Comprehensive Master Browser Question

I have read up some on Master Browser issues (8003, 8005, 8012, etc. errors in the System Logs) of W2k Pro and Server.  Most people seem unable to solve the problem.  Our servers and workstations are full of these errors in the system logs.  

From what I have read, I seem to have gained a basic understanding of what the problem is.  However, how to solve it behooves me.  I believe I read somewhere that for every subnet on your network, Microsoft requires 1 PC to be a Master Browser for every 32 PC's on the subnet.

I've read some suggestions that the browser service on any PC that is not intended to be the Master Browser should be disabled.  Are there any ramifications to doing this?  To my understanding, the browser service needs to be enabled to basically "browse the network."  Disabling this, in theory (to someone who doesn't have as complete an understanding as he would like), sounds not good.

I've also read up on the registry edits that need to be made going in the direction of defining a definitive Master Browser - (i.e. MaintainServerList = No or False (I don't remember which it is) / IsDomainMaster = Yes or True) - I know the path to the registry keys that need to be changed.  

However, it seems that the W2k Pro / Server is configured by default to Yes/True for the MaintainServerList and No / False for the IsDomainMaster key.

So, tell me, what do I need to do to get rid of this problem?  It doesn't seem normal for system logs to have 8003 and other 80xx Event ID errors associated with this problem.  How do you go about configuring your environment?  Is this something planned from the beginning and you make the necessary configuration on every W2k machine that comes into the environment?  

Assuming I have to have a Master Browser on every subnet and I need to define just one, is there a way to script it to make the change happen and then configure a policy for that any new machine that joins the domain will have the registry settings correctly configured not to Maintain server lists?  

Lots of questions, but I'm trying to gain an understanding of this.  I'm attempting to eradicate the problems I'm finding in my system logs.

I'm rating this as very important and extremely difficult, because I've invested a decent amount of time in trying to make changes to solve this problem, but to no avail.  And I think this problem contributes to needless network traffic with all of the elections for Master Browser and such (hindering network performance).  Anything I can do to improve the network, I'm going to do it.  
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I can say that No, the browser service will not prevent you from 'seeing' the network.
Try the suggestions on for disabling services you don't need.
He also has a good explaination of what the services are and what their function is supposed to be. . .
Information on 8003 error:

"Routers on your network are configured to forward UDP broadcasts. "

If a Windows domain spans more than one subnet and the TCP/IP protocol (NetBT) is used, each subnet will have a Master Browser. If a Master Browser receives server announcements from another computer, claiming to be a Master Browser, an election is forced to ensure that there is only one Master Browser per subnet. These browser elections cause the 8003 message to be recorded.

If the routers on the network are configured to forward UDP broadcasts to UDP ports 137 and 138, then the election broadcasts that are intended to remain in the subnet are forwarded to other subnets.

This has also been seen with bridges or switches between two dissimilar network segments within the same subnet.
To stop the 8003 error messages, make sure the routers on the network are not forwarding UDP broadcasts, keeping browser elections on NetBT local to each subnet and enable WINS or lmhosts on the network for netbios name resolution.
As mentioned, a domain controller will always be the master browser for it's subnet. So, if you have a DC on every subnet, then the question of who is the master browser is not a question. It will be the DC. The 'Is Domain Master' = False is normal for a non-Domain controller, since the 'Domain Master Browser' is not the same thing as just a regular master browser - it has to be a DC (in NT it was the PDC). If you don't have a DC on certain subnets, then that's the only places you may want to set a preferred master browser.

Remember also that if the non-DC master broswer is shutdown, someone else will try to take over as MB. Unless every machine is set to be a non-browser, then someone will become the Master Browser. When you restart the machine that was set to be the master browser. It won't necessarily start an election to regain the MB status. Only DCs force a browser election on boot. Other PCs don't. So, if the PC detects that an MB already exists, then it won't call an election. If noone else has taken over and the PC detects that there is no MB, only then would it call an election and take over as MB. One more reason why it's nice to have a DC on every segment.

If you're interested in forcing certain registry entries, there's different ways to do this (.reg files, regini.exe, group policy, etc)
See here:

Some points:
Can you give a quick overview of your network layout? ie. segments, and DCs and such.

Here's the link to the info that sirbounty posted;en-us;135464&Product=win2000)

In the ResKit there's a tool called browmon.exe and also browstat.exe that detects who is the master browser for your subnet and tells you. If you don't own the ResKit, you can find these tools on the web. Browstat can do quite alot. (see here

I don't believe there's a danger in turning off the broswer service in a client machine that you don't want to be a MB. The PC will still show up in the browse list, since it's the Server service that generates the broadcasts.

Also, are you in
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.


Are you in a pure Win2K/Active Directory environment?

djhathAuthor Commented:
I have read the link info that sirbounty posted in past research.  

Now let me talk a bit about Network Layout.  We have 5 locations that each have a Novell Netware 6 server as our main 'production' server (file server / application server).  Our corporate office also hosts a Windows 2000 Domain that is comprised of 5 Win2k servers (2 DC's (one is a backup server (hosts DHCP, primary WINS server), and the other is a fax server (hosts DNS)), a File server, Exchange Server, and Unity Voicemail server (for our Cisco phone system) - we also have 2 Cisco Servers that are not part of the domain.  

We use approximately a dozen different subnets - but a few are used for VLAN connectivity, the remaining 6 or 7 are defined DHCP scopes for each location.  All of the 2000 Servers are on the same subnet.  But, each subnet has at least 1 2000 Pro machine that is claiming to be master browser.

Does my additional information provide any additional insight?
djhathAuthor Commented:
When I said VLAN connectivity, I meant to say voice connectivity, sorry about that...
the way of selecting who is the master browser is by "election". If a master browser is not present, any computer configured to maintainserverlist will try to become browser.

the election procedure is by OS version and role within the domain/workgroup.

If some of your segments don't have servers, a workstation will be performing as a master browser and maybe some other(s) as backup browser.
The problem is that if the master browser workstation is shut down and someone tries to browse the network, it will find that there is no master browser, and therefore force an election.

Multihomed computers are especially prone to browser problems (they are in two segments - WOW!). The browser service was developed in the WFW 3.1 - NETBEUI times. The adaptation to TCP/IP has been far from perfect.

If you disable the browser service in a computer you may not be able to browse shared resources in the computer (just try to disable it in a workstation and from the run... in start menu type "\\workstation_name"

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FYI I shut down my Computer Browser service yesterday. Everything's still working like a charm.
djhathAuthor Commented:
Are you saying you shut down *your* Computer Browser service or that of your network?
djhathAuthor Commented:
I'm leaning towards shutting them down except for the DC that I already have configured as a Master Browser.
I'm saying on my PC I stopped the Computer Browser service last week, and it does not affect my ability to act as a browsing client.

So this:
If you disable the browser service in a computer you may not be able to browse shared resources in the computer (just try to disable it in a workstation and from the run... in start menu type "\\workstation_name")

does not seem to be a problem.
I also have a directory shared out, and that is also not affected.

you are right.

sharing folders depends on the server service and accessing shares in the workstation service, therefore stopping the browser service will not affect any of those.
djhathAuthor Commented:
I actually noticed that disabling the Computer Browser service did nothing to help the problem.  I'm attempting to add the key SYSTEM\CurrentControlSet\Services\Browser\Parameters with the IsDomainMaster - FALSE, and MaintainServerList - No through Group Policy.  However, in attempting to do that, I noticed that it pretty much only allows you to put in the path of the registry key, but not the ability to add the actual key.  What am I doing wrong?
I have turned off the computer browser service on many networks, with only good affects.
The reason I do this is the browser election is won as mentioned above by the newest OS with the newest SP. Therefore XP workstations with sp1 with kick the server 2k off being a browsemaster everytime. The server will not win again until it is rebooted.
If 2 or 3 servers are allowed to be browsemasters then the browsing will be smooth and reliable. Otherwise client machines can really mess up browsing.
I have even scripted
net stop "computer browser"
in the login script for workstations until I was able to set the service as manual
Here is what i've done. I hope it helps a bit.

Basically I export out a .reg file from my \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\

For IsDomainMaster Reg_SZ = False
For MaintainServerList = No

That is on the client end. I export this registry key to a .reg..then I place the .reg into my \\%LogonSERVER%\Netlogon folder.

Then I just add this to my users batch file -

regedit /s "\\%LOGONSERVER%\netlogon\notbrowser.reg"

which automatically adds the registry string to all of my client computers.

When they boot in they automatically import that information into their systems and the computer browser service is disabled.

BTW this still doesn't fix the master browser issue. Microsoft will not fix it..and even if your not running a multihomed system, this is what you will expect.

If you go into the reskit for Windows 2000 and install browstat...I get the error message -

    Browsing is active on domain.
    Master browser name is: ?♠???♠
Could not connect to registry, error = 53        Unable to determine build of br
owser master: 53
   Unable to determine server information for browser master: 123
    1 backup servers retrieved from master ?♠???♠
    Unable to retrieve server list from ?♠???♠: 2351

The only way I have found to fix this issue, is to bring every computer in the domain down. Then bring the ES1 machine back up first.

From there I bring the other backup servers up and the problem is resolved until I have to bring ES1 back down again for anything. I have scoured the internet and just gave up at this point. Hopefully the regfix works for you but I know this will import it at the clients end, but you will still have issues regardless.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.