Solved

Bad Master Browser Returns Broadcast Address for DC

Posted on 2004-03-26
19
1,244 Views
Last Modified: 2013-12-23
Hi,

We've got an NT4 controlled (1 PDC, 1 BDC, name resolution via broadcast) domain with other Windows 2000 Server and Professional workstations which have been working happily for years. This week I've had two system wide failures which I've traced to computers deciding they are master browsers and returning the *broadcast* address for the network (e.g. 192.168.0.255) when queried for the DC.

Fortunately I've got a Samba server on the network which has given me more detailed logging of the problem. It reports that two computers respond to its request for domain info and the invalid information (i.e. the broadcast address) gets returned first in most cases.

Has any body encountered this or could shed any light on the cause?

My tests suggest the bad master browser is running on the XP Pro-laptop of a visitor to the organization, but even if that's the source, what's the cause?

Advice and assistance gratefully received,

Leon
0
Comment
Question by:leonst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 3
  • +1
19 Comments
 
LVL 7

Expert Comment

by:spareticus
ID: 10691953
you can disable machines that are problems (or definitely not going to be browse masters like xp machines)
HKLM\system\CCS\services\Browser\parameters
maintainserverlist = no

I have seen some of this when bringing new OS's into the network with an older domain...the other option would be to segment and add wins, or lmhosts

http://support.microsoft.com/default.aspx?scid=kb;en-us;102878
http://support.microsoft.com/default.aspx?scid=kb;en-us;102878
0
 
LVL 3

Expert Comment

by:wei2ali
ID: 10694173
It's normal for computers to start broadcasting if they can't find the domain master browser.

The tell-tale detail here is "XP Pro-laptop of a visitor to the organization". The laptop obviously belongs to some other domain/workgroup. Once it's plugged into the network, it tries to find the master browser according to its own network configuration, failing this, it sends a broadcast claiming being the master browser for its own domain/workgroup.

I used to have a client who constantly plug/unplug the laptop to/from the network on the fly, causing a master browser election, but it never was able to flunk the network since I've implemented the "unorthodox" method mentioned in this thred <http://www.experts-exchange.com/Networking/WinNT_Networking/Q_20890647.html> apart from the registry hacks mentioned by Spareticus. Registry hack as is, unfortunately, never totally resolved the broadcast problems in the cases I've seen.

Another option worth exploring is to change your hubs into switches, this will reduce the negative impact of broadcasting on your network.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10694419
his problem isn't the amount of broadcasting, it is that these other machines are taking the role of master browser, and killing his name resolution which is relying on broadcast.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 1

Author Comment

by:leonst
ID: 10695711
That's right spareticus: The XP Pro machine appears to have decided it's the domain master browser (DMB) but when it's queried for the DC it returns 192.168.0.255 (i.e. a broadcast address) instead of 192.168.0.11 which is the address of the DC.

With an existing DMB, why and how would another computer try to take over?

The NT4 member servers also needed rebooting to clear this problem whereas the Windows 2000 servers seemed to just carry on when the rogue computer was removed and the DCs restarted.

More info: when I ran nbtstat -n on the PDC I got:

           NetBIOS Local Name Table

   Name               Type         Status
---------------------------------------------
MYPDC             <00>  UNIQUE      Conflict
MYDOMAIN       <00>  GROUP       Registered
MYPDC             <20>  UNIQUE      Conflict
MYDOMAIN       <1C>  GROUP       Registered
MYPDC             <03>  UNIQUE      Registered
DIRREPLSA      <03>  UNIQUE      Registered
MYPDC             <01>  UNIQUE      Registered
MYDOMAIN       <1B>  UNIQUE      Registered
MYDOMAIN       <1E>  GROUP       Registered
MYDOMAIN       <1D>  UNIQUE      Registered
..__MSBROWSE__.<01>  GROUP       Registered
0
 
LVL 3

Expert Comment

by:wei2ali
ID: 10696074
This is getting interesting. From WINS-manager, can you find out who else has registered workstation name of "MyPDC"?
0
 
LVL 1

Author Comment

by:leonst
ID: 10696199
No, I'm not using WINS, I'm using broadcast for name resolution.

I really don't think there is a second MYPDC (despite the duplication being listed in the event logs). If I try pinging MYPDC by name from an NT4 server it fails to resolve the name (pinging the IP address works fine). I managed to try pinging from a Windows 2000 server which resolved MYPDC to the broadcast address i.e. 192.168.0.255.
0
 
LVL 3

Expert Comment

by:wei2ali
ID: 10697937
Tough. How about clean/reload the NTBIOS cache (ntbtstat -Rr) in the W2k server, see what you get?

I remeber seeing once this kind of situation when a network had both TCP/IP and NETBEUI installed, the solution was to remove NETBUI or reverse the order of protocol binding. Unfortuately I have no documentation on the case :(

I figure you might be reluctant to make structure changes to your existing network, but WINS wouldn't be a bad choice in your situation. Also, if you haven't already, apply ServicePack 6a to both of you DCs. There's a NetBEUI bug in SP4 allowing identity impersenation, you might be hit by the bug?
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10704215
did you disable the workstations from being potential browse master?
you will likely need to reboot the PDC also
0
 
LVL 1

Author Comment

by:leonst
ID: 10716757
This problem did recur and it was the same laptop that was responding as the master brower.

I'm sure spareticus' suggestion will address the problem, but I don't think I'm going to be able to find out why a workstation - ill configured or otherwise - suddenly responds to browser requests.

On this topic: What I haven't been able to get clear in my head is: on a single subnet domain do you get both a master browser and a domain master browser? Or is a DMB a special kind of MB that occurs when you have a domain controller?
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10716945
the later os version somehow allows it to win the election

that previous article discusses this to some degree, but to answer your question you will have both
0
 
LVL 1

Author Comment

by:leonst
ID: 10760878
Sorry about the haitius.

Spareticus: I don't think it was an election win as the original browsers still thought they were the master browsers (as far as I can tell).

The network has now been stable since I set HKLM\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList
to False on the WinXP laptop.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10760901
if you check back to the date when the problem began...you should see events on the server indicating a browser election being forced
i am glad you got the network stable...that can be an extreme pain
0
 
LVL 1

Author Comment

by:leonst
ID: 10760925
Whilst I'm grateful to both Spareticus and wei2ali for your contributions I can't really call any points an "answer". But I may have to pick a random comment as an answer so I split this points.

Many thanks for your input!
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10760937
i thought the registry entry resolved the issue?  That would be the "answer"
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10761494
As I indicated in my last post, i consider my suggestion of using the registry change to have resolved his issue.  I am confused by his thinking that he did not get an answer.  He had a bad response for MB, and now he doesn't.
0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 10794536
PAQed, 250 points refunded.

GhostMod
Community Support Moderator
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10794596
quote from author:  The network has now been stable since I set HKLM\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList
to False on the WinXP laptop

quote from spareticus:

you can disable machines that are problems (or definitely not going to be browse masters like xp machines)
HKLM\system\CCS\services\Browser\parameters
maintainserverlist = no
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question