Comprehensive Master Browser Question
I have read up some on Master Browser issues (8003, 8005, 8012, etc. errors in the System Logs) of W2k Pro and Server. Most people seem unable to solve the problem. Our servers and workstations are full of these errors in the system logs.
From what I have read, I seem to have gained a basic understanding of what the problem is. However, how to solve it behooves me. I believe I read somewhere that for every subnet on your network, Microsoft requires 1 PC to be a Master Browser for every 32 PC's on the subnet.
I've read some suggestions that the browser service on any PC that is not intended to be the Master Browser should be disabled. Are there any ramifications to doing this? To my understanding, the browser service needs to be enabled to basically "browse the network." Disabling this, in theory (to someone who doesn't have as complete an understanding as he would like), sounds not good.
I've also read up on the registry edits that need to be made going in the direction of defining a definitive Master Browser - (i.e. MaintainServerList = No or False (I don't remember which it is) / IsDomainMaster = Yes or True) - I know the path to the registry keys that need to be changed.
However, it seems that the W2k Pro / Server is configured by default to Yes/True for the MaintainServerList and No / False for the IsDomainMaster key.
So, tell me, what do I need to do to get rid of this problem? It doesn't seem normal for system logs to have 8003 and other 80xx Event ID errors associated with this problem. How do you go about configuring your environment? Is this something planned from the beginning and you make the necessary configuration on every W2k machine that comes into the environment?
Assuming I have to have a Master Browser on every subnet and I need to define just one, is there a way to script it to make the change happen and then configure a policy for that any new machine that joins the domain will have the registry settings correctly configured not to Maintain server lists?
Lots of questions, but I'm trying to gain an understanding of this. I'm attempting to eradicate the problems I'm finding in my system logs.
I'm rating this as very important and extremely difficult, because I've invested a decent amount of time in trying to make changes to solve this problem, but to no avail. And I think this problem contributes to needless network traffic with all of the elections for Master Browser and such (hindering network performance). Anything I can do to improve the network, I'm going to do it.
From what I have read, I seem to have gained a basic understanding of what the problem is. However, how to solve it behooves me. I believe I read somewhere that for every subnet on your network, Microsoft requires 1 PC to be a Master Browser for every 32 PC's on the subnet.
I've read some suggestions that the browser service on any PC that is not intended to be the Master Browser should be disabled. Are there any ramifications to doing this? To my understanding, the browser service needs to be enabled to basically "browse the network." Disabling this, in theory (to someone who doesn't have as complete an understanding as he would like), sounds not good.
I've also read up on the registry edits that need to be made going in the direction of defining a definitive Master Browser - (i.e. MaintainServerList = No or False (I don't remember which it is) / IsDomainMaster = Yes or True) - I know the path to the registry keys that need to be changed.
However, it seems that the W2k Pro / Server is configured by default to Yes/True for the MaintainServerList and No / False for the IsDomainMaster key.
So, tell me, what do I need to do to get rid of this problem? It doesn't seem normal for system logs to have 8003 and other 80xx Event ID errors associated with this problem. How do you go about configuring your environment? Is this something planned from the beginning and you make the necessary configuration on every W2k machine that comes into the environment?
Assuming I have to have a Master Browser on every subnet and I need to define just one, is there a way to script it to make the change happen and then configure a policy for that any new machine that joins the domain will have the registry settings correctly configured not to Maintain server lists?
Lots of questions, but I'm trying to gain an understanding of this. I'm attempting to eradicate the problems I'm finding in my system logs.
I'm rating this as very important and extremely difficult, because I've invested a decent amount of time in trying to make changes to solve this problem, but to no avail. And I think this problem contributes to needless network traffic with all of the elections for Master Browser and such (hindering network performance). Anything I can do to improve the network, I'm going to do it.
Information on 8003 error:
CAUSE
"Routers on your network are configured to forward UDP broadcasts. "
If a Windows domain spans more than one subnet and the TCP/IP protocol (NetBT) is used, each subnet will have a Master Browser. If a Master Browser receives server announcements from another computer, claiming to be a Master Browser, an election is forced to ensure that there is only one Master Browser per subnet. These browser elections cause the 8003 message to be recorded.
If the routers on the network are configured to forward UDP broadcasts to UDP ports 137 and 138, then the election broadcasts that are intended to remain in the subnet are forwarded to other subnets.
This has also been seen with bridges or switches between two dissimilar network segments within the same subnet.
RESOLUTION
To stop the 8003 error messages, make sure the routers on the network are not forwarding UDP broadcasts, keeping browser elections on NetBT local to each subnet and enable WINS or lmhosts on the network for netbios name resolution.
CAUSE
"Routers on your network are configured to forward UDP broadcasts. "
If a Windows domain spans more than one subnet and the TCP/IP protocol (NetBT) is used, each subnet will have a Master Browser. If a Master Browser receives server announcements from another computer, claiming to be a Master Browser, an election is forced to ensure that there is only one Master Browser per subnet. These browser elections cause the 8003 message to be recorded.
If the routers on the network are configured to forward UDP broadcasts to UDP ports 137 and 138, then the election broadcasts that are intended to remain in the subnet are forwarded to other subnets.
This has also been seen with bridges or switches between two dissimilar network segments within the same subnet.
RESOLUTION
To stop the 8003 error messages, make sure the routers on the network are not forwarding UDP broadcasts, keeping browser elections on NetBT local to each subnet and enable WINS or lmhosts on the network for netbios name resolution.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
oops
Are you in a pure Win2K/Active Directory environment?
JP
Are you in a pure Win2K/Active Directory environment?
JP
ASKER
I have read the link info that sirbounty posted in past research.
Now let me talk a bit about Network Layout. We have 5 locations that each have a Novell Netware 6 server as our main 'production' server (file server / application server). Our corporate office also hosts a Windows 2000 Domain that is comprised of 5 Win2k servers (2 DC's (one is a backup server (hosts DHCP, primary WINS server), and the other is a fax server (hosts DNS)), a File server, Exchange Server, and Unity Voicemail server (for our Cisco phone system) - we also have 2 Cisco Servers that are not part of the domain.
We use approximately a dozen different subnets - but a few are used for VLAN connectivity, the remaining 6 or 7 are defined DHCP scopes for each location. All of the 2000 Servers are on the same subnet. But, each subnet has at least 1 2000 Pro machine that is claiming to be master browser.
Does my additional information provide any additional insight?
Now let me talk a bit about Network Layout. We have 5 locations that each have a Novell Netware 6 server as our main 'production' server (file server / application server). Our corporate office also hosts a Windows 2000 Domain that is comprised of 5 Win2k servers (2 DC's (one is a backup server (hosts DHCP, primary WINS server), and the other is a fax server (hosts DNS)), a File server, Exchange Server, and Unity Voicemail server (for our Cisco phone system) - we also have 2 Cisco Servers that are not part of the domain.
We use approximately a dozen different subnets - but a few are used for VLAN connectivity, the remaining 6 or 7 are defined DHCP scopes for each location. All of the 2000 Servers are on the same subnet. But, each subnet has at least 1 2000 Pro machine that is claiming to be master browser.
Does my additional information provide any additional insight?
ASKER
When I said VLAN connectivity, I meant to say voice connectivity, sorry about that...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
FYI I shut down my Computer Browser service yesterday. Everything's still working like a charm.
ASKER
Are you saying you shut down *your* Computer Browser service or that of your network?
ASKER
I'm leaning towards shutting them down except for the DC that I already have configured as a Master Browser.
I'm saying on my PC I stopped the Computer Browser service last week, and it does not affect my ability to act as a browsing client.
So this:
If you disable the browser service in a computer you may not be able to browse shared resources in the computer (just try to disable it in a workstation and from the run... in start menu type "\\workstation_name")
does not seem to be a problem.
I also have a directory shared out, and that is also not affected.
So this:
If you disable the browser service in a computer you may not be able to browse shared resources in the computer (just try to disable it in a workstation and from the run... in start menu type "\\workstation_name")
does not seem to be a problem.
I also have a directory shared out, and that is also not affected.
you are right.
sharing folders depends on the server service and accessing shares in the workstation service, therefore stopping the browser service will not affect any of those.
sharing folders depends on the server service and accessing shares in the workstation service, therefore stopping the browser service will not affect any of those.
ASKER
I actually noticed that disabling the Computer Browser service did nothing to help the problem. I'm attempting to add the key SYSTEM\CurrentControlSet\S
I have turned off the computer browser service on many networks, with only good affects.
The reason I do this is the browser election is won as mentioned above by the newest OS with the newest SP. Therefore XP workstations with sp1 with kick the server 2k off being a browsemaster everytime. The server will not win again until it is rebooted.
If 2 or 3 servers are allowed to be browsemasters then the browsing will be smooth and reliable. Otherwise client machines can really mess up browsing.
I have even scripted
net stop "computer browser"
in the login script for workstations until I was able to set the service as manual
The reason I do this is the browser election is won as mentioned above by the newest OS with the newest SP. Therefore XP workstations with sp1 with kick the server 2k off being a browsemaster everytime. The server will not win again until it is rebooted.
If 2 or 3 servers are allowed to be browsemasters then the browsing will be smooth and reliable. Otherwise client machines can really mess up browsing.
I have even scripted
net stop "computer browser"
in the login script for workstations until I was able to set the service as manual
Here is what i've done. I hope it helps a bit.
Basically I export out a .reg file from my \HKEY_LOCAL_MACHINE\SYSTEM
For IsDomainMaster Reg_SZ = False
For MaintainServerList = No
That is on the client end. I export this registry key to a .reg..then I place the .reg into my \\%LogonSERVER%\Netlogon folder.
Then I just add this to my users batch file -
REM (REGISTRY EDIT FOR MASTER BROWSER)
regedit /s "\\%LOGONSERVER%\netlogon\
which automatically adds the registry string to all of my client computers.
When they boot in they automatically import that information into their systems and the computer browser service is disabled.
BTW this still doesn't fix the master browser issue. Microsoft will not fix it..and even if your not running a multihomed system, this is what you will expect.
If you go into the reskit for Windows 2000 and install browstat...I get the error message -
Browsing is active on domain.
Master browser name is: ?♠???♠
Could not connect to registry, error = 53 Unable to determine build of br
owser master: 53
Unable to determine server information for browser master: 123
1 backup servers retrieved from master ?♠???♠
\\ES1
Unable to retrieve server list from ?♠???♠: 2351
The only way I have found to fix this issue, is to bring every computer in the domain down. Then bring the ES1 machine back up first.
From there I bring the other backup servers up and the problem is resolved until I have to bring ES1 back down again for anything. I have scoured the internet and just gave up at this point. Hopefully the regfix works for you but I know this will import it at the clients end, but you will still have issues regardless.
Basically I export out a .reg file from my \HKEY_LOCAL_MACHINE\SYSTEM
For IsDomainMaster Reg_SZ = False
For MaintainServerList = No
That is on the client end. I export this registry key to a .reg..then I place the .reg into my \\%LogonSERVER%\Netlogon folder.
Then I just add this to my users batch file -
REM (REGISTRY EDIT FOR MASTER BROWSER)
regedit /s "\\%LOGONSERVER%\netlogon\
which automatically adds the registry string to all of my client computers.
When they boot in they automatically import that information into their systems and the computer browser service is disabled.
BTW this still doesn't fix the master browser issue. Microsoft will not fix it..and even if your not running a multihomed system, this is what you will expect.
If you go into the reskit for Windows 2000 and install browstat...I get the error message -
Browsing is active on domain.
Master browser name is: ?♠???♠
Could not connect to registry, error = 53 Unable to determine build of br
owser master: 53
Unable to determine server information for browser master: 123
1 backup servers retrieved from master ?♠???♠
\\ES1
Unable to retrieve server list from ?♠???♠: 2351
The only way I have found to fix this issue, is to bring every computer in the domain down. Then bring the ES1 machine back up first.
From there I bring the other backup servers up and the problem is resolved until I have to bring ES1 back down again for anything. I have scoured the internet and just gave up at this point. Hopefully the regfix works for you but I know this will import it at the clients end, but you will still have issues regardless.
Try the suggestions on http://blkviper.com for disabling services you don't need.
He also has a good explaination of what the services are and what their function is supposed to be. . .