Question

Unable to browse different AD site after moving WINS to 2008 DC

Asked by: ccherman3

Before :
Two AD Sites, 2 different subnets - dedicated 3mb pipe
Two 2003 DCs in 1st site - 1 2003 DC and 1 member 2003 server hosting WINS
One 2003 DC in 2nd site - 1 member server 2003 hosting WINS
Result: Browsing across both sites operational (could see both sites machines from each site)

After :
Promoted 2008 AD DC - moved PDC, RID, Domain Naming FSMO roles to this DC after promotion
Moved WINS from 2003 DC to the 2008 DC in the first site, all other WINS servers stayed the same
Each WINS server has the other two listed as replication partners, and each WINS server is only pointing to itself for WINS information
Result: :(machines in 1st site browse only 1st site, machines in 2nd site browse only 2nd site)
All mappings, shares, resources, etc., are available to both sites, so no problems there
Obviously, I've mis-configured something....just don't know what it is....thanks in advance.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-09-30 at 07:56:08ID24773781
Tags

Windows 2008 WINS and AD

Topics

Active Directory

,

Windows Server 2008

,

Windows Networking

,

Windows 2003 Server

,

Microsoft Server

Participating Experts
2
Points
500
Comments
25

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Windows 2000 PDC promotion
    I have a Windows 2000 server working as the only domain controller. Recently I want to replace this DC with another server. I installed the O/S on the replaced server and enabled the AD. So I have 2 DCs in the domain. But how could I retire the PDC and promote the 2nd DC? Do...
  2. Promote 2003 server to PDC?
    Can you promote a 2003 DC to a PDC? and visa versa.
  3. FSMO roles
    I have a Windows 2000 DC that I will be demoting in the very near future, like in the next week or so. It is also a print server as well. We are a very small shop so my DC's are often performing addtional roles. I believe I know the answer to this, but if I demote this server...
  4. How to recover FSMO Role Holder DC
    I am in deep doo-doo. Environment: 3 DC's with one DC (Main DC) having all the fsmo roles. All DCs have a copy of the GC. The Main DC began to reboot continuously and get Directory service errors on the login page. I couldn't even login. The error was " Directory Service...
  5. Seizing FSMO roles
    When attempting to transfer all the FSMO roles from one DC to another (currently 1 DC holds all roles) because the AD is corrupted on the DC that holds all the roles... I log on to the good DC that I want to transfer the FSMO roles to and upon attempting to transfer it gives...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: ccherman3Posted on 2009-10-01 at 11:33:48ID: 25471742

Thanks for your assistance......

 

by: Netman66Posted on 2009-10-01 at 17:41:24ID: 25474391

Initially, you made no mention of WINS on a DC; you only state member servers.

If you have indeed placed the WINS role on the 2008 DC and the others remain on a member server then you must determine if replication between them (Push/Pull) is working.  I suspect the 2008 DC has the firewall on and no exception for WINS traffic.

I'd start there.

You may be able to use Portqry from the 2003 servers to the 2008 server to see if both port 137 TCP & UDP and port 42 UDP are unobstructed.

 

by: ChiefITPosted on 2009-10-02 at 02:35:17ID: 25476278

Check DHCP Scope options to see what WINS server the DHCP clients are getting passed to them.

Then, go to the 2003 server and see if you have any event log errors in the 8000's like 8032 or 8021 that elude to a master browser conflict. They will say something like XXXcomputer thinks it is a master browser, the browser service has been stopped and an election has been forced.

 

by: ccherman3Posted on 2009-10-02 at 07:26:40ID: 25478202

Thanks Netman66 and ChiefIT for your suggestions....
To clarify: (Site 1) 2003 Member server and 2008 DC running WINS
DHCP scope options have member server as primary, and DC as secondary for WINS
(Site 2) Member server 2003 only is running WINS, DHCP scope options reflect that.
The 2008 DC is firewall enabled , and there is an exception for WINS traffic
Portqry to 2008 DC from WINS member server in same site (SITE 1) results in:
TCP port 137 FILTERED
UDP Port 137 (netbios-ns service) LISTENING or FILTERED
NetBIOS adapter status query to UDP 137: LISTENING
UDP port 42 (nameserver service): LISTENING or FILTERED
I will check the event logs for 8000 series entries and get back to you with my results.....thanks again to both of you.

 

by: ChiefITPosted on 2009-10-02 at 08:09:55ID: 25478660

I believe I see a couple problems:

1) You just brought a 2008 server on line. but the 2003 server has been on line as the domain master browser. Have you rebooted the 2003 server since? A reboot will force the election process again, so the 2003 server will recognize the 2008 server as the domain master browser.

2) You also have a firewall enabled:

There are two methods Netbios uses to populate a browselist. One is called netbios over TCP/IP and the other is netbios over SMB. These are their port numbers and applications.

Netbios over TCP, using WINS:
netbios-ns      137/tcp    NETBIOS Name Service    (WINS)
netbios-ns      137/udp    NETBIOS Name Service    (WINS)
netbios-dgm     138/tcp    NETBIOS Datagram Service
netbios-dgm     138/udp    NETBIOS Datagram Service
netbios-ssn     139/tcp    NETBIOS Session Service
netbios-ssn     139/udp    NETBIOS Session Service

Netbios over SMB:
microsoft-ds    445/tcp    Microsoft-DS
microsoft-ds    445/udp    Microsoft-DS
netbios-ssn     139/tcp    NETBIOS Session Service
netbios-ssn     139/udp    NETBIOS Session Service

Netbios broadcasts are used to populate WINS. So, when filtered WINS records don't update.

3) You might also want to check your node type passed down by DHCP:
It should be Hybrid node type.

http://support.microsoft.com/kb/160177

Though this will not effect site-to-site WINS connections, this may effect your browser services. I am pretty certain things are good there.

With the info I have, my best guess is a browser conflict between the site's DCs. You should see that in Event logs. But, the firewall is certainly a problem between the sites.  

 

by: ccherman3Posted on 2009-10-02 at 08:24:34ID: 25478804

Node type is hybrid (DHCP is running on member 2003 servers in Site 1 and Site 2 )
I did not reboot the former WINS server (2003 DC) after I promoted the 2008 DC.....will do that this evening.
When I referred to firewall enabled, I meant the Windows firewall on the 2008 DC itself.....there are no physical firewalls between sites, just routers (obviously) and a dedicated link.
It did all work fine before I brought the 2008 DC up and moved WINS to it......I will concentrate from the browser perspective.

Thank you.....will let you know how it goes.

 

by: ccherman3Posted on 2009-10-02 at 08:36:52ID: 25478916

Netman66,
I just re-read your post.....are you saying I should or can turn port filtering off on the 2008 DC for 137 tcp\udp ?

 

by: Netman66Posted on 2009-10-02 at 09:02:21ID: 25479189

You should be able to modify the exception for WINS traffic by adding TCP 137 - you stated 137 UDP is listening.  I also saw port 42 listening or filtered - this needs to say listening.

 

by: ccherman3Posted on 2009-10-02 at 09:18:33ID: 25479367

OK....I added these as exceptions for Windows Firewall on the 2008 DC

 

by: ChiefITPosted on 2009-10-02 at 10:47:09ID: 25480147

@netman:

Port 42: isn't this for SANS?

Am I missing something?

 

by: Netman66Posted on 2009-10-02 at 11:46:27ID: 25480795

 

by: ccherman3Posted on 2009-10-05 at 06:55:11ID: 25495219

Well, I rebooted the 2003 DC that used to host WINS and checked in the event logs for master browser conflicts and so far have found nothing....stiil having the browsing problem.
Will keep looking over my config......thanks all.

 

by: ChiefITPosted on 2009-10-05 at 10:37:01ID: 25497417

I have an article for you to read, that explains the master browser services to a T. Though it is a NT4 article, the browser service has not changed at all. Even the registry keys are the same, except one slight difference.

That difference would be:

NT4: the registry key is: ISDOMAINMASTERBROWSER
2000 server/client, xp, 2007 Windows, 2008 server, 2003 server the registry key is: ISDOMAINMASTER

Shouldn't need to be edited.

Now that the 2003 server has been rebooted and you are not seeing the browser conflict errors, you clients may need a reboot and they will start populating the browselist. It sounds like the 2008 server now knows it is the domain master browser.

Here is that NT4 article: (It also explains the WINS setup to work with the master browser services).
http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true

 

by: ccherman3Posted on 2009-10-05 at 11:07:44ID: 25497801

ChiefIT,

Thanks once again.....but I think I need to restate the problem.....I don't want to mislead anyone.
In both sites , the browse lists are populated, but only with machines from that respective site......
Both sites only see machines in their sites, where before you could browse both sites irrespective of the site you were physically located in.
I believe I'm looking at a replication problem across sites.....am I wrong ?

 

by: ChiefITPosted on 2009-10-05 at 11:49:39ID: 25498280

That's a problem with WINS and probably a replication problem.

The link between sites can not be made via netbios broadcasts. So, this is where WINS comes in handy. Netbios uses WINS as a crutch to route.

 

by: ChiefITPosted on 2009-10-05 at 11:50:54ID: 25498297

By the way, the port of interest for WINS are:

Port 137 UDP and TCP.

 

by: ccherman3Posted on 2009-10-05 at 12:11:54ID: 25498508

Correct.....understood....the native broadcasts can't traverse the routers, so, back to the replication issue between servers.
Have looked at the replication setup once again and this is what I have set:

Site 1 - two WINS servers (2008 DC, 2003 R2 Member server)--- these are replication partners Push\Pull
Site 2 - one WINS server (2003 R2 Member server)--- replication partner is 2008 DC in Site 1 Push\Pull
All WINS servers are pointing to themselves for WINS in TCP\IP properties
Can ping by name and ip all day across sites.....
My setup is not complicated, and at the risk of sounding like a broken record, it worked before I made the 2008 DC a WINS server....???

 

by: ChiefITPosted on 2009-10-05 at 12:45:27ID: 25498877

 

by: ChiefITPosted on 2009-10-05 at 12:45:59ID: 25498883

Also, run Browstat from all three servers to make sure they realize the 2008 server is the domain master browser.

 

by: Netman66Posted on 2009-10-05 at 13:46:47ID: 25499554

Unless you have static mappings, it might be prudent to delete all records from the 2008 server and it's replication partner in the other site  to see if 1) the 2008 repopulates from its local partner and 2) the replication partner offsite begins replicating with the 2008 box.  This will tell us which partner(s) are failing.

 

by: ccherman3Posted on 2009-10-05 at 14:19:32ID: 25499887

Ran browstat and the 2008 DC wasn't even listed.
Browser service was disabled on the server, so I started it and rebooted......
Chances of this contributing to my problem ?

 

by: ccherman3Posted on 2009-10-05 at 14:46:15ID: 31635402

Well, it was the stopped browser service on the 2008 DC that was the culprit .....
I believe this service is enabled by default on 2003 and earlier, that's why I didn't think about until I ran the browstat utility that ChiefIT suggested and didn't see the server listed.
Thanks to you both for your expertise !

 

by: ccherman3Posted on 2009-10-05 at 14:52:08ID: 25500172

Turned out to be the browser service being disabled on the 2008 DC.......I recall this service was enabled by default on 2003 and earlier, and didn't think about it until seeing the results from browstat at ChiefIT's suggestion.
I split the points.....thanks to both of you for your expertise !

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...