Re: Windows 2000 shares drop connection in DMZ?

egrant2 · ‎11-21-2003

Hello all,

I currently have our Windows 2000 development servers located in our DMZ seperate from our internal zone. I create a share on these machines for our development guys to transfer files directly to the environment and lock the shares down to only their accounts. I am having issues with the machine dropping the share connections randomly. The dev guys can reconnect right after the disconnect, but its really inteferring with their development work. I use a Cisco Pix 520 with and internal zone and a DMZ zone for the dev machines and a 6509 with seperate VLANs for internal, DMZ, external zones. I've even experienced this issue when I connect to copy files locally to my system before I moved them to the live production systems. I've also checked the memory usage on the machines and there is plenty of free memory. Does anyone have any suggestions as to what may be happening.

TIA

lwierenga · ‎11-21-2003

Can you post your config?

anup_bekal · ‎12-02-2003

Hi

Did you open the TCP 139, 445 and UDP 137,138, 445 ports?

These ports needs to be opened on your PIX for MS-File & Printer sharing to work correctly.

Try this & please let me know the result.

Regards

Anoop K Narayanan

NICBM Kuwait

gkhaira · ‎01-17-2004

I had the same issue, users on the inside network were losing connection to windows shared directory randomly which is located on the DMZ segment. I fixed this issue by giving static NAT IP address to the windows 2000 server. Before users were using global IP address (PAT) to connect to windows server and hence having this issue. PAT doesn't work very well with Netbios sharing.

scoclayton · ‎01-18-2004

The issue you are referring to here is an MS bug. I can dig up the support article number for you if needed but they did address this issue in a service pack. Just an FYI.

Scott

wojmil · ‎02-12-2004

I seem to have similiar problem with dropping connections to windows 2k shares - could you please post this support article number?

egrant2 · ‎02-12-2004

this bug fix was included with SP4 so if you have that you have the fix. i am running SP4 and still experiencing the issue. when i move the machine back into my internal network the issue goes away, so i strongly believe it to be an issue with the PIX. most likely in the configuration, but I haven't had time to setup a new test lab to test different configs.

wojmil · ‎02-12-2004

oh my, those aren't good news.

anyway, our setup is little bit different - we've got 7600 routers with FWSM blades. there's a w2k (with sp3) server which belongs to VLAN x and some w2k workstations in VLAN y. traffic between those subnets is passed through nat 0 access-list feature. problem occurs while copying bunch of files (~600 megabytes)from this server to a client (transferring it from command line says "network name is no longer available" after some time of copying). I've been doing some port monitoring and packet capturing with tools like ethereal, but they haven't revealed anything interesting. the share is available after dropping the connection. the server is connected to the switch with two broadcom NICs with load balancing feature (different MACs, common IP address) and whole setup does not suffer any performance problems. hints anyone?