[RESOLVED] System Error 1231 when mapping drive

[Tripredacus]

OK so today I got to do the first real test of our Server 2008 WDS. As I reported before, I wasn't the guy who was handling it, so I figured it would be all ready to go. Except it wasn't. So I set it all up pretty quick, but I am encountering a problem.

I created a new user and assigned it to the administrators group. This user has a password that is acceptable by the complexity rules. I created a folder, and shared it on the network. By default, administrators get full control.

So I boot a PC to the network, everything all loads up fine. This PC is booting into the WinPE, with some additions including GImageX HTA. Basically, its the same WinPE.wim that my 2003 server uses, so I know it functions properly. I mounted the PE and changed the startnet.cmd to map to the new server name and using the new creds.

However, when the PE loads, it can't map the network drive, and returns System Error 1231, basically that the network resource is unavailable or not found. Now, if I open the CMD and manually type in the command, it maps without a problem. I have compared what I typed and what is in the startnet.cmd and it is exactly the same. For some reason there seems to be a delay after networking is enabled and the ability to use it.

I KNOW that this is a problem with our Server 2008 and not the PE for reasons I have already stated. We have also tried disabling the firewall but to no avail. The NICs in the server are teamed if that helps at all. All configuration besides WDS are at their defaults. The other cfg we changed was making WDS use 1GB instead of 100 for its LAN profile.

OH, I wanted to also post that I am currently using a workaround to resolve the issue, but I would prefer not having to do that. The following is an AutoIT script I wrote that we run from x:\windows\system32.

; Program to workaround GImageX getting System Error 1231
RunWait( @ComSpec & " /c net use z: \\wdsserver\images Password1 /user:remote" )
Sleep( 1000 )
ProcessClose( "mshta.exe" )
Run( "mshta x:\windows\system32\ImageX.hta" )

Edited July 10, 2008 by Tripredacus

[Mr Snrub]

Got a network trace from the startnet.cmd failing to map the drive, followed by a successful manual mapping from the same client?

That would be the best place to start to see what requests & responses are seen - see what's different...

[Tripredacus]

How shall I go about getting a network trace from just the startnet.cmd? I cannot use the instructions as provided to me in this posting:

http://www.msfn.org/board/index.php?s=&amp...st&p=776402

LMK.

[Mr Snrub]

2 options, both requiring a second machine:

1. Use a SPAN or MIRROR port on the switch to duplicate the ingress & egress traffic from the port to which the client is connected, and use NMCAP or WireShark on a machine connected to the SPAN/MIRROR port.

2. Use a hub between the client machine and the switch, and connect the sniffing machine to the same hub to take the trace.

[Tripredacus]

OK I did two tests.

Environment 1: no error

192.168.0.5 = UNCLESOCKS (DC, WDS, DNS, PXE) Server 2003 Standard

192.168.0.6 = GHOSTSERVER (DHCP) Server 2003 Standard

192.168.0.10 = SIXSHOT (packet sniffer) Windows XP Pro SP2

192.168.0.11 = MININTxxxxx (booted into the PE via PXE) WinPE 2.0

Domain name = SHARK.attacksyou

Environment 2: error 1231

172.0.1.87 = MININTxxxxx (booted into the PE via PXE) WinPE 2.0

172.0.1.2 = WDSSERVER Team 0 (DC, WDS, DNS, DHCP, PXE) Server 2008 Enterprise

172.0.1.3 = same as above but Team 1

Domain name = WDS.local

We use the same winpe.wim to boot into on both servers. The 2008 gets an error, and the 2003 does not. The 2008 WDS settings are the same as the 2003 for WDS. The 2008 has two teamed NICs, while Team 1 does show up in a broadcast, it isn't actually connected to the network.

There are no other computers connected to these two environments, with exception for SIXSHOT was in environment 2, but didn't show up in the trace like it did in environment 1. Also, both servers have a default gateway assigned that does not exist. So there are a lot of "where is x.x.x.1" messages in there because of this.

[Mr Snrub]

Here are the differences in the DHCP Offers:

2k3_wds_intel.pcap

1	16:44:52.598522   0.0.0.0	   255.255.255.255   DHCP   DHCP Discover - Transaction ID 0xc13982f8
2	16:44:52.599279   192.168.0.6   255.255.255.255   DHCP   DHCP Offer	- Transaction ID 0xc13982f8
3	16:44:54.587257   0.0.0.0	   255.255.255.255   DHCP   DHCP Request  - Transaction ID 0xc13982f8
4	16:44:54.588081   192.168.0.6   255.255.255.255   DHCP   DHCP ACK	  - Transaction ID 0xc13982f8

This offer contains:
Next server IP address: 192.168.0.5
Boot file name: \boot\x86\wdsnbp.com
Options:
53 = DHCP Offer
1  = Subnet Mask = 255.255.255.0
58 = Renewal Time Value = 1 hour, 30 minutes
59 = Rebinding Time Value = 2 hours, 37 minutes, 30 seconds
51 = IP Address Lease Time = 3 hours
54 = Server Identifier = 192.168.0.6
6  = Domain Name Server = 192.168.0.5
15 = Domain Name = shark
66 = TFTP Server Name = unclesocks
67 = Bootfile name = \boot\x86\wdsnbp.com

...
11   16:46:08.003550   0.0.0.0	   255.255.255.255   DHCP   DHCP Discover - Transaction ID 0xffc62717
12   16:46:08.004350   192.168.0.6   255.255.255.255   DHCP   DHCP Offer	- Transaction ID 0xffc62717
13   16:46:08.004705   0.0.0.0	   255.255.255.255   DHCP   DHCP Request  - Transaction ID 0xffc62717
14   16:46:08.005822   192.168.0.6   255.255.255.255   DHCP   DHCP ACK	  - Transaction ID 0xffc62717

This offer contains:
Next server IP address: 192.168.0.5
Boot file name: \boot\x86\wdsnbp.com
Options:
53 = DHCP Offer
1  = Subnet Mask = 255.255.255.0
58 = Renewal Time Value = 1 hour, 30 minutes
59 = Rebinding Time Value = 2 hours, 37 minutes, 30 seconds
51 = IP Address Lease Time = 3 hours
54 = Server Identifier = 192.168.0.6
15 = Domain Name = shark
6  = Domain Name Server = 192.168.0.5

...
50   16:47:20.497913   0.0.0.0	   255.255.255.255   DHCP   DHCP Discover - Transaction ID 0x316c80a2
51   16:47:20.498615   192.168.0.6   255.255.255.255   DHCP   DHCP Offer	- Transaction ID 0x316c80a2
52   16:47:20.498928   0.0.0.0	   255.255.255.255   DHCP   DHCP Request  - Transaction ID 0x316c80a2
53   16:47:20.499743   192.168.0.6   255.255.255.255   DHCP   DHCP ACK	  - Transaction ID 0x316c80a2

This offer contains:
Next server IP address: 192.168.0.5
Boot file name: \boot\x86\wdsnbp.com
Options:
53 = DHCP Offer
1  = Subnet Mask = 255.255.255.0
58 = Renewal Time Value = 1 hour, 30 minutes
59 = Rebinding Time Value = 2 hours, 37 minutes, 30 seconds
51 = IP Address Lease Time = 3 hours
54 = Server Identifier = 192.168.0.6
15 = Domain Name = shark
6  = Domain Name Server = 192.168.0.5

2k8_wds_intel.pcap

81	15:43:24.002765   0.0.0.0	 255.255.255.255   DHCP   DHCP Discover - Transaction ID 0x36452cae
82	15:43:24.003093   172.0.1.2   255.255.255.255   DHCP   DHCP Offer	- Transaction ID 0x36452cae
83	15:43:24.003336   0.0.0.0	 255.255.255.255   DHCP   DHCP Request  - Transaction ID 0x36452cae
84	15:43:24.003662   172.0.1.2   255.255.255.255   DHCP   DHCP ACK	  - Transaction ID 0x36452cae

This offer contains:
Next server IP address: 172.0.1.2
Options:
53 = DHCP Offer
1  = Subnet Mask = 255.255.0.0
58 = Renewal Time Value = 3 days
59 = Rebinding Time Value = 5 days, 6 hours
51 = IP Address Lease Time = 6 days
54 = Server Identifier = 172.0.1.2
15 = Domain Name = WDS.Local
3  = Router = 172.0.1.2
6  = Domain Name Server = 127.0.0.1, 172.0.1.2
44 = NetBIOS over TCP/IP Name Server = 127.0.0.1, 172.0.1.2

...
265   15:44:45.725266   0.0.0.0	 255.255.255.255   DHCP   DHCP Discover - Transaction ID 0x88d31781
266   15:44:45.725621   172.0.1.2   255.255.255.255   DHCP   DHCP Offer	- Transaction ID 0x88d31781
267   15:44:45.725818   0.0.0.0	 255.255.255.255   DHCP   DHCP Request  - Transaction ID 0x88d31781
268   15:44:45.726117   172.0.1.2   255.255.255.255   DHCP   DHCP ACK	  - Transaction ID 0x88d31781

This offer contains:
Next server IP address: 172.0.1.2
Options:
53 = DHCP Offer
1  = Subnet Mask = 255.255.0.0
58 = Renewal Time Value = 3 days
59 = Rebinding Time Value = 5 days, 6 hours
51 = IP Address Lease Time = 6 days
54 = Server Identifier = 172.0.1.2
15 = Domain Name = WDS.Local
3  = Router = 172.0.1.2
6  = Domain Name Server = 127.0.0.1, 172.0.1.2
44 = NetBIOS over TCP/IP Name Server = 127.0.0.1, 172.0.1.2

The W2K8 server is offering localhost as primary DNS and WINS server addresses, and no boot filename at all.

The W2K3 server is not offering any WINS settings, only a valid DNS server, and a boot file name pointing to "\boot\x86\wdsnbp.com" on 192.168.0.5.

Weird thing is, filtering on the client IP address, all I see are NetBIOS broadcasts for name registrations for the workstation name and workgroup - no SMB activity whatsoever.

PXE client doesn't seem to like the response coming from the W2K8 configuration - half the information is missing or bad.

Unfortunately I know zip about WDS/RIS so I can't point you in the right direction for addressing this - but that is where I would focus my attention:

1. Fix DNS server (remove 127.0.0.1)

2. Fix WINS server (remove)

3. Fix router (remove)

4. Fix boot filename (add)

[Tripredacus]

I got it working, but first a couple explanations about the differences in the traces. First, the W2K3 server uses a stand-alone DHCP server, which is why you see the PXE Server IP and bootfile name being broadcast in that example. With the 2008, it is running DHCP and PXE on the same box. I set up the 2003 that way because I couldn't get DHCP and PXE working on the same box... which is covered in some old thread on this forum.

Alright the things I changed that did not resolve the issue:

- remove localhost (127.0.0.1) from DNS and WINS/NBNS in the DHCP server options.

- change the domain name from WDS.local to WDS

What did work:

- remove the WINS/NBNS server option altogether

I was not sure why router was showing up because the Router and Remote Access Service is disabled, and there was no DHCP Server Option for anything relating to that. Atm it still just has PXEClient, DNS Hostname and DNS Server options.

I didn't have to add the boot filename because I have WDS automatically load the same bootfile for x86 and x64 environments, even tho PXE always reports the architecture based on the hardware environment, and not which software we wish to install (how could it lol).

Also, our WDS/2008 setup documentation from our Microsoft Rep had the instructions to add WINS into the config. I didn't set up the base settings for DHCP, only WDS. The other guy I work with put that in there so I didn't know it was there until you pointed it out.

Also, can you explain "SMB Activity"? We tried looking it up but couldn't find a good explanation... and found WAY to many uses of SMB = Small/Medium Business.

[CoffeeFiend]

Also, can you explain "SMB Activity"? We tried looking it up but couldn't find a good explanation... and found WAY to many uses of SMB = Small/Medium Business.

Server Message Block

[Mr Snrub]

Sorry, TMI with the TLA, it gets OTT

SMB is the protocol used for file sharing, typically TCP port 445 traffic.

When you said it was NET USE lines that needed a delay inserted to make work, I assumed I would find the SMB session setup packets and protocol negotiations.

Glad you got it sorted though

[CoffeeFiend]

Sorry, TMI with the TLA, it gets OTT

IDK, IDT one TLA is OTT Finally someone who speaks my language!

But yeah, if he's willing to post more wireshark caps of his network issues (like those problems with network shares so we can see what really happens), I'd have a look too (this time, I'll have to beat Mr Snrub to it!)

Edited July 10, 2008 by crahak