Solved

Bad Master Browser Returns Broadcast Address for DC

Posted on 2004-03-26
19
1,216 Views
Last Modified: 2013-12-23
Hi,

We've got an NT4 controlled (1 PDC, 1 BDC, name resolution via broadcast) domain with other Windows 2000 Server and Professional workstations which have been working happily for years. This week I've had two system wide failures which I've traced to computers deciding they are master browsers and returning the *broadcast* address for the network (e.g. 192.168.0.255) when queried for the DC.

Fortunately I've got a Samba server on the network which has given me more detailed logging of the problem. It reports that two computers respond to its request for domain info and the invalid information (i.e. the broadcast address) gets returned first in most cases.

Has any body encountered this or could shed any light on the cause?

My tests suggest the bad master browser is running on the XP Pro-laptop of a visitor to the organization, but even if that's the source, what's the cause?

Advice and assistance gratefully received,

Leon
0
Comment
Question by:leonst
  • 8
  • 5
  • 3
  • +1
19 Comments
 
LVL 7

Expert Comment

by:spareticus
ID: 10691953
you can disable machines that are problems (or definitely not going to be browse masters like xp machines)
HKLM\system\CCS\services\Browser\parameters
maintainserverlist = no

I have seen some of this when bringing new OS's into the network with an older domain...the other option would be to segment and add wins, or lmhosts

http://support.microsoft.com/default.aspx?scid=kb;en-us;102878
http://support.microsoft.com/default.aspx?scid=kb;en-us;102878
0
 
LVL 3

Expert Comment

by:wei2ali
ID: 10694173
It's normal for computers to start broadcasting if they can't find the domain master browser.

The tell-tale detail here is "XP Pro-laptop of a visitor to the organization". The laptop obviously belongs to some other domain/workgroup. Once it's plugged into the network, it tries to find the master browser according to its own network configuration, failing this, it sends a broadcast claiming being the master browser for its own domain/workgroup.

I used to have a client who constantly plug/unplug the laptop to/from the network on the fly, causing a master browser election, but it never was able to flunk the network since I've implemented the "unorthodox" method mentioned in this thred <http://www.experts-exchange.com/Networking/WinNT_Networking/Q_20890647.html> apart from the registry hacks mentioned by Spareticus. Registry hack as is, unfortunately, never totally resolved the broadcast problems in the cases I've seen.

Another option worth exploring is to change your hubs into switches, this will reduce the negative impact of broadcasting on your network.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10694419
his problem isn't the amount of broadcasting, it is that these other machines are taking the role of master browser, and killing his name resolution which is relying on broadcast.
0
 
LVL 1

Author Comment

by:leonst
ID: 10695711
That's right spareticus: The XP Pro machine appears to have decided it's the domain master browser (DMB) but when it's queried for the DC it returns 192.168.0.255 (i.e. a broadcast address) instead of 192.168.0.11 which is the address of the DC.

With an existing DMB, why and how would another computer try to take over?

The NT4 member servers also needed rebooting to clear this problem whereas the Windows 2000 servers seemed to just carry on when the rogue computer was removed and the DCs restarted.

More info: when I ran nbtstat -n on the PDC I got:

           NetBIOS Local Name Table

   Name               Type         Status
---------------------------------------------
MYPDC             <00>  UNIQUE      Conflict
MYDOMAIN       <00>  GROUP       Registered
MYPDC             <20>  UNIQUE      Conflict
MYDOMAIN       <1C>  GROUP       Registered
MYPDC             <03>  UNIQUE      Registered
DIRREPLSA      <03>  UNIQUE      Registered
MYPDC             <01>  UNIQUE      Registered
MYDOMAIN       <1B>  UNIQUE      Registered
MYDOMAIN       <1E>  GROUP       Registered
MYDOMAIN       <1D>  UNIQUE      Registered
..__MSBROWSE__.<01>  GROUP       Registered
0
 
LVL 3

Expert Comment

by:wei2ali
ID: 10696074
This is getting interesting. From WINS-manager, can you find out who else has registered workstation name of "MyPDC"?
0
 
LVL 1

Author Comment

by:leonst
ID: 10696199
No, I'm not using WINS, I'm using broadcast for name resolution.

I really don't think there is a second MYPDC (despite the duplication being listed in the event logs). If I try pinging MYPDC by name from an NT4 server it fails to resolve the name (pinging the IP address works fine). I managed to try pinging from a Windows 2000 server which resolved MYPDC to the broadcast address i.e. 192.168.0.255.
0
 
LVL 3

Expert Comment

by:wei2ali
ID: 10697937
Tough. How about clean/reload the NTBIOS cache (ntbtstat -Rr) in the W2k server, see what you get?

I remeber seeing once this kind of situation when a network had both TCP/IP and NETBEUI installed, the solution was to remove NETBUI or reverse the order of protocol binding. Unfortuately I have no documentation on the case :(

I figure you might be reluctant to make structure changes to your existing network, but WINS wouldn't be a bad choice in your situation. Also, if you haven't already, apply ServicePack 6a to both of you DCs. There's a NetBEUI bug in SP4 allowing identity impersenation, you might be hit by the bug?
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10704215
did you disable the workstations from being potential browse master?
you will likely need to reboot the PDC also
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 1

Author Comment

by:leonst
ID: 10716757
This problem did recur and it was the same laptop that was responding as the master brower.

I'm sure spareticus' suggestion will address the problem, but I don't think I'm going to be able to find out why a workstation - ill configured or otherwise - suddenly responds to browser requests.

On this topic: What I haven't been able to get clear in my head is: on a single subnet domain do you get both a master browser and a domain master browser? Or is a DMB a special kind of MB that occurs when you have a domain controller?
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10716945
the later os version somehow allows it to win the election

that previous article discusses this to some degree, but to answer your question you will have both
0
 
LVL 1

Author Comment

by:leonst
ID: 10760878
Sorry about the haitius.

Spareticus: I don't think it was an election win as the original browsers still thought they were the master browsers (as far as I can tell).

The network has now been stable since I set HKLM\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList
to False on the WinXP laptop.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10760901
if you check back to the date when the problem began...you should see events on the server indicating a browser election being forced
i am glad you got the network stable...that can be an extreme pain
0
 
LVL 1

Author Comment

by:leonst
ID: 10760925
Whilst I'm grateful to both Spareticus and wei2ali for your contributions I can't really call any points an "answer". But I may have to pick a random comment as an answer so I split this points.

Many thanks for your input!
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10760937
i thought the registry entry resolved the issue?  That would be the "answer"
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10761494
As I indicated in my last post, i consider my suggestion of using the registry change to have resolved his issue.  I am confused by his thinking that he did not get an answer.  He had a bad response for MB, and now he doesn't.
0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 10794536
PAQed, 250 points refunded.

GhostMod
Community Support Moderator
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10794596
quote from author:  The network has now been stable since I set HKLM\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList
to False on the WinXP laptop

quote from spareticus:

you can disable machines that are problems (or definitely not going to be browse masters like xp machines)
HKLM\system\CCS\services\Browser\parameters
maintainserverlist = no
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now