• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1249
  • Last Modified:

Bad Master Browser Returns Broadcast Address for DC

Hi,

We've got an NT4 controlled (1 PDC, 1 BDC, name resolution via broadcast) domain with other Windows 2000 Server and Professional workstations which have been working happily for years. This week I've had two system wide failures which I've traced to computers deciding they are master browsers and returning the *broadcast* address for the network (e.g. 192.168.0.255) when queried for the DC.

Fortunately I've got a Samba server on the network which has given me more detailed logging of the problem. It reports that two computers respond to its request for domain info and the invalid information (i.e. the broadcast address) gets returned first in most cases.

Has any body encountered this or could shed any light on the cause?

My tests suggest the bad master browser is running on the XP Pro-laptop of a visitor to the organization, but even if that's the source, what's the cause?

Advice and assistance gratefully received,

Leon
0
leonst
Asked:
leonst
  • 8
  • 5
  • 3
  • +1
1 Solution
 
spareticusCommented:
you can disable machines that are problems (or definitely not going to be browse masters like xp machines)
HKLM\system\CCS\services\Browser\parameters
maintainserverlist = no

I have seen some of this when bringing new OS's into the network with an older domain...the other option would be to segment and add wins, or lmhosts

http://support.microsoft.com/default.aspx?scid=kb;en-us;102878
http://support.microsoft.com/default.aspx?scid=kb;en-us;102878
0
 
wei2aliCommented:
It's normal for computers to start broadcasting if they can't find the domain master browser.

The tell-tale detail here is "XP Pro-laptop of a visitor to the organization". The laptop obviously belongs to some other domain/workgroup. Once it's plugged into the network, it tries to find the master browser according to its own network configuration, failing this, it sends a broadcast claiming being the master browser for its own domain/workgroup.

I used to have a client who constantly plug/unplug the laptop to/from the network on the fly, causing a master browser election, but it never was able to flunk the network since I've implemented the "unorthodox" method mentioned in this thred <http://www.experts-exchange.com/Networking/WinNT_Networking/Q_20890647.html> apart from the registry hacks mentioned by Spareticus. Registry hack as is, unfortunately, never totally resolved the broadcast problems in the cases I've seen.

Another option worth exploring is to change your hubs into switches, this will reduce the negative impact of broadcasting on your network.
0
 
spareticusCommented:
his problem isn't the amount of broadcasting, it is that these other machines are taking the role of master browser, and killing his name resolution which is relying on broadcast.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
leonstAuthor Commented:
That's right spareticus: The XP Pro machine appears to have decided it's the domain master browser (DMB) but when it's queried for the DC it returns 192.168.0.255 (i.e. a broadcast address) instead of 192.168.0.11 which is the address of the DC.

With an existing DMB, why and how would another computer try to take over?

The NT4 member servers also needed rebooting to clear this problem whereas the Windows 2000 servers seemed to just carry on when the rogue computer was removed and the DCs restarted.

More info: when I ran nbtstat -n on the PDC I got:

           NetBIOS Local Name Table

   Name               Type         Status
---------------------------------------------
MYPDC             <00>  UNIQUE      Conflict
MYDOMAIN       <00>  GROUP       Registered
MYPDC             <20>  UNIQUE      Conflict
MYDOMAIN       <1C>  GROUP       Registered
MYPDC             <03>  UNIQUE      Registered
DIRREPLSA      <03>  UNIQUE      Registered
MYPDC             <01>  UNIQUE      Registered
MYDOMAIN       <1B>  UNIQUE      Registered
MYDOMAIN       <1E>  GROUP       Registered
MYDOMAIN       <1D>  UNIQUE      Registered
..__MSBROWSE__.<01>  GROUP       Registered
0
 
wei2aliCommented:
This is getting interesting. From WINS-manager, can you find out who else has registered workstation name of "MyPDC"?
0
 
leonstAuthor Commented:
No, I'm not using WINS, I'm using broadcast for name resolution.

I really don't think there is a second MYPDC (despite the duplication being listed in the event logs). If I try pinging MYPDC by name from an NT4 server it fails to resolve the name (pinging the IP address works fine). I managed to try pinging from a Windows 2000 server which resolved MYPDC to the broadcast address i.e. 192.168.0.255.
0
 
wei2aliCommented:
Tough. How about clean/reload the NTBIOS cache (ntbtstat -Rr) in the W2k server, see what you get?

I remeber seeing once this kind of situation when a network had both TCP/IP and NETBEUI installed, the solution was to remove NETBUI or reverse the order of protocol binding. Unfortuately I have no documentation on the case :(

I figure you might be reluctant to make structure changes to your existing network, but WINS wouldn't be a bad choice in your situation. Also, if you haven't already, apply ServicePack 6a to both of you DCs. There's a NetBEUI bug in SP4 allowing identity impersenation, you might be hit by the bug?
0
 
spareticusCommented:
did you disable the workstations from being potential browse master?
you will likely need to reboot the PDC also
0
 
leonstAuthor Commented:
This problem did recur and it was the same laptop that was responding as the master brower.

I'm sure spareticus' suggestion will address the problem, but I don't think I'm going to be able to find out why a workstation - ill configured or otherwise - suddenly responds to browser requests.

On this topic: What I haven't been able to get clear in my head is: on a single subnet domain do you get both a master browser and a domain master browser? Or is a DMB a special kind of MB that occurs when you have a domain controller?
0
 
spareticusCommented:
the later os version somehow allows it to win the election

that previous article discusses this to some degree, but to answer your question you will have both
0
 
leonstAuthor Commented:
Sorry about the haitius.

Spareticus: I don't think it was an election win as the original browsers still thought they were the master browsers (as far as I can tell).

The network has now been stable since I set HKLM\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList
to False on the WinXP laptop.
0
 
spareticusCommented:
if you check back to the date when the problem began...you should see events on the server indicating a browser election being forced
i am glad you got the network stable...that can be an extreme pain
0
 
leonstAuthor Commented:
Whilst I'm grateful to both Spareticus and wei2ali for your contributions I can't really call any points an "answer". But I may have to pick a random comment as an answer so I split this points.

Many thanks for your input!
0
 
spareticusCommented:
i thought the registry entry resolved the issue?  That would be the "answer"
0
 
spareticusCommented:
As I indicated in my last post, i consider my suggestion of using the registry change to have resolved his issue.  I am confused by his thinking that he did not get an answer.  He had a bad response for MB, and now he doesn't.
0
 
GhostModCommented:
PAQed, 250 points refunded.

GhostMod
Community Support Moderator
0
 
spareticusCommented:
quote from author:  The network has now been stable since I set HKLM\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList
to False on the WinXP laptop

quote from spareticus:

you can disable machines that are problems (or definitely not going to be browse masters like xp machines)
HKLM\system\CCS\services\Browser\parameters
maintainserverlist = no
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 8
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now