Stupid administrator trick #375: enter the subnet mask incorrectly when configuring the NIC. It was 255.0.0.0 instead of 255.255.0.0. Correcting that error fixed it all.
<facepalm> Jim v. From: Jim von Stein Sent: Thursday, February 02, 2012 1:38 PM To: NT System Admin Issues Subject: ANOTHER network anomaly Adding an entry to the rash of weird networking issues... I have a WAN setup for our organization with three sites, each with its own subnet, Domain server and file server (all in the same domain). The "main" site is connected to site #2 by multilink t-1 through two Cisco routers and to Site #3 by a "Branch Office" (fixed) VPN connection through a couple of WatchGuard Fireboxes (all traffic from Site #3 routed through the VPN). Everything works, browsing, file sharing, Internet access, it's all good. I brought up a new Server 2008R2 in the "main" site on a DL360G7 box and installed the Remote Desktop Services Host role on it. No errors or (observed) glitches. Joined to the domain, etc. I'm only using one NIC at the moment, fixed IP address, reservation in DHCP, DNS entries good on all internal DNS servers. Now, the problem. The new server cannot "see" site #3 at all; a ping to any box in that site returns "Destination host unreachable" from the IP address of the server (not the Firebox). Tracert returns the same on the first line. The server can talk to everything in the main site and site #2, and approved users can RDP into it from those sites with no problem, but any attempt to connect to the server from site #1 (Windows Explorer, ping, RDP) times out (not "Destination host unreachable"). Mobile VPN connections from "outside" also time out. The other, identical (except for File Services instead of Remote Desktop) server in the same rack has no difficulty communicating with Site #3, and everyone at Site #3 can see it with no problem. The Server 2003 Terminal Services box is also accessible from all three sites (and outside). Any ideas? I'm a Social Worker who inherited the IT Admin job 15 years ago, and my knowledge of the black arts of networking is pretty rudimentary; this has got me baffled, and Google has presented only cases that had obvious (and inapplicable) differences. Jim von Stein Information Services Administrator SOASTC ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
