locked
Onceare Firewall Flaw - It blocks browsing of Network Neighborhood RRS feed

  • Question

  • All,

     

    my Onceare  is incorrectly blocking browsing of my network neighborhood. This seems to be a problem even if I turn off the Firewall however I have to assume that it is somehow related to the presence of a firewall in Onecare.

     

    Any ideas here would be helpful. My next step is to (reluctanlty) fire up Ethereal to see what is going on with the SMB protocol but I would rather not have to waste my time doing that.

     

    This was not a problem with the Symantec Norton Internet Security firewall.

     

     

    Friday, August 29, 2008 1:57 AM

Answers

  • If you are turning off the OneCare firewall and cannot browse your LAN, it is not the OneCare firewall causing your problem.

     

    If you previously had Symantec on the system, it may not have been completely removed, causing your issue.

    The Norton Removal Tool - ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe - may help.

     

    If the OneCare firewall is on and you cannot browse the network, it may be due to your network being identified as being public or because sharing is being blocked. You can try the following:

    Open OneCare on each of the computers.

    Click Change Settings

    On the firewall tab, click configure firewall

    If the network is shown as Public, click Change Location to change it to "Home or Work."

    Click the Advanced Settings button

    Click Network connections tab.

    If there are multiple active connections shown, you may need to disable the extras in your Windows network connections settings. (Network and Sharing Center, manage connections, in Vista; Right click My Network Places and select Properties on the Start menu in XP)

    On the Ports and Protocols tab, add a check mark next to File and Printer Sharing - for subnet and Internet if the first setting alone (after all of the above are verified) does not allow Sharing to work.

    If all of the above fail, please contact support.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    -steve

     

    Friday, August 29, 2008 12:36 PM
    Moderator

All replies

  • If you are turning off the OneCare firewall and cannot browse your LAN, it is not the OneCare firewall causing your problem.

     

    If you previously had Symantec on the system, it may not have been completely removed, causing your issue.

    The Norton Removal Tool - ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe - may help.

     

    If the OneCare firewall is on and you cannot browse the network, it may be due to your network being identified as being public or because sharing is being blocked. You can try the following:

    Open OneCare on each of the computers.

    Click Change Settings

    On the firewall tab, click configure firewall

    If the network is shown as Public, click Change Location to change it to "Home or Work."

    Click the Advanced Settings button

    Click Network connections tab.

    If there are multiple active connections shown, you may need to disable the extras in your Windows network connections settings. (Network and Sharing Center, manage connections, in Vista; Right click My Network Places and select Properties on the Start menu in XP)

    On the Ports and Protocols tab, add a check mark next to File and Printer Sharing - for subnet and Internet if the first setting alone (after all of the above are verified) does not allow Sharing to work.

    If all of the above fail, please contact support.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    -steve

     

    Friday, August 29, 2008 12:36 PM
    Moderator
  • Steve,

    thanks for your suggestions. This is a long post but the good news is that I appear to have solved (or at least mitigated) the problem.

    Here is a synopsis


    I tried the suggestions in your message post but the SMB/CIFS file sharing remained broken somehow as a result of the installation of Onecare.

    After logging several hours on this problem  I did fire up Ethereal to see what is going on at the SMB/CIFS protocol level.

    It looks like the Browser master election process is not working when the Windows XP SP3 system with Onecare is on the LAN.

    Reviewing the Ethereal trace confirms that each of the 5 "hosts" (including a Windows Home Server system which, as you know, looks in some respects like a Windows Server 2003 system) confims its existence by means of a Host Announcement Netbios UDP datagram on port 138.  I can also see Browser Election Requests. However, it does not appear that the election process succeeds even when I attempt to force it using the Browstat command

    I next stopped and restarted both the Oncare related and the Windows Fiewall/ICS services to no avail. As an aside I should note that even though the Windows Firewall is "disabled" by Onecare, the Windows Firewall/ISC service is still set to start automatically. When I finished this test Ieft iton.

    I next disabled/unchecked the :items/"services ("file and print sharing for Microsoft Neworks" and "client for microsoft networks") in the network properties window of the three transports/interfaces other than the one for my LAN and that did not solve the browsingproblem.

    Finally I decided to consider the possibility that, somehow, Windows Home Server, was  implicated in this  browser master election problem so I shut it down and forced a browser election on the Windows XP SP3 system (with the firewall turned on) using the browstat command.

    That worked!

    Post Mortem

    After getting the browser service working again I started up the Windows Home Server System and checked to see that I was still able to browse the netowrk. Then I again forced a browser election from the Windows XP SP3 system and the election succceded with the Windows Home Server getting elected as the browser master. I again tested the browsing on the Windows XP SP3 system andI was able to browse the network.

    One clue to the cause of this problem may relate to a  registry key setting.

    Before turning off the Windows Home Server System I did do a comparison of the

         HKLM/System/CurrentControlSet/Services/Browser

    and

         HKLM/System/CurrentControlSet/Services/NetBIOS

    registry keys on the Windows XP SP3 system an on the Wndows Home Server systems and I discovered that on the Windows XP SP3 system the registry key value

         
    HKLM/System/CurrentControlSet/Services/NetBIOS/Paramaters/MaxLana

    had data contents of "2" whereas the same key on the WHS system had data contents of "4".

    The name of the registry key value "MaxLana" suggests that this value determines how many times the browser sends out an election request on the LANbefore declaring itself the "victor" for lack of a response.  I will do some more research on this to determine if this is the correct interpretation.

    I should also note that, Interestingly, after I was able to force a successful browser election with the WHS system turned off, the data contents of the MaxLana registry key on the Windows XP SP3 system were changed to "8". This suggests to me that somehow the browser on the Windows XP SP3 system made an adjustment to the data contents of this key value based on how long it took for an election to succeed.

    It should be noted that my Windows XP SP3 system and my WHS system are both on the wired portion of my internal network whereas the other computers are all connected via 802.11G.

    Now I have to ask whether or not (although I doubt it) the Onecare Installation process makes changes to the Netbios Registry Keys.

    Now that I have resolved this issue I feel comfortable enough to next install Onecare on a Windows Vista Ultimate system after de-installing Symantec A/V 10.2. I will make a point to check the data contents of the MaxLana registry key value before and after.
    It so happens that this Windows Vista Ultimate system is on the wireless part of my LAN.



    Best Regards

    John Holmblad



    Saturday, August 30, 2008 9:48 PM
  • Steve,

    as a followup to my prior post I did some more google searching on the MaxLana registry key value and I found an interesting post at the www page whose url is:

         http://manuals.sybase.com/onlinebooks/group-fs/awg0600e/dbrfen6/@Generic__BookTextView/4740;hf=0

    Below is what it says about the MaxLana parameter which, assuming it applies to Windows XP as well suggests that Maxlana has nothing to do with how many browser election requests to make but what is the maximum number of network adapters to allow in the context of NetBios.

    Interestingly, before I disabled the browser related "items" for the other three adapters, the adapter number of my LAN connection was three whereas MaxLAna was set to 2. After I disabled the aforementioned "items" the adapter number of my LAN connection was 1.

    MAXLANA parameter


    Usage

    NetBIOS


    Description

    Each path through a NetBIOS protocol stack is assigned a LAN adapter number. By default, the server looks through all possible numbers up to 255. To speed up server startup, you can truncate the search for valid LAN adapters at a specified value using the MAXLANA parameter.


    Default

    255


    Example

    The following command line looks only at LAN adapters with numbers less than 10 to identify active protocol stacks:

    dbsrv6 -x netbios{MAXLANA=10} asademo


    Best Regards,

    John Holmblad



    Sunday, August 31, 2008 1:28 AM