locked
One Care Prevents client PC obtaining IP RRS feed

  • General discussion

  • I have a basic wired peer-to-peer network with broadband internet, no router or hub. Host PC has Vista Business and client PC XP Home. Network card setting as follows:

     

    Vista PC - Internet card: Obtain IP address automatically; obtain DNS server address automatically. Public network

    Vista PC - Local card: static IP: 192.168.0.1, subnet 255.255.255.0, Gateway: blank. Public network. (connection named "Unidentified network")

    XP PC - Obtain IP address automatically; obtain DNS server address automatically

     

    Without One Care this set-up runs perfectly with full file sharing and Internet Connection Sharing.

     

    One Care stopped all this. Experiments show that installing One Care on the XP machine and unchecking the box "automatically suspend all home or work locations when you are connected to any network in a public place" continues to allow full sharing and internet, though One Care shows yellow rather than green (but I can put up with that!)

     

    Installing One Care on the host Vista PC shuts down all contact between the XP and Vista PC's. The XP PC cannot obtain an IP address regardless of the Vista One Care firewall settings, including when it is switched off or the box mentioned above is unchecked (has to be as the network continually reverts to public every time I change it to private).

     

    Not being an expert I'm not sure of the reason for the XP PC being unable to get an IP. Is it because of the One Care firewall on the Vista PC, or is it something else in One Care? For example is there a programme I can add to the list in Change settings - firewall - advanced - programmes that would allow the IP to be allocated? Is there any other setting I can change? I've had a good look but I don't see anything obvious.

     

    Curiously when I ran system restore on the Vista PC to get rid on One Care  the XP PC suddenly found an IP even before system restore had completed! There is clearly something in One Care causing the problem, but I don't know what.

     

    All help welcome. I've tried One Care support but the guy kept answering "I should know that answer but I'm afraid I don't" to virtually every question!

     

    Thank you in advance.

     

    David

    Sunday, January 6, 2008 12:01 PM

All replies

  • I'm going to leave this marked as not answered and hope that I can get the Firewall Program manager to pop in and comment. I believe that the problem is that your Vista PC has two network cards that OneCare marks your network as Public and prevents Internet Connection Sharing from functioning for your XP machine.

    Assuming that there is a way to set the network as Private - Home or Work - on the Vista machine for both adapters, and then making sure that the advanced configuration to allow ICS is checked, the Vista machine should be able to continue doing its job as your Gateway. On the XP machine, it should be fine as long as you mark its network as Private - Home or Work - in OneCare, change settings, Firewall tab, configure network.

    -steve

     

    Tuesday, January 8, 2008 12:54 AM
    Moderator
  • Can you please clarify which version of OneCare do you have? You can find the version number from the "Help>About Windows Live OneCare".

     

    Assuming the 2.0 version, please do the following

    • On Vista machine:
      • Click on "Change Setting">Configure Firewall
      • You will see a rule called "Internet Connection Sharing". Please turn that ON.
      • Please note that at this point your Vista machine's Internet Connection Sharing will be available to anyone on the internet.  At this point OneCare does NOT have the capability to have different policies on different network cards.

     With this change alone, XP machine should be able to get IP Address and you should be able to surf the internet.

    • On XP Machine
      • Click on Change Setting>Configure Firewall
      • Click on Change Location to make sure your location is set to home/work.

               If you do this, Vista machine can also access file shares created on XP machine.

     

    If you want XP machine to access file shares on the Vista machine, you have the following option. Note that it will make your file shares accessible to anyone on the internet unless you have password protected sharing ON. This is inherently risky. If you can move file shares off the Vista machine (since it is connected to internet) to XP machine, that will be better. If you absolutely need file shares to stay on Vista machine, you can do the following steps  to reduce risk as much as possible while still getting the functionality

    • Open Control Panel
    • Turn Network and Sharing Center
    • Turn Password Protected Sharing on. You will need to provide user name/password that works on Vista computer to access file shares.
    • From OneCare, click on Change Setting>Firewall>Click on configure firewall
    • Turn off any rule that you DO NOT need.
    • Click on Change Location. Make sure all networks selected are marked as home/work

    You should be able to access file shares on Vista machine from XP as well after providing a password.

     

    Thanks

    Neeraj

    Tuesday, January 8, 2008 1:20 AM
  • Hi Neeraj,

     

    Many thanks for your reply. The answers to your questions:

     

    Yes, I have version 2.0.

     

    Internet Connection sharing was turned on as you described. The XP PC was still unable to obtain an IP.

     

    The network on the XP machine was origially set as public. However now as soon as I install One Care on the Vista machine it loses connectivity and only regains it if I remove One Care from the Vista machine.

     

    Notwithstanding that, password protected sharing is turned on.

     

    I have tried many settings and configurations on the Vista machine, but as long as One Care is installed, it blocks access to/from the XP machine.

     

    The network card on the Vista machine that connects to the XP machine continually defaults to public network (called unidentified network). 

     

    Is there something on One Care that is preventing the Vista machine giving an IP to the  XP machine (or is that not how it works?).

     

    Regards

     

    David

    Tuesday, January 8, 2008 3:13 PM
  • I trust that Neeraj will return to read your response, but I'll answer your last question. Yes, I believe that the root cause is the fact that the second network card is defaulting to unindentified network and is classified as Public. Even enabling the ICS setting under advanced will not get around the restrictions that will be thrown into place when the network is shown as Public, as far as I know.

    I don't have two active NICs on a Vista machine, so I can't replicate what you're seeing, but do you see both networks when you open OneCare, click on Change Settings, Firewall Tab, Configure Network? Can you click Change Network to make the internal NIC be Home or Work on the Vista machine?

    -steve

    Tuesday, January 8, 2008 6:00 PM
    Moderator
  • Hi Steve,

     

    Firstly to answer your question, yes I can change it to private (Home or Work), but on restart or simply after a period of time, it resets to public.

     

    I checked this situation on other forums and it seems it names itself unidentified network because it considers the settings to be incomplete, as far as I can see because the gateway field is blank. This results in the defaulting to public network.

     

    Right now I tried changing it to dynamic ip and private network (please note I have uninstalled One Care from the Vista PC pending a solution as I need full file sharing and ICS to be available) and immediately the XP PC lost all connectivity - no internet access and no file sharing in either direction. As soon as I returned the card to static ip (192.168.0.1, subnet 255.255.255.0 and gateway blank) all connectivity returned. So it appears this is the correct and only setting, but it means One Care, when installed, must have the option to block file sharing etc on public networks disabled, meaning it shows yellow instead of green. But I can live with that!

     

    In terms of One Care, I maintain the same network card config but as soon as it is installed connectivity ceases and even as I do Systen Restore to take it off, connectivity returns.

     

    Thanks for your help.

     

    David

     

     

    Tuesday, January 8, 2008 6:24 PM
  • Thanks for the additional information and you're very welcome. I'm not the firewall guru and have limited experience with ICS, so I'll defer to Neeraj for your next steps. I'm sure that the defaulting to Public is a big part of the problem.

    To the best of my knowledge, allowing File and Printer Sharing or disallowing it will not alter the OneCare status.

     

    -steve

    Tuesday, January 8, 2008 6:31 PM
    Moderator
  • Neeraj,

     

    This problem still persists. I was wondering if you can suggest anything else.

     

    Thanks

     

    David

    Monday, January 14, 2008 11:49 PM
  • I've sent Neeraj an email asking him to review this thread, David.

    -steve

     

    Tuesday, January 15, 2008 2:26 AM
    Moderator
  • Hi David

     

    To debug this, let's try breaking the problem into pieces.

    To start with, let's try to get basic connectivity working and not worry about file sharing.

     

    Here is my current understanding

    1. Vista without OneCare and XP with OneCare works for basic connectivity for you.

    2. Once you install OneCare on Vista, XP loses all connectivity.

     

    Questions:

    • Is my understanding correct?
    • You mentioned that you are able to classify your local card on Vista as "private" though only transiently. Please try the following. Mark that card as "private". Then try "ipconfig renew" on the command line from the XP machine, or just reboot the XP machine. Please let us know whether  connectivity returns. If so, we might have a problem and we might be blocking some port for ICS when machine thinks it is in public place.

    Thanks for your patience.

    Neeraj

    Tuesday, January 15, 2008 2:46 AM
  • Hi Neeraj,

     

    Many thanks for your reply. As well as your suggestion, I've done some pretty extensive testing and experimenting over the last few days, with some suggestions from a friend who works for Microsoft. The results are:

     

    ICS: we have solved this. By setting the XP network card to "static IP" and with the dns server addrssses my friend provided, the XP machine has full access to Internet. This part of the problem is solved.

     

    File sharing seems dependent on the 2nd network card (the "local" one ie that connects to the XP machine) being private (home or office on OC). I have to change this each time I start the PC, but I can live with that. This seems to happen because Windows considers its settings incomplete; it has a fixed IP but the gateway field is blank. I've read on other forums that this is a known situation. As I said, however, I can live with this.

     

    The Vista machine has full access to shared files on the XP machine. I consider this problem also solved.

     

    However, sharing in the opposite direction is slightly more difficult:

     

    The XP machine can print on Vista's printers.

    The XP machine can VIEW shared folders and files and navigate through shared folders on the Vista machine.

    The XP machine can copy/paste files from XP to Vista.

    The XP machine can save files on the Vista machine.

    However, the XP machine cannot ever OPEN shared files on the Vista machine. If I click on the file icon in the networks folder, it pretty much stops. If I try to open (on the XP machine), for example, an Excel file (stored in a shared folder on the Vista machine) by double clicking the desktop icon for that file, Excel opens, but after a minute or so I get a message saying it cannot open the file.

     

    So it appears One Care is preventing the XP machine opening files on the Vista machine but it will allow it to write files!

     

    Any or all suggestions are very welcome!

     

    Regards

     

    David

     

    Friday, January 18, 2008 4:44 PM
  •  

    Hi Neeraj,

     

    I was just wondering if you've had a chance to look at this situation in light of the information I gave. Is there anything I can do to solve this?

     

    Regards

     

    David

    Wednesday, January 23, 2008 10:21 PM
  • David, I'll ping Neeraj for you.

    -steve

     

    Thursday, January 24, 2008 12:58 PM
    Moderator
  • Hello David,

     

    My name is Scott and I'm a Program Manager on the OneCare team (now in charge of Firewall).  I'm happy to hear that you were able to work around the majority of your issues! 

     

    In terms of the file sharing issue, unfortunately, I think it falls out of the scope of the OneCare firewall.  If you can browse the network shares, the firewall is allowing the proper traffic needed to read/edit network documents.  I'm guessing (but am definitely not an expert in this area) that you're running into a permissions issue between the XP/Vista machines.

     

    Out of curiosity, is it only Microsoft Office files or any document type?  I know in the past, that certain network drive structures have caused issues with opening Microsoft Office files (i.e. http://support.microsoft.com/kb/199650)

     

    Thanks,

    Scott

    Friday, February 8, 2008 1:51 AM
  • Hi Scott,

     

    Many thanks for your reply. It seems to be all files that are affected. The reason I put it down to One Care is because it only happens when One Care is installed. If I uninstall it, everything works perfectly.

     

    If you have any ideas, please let me know. Otherwise I'm looking at the obvious fix - move the shared files onto the XP machine! Not perfect, but it'll work.

     

    Thanks again.

     

    David

    Friday, February 8, 2008 9:38 AM
  • Hello David,

     

    That is very odd that the files will open after OneCare is uninstalled.  Would you mind trying two additional steps to see if we can narrow down the problem:

    • Turn off the firewall
      • Change Settings->Firewall Tab->Set Firewall protection to "Off"
    • Turn off the Anti-malware protection
      • Change Settings->Viruses and Spyware->Set Virus and spyware monitoring to "Off"

    After each step above, try to open the file.  If the problem still appears, we have an even deeper mystery Smile

     

    Thanks,

    Scott

     

    Friday, February 8, 2008 6:48 PM
  • Scott,

     

    Thanks again for your help. I'm afraid we have a deep mystery!

     

    I did what you asked, but file opening was still unavailable. It is either a problem between One Care and Vista (because full file sharing is available in the other direction) or some peculiarity in the way my PC is set up.

     

    As a short term fix I've moved all the shared files to the XP PC, but clearly in the future there may be situations where I must share files on the Vista machine so it would be nice if we could get to the bottom of it. Is anyone else reporting similar problems?

     

    A point which may be relevant:  Installing One Care creates a new network location, David-oc, but it only does this on the Vista machine, not the XP. I navigate in David-oc exactly as I can in David. Why is this, and could it be affecting permissions? I have tried opening the same file using both routes (\\David\etc and \\David-oc\etc but with the same result - I can see them but not open them.

     

    I look forward to hearing from you.

     

    Regards

     

    David

    Sunday, February 10, 2008 11:44 PM
  • The David-OC entry on the Vista machine is there for some trickery OneCare uses to provide the Printer Sharing feature.

    -steve

     

    Monday, February 11, 2008 1:56 AM
    Moderator
  • OK, thanks. Does it matter if the XP machine prints to the Vista printers via \\David\Printer or via \\David-oc\Printer?

     

    David

    Monday, February 11, 2008 8:40 AM
  • If you are sharing the printer via Windows, no it doesn't matter since they both point to the same printer. The "OC" entry is there because you can share the printer with other PCs in your Circle and OneCare alerts each PC in the Circle that there is a printer available and offers to set it up for you.

    -steve

     

    Monday, February 11, 2008 1:13 PM
    Moderator