This one has propper puggled my head

[PC Doctor]

Got called out to a new customer, fairly big company however the infrastructure is awful.

Desktop PC they call the server used as a file server with 3 external usb drives plugged in and shared as extra storage.

23 Computers mixture of Desktops and 3 or 4 laptops. Laptops are wireless and all desktops cabled.

Router providing internet plugged into a 16 port hub. with some computers plugged in and other ports linked to other hubs which are then daisy chained to others.

"Server" is running Windows 10, other computers a selection of Windows 10.

Called in as some machines had lost internet access and access to the shared drive.

The business also runs sage line 50 with the data on the "server"

So when I arrive, they had some machines with internet but no data, others with data and no internet and some with nothing. The confusing part is that you can have 2 machines plugged into a switch one can see bot the shared drive and has internet access, the other has neither.

One of the hubs had 2 machines plugged into it and 2 ports linked to other hubs. The 2 machines plugged in to the first hub, 1 had data the other nothing however machines on the 2 linked hubs had both. It really makes no sense.

So to try and resolve I got a new hub, plugged the server, internet and my Windows 10 laptop in, got internet straight away but it could not through network access the server. The server showed in the list of devices under network but when you tried to access the laptop just said it could not connect to the machine. Network path invalid.

I am looking for some advice if anyone has seen any of this before or can give me some pointers as to how to troubleshoot and resolve.

Once i can get them back up and running I can then look at resolving their infrastructure.

 

[Porthos]

See if this helps you out. Do the settings on the "server" I helped me to see and access my main desktop from the rest of the house. (All Win 10)
https://www.tenforums.com/tutorials/111783-share-files-folders-over-network-windows-10-a.html

 

[nerd2u]

For starters get them a 48 port switch and cable everything back to a single switch. Then verify everything has internet connectivity.

Once that is done start checking the settings on the server to see what is going on. Can they ping the server?

Try to break the problem out into steps it will help out

Sent from my SM-G870W using Tapatalk

 

[Moltuae]

I've taken on a few similar messes myself over the years ... This song springs to mind.

But seriously, now is the time to explain to them how it should be done. I'd do an audit of their systems, and produce a document highlighting all the risks to business continuity and security (not forgetting the all-important GDPR compliance!). And I would put forward my recommendations and a long-term plan of attack, prioritising the most urgent fixes.

In the meantime, you need to patch up what they have of course, not only to keep things working but to give them confidence in your work so that they will trust your recommendations. You don't want to patch things up too well though or you'll find yourself babysitting their IT mess for years to come.

As already suggested, I would start by replacing all the daisy-chained switches with a single enterprise-grade switch, and perhaps recommend a complete network re-wire too. I would also look at how the 'clients' are accessing the 'server' shares (most likely using computer names via network discovery). Make sure all the file servers have a static IP address and map shares by IP address instead, using logon scripts. For the computers that have LAN access but no internet access, I'd check what DNS servers they're using.

I'm guessing that all the users are presently logging in as administrators. And the data (including Sage accounts data) will probably be shared with full access to 'everyone'. I would point this out to them and demonstrate how easily their data can be accessed, destroyed or compromised (whether accidentally, intentionally or by malware) and explain how access and permissions need to be managed properly using a DC with restricted user accounts in an easily managed domain environment.

 

[YeOldeStonecat]

*The confusion and mess of having multiple daisy chained hubs/switches
*A larger network that what typicall works OK for a "workgroup/peer to peer" broadcast network
*No locally managed DNS.

I know daisy chained switches "should work"..and "has worked in the past"...but as you can see, these setups become difficult to troubleshoot (VERY time consuming) Likely no "managed switches", no STP, no good logging/port status to see errors...they become terrible inefficient at managing traffic and issues. Very time consuming to troubleshoot. Not to mention..all these single 1x gig uplinks are bottlenecks for a heavy software such as SAGE. Nice mixture of "bad switches", loop-back connections, and bad patch cables.

Approach with a plan to streamline the network layout. Strive towards a single switch with each/every data jack in the whole building having a single run to a patch panel located by the one big switch and router/firewall. Sell this by reliability and future growth and performance.

On the workstations...
*The "server"...make sure it has a static IP address. And go into TCP/IP v4 properties, WINS tab, and enable netbios over IP.
*Do that netbios setting on all other rigs running SAGE
*Ensure firewall is set for Private location on all

Name resolution...without a domain controller ruling the roost....workstations are left up to "master browser wars" for name resolution. We can have a long discussion about what master browsers are and how to control it, but let's just say...it sucks letting the workstations figure it out themselves or even trying to manage it. So take control via another method.
My first approach would be to use a DNS table in the firewall. Most biz grade firewalls have a place for this. And when you don't have a network with a domain controller, the router will be doing the DHCP, and most biz grade firewalls have a local DNS service so they hand out their LAN IP address to the workstations. And theres usually a DNS table where you can enter host names and their corresponding LAN IPs. (making your own little a-records 'n ptrs).

If they don't have a biz grade firewall, and they're not receptive to you pitching one, ....well, you're left with the old "poor mans WINS" approach..and gotta go around to each workstation running SAGE and edit the lmhosts file. (a semi pain with Win10 cuz you have to "run-as" notepad as Administrator).

 

[PC Doctor]

Thanks all lots of great pointers, lots of stuff about what to do going forward which we have started discussing and they do want to do it so thats a bonus. It will be the first time in a long time i will have done one on this scale so i have a lot of reading up to do on managed switches, firewalls, servers etc before we even get to the cost of running cables and putting ports in.

I managed to resolve the network issues today so all machines now have internet access and can access the shared folders on the server. Resolved by replacing a couple of patch cables and I put a new 24 port switch in just to get everything back on line.

The only issue now is they have sage on 18 machines but none of them will run because they cant see the data service on the server machine even though it is running. They pay for Sage support who could not resolve the error remoting in so someone is coming out tomorrow fingers crossed they can resolve it.

Thanks all for your help, sure I will have quite a few more questions as I get into re-planning the system and recommendations for the right kit to put in.

 

[YeOldeStonecat]

The only issue now is they have sage on 18 machines but none of them will run because they cant see the data service on the server machine even though it is running. .

Database...ODBC....WINS...name resolution. Refer to my prior post. Workstations probably pick up the ISPs DNS servers which only know public FQDN..they know nothing at all about internal private LAN host names.
And pay attention to firewall settings....putting new network hardware in place, Windows firewall may kick in..some might be set on public.

 

[marley1]

Not enough info.

Should be easy to point in right direction by doing aa simple ipconfig

To me sounds like DNS

Why no domain controller?

 

[PC Doctor]

Thats how it was initially setup, not by me but they started out as a team of three with just a workgroup and have continually just added to it.