Solved

Bad Master Browser Returns Broadcast Address for DC

Posted on 2004-03-26
19
1,224 Views
Last Modified: 2013-12-23
Hi,

We've got an NT4 controlled (1 PDC, 1 BDC, name resolution via broadcast) domain with other Windows 2000 Server and Professional workstations which have been working happily for years. This week I've had two system wide failures which I've traced to computers deciding they are master browsers and returning the *broadcast* address for the network (e.g. 192.168.0.255) when queried for the DC.

Fortunately I've got a Samba server on the network which has given me more detailed logging of the problem. It reports that two computers respond to its request for domain info and the invalid information (i.e. the broadcast address) gets returned first in most cases.

Has any body encountered this or could shed any light on the cause?

My tests suggest the bad master browser is running on the XP Pro-laptop of a visitor to the organization, but even if that's the source, what's the cause?

Advice and assistance gratefully received,

Leon
0
Comment
Question by:leonst
  • 8
  • 5
  • 3
  • +1
19 Comments
 
LVL 7

Expert Comment

by:spareticus
ID: 10691953
you can disable machines that are problems (or definitely not going to be browse masters like xp machines)
HKLM\system\CCS\services\Browser\parameters
maintainserverlist = no

I have seen some of this when bringing new OS's into the network with an older domain...the other option would be to segment and add wins, or lmhosts

http://support.microsoft.com/default.aspx?scid=kb;en-us;102878
http://support.microsoft.com/default.aspx?scid=kb;en-us;102878
0
 
LVL 3

Expert Comment

by:wei2ali
ID: 10694173
It's normal for computers to start broadcasting if they can't find the domain master browser.

The tell-tale detail here is "XP Pro-laptop of a visitor to the organization". The laptop obviously belongs to some other domain/workgroup. Once it's plugged into the network, it tries to find the master browser according to its own network configuration, failing this, it sends a broadcast claiming being the master browser for its own domain/workgroup.

I used to have a client who constantly plug/unplug the laptop to/from the network on the fly, causing a master browser election, but it never was able to flunk the network since I've implemented the "unorthodox" method mentioned in this thred <http://www.experts-exchange.com/Networking/WinNT_Networking/Q_20890647.html> apart from the registry hacks mentioned by Spareticus. Registry hack as is, unfortunately, never totally resolved the broadcast problems in the cases I've seen.

Another option worth exploring is to change your hubs into switches, this will reduce the negative impact of broadcasting on your network.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10694419
his problem isn't the amount of broadcasting, it is that these other machines are taking the role of master browser, and killing his name resolution which is relying on broadcast.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Author Comment

by:leonst
ID: 10695711
That's right spareticus: The XP Pro machine appears to have decided it's the domain master browser (DMB) but when it's queried for the DC it returns 192.168.0.255 (i.e. a broadcast address) instead of 192.168.0.11 which is the address of the DC.

With an existing DMB, why and how would another computer try to take over?

The NT4 member servers also needed rebooting to clear this problem whereas the Windows 2000 servers seemed to just carry on when the rogue computer was removed and the DCs restarted.

More info: when I ran nbtstat -n on the PDC I got:

           NetBIOS Local Name Table

   Name               Type         Status
---------------------------------------------
MYPDC             <00>  UNIQUE      Conflict
MYDOMAIN       <00>  GROUP       Registered
MYPDC             <20>  UNIQUE      Conflict
MYDOMAIN       <1C>  GROUP       Registered
MYPDC             <03>  UNIQUE      Registered
DIRREPLSA      <03>  UNIQUE      Registered
MYPDC             <01>  UNIQUE      Registered
MYDOMAIN       <1B>  UNIQUE      Registered
MYDOMAIN       <1E>  GROUP       Registered
MYDOMAIN       <1D>  UNIQUE      Registered
..__MSBROWSE__.<01>  GROUP       Registered
0
 
LVL 3

Expert Comment

by:wei2ali
ID: 10696074
This is getting interesting. From WINS-manager, can you find out who else has registered workstation name of "MyPDC"?
0
 
LVL 1

Author Comment

by:leonst
ID: 10696199
No, I'm not using WINS, I'm using broadcast for name resolution.

I really don't think there is a second MYPDC (despite the duplication being listed in the event logs). If I try pinging MYPDC by name from an NT4 server it fails to resolve the name (pinging the IP address works fine). I managed to try pinging from a Windows 2000 server which resolved MYPDC to the broadcast address i.e. 192.168.0.255.
0
 
LVL 3

Expert Comment

by:wei2ali
ID: 10697937
Tough. How about clean/reload the NTBIOS cache (ntbtstat -Rr) in the W2k server, see what you get?

I remeber seeing once this kind of situation when a network had both TCP/IP and NETBEUI installed, the solution was to remove NETBUI or reverse the order of protocol binding. Unfortuately I have no documentation on the case :(

I figure you might be reluctant to make structure changes to your existing network, but WINS wouldn't be a bad choice in your situation. Also, if you haven't already, apply ServicePack 6a to both of you DCs. There's a NetBEUI bug in SP4 allowing identity impersenation, you might be hit by the bug?
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10704215
did you disable the workstations from being potential browse master?
you will likely need to reboot the PDC also
0
 
LVL 1

Author Comment

by:leonst
ID: 10716757
This problem did recur and it was the same laptop that was responding as the master brower.

I'm sure spareticus' suggestion will address the problem, but I don't think I'm going to be able to find out why a workstation - ill configured or otherwise - suddenly responds to browser requests.

On this topic: What I haven't been able to get clear in my head is: on a single subnet domain do you get both a master browser and a domain master browser? Or is a DMB a special kind of MB that occurs when you have a domain controller?
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10716945
the later os version somehow allows it to win the election

that previous article discusses this to some degree, but to answer your question you will have both
0
 
LVL 1

Author Comment

by:leonst
ID: 10760878
Sorry about the haitius.

Spareticus: I don't think it was an election win as the original browsers still thought they were the master browsers (as far as I can tell).

The network has now been stable since I set HKLM\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList
to False on the WinXP laptop.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10760901
if you check back to the date when the problem began...you should see events on the server indicating a browser election being forced
i am glad you got the network stable...that can be an extreme pain
0
 
LVL 1

Author Comment

by:leonst
ID: 10760925
Whilst I'm grateful to both Spareticus and wei2ali for your contributions I can't really call any points an "answer". But I may have to pick a random comment as an answer so I split this points.

Many thanks for your input!
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10760937
i thought the registry entry resolved the issue?  That would be the "answer"
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10761494
As I indicated in my last post, i consider my suggestion of using the registry change to have resolved his issue.  I am confused by his thinking that he did not get an answer.  He had a bad response for MB, and now he doesn't.
0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 10794536
PAQed, 250 points refunded.

GhostMod
Community Support Moderator
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10794596
quote from author:  The network has now been stable since I set HKLM\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList
to False on the WinXP laptop

quote from spareticus:

you can disable machines that are problems (or definitely not going to be browse masters like xp machines)
HKLM\system\CCS\services\Browser\parameters
maintainserverlist = no
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question