Hi all: I hope there is a simple answer to this one.

I just set up a simple 100Mbs peer to peer (only two W2K pc's) network at home for the purpose of sharing a dial-up connection and a printer. ICS works perfectly EXCEPT that if dial-up on demand is enabled on the host and the client pc is re-booted or re-logged on, the modem dials my ISP and establishes a connection.

The rub is that I want it to dial up on demand...but MY demand! If I disable "Dial up on demand" in the host, the client pc can't connect. If I enable it, it connects regardless of whether I want to at that time or not.

Any ideas?

Well it certainly sounds like their is some software on the client PC that is requesting an IP address that is not on your network.

It could be many different things...Instant Messenger software, email client, trojan/worm, etc...

I would first look into your Services which start up with your PC. Then check your Startup folder as well.

MS has an Article on this somewhere in the KB. If I find it later I'll post the link.

Thanks DVNT: The client has a fresh install of W2K (it's a new machine). When it establishes the network and then dials the host's modem, it then makes the dial-up-connection; but ZoneAlarm Pro does not bleat about anything, and there's no traffic interchange. It might be that something IS monitoring a port, but I don't believe that it is possible for the client to be infected. Neither NAV nor AD-Aware has detected anyhing spurious, and it happened before the client machine had ever been connected to the outside world.

I think it's a quirky thing in Win2K. Probably trying to get on the 'net to continue its auto DNS lookup. If I have to use WinGate, I will, but it shouldn't really be necessary...??? I'll try to configure the ICS for fixed IP addresses and see what happens.

[This message has been edited by RLG (edited 07-09-2001).]

This is the KB article I was thinking of but after re-reading it it probably doesn't apply.
http://support.microsoft.com/support/kb/articles/Q260/5/55.ASP?LN=EN-US&SD=gn&FR=0&qry=Internet%20connection%20sharing&rnk=26&src=DHCS_MSPSS_gn_SRCH&SPR=WIN2000

Thanks DVNT1: Been there! That applies if you map a drive from a DOS box, ie manually.

The most likely thing (hopefully)in my case is that the client machine is trying to do a DNS registration because I may have inadvertently #$%!ed up the TCP/IP Advanced settings. I'm at work at the moment and home is about 35km away so I'll have a good hard look at it later.

After browsing this forum the problem doesn't seem to be universal so it must be just me...and after looking at the fixed IP address and ICS registry setup, I'll give that idea a miss for now!

[This message has been edited by RLG (edited 07-09-2001).]

Hmm. I had managed to NOT disable DNS in the client machine: Fixed that but the fershuggining thing still wants to dial out on first bootup+login. Grr. Has to be a setup thing. Any more ideas DVNT1??

so you're saying that if ur offline with your routing machine, and then u turn on the client, it causes the routing machine to dial-up?

-Z

ZSKILLZ: That's it in one: I have to disable the host's sharing: Dial On Demand option to stop the client trying to dial out when you boot it and log-on. Which kind of defeats the purpose of ICS sharing.

It seems that when the client establishes Network connections it decides to get on the 'net as well.

I wasn't clear exactly what was going on, so I had to ask to clarify -

now, that being said, as I'm sure that you understand, there is absolutely no reason why the computer should try and log on to the internet when u log on to the network. now I would firt suggest looking through your start-up menu for programs like AIM and ICQ and that sort of stuff because depending on how you have those configured, they may try and log on upon boot-up.

lemme know if this helps at all

-Z

Thanks ZSKILLZ,

The machines are set up for browsing only; the host uses Pegasus Mail, but no mail software has been configured on the client yet. The client machine is a clean install of W2K and the auto check for updates is turned off. I decided to houseclean the host seeing that the problem occurred on initially setting up the client, so I installed W2K on a clean drive in that as well. Same problem!

Just started work here, so can't progress the diagnosis for another 9 hours or so.

I'm sure there'll be a simple solution eventually??

I think I might swap machines...ie congigure the client as host and vice versa, swap the modem to the new host and see what happens.

[This message has been edited by RLG (edited 07-10-2001).]

[This message has been edited by RLG (edited 07-10-2001).]

Bumppppp

I saw another thread about this on anandtech. Basically it was a issue with dns forwarding to the internet. They guy had to edit a couple of records (A and something else) to keep local dns requests from dialing out to the internet. I went over there and did a search but could not find the thread, sorry. Do you have Active directory enabled?

WYVRN: This sounds like the sort of thing I've been looking for. These are the sorts of things that are totally transparent if you have a permanent connection and a pain in the **** with dial-up. I'll seach for that thread, too.

Thanks for your interest!

Thanks for that...both Host and Client are W2K pro with ICS on the host. I haven't had time to look at it further; the symptom is that the host dialer fires up when the client is booted and logged on. It does not seem to happen if you log off, then on again. I don't know if it does it every hour because I haven't given it a chance to do so!

To be honest I don't fully comprehend the Anandtech thread, so I'm not sure if it applies or not.

[This message has been edited by RLG (edited 07-12-2001).]

OK found it: Clickie (http://forums.anandtech.com/messageview.cfm?catid=36&threadid=492079)

One of these computers is running DNS and DHCP for the network, and NAT and not ICS. Probably does not apply to your case. Are both of your clients Win2k Professional or is one of them a server?

[This message has been edited by wyvrn (edited 07-12-2001).]

The anandtech thread is dealing with NAT. NAT comes with Win2k Server, and is the same tech. that allows these broadband routers to function, taking one IP address and allowing multiple computers to have access through it to the outside worls. ICS is a user friendly, scaled down version of NAT that requires little in the way of user configuration.

The reason I asked whether you had Server was because you could use it to setup a NAT box and maybe eliminate your problem. I did an extensive search at MS Knowledgebase but did not find the problem you are having. The ICS howto says that the dial on demand computer will only dial when the client requests an internet address, so in some way when you login to the client computer, it wants to hit the Internet. I am not sure if you are going to be able to stop it, using ICS. What you could try is removing ICS completely from the host machine and then reinstalling it. I have seen ICS turn bad if you make more than 1 or 2 changes to it.

Good luck http://www.sysopt.com/forum/smile.gif

It certainly sounds like the only true way to troubleshoot this problem is by using a packet sniffer between the Client and ICS Host or possibly the netstat command (on the ICS host) while dumping the output to a file for later review.

I've always used Sniffer Pro. They may have a demo version at http://www.sniffer.com .

Other ones I've heard of include Etherpeek and Snort (heard that it was very good). You may find some others at http://www.insecure.org/tools.html


Added a link...
http://download.datanerds.net/binaries/snort-1.7-win32-static.zip



[This message has been edited by DVNT1 (edited 07-13-2001).]

Ok thanks http://www.sysopt.com/forum/smile.gif Let us know if you figure it out, RLG http://www.sysopt.com/forum/smile.gif

Thanks guys! I appreciate all your efforts and I'll follow them all up.

I've had very little time to address this issue over the last few days, but I did find a reference somewhere in the kb that suggested that the install order of the network and ICS was critical. The idea was that you set up the network, map all drives & printers etc and then configure ICS. Now I think that's the way I did it but it might be reasonable to try to remove it all and start again. My only concern with that is that W2K and Windows in general rarely removes all registry entries when you uninstall, especially a quirky entry, so you end up with the same prob unless you blow away and reinstall the OS.

Something to do on a cold, wet weekend down-under!

Cheers, RLG

Ok what sniffers do you recommend, and are there some cheap or free ones? I have very little experience with these.

DVNT1, WYVRN:

I finally got time to have a look at this again today; I haven't tried any packet sniffers yet; that's a bit too close to what I used to do for a living. This stuff should just work...er, shouldn't it?

I disabled, then re-configured ICS to begin with. Everything seemed fine. I rebooted the client pc, logged on and, voila!! No dial up!! Great. I then fired up IE and was rewarded with an auto dialup, everything seemed to be OK. I shut down, rebooted, logged on, all of that, still OK. Then I was just playing with screen resolution and font size on the client machine (as you do!) and it decided that it just HAD to get on the net. And dialed up. Sheesh. So I killed that, (the host is presently in the same room as the client until it all works A-OK) and headed off to the fridge for a beer, and came back to find another dialup in progress. So after...

a...

couple...

more...

beers...

and a lot of buggerising around...

I have decided to try-out Wingate v4.4.

I'll keep you informed.

Cheers, Rob

Thanks for the update. I hope you get the problem worked out. I still think Windows ICS is a little buggy and needs work, which is why I am working on getting full NAT installed instead.

Would you believe that Wingate installed A-OK as server in the Host OK but refused to work as client in t'other machine?

I installed it as "lite" to avoid the nags in a month's time. Maybe it disagreed with ZoneAlarm Pro? I'll clean up the registry and install it as pro next. If it worked seamlessly I wouldn't mind paying for it.

I'm avidly reading your follow up. I had the same problem with W98 and gave up on it. I'm courious to see what's the cause...

Hi ORVALS,

I was going to play with Wingate again today, nice way to spend a sunny Sunday afternoon down under. But wife wants to go to winery for lunch. Tough, eh?

The worst part of this whole ICS thing is that I started with a clean install on each machine, and, looking at the registry, it ain't so clean now!

Cheers, Rob