We have two clients running Windows Vista RTM. Both are joined to Windows
2003 domain. Both clients can ping XP and 2003 server stations as well as
browse their shares. However, a ping or share browsing from any server or XP
station to either of the Vista clients does not work. The ping will resolve
the name of the Vista client, but will timeout on the response. Firewall is
disabled on both clients by Group Policy. The users that are logged into the
Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
greatly appreciated.

The new firewall in Vista disablew ICMP (ping) by default. I believe you
either have to use the firewall MMC (Admin tools) or a netsh command to
enable that as it's not exposed by the user-level firewall UI. Even if you
turn off the firewall I'd suspect you have to enable network discovery, file
and folder sharing in the Network and Sharing Center.

Stuart.
---------

"Franklin" wrote:

We have two clients running Windows Vista RTM. Both are joined to Windows
2003 domain. Both clients can ping XP and 2003 server stations as well as
browse their shares. However, a ping or share browsing from any server or XP
station to either of the Vista clients does not work. The ping will resolve
the name of the Vista client, but will timeout on the response. Firewall is
disabled on both clients by Group Policy. The users that are logged into the
Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
greatly appreciated.

Thanks for the response Stuart.

The firewall service is not running and Network Discovery, File Sharing, and
Printer Sharing are all set to On, but still have the same problem.

It is a very frustrating issue and I have seen other people run into it, but
no one has posted a resolution.

Thanks,
Franklin

"Stuart [MVP]" wrote:

The new firewall in Vista disablew ICMP (ping) by default. I believe you
either have to use the firewall MMC (Admin tools) or a netsh command to
enable that as it's not exposed by the user-level firewall UI. Even if you
turn off the firewall I'd suspect you have to enable network discovery, file
and folder sharing in the Network and Sharing Center.

Stuart.
---------

"Franklin" wrote:

We have two clients running Windows Vista RTM. Both are joined to Windows
2003 domain. Both clients can ping XP and 2003 server stations as well as
browse their shares. However, a ping or share browsing from any server or XP
station to either of the Vista clients does not work. The ping will resolve
the name of the Vista client, but will timeout on the response. Firewall is
disabled on both clients by Group Policy. The users that are logged into the
Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
greatly appreciated.

RESOLUTION:
The sssue was caused by the Windows Firewall service not running (ie -
Stopped). When we manually attempted to start the service, we received error
1297.

We were able to narrow it down to one setting in Group Policy: User Rights
Assignment - Adjust memory quotas for a process.

The security setting for this option is usually set to Local Service,
Network Service, Administrators. In our case, our domain policy edits this
setting to only include Administrattors.

By changing the policy so that this setting is not configured, it is
automatically set back to the default.

After a reboot of the pc and a gpupdate which we run at logon, we saw our
Firewall Service was started. Now we are able to Turn Off the firewall via
the Network Center, but leave the service running.

With this in place, we can ping and browse admin shares from any pc to our
vista clients.

"Franklin" wrote:

Thanks for the response Stuart.

The firewall service is not running and Network Discovery, File Sharing, and
Printer Sharing are all set to On, but still have the same problem.

It is a very frustrating issue and I have seen other people run into it, but
no one has posted a resolution.

Thanks,
Franklin

"Stuart [MVP]" wrote:

The new firewall in Vista disablew ICMP (ping) by default. I believe you
either have to use the firewall MMC (Admin tools) or a netsh command to
enable that as it's not exposed by the user-level firewall UI. Even if you
turn off the firewall I'd suspect you have to enable network discovery, file
and folder sharing in the Network and Sharing Center.

Stuart.
---------

"Franklin" wrote:

We have two clients running Windows Vista RTM. Both are joined to Windows
2003 domain. Both clients can ping XP and 2003 server stations as well as
browse their shares. However, a ping or share browsing from any server or XP
station to either of the Vista clients does not work. The ping will resolve
the name of the Vista client, but will timeout on the response. Firewall is
disabled on both clients by Group Policy. The users that are logged into the
Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
greatly appreciated.

Good to see you got your network working with Vista. A couple of questions
for my enlightenment:

1. Group policies are always refreshed during the Windows startup process,
so I'm puzzled by "a gpupdate which we run at logon". Is there a particular
problem that doing this in a startup script as well solves?

2. Vista (and XP SP2, Windows 2003 SP1) networking all works with the
Windows Firewall enabled - I do this on all my computers at home and also at
work If you take "special" action, you can also have the benefit of having
the Windows Firewall enabled on Windows 2003 SP1 Domain Controllers (see KB
article 555381), so I'm wondering why you want to disable it.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"Franklin" wrote in message
...
RESOLUTION:
The sssue was caused by the Windows Firewall service not running (ie -
Stopped). When we manually attempted to start the service, we received
error
1297.

We were able to narrow it down to one setting in Group Policy: User Rights
Assignment - Adjust memory quotas for a process.

The security setting for this option is usually set to Local Service,
Network Service, Administrators. In our case, our domain policy edits this
setting to only include Administrattors.

By changing the policy so that this setting is not configured, it is
automatically set back to the default.

After a reboot of the pc and a gpupdate which we run at logon, we saw our
Firewall Service was started. Now we are able to Turn Off the firewall
via
the Network Center, but leave the service running.

With this in place, we can ping and browse admin shares from any pc to our
vista clients.

"Franklin" wrote:

Thanks for the response Stuart.

The firewall service is not running and Network Discovery, File Sharing,
and
Printer Sharing are all set to On, but still have the same problem.

It is a very frustrating issue and I have seen other people run into it,
but
no one has posted a resolution.

Thanks,
Franklin

"Stuart [MVP]" wrote:

The new firewall in Vista disablew ICMP (ping) by default. I believe
you
either have to use the firewall MMC (Admin tools) or a netsh command to
enable that as it's not exposed by the user-level firewall UI. Even if
you
turn off the firewall I'd suspect you have to enable network discovery,
file
and folder sharing in the Network and Sharing Center.

Stuart.
---------

"Franklin" wrote:

We have two clients running Windows Vista RTM. Both are joined to
Windows
2003 domain. Both clients can ping XP and 2003 server stations as
well as
browse their shares. However, a ping or share browsing from any
server or XP
station to either of the Vista clients does not work. The ping will
resolve
the name of the Vista client, but will timeout on the response.
Firewall is
disabled on both clients by Group Policy. The users that are logged
into the
Vista clients are Domain Admins, Enterprise Admins, etc. Any help
would be
greatly appreciated.

Franklin,

I am getting the error 1297 when trying to start the firewall service. I
found the group policy object you mentioned, but have no option to change it
to not configured.

Where do you make the change?

Or


"Franklin" wrote:

RESOLUTION:
The sssue was caused by the Windows Firewall service not running (ie -
Stopped). When we manually attempted to start the service, we received error
1297.

We were able to narrow it down to one setting in Group Policy: User Rights
Assignment - Adjust memory quotas for a process.

The security setting for this option is usually set to Local Service,
Network Service, Administrators. In our case, our domain policy edits this
setting to only include Administrattors.

By changing the policy so that this setting is not configured, it is
automatically set back to the default.

After a reboot of the pc and a gpupdate which we run at logon, we saw our
Firewall Service was started. Now we are able to Turn Off the firewall via
the Network Center, but leave the service running.

With this in place, we can ping and browse admin shares from any pc to our
vista clients.

"Franklin" wrote:

Thanks for the response Stuart.

The firewall service is not running and Network Discovery, File Sharing, and
Printer Sharing are all set to On, but still have the same problem.

It is a very frustrating issue and I have seen other people run into it, but
no one has posted a resolution.

Thanks,
Franklin

"Stuart [MVP]" wrote:

The new firewall in Vista disablew ICMP (ping) by default. I believe you
either have to use the firewall MMC (Admin tools) or a netsh command to
enable that as it's not exposed by the user-level firewall UI. Even if you
turn off the firewall I'd suspect you have to enable network discovery, file
and folder sharing in the Network and Sharing Center.

Stuart.
---------

"Franklin" wrote:

We have two clients running Windows Vista RTM. Both are joined to Windows
2003 domain. Both clients can ping XP and 2003 server stations as well as
browse their shares. However, a ping or share browsing from any server or XP
station to either of the Vista clients does not work. The ping will resolve
the name of the Vista client, but will timeout on the response. Firewall is
disabled on both clients by Group Policy. The users that are logged into the
Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
greatly appreciated.

I suspect what was meant is "Not Defined". Most GPO settings have "Not
Configured", "Enabled" or "Disabled" settings, but those in User Rights
Assignment are either "Defined" or "Not Defined".

Double click on "Adjust memory quotas for a process" and remove the check
mark from "Define these policy settings".

If you are looking at the "Local Security Policy" on a Vista workstation (as
opposed to a Group Policy in a Domain via Group Policy Management Console) -
e.g. Start, Administrative Tools, right click Local Security Policy, select
Run as Administrator - the only choice you have is to modify the group
list - there is no check box as there is with GPMC in a Domain.

The default groups with this "right" a
Administrators
LOCAL SERVICE
NETWORK SERVICE

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"orph351" wrote in message
...
Franklin,

I am getting the error 1297 when trying to start the firewall service. I
found the group policy object you mentioned, but have no option to change
it
to not configured.

Where do you make the change?

Or


"Franklin" wrote:

RESOLUTION:
The sssue was caused by the Windows Firewall service not running (ie -
Stopped). When we manually attempted to start the service, we received
error
1297.

We were able to narrow it down to one setting in Group Policy: User
Rights
Assignment - Adjust memory quotas for a process.

The security setting for this option is usually set to Local Service,
Network Service, Administrators. In our case, our domain policy edits
this
setting to only include Administrattors.

By changing the policy so that this setting is not configured, it is
automatically set back to the default.

After a reboot of the pc and a gpupdate which we run at logon, we saw our
Firewall Service was started. Now we are able to Turn Off the firewall
via
the Network Center, but leave the service running.

With this in place, we can ping and browse admin shares from any pc to
our
vista clients.

"Franklin" wrote:

Thanks for the response Stuart.

The firewall service is not running and Network Discovery, File
Sharing, and
Printer Sharing are all set to On, but still have the same problem.

It is a very frustrating issue and I have seen other people run into
it, but
no one has posted a resolution.

Thanks,
Franklin

"Stuart [MVP]" wrote:

The new firewall in Vista disablew ICMP (ping) by default. I believe
you
either have to use the firewall MMC (Admin tools) or a netsh command
to
enable that as it's not exposed by the user-level firewall UI. Even
if you
turn off the firewall I'd suspect you have to enable network
discovery, file
and folder sharing in the Network and Sharing Center.

Stuart.
---------

"Franklin" wrote:

We have two clients running Windows Vista RTM. Both are joined to
Windows
2003 domain. Both clients can ping XP and 2003 server stations as
well as
browse their shares. However, a ping or share browsing from any
server or XP
station to either of the Vista clients does not work. The ping will
resolve
the name of the Vista client, but will timeout on the response.
Firewall is
disabled on both clients by Group Policy. The users that are
logged into the
Vista clients are Domain Admins, Enterprise Admins, etc. Any help
would be
greatly appreciated.