.116.20. ping and tracert of internet
>adresses works just fine, i.e. physical connections is there, DNS works but I
>cannot browse any site as well as updater of virus and spyware tool fails,
>execept that the MS beta AntiSpyware connects to the internet and recognises
>that a new update is available, even displays the new version number but then
>fails to dl same.
>
>So, what the heck is wrong?
>
>Cheers

You said that the client's gateway is set to 192.116.116.20. I assume
that's a typo and that it's actually set to 192.166.116.20

Microsoft doesn't support changing the ICS host computer's LAN
address. Since you've changed it, there's no guarantee that ICS will
work. Why can't you use 192.168.0.1? Is it because the host's
Internet connection has a 192.168.0.x address that can't be changed to
a different subnet?

If the host's Internet connection has a private IP address (like
192.168.0.x), can the DHCP server on the Internet connection assign an
address to the client, too? If so, you might be able to solve the
problem by disabling ICS and creating a network bridge between the
former host's Internet and wireless connections.

BTW, 192.166.116.0/255.255.255.0 is a range of public IP addresses.
It isn't a proper IP address range for a LAN, and using it can block
access to some web sites. The private IP address ranges are:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

If those suggestions don't help, please reply in the news group with
more information about the network setup:

How have you set up an infrastructure LAN? How is the wireless access
point connected to the ICS host? Is it just an access point, or is it
a wireless router? If it's a wireless router, you have to bypass its
routing and DHCP capabilities, connecting the ICS host to a LAN port
and not connecting anything to the router's WAN (Internet) port.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

km
07-10-2005, 01:51 AM
Hi,

was a typo, anyways, followed your advice and set the ip to 192.168.0.x,
however the problem remains the same, i.e. physical connection from ISC
client to internet is there, such as vpn works or terminal services like ping
and tracert, however still no browsing. the ap is just an ap, no router.
The master domain browser is assigned with the ISC client machine.

Having file and printer sharing enabled on both, ISC host and client, I can
access the client's share with no trouble however not vice versa - "logon
failure: the user has not been granted the requested logon type at this
computer". Which is a strange thing to happen as the share is permitted to
"everyone".

???

Cheers

"Steve Winograd [MVP]" wrote:

> In article <224C8C90-2824-4EB8-8CB3-401ED28BEE09@microsoft.com>, "km"
> <km@discussions.microsoft.com> wrote:
> >Hi,
> >
> >got a strange phenomenon. LAN is built as infrastructure WLAN. ISC host is
> >connected via UMTS (G3 GSM) PCMCIA cardmodem and holds the manually set IP
> >192.166.116.20 (cannot use 192.168.0.1.), subnet 255.255.255.0. file sharing
> >and ics enabled. protocols, services and clients established at WLAN side:
> >client for ms networks, service advertising protocol, file and printer
> >sharing for ms networks, QoS packet sheduler, internet protcol (TCP/IP). Same
> >machine on the WAN side has established service advertising protocol, QoS
> >packet sheduler, internet protocol (TCP/IP) with DHCP. OS on this machines is
> >WXP PRO SP2 build 1519. Firewall off.
> >
> >client machine, same OS, same protocols on the WLAN side, IP 192.166.116.40,
> >same subnet, gateway is set to 192.116.116.20. ping and tracert of internet
> >adresses works just fine, i.e. physical connections is there, DNS works but I
> >cannot browse any site as well as updater of virus and spyware tool fails,
> >execept that the MS beta AntiSpyware connects to the internet and recognises
> >that a new update is available, even displays the new version number but then
> >fails to dl same.
> >
> >So, what the heck is wrong?
> >
> >Cheers
>
> You said that the client's gateway is set to 192.116.116.20. I assume
> that's a typo and that it's actually set to 192.166.116.20
>
> Microsoft doesn't support changing the ICS host computer's LAN
> address. Since you've changed it, there's no guarantee that ICS will
> work. Why can't you use 192.168.0.1? Is it because the host's
> Internet connection has a 192.168.0.x address that can't be changed to
> a different subnet?
>
> If the host's Internet connection has a private IP address (like
> 192.168.0.x), can the DHCP server on the Internet connection assign an
> address to the client, too? If so, you might be able to solve the
> problem by disabling ICS and creating a network bridge between the
> former host's Internet and wireless connections.
>
> BTW, 192.166.116.0/255.255.255.0 is a range of public IP addresses.
> It isn't a proper IP address range for a LAN, and using it can block
> access to some web sites. The private IP address ranges are:
>
> 10.0.0.0 - 10.255.255.255
> 172.16.0.0 - 172.31.255.255
> 192.168.0.0 - 192.168.255.255
>
> If those suggestions don't help, please reply in the news group with
> more information about the network setup:
>
> How have you set up an infrastructure LAN? How is the wireless access
> point connected to the ICS host? Is it just an access point, or is it
> a wireless router? If it's a wireless router, you have to bypass its
> routing and DHCP capabilities, connecting the ICS host to a LAN port
> and not connecting anything to the router's WAN (Internet) port.
> --
> Best Wishes,
> Steve Winograd, MS-MVP (Windows Networking)
>
> Please post any reply as a follow-up message in the news group
> for everyone to see. I'm sorry, but I don't answer questions
> addressed directly to me in E-mail or news groups.
>
> Microsoft Most Valuable Professional Program
> http://mvp.support.microsoft.com
>

Steve Winograd [MVP]
07-10-2005, 01:51 AM
In article <63617093-92BE-4B9B-939B-A851C769F63E@microsoft.com>, "km"
<km@discussions.microsoft.com> wrote:
>> >got a strange phenomenon. LAN is built as infrastructure WLAN. ISC host is
>> >connected via UMTS (G3 GSM) PCMCIA cardmodem and holds the manually set IP
>> >192.166.116.20 (cannot use 192.168.0.1.), subnet 255.255.255.0. file sharing
>> >and ics enabled. protocols, services and clients established at WLAN side:
>> >client for ms networks, service advertising protocol, file and printer
>> >sharing for ms networks, QoS packet sheduler, internet protcol (TCP/IP). Same
>> >machine on the WAN side has established service advertising protocol, QoS
>> >packet sheduler, internet protocol (TCP/IP) with DHCP. OS on this machines is
>> >WXP PRO SP2 build 1519. Firewall off.
>> >
>> >client machine, same OS, same protocols on the WLAN side, IP 192.166.116.40,
>> >same subnet, gateway is set to 192.116.116.20. ping and tracert of internet
>> >adresses works just fine, i.e. physical connections is there, DNS works but I
>> >cannot browse any site as well as updater of virus and spyware tool fails,
>> >execept that the MS beta AntiSpyware connects to the internet and recognises
>> >that a new update is available, even displays the new version number but then
>> >fails to dl same.
>>
>> You said that the client's gateway is set to 192.116.116.20. I assume
>> that's a typo and that it's actually set to 192.166.116.20
>>
>> Microsoft doesn't support changing the ICS host computer's LAN
>> address. Since you've changed it, there's no guarantee that ICS will
>> work. Why can't you use 192.168.0.1? Is it because the host's
>> Internet connection has a 192.168.0.x address that can't be changed to
>> a different subnet?
>>
>> If the host's Internet connection has a private IP address (like
>> 192.168.0.x), can the DHCP server on the Internet connection assign an
>> address to the client, too? If so, you might be able to solve the
>> problem by disabling ICS and creating a network bridge between the
>> former host's Internet and wireless connections.
>>
>> BTW, 192.166.116.0/255.255.255.0 is a range of public IP addresses.
>> It isn't a proper IP address range for a LAN, and using it can block
>> access to some web sites. The private IP address ranges are:
>>
>> 10.0.0.0 - 10.255.255.255
>> 172.16.0.0 - 172.31.255.255
>> 192.168.0.0 - 192.168.255.255
>>
>> If those suggestions don't help, please reply in the news group with
>> more information about the network setup:
>>
>> How have you set up an infrastructure LAN? How is the wireless access
>> point connected to the ICS host? Is it just an access point, or is it
>> a wireless router? If it's a wireless router, you have to bypass its
>> routing and DHCP capabilities, connecting the ICS host to a LAN port
>> and not connecting anything to the router's WAN (Internet) port.
>
>Hi,
>
>was a typo, anyways, followed your advice and set the ip to 192.168.0.x,
>however the problem remains the same, i.e. physical connection from ISC
>client to internet is there, such as vpn works or terminal services like ping
>and tracert, however still no browsing. the ap is just an ap, no router.
>The master domain browser is assigned with the ISC client machine.
>
>Having file and printer sharing enabled on both, ISC host and client, I can
>access the client's share with no trouble however not vice versa - "logon
>failure: the user has not been granted the requested logon type at this
>computer". Which is a strange thing to happen as the share is permitted to
>"everyone".
>
>???
>
>Cheers

Disable ICS on the host computer, then re-enable it. That will make
all the right settings, including the required 192.168.0.1 address.

It's best to configure the client computer to obtain an IP address
automatically. If Internet access doesn't work on the client with
that setting, try manually assigning the client's TCP/IP properties:

IP Address: 192.168.0.x (1<x<255)
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
DNS Server = 192.168.0.1 or your ISP's DNS server

The client's failure to access some web sites could be related to the
MTU setting. If so, this should fix it:

1. Find the right MTU setting on the client, as shown here:

http://www.annoyances.org/exec/show/article04-107

2. Make the setting manually on the client, or use DrTCP to make it:

http://www.dslreports.com/front/drtcp.html

I don't understand what you mean by "master domain browser". If your
computers run Windows XP, your network is a workgroup, not a domain.
If your network is a domain with a server computer, you shouldn't be
using ICS at all.

The logon failure message indicates a problem with user rights
assignments on the host computer, and the solution is to run some
commands on the host computer.

If the host computer runs Windows XP Professional:

1. Click Start | Run, type "secpol.msc" in the box, and click OK.
2. Click Local Policies.
3. Click User Rights Assignment.
4. Click "Access this computer from the network" and make sure that
the Everyone group is included.
5. Click "Deny access to this computer from the network" and make sure
that the Everyone group is NOT included.

If the host computer runs Windows XP Home Edition, the "secpol.msc"
program isn't available. To make the required user rights
assignments:

1. Download and install the Windows 2003 Server Resource Kit Tools
from http://go.microsoft.com/fwlink/?LinkId=4544 .

2. Click Start | All Programs | Windows Resource Kit Tools | Command
Shell.

3. Type these lines at the command prompt. The second and third
commands are case-sensitive, so type them exactly as shown. Note the
"+r" in the second one and the "-r" in the third one:

net user guest /active:yes
ntrights +r SeNetworkLogonRight -u Guest
ntrights -r SeDenyNetworkLogonRight -u Guest
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

km
07-10-2005, 01:51 AM
finally, it is solved - is was simply the mtu issue.

Steve Winograd [MVP]
07-10-2005, 01:52 AM
In article <926DA370-71DA-4950-9BE6-2F0A7E319068@microsoft.com>, "km"
<km@discussions.microsoft.com> wrote:
>finally, it is solved - is was simply the mtu issue.

You're welcome.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com


ICS and FS trouble