Solved

Comprehensive Master Browser Question

Posted on 2003-11-19
16
23,734 Views
Last Modified: 2010-05-18
I have read up some on Master Browser issues (8003, 8005, 8012, etc. errors in the System Logs) of W2k Pro and Server.  Most people seem unable to solve the problem.  Our servers and workstations are full of these errors in the system logs.  

From what I have read, I seem to have gained a basic understanding of what the problem is.  However, how to solve it behooves me.  I believe I read somewhere that for every subnet on your network, Microsoft requires 1 PC to be a Master Browser for every 32 PC's on the subnet.

I've read some suggestions that the browser service on any PC that is not intended to be the Master Browser should be disabled.  Are there any ramifications to doing this?  To my understanding, the browser service needs to be enabled to basically "browse the network."  Disabling this, in theory (to someone who doesn't have as complete an understanding as he would like), sounds not good.

I've also read up on the registry edits that need to be made going in the direction of defining a definitive Master Browser - (i.e. MaintainServerList = No or False (I don't remember which it is) / IsDomainMaster = Yes or True) - I know the path to the registry keys that need to be changed.  

However, it seems that the W2k Pro / Server is configured by default to Yes/True for the MaintainServerList and No / False for the IsDomainMaster key.

So, tell me, what do I need to do to get rid of this problem?  It doesn't seem normal for system logs to have 8003 and other 80xx Event ID errors associated with this problem.  How do you go about configuring your environment?  Is this something planned from the beginning and you make the necessary configuration on every W2k machine that comes into the environment?  

Assuming I have to have a Master Browser on every subnet and I need to define just one, is there a way to script it to make the change happen and then configure a policy for that any new machine that joins the domain will have the registry settings correctly configured not to Maintain server lists?  

Lots of questions, but I'm trying to gain an understanding of this.  I'm attempting to eradicate the problems I'm finding in my system logs.

I'm rating this as very important and extremely difficult, because I've invested a decent amount of time in trying to make changes to solve this problem, but to no avail.  And I think this problem contributes to needless network traffic with all of the elections for Master Browser and such (hindering network performance).  Anything I can do to improve the network, I'm going to do it.  
0
Comment
Question by:djhath
  • 5
  • 4
  • 2
  • +3
16 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 9780411
I can say that No, the browser service will not prevent you from 'seeing' the network.
Try the suggestions on http://blkviper.com for disabling services you don't need.
He also has a good explaination of what the services are and what their function is supposed to be. . .
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 9780468
Information on 8003 error:

CAUSE
"Routers on your network are configured to forward UDP broadcasts. "

If a Windows domain spans more than one subnet and the TCP/IP protocol (NetBT) is used, each subnet will have a Master Browser. If a Master Browser receives server announcements from another computer, claiming to be a Master Browser, an election is forced to ensure that there is only one Master Browser per subnet. These browser elections cause the 8003 message to be recorded.

If the routers on the network are configured to forward UDP broadcasts to UDP ports 137 and 138, then the election broadcasts that are intended to remain in the subnet are forwarded to other subnets.

This has also been seen with bridges or switches between two dissimilar network segments within the same subnet.
RESOLUTION
To stop the 8003 error messages, make sure the routers on the network are not forwarding UDP broadcasts, keeping browser elections on NetBT local to each subnet and enable WINS or lmhosts on the network for netbios name resolution.
0
 
LVL 16

Assisted Solution

by:JammyPak
JammyPak earned 250 total points
ID: 9780682
As mentioned, a domain controller will always be the master browser for it's subnet. So, if you have a DC on every subnet, then the question of who is the master browser is not a question. It will be the DC. The 'Is Domain Master' = False is normal for a non-Domain controller, since the 'Domain Master Browser' is not the same thing as just a regular master browser - it has to be a DC (in NT it was the PDC). If you don't have a DC on certain subnets, then that's the only places you may want to set a preferred master browser.

Remember also that if the non-DC master broswer is shutdown, someone else will try to take over as MB. Unless every machine is set to be a non-browser, then someone will become the Master Browser. When you restart the machine that was set to be the master browser. It won't necessarily start an election to regain the MB status. Only DCs force a browser election on boot. Other PCs don't. So, if the PC detects that an MB already exists, then it won't call an election. If noone else has taken over and the PC detects that there is no MB, only then would it call an election and take over as MB. One more reason why it's nice to have a DC on every segment.

If you're interested in forcing certain registry entries, there's different ways to do this (.reg files, regini.exe, group policy, etc)
See here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnw2kmag01/html/DistributingRegistryChanges.asp

Some points:
Can you give a quick overview of your network layout? ie. segments, and DCs and such.

Here's the link to the info that sirbounty posted http://support.microsoft.com/default.aspx?scid=kb;en-us;135464&Product=win2000)

In the ResKit there's a tool called browmon.exe and also browstat.exe that detects who is the master browser for your subnet and tells you. If you don't own the ResKit, you can find these tools on the web. Browstat can do quite alot. (see here http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q188/3/05.asp&NoWebContent=1)

I don't believe there's a danger in turning off the broswer service in a client machine that you don't want to be a MB. The PC will still show up in the browse list, since it's the Server service that generates the broadcasts.

Also, are you in
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 9780685
oops

Are you in a pure Win2K/Active Directory environment?

JP
0
 
LVL 3

Author Comment

by:djhath
ID: 9781583
I have read the link info that sirbounty posted in past research.  

Now let me talk a bit about Network Layout.  We have 5 locations that each have a Novell Netware 6 server as our main 'production' server (file server / application server).  Our corporate office also hosts a Windows 2000 Domain that is comprised of 5 Win2k servers (2 DC's (one is a backup server (hosts DHCP, primary WINS server), and the other is a fax server (hosts DNS)), a File server, Exchange Server, and Unity Voicemail server (for our Cisco phone system) - we also have 2 Cisco Servers that are not part of the domain.  

We use approximately a dozen different subnets - but a few are used for VLAN connectivity, the remaining 6 or 7 are defined DHCP scopes for each location.  All of the 2000 Servers are on the same subnet.  But, each subnet has at least 1 2000 Pro machine that is claiming to be master browser.

Does my additional information provide any additional insight?
0
 
LVL 3

Author Comment

by:djhath
ID: 9781594
When I said VLAN connectivity, I meant to say voice connectivity, sorry about that...
0
 
LVL 5

Accepted Solution

by:
ralonso earned 250 total points
ID: 9786827
the way of selecting who is the master browser is by "election". If a master browser is not present, any computer configured to maintainserverlist will try to become browser.

the election procedure is by OS version and role within the domain/workgroup.

If some of your segments don't have servers, a workstation will be performing as a master browser and maybe some other(s) as backup browser.
The problem is that if the master browser workstation is shut down and someone tries to browse the network, it will find that there is no master browser, and therefore force an election.

Multihomed computers are especially prone to browser problems (they are in two segments - WOW!). The browser service was developed in the WFW 3.1 - NETBEUI times. The adaptation to TCP/IP has been far from perfect.

If you disable the browser service in a computer you may not be able to browse shared resources in the computer (just try to disable it in a workstation and from the run... in start menu type "\\workstation_name"
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 16

Expert Comment

by:JammyPak
ID: 9789630
FYI I shut down my Computer Browser service yesterday. Everything's still working like a charm.
0
 
LVL 3

Author Comment

by:djhath
ID: 9796727
Are you saying you shut down *your* Computer Browser service or that of your network?
0
 
LVL 3

Author Comment

by:djhath
ID: 9796731
I'm leaning towards shutting them down except for the DC that I already have configured as a Master Browser.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 9812597
I'm saying on my PC I stopped the Computer Browser service last week, and it does not affect my ability to act as a browsing client.

So this:
If you disable the browser service in a computer you may not be able to browse shared resources in the computer (just try to disable it in a workstation and from the run... in start menu type "\\workstation_name")

does not seem to be a problem.
I also have a directory shared out, and that is also not affected.




0
 
LVL 5

Expert Comment

by:ralonso
ID: 9816989
you are right.

sharing folders depends on the server service and accessing shares in the workstation service, therefore stopping the browser service will not affect any of those.
0
 
LVL 3

Author Comment

by:djhath
ID: 9824749
I actually noticed that disabling the Computer Browser service did nothing to help the problem.  I'm attempting to add the key SYSTEM\CurrentControlSet\Services\Browser\Parameters with the IsDomainMaster - FALSE, and MaintainServerList - No through Group Policy.  However, in attempting to do that, I noticed that it pretty much only allows you to put in the path of the registry key, but not the ability to add the actual key.  What am I doing wrong?
0
 

Expert Comment

by:jenkinskg
ID: 10189436
I have turned off the computer browser service on many networks, with only good affects.
The reason I do this is the browser election is won as mentioned above by the newest OS with the newest SP. Therefore XP workstations with sp1 with kick the server 2k off being a browsemaster everytime. The server will not win again until it is rebooted.
If 2 or 3 servers are allowed to be browsemasters then the browsing will be smooth and reliable. Otherwise client machines can really mess up browsing.
I have even scripted
net stop "computer browser"
in the login script for workstations until I was able to set the service as manual
0
 
LVL 3

Expert Comment

by:gerdawg
ID: 12261556
Here is what i've done. I hope it helps a bit.

Basically I export out a .reg file from my \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\

For IsDomainMaster Reg_SZ = False
For MaintainServerList = No

That is on the client end. I export this registry key to a .reg..then I place the .reg into my \\%LogonSERVER%\Netlogon folder.

Then I just add this to my users batch file -

REM (REGISTRY EDIT FOR MASTER BROWSER)
regedit /s "\\%LOGONSERVER%\netlogon\notbrowser.reg"

which automatically adds the registry string to all of my client computers.

When they boot in they automatically import that information into their systems and the computer browser service is disabled.

BTW this still doesn't fix the master browser issue. Microsoft will not fix it..and even if your not running a multihomed system, this is what you will expect.

If you go into the reskit for Windows 2000 and install browstat...I get the error message -

    Browsing is active on domain.
    Master browser name is: ?♠???♠
Could not connect to registry, error = 53        Unable to determine build of br
owser master: 53
   Unable to determine server information for browser master: 123
    1 backup servers retrieved from master ?♠???♠
        \\ES1
    Unable to retrieve server list from ?♠???♠: 2351

The only way I have found to fix this issue, is to bring every computer in the domain down. Then bring the ES1 machine back up first.

From there I bring the other backup servers up and the problem is resolved until I have to bring ES1 back down again for anything. I have scoured the internet and just gave up at this point. Hopefully the regfix works for you but I know this will import it at the clients end, but you will still have issues regardless.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now