The Device Name is Already in Use...

[veritas310]

Hey all,

I've google'd this issue and come up with a few test solutions but I thought I'd post and see if anyone has had any experience with this.

We recently upgraded a peer-to-peer office environment (10+ PCs) to a server environment. We joined them all to the domain and migrated their data over to the server, then mapped that drive and created a logon script. One thing to note, and this may be the culprit, we did not disconnect the previously mapped drives on their local machines, when they were just part of the workgroup. Is there any way to clear some sort of cache that would be storing those?

After they were all joined to the domain, things seemed to be working great. We left and received a few calls from their office telling us that some users were receiving an error when trying to access the mapped drive: "The device name is already in use...". I did some minor research and was recommended by one user to change my logon script to:

net use * /d

net use M: \\server\shared /persistent:no

from:

net use M: \\server\shared

I'm not sure if this will have any effect or not. I assume that the purpose of this is to kill any previous mapped drives on startup and then remap the M: drive (the only drive we want mapped). Also, some users have noticed that if they aren't actively using any network folders and then after a while open the folder, it takes a few seconds to open. It seems like it's reconnecting... One last thing to note, almost all employees do not shut down their computers each day or even each week, could this have something to do with it? Also, one of the three specified DNS servers is the server IP address, to locate the server quicker (initially setup this way to quickly find the domain when joining, just something I find that helps from the past).

Any advice or assistance would be greatly appreciated. Thanks so much in advance!

Mike

[sc302 Veteran]

persistent:no is usually automatically assumed. I would remove all drives either manually in the logon script or with that /d command and remap all the drives like you want. If it is currently mapped to something persistently then it will give you an error when trying to map a new drive to it.

add this to the server in a command prompt

net config server /autodisconnect:-1

also in your dns, enable reverse dns.

only, only, only, only have your active directory dns in the dns options on each pc (handing out through your dhcp server). Do not have any external dns servers in there. The pc's should all go to the domain controller for all dns requests and the server should then decide if it is internal or external, if you want you can put in fowards to your isp's dns servers in your fowards section of dns.

this is what an ipconfig looks like of the machine that I am working on

Physical Address. . . . . . . . . : 00-04-75-84-CC-96

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.10

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : May 02, 2009 4:01:03 PM

Lease Expires . . . . . . . . . . : May 12, 2009 4:01:03 PM

1.1 is my active directory server and my dhcp server. if you notice 1.10 is my gateway.

[veritas310]

persistent:no is usually automatically assumed. I would remove all drives either manually in the logon script or with that /d command and remap all the drives like you want. If it is currently mapped to something persistently then it will give you an error when trying to map a new drive to it.

add this to the server in a command prompt

net config server /autodisconnect:-1

also in your dns, enable reverse dns.

only, only, only, only have your active directory dns in the dns options on each pc (handing out through your dhcp server). Do not have any external dns servers in there. The pc's should all go to the domain controller for all dns requests and the server should then decide if it is internal or external, if you want you can put in fowards to your isp's dns servers in your fowards section of dns.

this is what an ipconfig looks like of the machine that I am working on

Physical Address. . . . . . . . . : 00-04-75-84-CC-96

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.10

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : May 02, 2009 4:01:03 PM

Lease Expires . . . . . . . . . . : May 12, 2009 4:01:03 PM

1.1 is my active directory server and my dhcp server. if you notice 1.10 is my gateway.

SC to the rescue again :), thanks for the prompt response to yet another question I have!

The reason I had the other DNS servers programmed on each machine was because their Mozilla Thunderbird was having some issues finding the POP server when it pointed to just the server's IP. But, as you mentioned, it looks like I have to forward to the Comcast DNS on the server? Best way to do that on Server 2008 Standard? Thanks SC, I'll do the other recommended things in the meantime.

Mike

[sc302 Veteran]

open up dns on your server, single click on the "+" next to your server, on the right side you will see forwards. In forwards you can put your isp dns servers in there

[sc302 Veteran]

if you want to test to see if it worked, on one of the pc's that have mail, type this in your cmd prompt

ipconfig /flushdns

arp -d

this will flush all the pc's cache

i do a

ipconfig /registerdns

out of habbit, takes a few seconds to type it in and milliseconds to run

once the forwards have been put in and you do the above commands see if your pop mail works.

[veritas310]

Excellent, I'll give that a try tomorrow and post the results. Thanks much :)!

Mike

[veritas310]

Hey SC,

I don't need to worry about configuring any specific root hints or conditional forwarders, do I? I was looking through some of the properties on my test 2008 server here and noticed there were several options, most of which I found probably didn't pertain to our small office. I did find exactly what you mentioned before, in Administrative Tools>DNS>Right-click DNS server and select properties, the Forwarders box was right there (thanks). So, basically, my plan of attack is going to be:

1. Add the two Comcast DNS servers to the Forwarders list in DNS server properties.

2. Remove the two Comcast DNS servers on each individual client PC and leaving just the server IP (removing just one and testing Thunderbird first before proceeding).

3. Performing an "ipconfig /flushdns" and a "arp -d", just to be sure (on each client PC).

Should be good to go from there? If this all looks good, maybe you can shed some light on the only issue we have remaining. They're using two network printers that they'd like to be able to scan to the server share. The problem is, and I've seen this with only Server 2008 servers, is that it can't connect to it. I've google'd a few things and someone mentioned that disabling SMB2 has been known to correct this situation, another stated that changing the "Digitally Sign Communications (Always)" from enabled to disabled helps communicate with older multifunction devices... Any ideas? Thanks!

Mike

[+BudMan MVC]

SC was right on the money about the dns, etc. Sure not all clients support SMB2 or digitally signed smb traffic.. Do you have xp clients? They do not support smb2, but smb2 would be the preferred if all your clients support it - There are many advantages to it over smb. How exactly is the server sending the print info to the printer? This would not be limited to smb.

Digitally signed smb can cause problems if not using smb2 -- so sure if you have just plain smb clients (XP), turning this off might be a good option. I do not believe you can add smb2 support to xp clients??

[veritas310]

Thanks for the help Bud,

I think you may have misunderstood part of the printer issue. We don't need to be able to scan to anything but the server (which is Server 2008 Standard), so that makes the client OS (XP Pro) irrelevant? I'm trying a few things, hopefully we'll have some luck. Thanks, I'll keep you posted!

Mike

[sc302 Veteran]

as far as the scanner issue goes, did you put in logon information for the directory that you want it to save to? I know with the scanners that I have used they need logon information to be able to authenticate with.

if the scanner is not capable of this information, then it would need some sort of software to use as a bridge between computer and scanner.

your steps for dns should work fine.

[+BudMan MVC]

Oh ok -- yeah I kind of misread that, so you scanning something at the network device and want to place it on the server share.. Yeah its quite unlikely these types of devices support SMB2, but the server should fall back to just SMB, nor would these kind of clients normally support signing smb traffic.

So you should be fine on the SMB side but your not going to be able to enforce signing. And SC is correct you will have to auth to the share, unless you setup something with full anonymous access, etc. Keep in mind that MS pulled the anonymous security identifier out of the everyone group quite some time ago.

Bur sure to have the scanner put files on a share you going to have to auth to the server, etc. Your best best would be to create a service type account that the scanners can use to auth, the use of null shares is not a very good security practice, etc.

[veritas310]

Ok, well here's a response that actually brings us further away as I ran into two issues that prevent me from going forward :).

I went over, added the two Comcast DNS server to the Forwarders tab of the DNS on the server. I then tested on one machine by just pointing it directly to the server and nowhere else (i.e. the two Comcast servers). I opened up their mail client (Thunderbird) and it could not contact the pop mail server. I flushed the DNS and ran "arp -d" to no avail. I then changed the settings back to the Comcast addresses as the primary and secondary, followed by the server IP as the third, then re-opened Thunderbird without any errors. Now, if I understand this correctly, when the client PC points directly to the server, the DNS on the server should look for the record. If it does not have it, it should then go to the Forwarder listed IPs (the Comcast servers), right?

ALSO

Just looked now and realized we cannot ping anything outside the local network, regardless of what DNS servers the client has configured. It won't ping by IP or domain name. We can, however, obviously ping internally. Any ideas there? We are utilizing a Cisco ASA Firewall, I'm assuming this must have something to do with that?

In terms of the printer, I do have it configured to be authenticated by the server under a user I created "scan". The login portion is not where we find an issue, it won't even connect to the server. We specified it by the IP, i.e. \\192.168.1.1\Scans with the login credentials, to no avail.

Lastly, lol, I'm coming to the conclusion that there might also be a timeout setting for connections to the server (on the Windows Server 2008 side of things). Have you ever heard of this? A few tech's that I've talked to have had experience with changing this setting but are trying to locate where it needs to be changed. Any insight there?

One issue has spawned into about three, but what's new, right? ;)

Thanks SC and Bud so far, you've been a tremendous help!

Mike

[sc302 Veteran]

make sure you have the gateway set. if the gateway is set make sure you can ping it. the gateway should be your asa if it is a simple network.

if it is a simple asa setup, nothing crazy you can use this in your asa appliance

route outside 0.0.0.0 0.0.0.0 (insert ip of your outside address here)

Edited May 6, 2009 by sc302

[+BudMan MVC]

Well your DNS issue seems to be the biggest problem here -- in an AD setup, clients should not point to ANYTHING other than the AD dns.

You need to figure out why your AD dns is not working, but having clients that are part of an AD domain that point to other dns will cause you nothing but grief to be sure.

And is like the number one issue people have with AD.

http://support.microsoft.com/kb/291382

Frequently asked questions about Windows 2000 DNS and Windows Server 2003 DNS

Question: What are the common mistakes that are made when administrators set up DNS on network that contains a single Windows 2000 or Windows Server 2003 domain controller?

Answer: The most common mistakes are:

* The domain controller is not pointing to itself for DNS resolution on all network interfaces.

* The "." zone exists under forward lookup zones in DNS.

* Other computers on the local area network (LAN) do not point to the Windows 2000 or Windows Server 2003 DNS server for DNS.

Your AD dns should look to the root servers directly and have no need for forwarding, do you have 'The "." zone exists under forward lookup zones in DNS.?

From your AD dns box you should be able to query what your looking for from a command prompt. Is your dns box pointing to other dns? it should point to itself

[sc302 Veteran]

Just looked now and realized we cannot ping anything outside the local network, regardless of what DNS servers the client has configured. It won't ping by IP or domain name. We can, however, obviously ping internally. Any ideas there? We are utilizing a Cisco ASA Firewall, I'm assuming this must have something to do with that?

Mike

Budman, are you sure you are reading right. he is having issues pinging outside by ip and by name.

if you can't ping out with a numeric ip address (as if there were any different types of ip addresses currently (going to v6 will be a diff story) but I digress), the issue exists either with the gateway config or the routing table of the switch/router/firewall you connect to, or the internet connection is down.

Edited May 6, 2009 by sc302

[+BudMan MVC]

Kind of hard to ping out by "name" if he can not resolve it ;)

How would it be working if he had no gateway if he says it works when he puts in his ISPs dns into the client.

His pinging issue has nothing to do with his dns issue -- since he said he can access his email when using ISP dns, etc.

Its quite possible to block ICMP at his border device, be it a cisco ASA device or not.. But since he says his client works with connectivity to some email server, I assure you its not a gateway issue ;)

[sc302 Veteran]

assuming that these are basic out of the box configs here, outbound icmp traffic is not turned off. he is saying nothing (internet related) is working now after he made the dns changes, which i find quite impossible that a dns change alone would stop everything (internet related) from running (direct ip or unc).

[+BudMan MVC]

That is not the way I read his post...

But if DNS is not working external -- pretty much everything would be broke, but just because he can not ping stuff does not mean his internet connection is broken.

But yeah I agree with you changing the dns would have NOTHING to do with being able to ping say neowin.net by IP? 209.124.63.215

Can he ping say 4.2.2.2, could he before??

I did not read his thread like he was having issues with internet connectivity just that ping does not work, and dns forwarding at his server is not working, etc -- maybe I misread it?? But if he is having internet connection issues -- how did he post his question? ;)

[veritas310]

Well, the internet is definitely not down, we can access any website and our mail through Thunderbird without any issue. If I indicated that was the issue, I apologize. The only difference between using the server's IP as the primary DNS and the Comcast servers, is the fact that the Thunderbird can contact the POP server through Comcast DNS but not the server's.

I've been told that on some firewalls you can block outgoing Ping requests, in this case I believe nothing like that is being blocked. This isn't even the most concerning issue, just a weird thing that we just noticed.

The biggest issue is resolving the issue with using the server's DNS as the primary DNS. Once that works (we'll know for sure when the mail client's can access the POP server), we'll be able to attack smaller issues like the ping problem and being able to scan to the server.

Mike

[+BudMan MVC]

Mike I just sent you a PM, I could stop by on the way home tonight and take a look at your dns issue. Just PM exactly where you at -- I can leave pretty much any time so could be there real soon to take a look at your dns problem. Like I said in my PM, Im currently in Lisle.

[sc302 Veteran]

so the internet is working? back to the issue with just firebird?

take the comcast dns out of the local machine you are working on, leave the fowards in the ad controller.

run a nslookup on the firebird pc

open a cmd prompt

type in:

nslookup (mail server unc)

example if i were to lookup verizon's pop3 mail server it would be

nslookup incoming.verizon.net

the response would be:

Server: server.home.local

Address: 192.168.1.1

Non-authoritative answer:

Name: incoming.verizon.net

Address: 206.46.232.10

Comcast has regional dns and national dns servers, you can try putting in the national ones in your fowards

68.87.66.196

68.87.64.196

[+BudMan MVC]

SC, I just got off the phone with mike -- I have to run here in a few minutes, and he is not currently at the office having the problem -- but going to work out something with teamviewer tmrw so I can take a look see.

He says the server can query external dns, so not making a lot of sense why its not doing forwarding -- and says the dns box is pointing to itself for dns. So it must be either loonking up directly from roots, or forwarding when he goes to websites.. So not sure why clients can not query it for say google.com, etc. hmmmm

edit: Off the cuff you might want to disable ipv6 on your 2k8 box -- your not using it are you? I have seen it cause quite a few issues, and if not actively being used there is really no reason to have it enabled.

Edited May 6, 2009 by BudMan

[sc302 Veteran]

Goodluck

[+BudMan MVC]

Will be sure to post what the problem is, but after talking to him on phone - his clients having multiple dns are problem is issues with file shares as well.

[veritas310]

Thanks guys,

Interestingly enough, I did configure IPv6 on initial setup, I will disable that as well tomorrow. I'll post the results after walking through a few things with BudMan. Thanks SC as well, I'm trying out your last suggestion when I get there tomorrow morning!

Mike