Posts: 3,479
Threads: 157
Joined: Jun 2005
Thanks for the detailed information. Just how I like it :-) I'll make those changes tonight and see if that helps.
So in your opinion you would not run firewalls on the clients? I hadn't looked into it, but I guess the arguement is that the firewall on the server and router (interface with internet) is going to be enough.
Brian - a long time user that rarely messes with the system now
Other systems used:
SageTV w/ cablecard tuner & multiple extenders for viewing
BlueIris and IP cameras for CCTV
Incredible PBX for home phone
Posts: 40,483
Threads: 491
Joined: Aug 2002
Yeh, that's the answer I was going to give, I just hadn't got around to typing it yet :-)
Dean Roddey
Explorans limites defectum
Posts: 256
Threads: 17
Joined: Sep 2006
Well. Not using firewalls is always a tricky question.
Since its your home network and I assume you trust all the nodes then running with firewall open should be safe enough.
If you want to go the other way the GUI for the policy in the GPO is not to difficult to manage.
You would want to allow
CQC - 13000 to 13020 TCP
Ping - ICMP (all rules really)
Remote Desktop RDP - TCP 3389
Active Directory, etc.
This list can get complex but if you want to go this way I suggest you follow thw steps to open the firewall first. Enable logging and then we can start locking down and checking logs for blocked ports
Personally I use a routerboard 493 with routerOS as the firwall and have special network segments for guests on wired or wireless with captive portals. That ensures I can trust what's on the wire.
-d
Posts: 40,483
Threads: 491
Joined: Aug 2002
I assume that was a typo, and really you meant:
CQC - 13500 to 13520 TCP
And probably best to take up a bit further to allow for some expansion.
Dean Roddey
Explorans limites defectum
Posts: 3,479
Threads: 157
Joined: Jun 2005
OK. I tried working on it some more and still cannot get everything to connect. I think I have solved my DNS issue. I can now ping short and full names (ie closetserver as well as closetserver.mydomain.com). I also upgraded to the beta version 2_4_26c.
Here is a CQCnettest result, but everything looks good to me on it. I ended up removing the DNS server and reinstalling it as "AD-DNS-1" so do be surprised by the new name. There is no longer a "Homeserver" computer. It's been replaced with the AD-DNS-1 name.
Code:
C:\Program Files\CQC\Bin>cqcnettest
CQC Network Info Test
Copyright (c) Charmed Quark Systems
System Information
--------------------------------
OS Version: 6.0.1, Build: 6001
Node Name: HP-Laptop.mydomain.com
TCP Version: 2.2
Network Adaptor Information
--------------------------------
{BBF06D34-60D8-4E79-8E7F-6A9B14E56CB3}
Intel(R) PRO/Wireless 3945ABG Network Connection
DHCP Enabled: True
Gateway/Mask: 192.168.1.1/255.255.255.255
Hardware Addr: 00 13 02 C1 12 C5
Address/Mask #0: 192.168.1.6/255.255.255.0
{E90655B6-F351-4355-B269-2A0D3B2824B5}
Intel(R) PRO/100 VE Network Connection
DHCP Enabled: True
Gateway/Mask: 0.0.0.0/255.255.255.255
Hardware Addr: 00 16 D4 3A 9C C2
Address/Mask #0: 0.0.0.0/0.0.0.0
Environment Information
--------------------------------
CID_NSADDR: ad-dns-1.mydomain.com
CQC_DATADIR: C:\Program Files\CQC\CQCData
Name Resolution
--------------------------------
Trying to resolve name: HP-Laptop.mydomain.com...
Resolved to: 192.168.1.6
Resolving back the other way...
Host Name: HP-Laptop.mydomain.com
CQC Connection Tests
--------------------------------
Trying to connect to CQC name server...
Connected to name server successfully
Trying to connect to log server...
Connected to log server successfully
Trying to connect to Master Cfg Server...
Connected to Master Cfg Server successfully
Trying to connect to local Cfg Server...
Connected to local Cfg Server successfully
Trying to connect to installation server...
Connected installation interface successfully
Trying to connect to security server...
Connected security interface successfully
Trying to connect to macro server...
Connected macro interface successfully
Trying to connect to CQCServer on host AD-DNS-1.mydomain.com
Connected CQCServer successfully
Trying to connect to CQCServer on host closetserver.mydomain.com
Connected CQCServer successfully
Server Statistics
--------------------------------
Stats For Process: Name Server
----------------------------
Object Id: AD-DNS-1.mydomain.com.13502
Running On: AD-DNS-1.mydomain.com
Up Since: Mon, Mar 16 22:21:07 2009 -0400
Client HWM: 17
Dropped Packets: 0
Cur Clients: 14
Max Clients: 92
Active Cmds: 1
Queued Cmds: 0
Registered Objs: 2
Worker Threads: 4
Targets: 0
Cmd Cache Sz: 0
Srv Cache Sz: 0
Wait List: 0
Stats For Process: Log Server
----------------------------
Object Id: AD-DNS-1.mydomain.com.13503
Running On: AD-DNS-1.mydomain.com
Up Since: Mon, Mar 16 22:21:08 2009 -0400
Client HWM: 11
Dropped Packets: 0
Cur Clients: 11
Max Clients: 92
Active Cmds: 1
Queued Cmds: 0
Registered Objs: 2
Worker Threads: 4
Targets: 0
Cmd Cache Sz: 1
Srv Cache Sz: 1
Wait List: 0
Stats For Process: Master Cfg Server
----------------------------
Object Id: .0
The program is not registered in the name server
Stats For Process: Data Server
----------------------------
Object Id: AD-DNS-1.mydomain.com.13505
Running On: AD-DNS-1.mydomain.com
Up Since: Mon, Mar 16 22:21:13 2009 -0400
Client HWM: 4
Dropped Packets: 0
Cur Clients: 1
Max Clients: 92
Active Cmds: 1
Queued Cmds: 0
Registered Objs: 6
Worker Threads: 4
Targets: 1
Cmd Cache Sz: 2
Srv Cache Sz: 1
Wait List: 0
Stats For Process: Local Cfg Server
----------------------------
Object Id: HP-Laptop.mydomain.com.13504
Running On: HP-Laptop.mydomain.com
Up Since: Mon, Mar 16 18:50:02 2009 -0400
Client HWM: 1
Dropped Packets: 0
Cur Clients: 1
Max Clients: 92
Active Cmds: 1
Queued Cmds: 0
Registered Objs: 2
Worker Threads: 4
Targets: 1
Cmd Cache Sz: 2
Srv Cache Sz: 1
Wait List: 0
Stats For Process: CQCServer on AD-DNS-1.mydomain.com
----------------------------
Object Id: AD-DNS-1.mydomain.com.13507
Running On: AD-DNS-1.mydomain.com
Up Since: Mon, Mar 16 22:21:16 2009 -0400
Client HWM: 2
Dropped Packets: 0
Cur Clients: 2
Max Clients: 92
Active Cmds: 1
Queued Cmds: 0
Registered Objs: 2
Worker Threads: 4
Targets: 1
Cmd Cache Sz: 2
Srv Cache Sz: 1
Wait List: 0
Stats For Process: CQCServer on closetserver.mydomain.com
----------------------------
Object Id: closetserver.mydomain.com.13507
Running On: closetserver.mydomain.com
Up Since: Mon, Mar 16 19:36:02 2009 -0400
Client HWM: 1
Dropped Packets: 0
Cur Clients: 1
Max Clients: 92
Active Cmds: 1
Queued Cmds: 0
Registered Objs: 2
Worker Threads: 4
Targets: 1
Cmd Cache Sz: 2
Srv Cache Sz: 1
Wait List: 0
C:\Program Files\CQC\Bin>
This test was run from my laptop, hence the "HP-Laptop" name.
I made the changes to the Group Policies as suggested without any luck.
Any other suggestions?
Brian - a long time user that rarely messes with the system now
Other systems used:
SageTV w/ cablecard tuner & multiple extenders for viewing
BlueIris and IP cameras for CCTV
Incredible PBX for home phone
Posts: 3,479
Threads: 157
Joined: Jun 2005
All right. This is going to be another one of those bone headed things I do.
My biggest problem (at least tonight) in getting everything to work was the fact that my original CQC server was on the closetsever. When I wanted to move the CQC server to the new Windows Server computer, I simply made a copy of the CQC directory, moved it to the new computer and ran the installer again. Everythings fine right? Wrong, in doing so, I ended up with duplicate drivers on both the closetserver and the Windows Server machine. What really threw me was the fact that some of the drivers did appear and work fine (like the weather driver, audio player drivers, etc). But those drivers are not connected to a specific piece of equipment.
So while I do believe I had some other initial issues (like with my DNS server) and I did have to "allow" inbound connections that do not match a rule (even though CQC created rules that I thought would have fixed the firewall issue, but that is another story) to get things to work.
But I think things are working fine now.
Well, except I am having problems getting my HP thin client to actually connect to the domain. But that is clearly a hardware issue and might be related to the XPe OS that it is running.
So to make a long story short - make sure you don't have duplicate drivers out there if you ever move your CQC main server from one machine to another. ;-)
Brian - a long time user that rarely messes with the system now
Other systems used:
SageTV w/ cablecard tuner & multiple extenders for viewing
BlueIris and IP cameras for CCTV
Incredible PBX for home phone
Posts: 40,483
Threads: 491
Joined: Aug 2002
You also need to demote that other server so it's not runnign the master server anymore, which I assume you did, but just in case...
Dean Roddey
Explorans limites defectum
Posts: 3,479
Threads: 157
Joined: Jun 2005
Yeah I had done that because I had to reinstall all the client installations to point to the new server. But it never crossed my mind that I had doubled up on drivers. Also, all the drivers that seemed to experience issues where all the drivers that are physically hooked up to the closetserver computer. Hence the reason I thought the problem revolved around that computer when in fact, the problem was that those drivers where also installed on the new server (and had to be removed).
Also, I got the thin client working last night as well. Since it couldn't find the dns server, I checked to make sure the network adapter was pointing at the dns server address (192.168.1.2) instead of the router's address (192.168.1.1) which use to handle dns. It was infact pointing to the router, not the dns server. I had switched back and forth a couple of times during this process and I evidently did not "commit" the last change to the flash drive. So when I rebooted the device, it switched back to the router since that what was saved on the flash instead of saving the dns address. So another silly mistake on my part. I guess that is the one draw back to the thin clients - you have to make sure you remember to commit any changes if you want them to be permanent.
Now it's on to roaming profiles and folder redirection :-)
Brian - a long time user that rarely messes with the system now
Other systems used:
SageTV w/ cablecard tuner & multiple extenders for viewing
BlueIris and IP cameras for CCTV
Incredible PBX for home phone
