Solved

The master browser has received a server announcement from the computer that believes that it is the master browser for the domain on transport NetBT_Tcpip_A563D8D5-4C37-4BD2-B6. The master browser is

Posted on 2004-02-11
59,072 Views
Last Modified: 2011-08-18
I got this error in my system.log file and Network become too slow.
The master browser has received a server announcement from the computer <computer Name >  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A563D8D5-4C37-4BD2-B6. The master browser is stopping or an election is being forced.
0
Question by:rehman123
    10 Comments
     
    LVL 44

    Expert Comment

    by:CrazyOne
    http://www.winguides.com/registry/display.php/54/

    Control Network Browser Elections (Windows NT/2000/XP) Popular
    A browser election is a normal network occurrence and provides a means to guarantee there is never more than one master browser present in a domain or workgroup.

     This tweak can be easily applied using WinGuides Tweak Manager.
    Download a free trial now!

    Open your registry and find the key below.
    To control which computer is the Domain Master Browser, create a new string value, or modify the existing value, named "IsDomainMaster" and set the value to equal either "Yes", "No" or "Auto".

    To prevent an NT Workstation or Server (non-PDC) from acting as a browser, create a new string value, or modify the existing value, named "MaintainServerList" and set it "No", the other options are "Yes", "No" or "Auto".

    Restart Windows for the change to take effect.

    Note: These values may also be standard boolean values in the form "True/False" or "0/1".

    Registry Settings
    System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters]
    Value Name: IsDomainMaster, MaintainServerList
    Data Type: REG_SZ (String Value)
    0
     
    LVL 44

    Expert Comment

    by:CrazyOne
    On the other mahcine(s) set the IsDomainMaster to no
    0
     

    Author Comment

    by:rehman123
    Is that the reason Why  Network beome  too slow? User's can't  connect  althought  it was  fine till morning.
    0
     
    LVL 44

    Expert Comment

    by:CrazyOne
    Quite Frankly I don't know. You could possibly have a NIC that is misbehaving like maybe it has gone bad or the drivers just need to be reinstalle etc
    0
     
    LVL 44

    Accepted Solution

    by:
    http://www.eventid.net/display.asp?app=Top10&eventid=8003


    Event ID: 8003
    Source Browser  
    Type Error  
    Description The master browser has received a server announcement from the computer <Windows NT client> that believes that it is the master browser for the domain on transport <NetBT>. The master browser is stopping or an election is being forced.  
    Comments Niendertal (Last update 9/27/2003):
    In my case this error was right after I installed a new machine with Win2kPro. On the Event Viewer of the DC this error started to appear. To fix this I configured the WINS in my DC. But you can resolve this error with lmhosts on the network for netbios name resolution. If you do not want to configure WINS on your server, Microsoft has related information about this problem and how to resolve this with your network Routers. Just make sure the routers on the network are not forwarding UDP broadcasts. See Q190930.

    Adrian Florin Moisei (Last update 4/30/2003):
    If the event occurs in the domain controller's system log see Q135464.

    Woodrow Wayne Collins
    The subnet mask of the Windows 2000 client computer is incorrect or is different from the primary domain controller. The client computer has attempted to promote itself to the master browser of the subnet and has failed.
    To Fix: Change the TCP/IP protocol configuration to the correct subnet mask. See Q143153 and Microsoft Messages links.

    This can also be caused when routers or switches are misconfigured and propagate UDP port 137 and 138 broadcasts. In this case large numbers of event 8003 appear in the event log. Also check Q190930 for more information.  
    Links Q135464 , Q143153 , Q190930 , Microsoft Messages  
    Send comments   -    Notify me when updated  
    Automatic search for "Event 8003 Browser" at:
    Support @ Microsoft  -  Search @ Microsoft  -  Google Newsgroups  -  Google Microsoft    
       
    Source MRxSmb  
    Type Error  
    Description The master browser has received a server announcement from the computer <computer name> that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7545DFC-BA6C-4712-81. The master browser is stopping or an election is being forced.  
    Comments Ionut Marin (Last update 11/2/2003):
    From a newsgroup post: "I just resolved a similar issue. My IP address and netmask were correct so according to TechNet I should not be getting this error message. I did an "ipconfig /release" followed by a "/renew" and received the 8003 message again. Therefore, I disabled the adapter then enabled it and everything is fine. Did another "ipconfig /release, /renew" and no message came up on the server. Note: This adapter had a static IP configuration at one time when it was connected to another network. Perhaps that was not cleaned up 100% when I changed it to DHCP. Disabling and enabling the adapter seemed to reset the configuration completely".

    Dan Israel (Last update 9/27/2003):
    Client desktop or workstations using Win XP Pro can cause this issue if the built in Internet Connection Firewall is active.  Because this feature interferes with the network browsing, the client will attempt to become the Master Browser. Disabling the setting under browser/parameter will block the attempt to become master, but the client will still have difficult seeing and being seen in the workgroup/domain.

    Michael Hopkinson
    The actual commands to be applied to the Cisco router are:
    "no ip forward-protocol udp NetBIOS-ns"
    and
    "no ip forward-protocol udp netbios-dgm"
    This will prevent each VLAN or segment from seeing the others when sending out NetBIOS broadcasts.  You should end up with a valid master browser in each segment and no longer have these Events on your DC.

    Woodrow Wayne Collins
    See also Microsoft W2K Resource Kit link.

    Damien Murphy
    Related to Cisco routers that have IP helper statements that point back to the DHCP server: This also occurs with "ip-helpering" if the DHCP server is a Windows 2000 Domain Controller holding the PDC Emulator Role (as it is the Domain Master Browser).

    Adrian Grigorof
    In order to stop this error from occuring, use Regedit and set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList from Auto or YES to FALSE

    This will prevent the computer from attempting to become a Domain Master Browser and compete with Domain Controllers. If the server is a domain controller it is advisable to leave it with the default settings.

    Kevin Biddick
    Look for NT 4.0 Domain controller that is hosting DHCP and Cisco routers that have IP helper statements that point back to the DHCP server. The default IP helper setings cause master browser elections.  


    Source Rdr  
    Type Error  
    Description The master browser has received a server announcement from the computer CORPSHR01 that believes that it is the master browser for the domain on transport NetBT_N1001. The master browser is stopping or an election is being forced.  
    Comments Adrian Grigorof
    This event may be genereate in various conditions - some of them are not errors per se. For example a PDC is started and it will send announcements to the network that it is the Master Browser  (a PDC is always the Master Browser). In this case, the existing Master Browser will generate an 8003 message in the event log. Sometimes, an improperly configured computer (i.e. wrong subnet mask) does not detect the existing Master Browser so it announces itself as the Master Browser.

    Adrian Florin Moisei (Last update 4/19/2003):
    From a newsgroup post: "The error references a specific Win 98 client and is occurs repeatedly despite the fact that both the client and the NT Server are both running continuously. A Win98 machine will do this when File and Print Sharing has been enabled. Even if you don't share anything, by simply installing F&P Sharing, you'll cause elections to occur. This is because by default, Win9x machines have Browse Master set to Automatic. When Win98 starts, it first checks to see if a master browser is already present for its designated workgroup. If a master browser server does not exist, or if some problem exists that prevents the Win9x machines from determining who the browse master is, an election occurs.

    To use F&P Sharing, but stop the elections from occurring, go into the Properties for F&P Sharing and set Browse Master to Disabled. Then, reboot for the changes to take effect."  
    Links Q188305 , Q143153 , Q135464
    0
     
    LVL 44

    Expert Comment

    by:CrazyOne
    0
     
    LVL 22

    Expert Comment

    by:jvuz
    As for the slow connection, look for spyware/adware:

    SpyBot-S&D

    SpyBot-S&D is an adware and spyware detection and removal tool. This includes removal of certain advertising components, that may gather statistics as well as detection of various keylogging and other spy utilities. In addition, it also securely removes PC and Internet usage tracks, including browser history, temporary pages, cookies (with option to keep selected) and more. The program offers an attractive outlook-style interface that is easy to use and multi-lingual. SpyBot-S&D allows you to exclude selected cookies, programs or extensions from being reported, allowing you to prevent false positive messages for items that you dont want to be alerted of every time. It can even scan your download directory for files that have been downloaded, but not yet installed, allowing you to detect unwanted programs before you even install them. SpyBot produces a detailed and easy to understand report before it deletes any files and allows you to deselect any item that you do not want to be processed. In addition, a recovery feature allows you to restore your settings if needed. Very nice tool, that exceeds the capabilities of the popular Ad-Aware application.

    http://www.webattack.com/download/dlspybot.shtml

    Ad-aware

    AdAware is a privacy tool, that scans your memory, registry, hard, removable and optical drives for known data-mining, aggressive advertising, and tracking components. It then lists the results and offers to remove or quarantine the components. The program detects a wide range of adware/spyware related issues and can be updated with the latest signatures via the built-in update utility. Please be advised that removing certain components may impact the functionality of effected software applications. You should fully read the included Ad-aware documentation before removing any files!

    http://www.webattack.com/download/dladaware.shtml


    HijackThis

    HijackThis is a tool, that lists all installed browser add-on, buttons, starup items and allows you to inspect them, and optionally remove selected items. The program can create a backup of your original settings and also ignore selected items. Additional features include a simple list of all startup items, default start page, online updates and more. Intended for advanced users.

    http://www.webattack.com/download/dlhijackthis.shtml

    Keylogger Hunter

    Keylogger Hunter is a program that attempts to detect any keyloggers that may be running on your computer. It performs a system analysis, which takes about 3-5 minutes and then produces a list of suspicious files (if any). It detected 2 out of 3 running keyloggers in our test. Future versions are planned to be shareware.

    http://www.webattack.com/download/dlklhunter.shtml

    KL-Detector

    KL-Detector is designed to provide a way to find out whether your activity is being recorded with a keylogger application. It uses the fact that most keyloggers create a hidden log file on your hard drive and therefore scans for any suspicious activity during a test period that you have to initiate. Basically, it asks you to use the keyboard for several minutes, type some text or do similar activities, while it is monitoring your system to check if it can detect any suspicious logging activity. KL-Detector is intended for occasional use and not as a permanently running program, as normal PC activity may cause false positives. During our test, it did detect changes in a keylogger log file (that we installed), but it did not find the activity suspicious enough to warn us. Advanced users may get value by inspecting the logged items, however novice users should not rely on the results.

    http://www.webattack.com/download/dlkldetector.shtml

    X-Cleaner Free

    XCleaner is a privacy tool suite that detects and removes installed spyware and adware components and includes tools to securely delete files, edit the registry, disable startup programs and more. Additional features include IE home page protection, cookie, cache and history cleaning, built-in password generator and more. This free version also contains some additional feature options, however they are disabled and require upgrade to a full version. The spyware and adware scanning as well as many cleaning features however can be used freely.

    http://www.webattack.com/download/dlxcleaner.shtml

    SpywareBlaster

    SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage. This allows you to run Internet Explorer with Active-X enabled, but it will never download or even prompt you for any of the known ActiveX controls. All other Active-X controls or plug-ins will work fine. The SpywareBlaster database contains information on these known spyware Active-X controls and can be updated with the click of a button. The application windows displays a list of all controls that it is able to detect (this is not a list of what was found on your computer). The program cannot detect if you have any of the known objects already installed, but if you do, they will be disabled. The program also allows you to take a snapshot of your computer (certain settings) in its clean state and later revert many changes made by spyware and browser hijackers.

    http://www.webattack.com/download/dlspywareblaster.shtml

    SpywareGuard

    SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected. If this is the case, it initially blocks access to the file and then allows the user to select an action. SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates. It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns. The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer and others.

    http://www.webattack.com/download/dlspywareguard.shtml


    SpySites

    SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software. You can select the sites from the list, or optionally add all of them, or only the "worst offenders". The program then adds the URLs to the IE Restricted Zone settings. Once configured, there is no need to run the program again, unless you want to add additional sites.

    http://www.webattack.com/download/dlspysites.shtml
    0
     
    LVL 44

    Expert Comment

    by:CrazyOne
    Along with jvuz thinking

    Double Check for viruses
    Online Scanners

     Norton Web Services  
    Go to this page and click on Scan for Viruses
    http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=REODSKVYRMHCGVRVRMN

    It needs to download a few file so as to activate the scan so you may see a message like this.

    "The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.

    The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
     
    Downloading Scan for Viruses controls. Please wait...
     
    During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
     
    Note: Scan for Viruses does not scan compressed files"

    ======================
     Trend Micro HouseCall        
    www.housecall.antivirus.com
    "Trend Micro's free online virus scanner
    In order to better serve our customers, we ask HouseCall users to register before scanning their computer.  By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"
    http://housecall.antivirus.com/housecall/start_corp.asp

    ======================
    eTrust Online antivirus scanner
    http://www3.ca.com/virusinfo/virusscan.aspx
    ======================

    PC Pitstop Virus Scan
    Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month
    http://www.pcpitstop.com/antivirus/default.asp
    0
     
    LVL 4

    Expert Comment

    by:jcoppin
    Paranoid people.
    There is nothing wrong, this is typical behavior on an NT  domain.
    0
     
    LVL 3

    Expert Comment

    by:NJDfan1711
    No it's not typical behavior on an NT domain. In my case I had several computers, both XP workstations and member servers, constantly forcing elections because my PDC would not hold the Master Browser role.

    Adding the suggested registry entries fixed the problem.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Suggested Solutions

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    What do we know about Legacy Video Conferencing? - Full IT support needed! - Complicated systems at outrageous prices! - Intense training required! Highfive believes we need to embrace a new alternative.
    We often encounter PDF files that are pure images, that is, they do not have text characters, but instead contain only raster graphics. The most common causes of this are document scanning software and faxing software/services that create image-only…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    699 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    26 Experts available now in Live!

    Get 1:1 Help Now