Solved

Using WINS to browse across subnets

Posted on 2004-08-07
23
3,292 Views
Last Modified: 2008-03-10
I've just divided our network into two subnets.  On subnet A lives the PDC. On subnet B lives the new WINS server.  The DHCP configuration for both subnets includes the option for the WINS server.

When I browse the network from any machine (on subnet A or B), the only systems that are displayed are the ones on subnet A.  Obviously I would like to be able to browse any machine from both subnets.  When I check the WINS configuration I see that the machines on subnet B are indeed being registered in WINS.

It looks to me like the workstations are using broadcasts to announce themselves to browsers. Since the PDC is on a different subnet, the machines in subnet B aren't getting registered on its browse list.  I had thought that because the PDC shows up under WINS as the DMB, clients would automatically register themselves with it instead of broadcasting, but it looks like that isn't the case.  So I guess I need a local Master Browser for subnet B, which somehow has to synchronize with the PDC/DMB.  But I can't figure out how to set this up.

Thanks!
0
Comment
Question by:mnuss
  • 13
  • 9
23 Comments
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11744002
The NetBIOS Computer Browser service is fairly self-managing, but it might help to configure your servers as Preferred Master Browsers in the registry. Information on how to configure this service can be found at http://www.microsoft.com/technet/prodtechnol/winntas/support/chptr3.mspx
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 11744095
Have you tried setting up the two WINS server to replicate with each other?

In WINS expand your server name and you should see a folder called Replication Partners.

Right click and select New Replication Partner.

Enter the IP address of the other WINS server.

Give them a little time to replicate and you should be able to see machine from both subnets.

Dave Dietz
0
 
LVL 1

Author Comment

by:mnuss
ID: 11744111
First, I goofed when describing the subnets. Both the WINS server and the PDC are on subnet A (10.40.x.x).  Subnet B (10.0.1.x) is just workstations.  The subnets are connected through a Linux firewall/router.  On to the problem at hand...

dlwyatt82:

I tried to set up a machine running Windows 2000 Server to be the segment Master Browser for subnet B, using the registry edits in the link, but it didn't seem to work.

The output of BROWSTAT STATUS from that machine (called TEST-2000) looks like this:

Status for domain MYDOMAIN on transport \Device\NetBT_Tcpip_{1CE0A69C-E2CA-421A-B
612-E35CC6173965}
    Browsing is active on domain.
    Master name cannot be determined from GetAdapterStatus.  Using \\ERP
Could not connect to registry, error = 5        Unable to determine build of bro
wser master: 5
   Unable to determine server information for browser master: 5
    3 backup servers retrieved from master ERP
        \\ERP
        \\DEFCON4
        \\MAIL2
    There are 4 servers in domain MYDOMAIN on transport \Device\NetBT_Tcpip_{1CE0
A69C-E2CA-421A-B612-E35CC6173965}
    There are 1 domains in domain MYDOMAIN on transport \Device\NetBT_Tcpip_{1CE0
A69C-E2CA-421A-B612-E35CC6173965}

This is clearly wrong.  ERP, DEFCON4, and MAIL2 are all on subnet A.  What's going on here?
0
 
LVL 1

Author Comment

by:mnuss
ID: 11744113
Dave_Dietz:

I don't think a second WINS server is necessary (though I could be wrong), as WINS doesn't maintain the browse lists.  I could be wrong...
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11744153
It looks to me like you don't have any systems on Subnet B configured to be potential master browsers. If you just added a Win2000 server to subnet B, configure it to be a preferred master browser, and then use Browstat to force an election.
0
 
LVL 1

Author Comment

by:mnuss
ID: 11744189
dlwyatt82:

That is exactly what I said I did. Did you read my response?
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11744209
You didn't say anything about forcing an election on subnet B
0
 
LVL 1

Author Comment

by:mnuss
ID: 11744225
dlwyatt82:

You're right, I didn't mention it. I did do it, however. On test-2000, I typed:

browstat elect \Device\NetBT_Tcpip_{1CE0A69C-E2CA-421A-B612-E35CC6173965} MYDOMAIN

When i type browstat status, i still get the same response as above.
When I type browstat getmaster \Device\NetBT_Tcpip_{1CE0A69C-E2CA-421A-B612-E35CC6173965} MYDOMAIN, it says "Unable to get Master: Access is denied."
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11744238
Hmm, I don't believe I've ever seen an "Access Denied" message when using browstat getmaster... Silly question, but did you join TEST-2000 to the domain?
0
 
LVL 1

Author Comment

by:mnuss
ID: 11744248
dlwyatt82:

Yes, if I go to the system properties on TEST-2000, it is a member of the domain.  Is there anything special I need to do on the PDC? I wouldn't think so...
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11744276
Not that I know of... I'm rather stumped :(

Clearly you're not having an NBT packet-forwarding issue, because when you run browstat from subnet B, you're getting a response from your PDC. I don't know what could cause that Access Denied error when you try to do browstat getmaster on subnet B.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 1

Author Comment

by:mnuss
ID: 11744327
OK, here's another question. What should a packet trace look like for a normal election process?

When I run the browstat elect command, I can see a "Browser Election Request" packet from TEST-2000 to 10.0.1.255, followed by several "Browser Election Request" packets from other machines on the 10.0.1 subnet.  Is there some sort of "I Win the Election" packet that I should be seeing? (I'm using Ethereal).
0
 
LVL 1

Author Comment

by:mnuss
ID: 11744367
More interesting notes from the packet trace: In the election request packet coming from TEST-2000, the "master browser" flag is not set, and the OS is set to 0x10.  I did some research and found that the last computer to broadcast an election request is the winner, and that machine turns out to be a Linux box, which for some reason is showing up with an OS of 0x14 in the trace.  If a Linux box is winning the election I wouldn't be surprised that it's not working right.
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11744502
Interesting... I don't know a great deal about Linux, but why is it participating in a NetBIOS Browser election? Seems like you should disable whatever module is doing that on the Linux machine.
0
 
LVL 1

Author Comment

by:mnuss
ID: 11744585
It's running samba (it allows Linux machines to use NetBIOS/SMB/etc). I'm going to take a look at the configuration on that machine to see if I can tell it not to participate in elections. What I'm more concerned about is why the 2000 Server machine doesn't seem to be properly identifying its operating system.
0
 
LVL 1

Author Comment

by:mnuss
ID: 11764949
OK, I've made some progress here. I fixed samba on the Linux machine so that it is no longer participating in browser elections.  The 2000 machine is now acting as the master browser for subnet B.  From subnet B, I can now view all machines in both subnets, however, in subnet A, I can still only see machines in subnet A.  We had to temporarily disable the WINS server to try to figure out why we were having another (unrelated to this question) network issue, so that might explain why.  We're going to re-enable WINS tomorrow, so we'll see what happens then.
0
 
LVL 14

Accepted Solution

by:
dlwyatt82 earned 500 total points
ID: 11766601
Actually, the NT browser service doesn't really rely on WINS. The master browser of any given subnet is supposed to send its lists to the domain's PDC. I believe you have already read the information in this knowledgebase article, but if not, check out http://support.microsoft.com/default.aspx?scid=kb;en-us;188305

It details the stages of Browser list transmissions, and you may be able to find out why the server on Subnet B has not been able to communicate with the PDC.
0
 
LVL 1

Author Comment

by:mnuss
ID: 11766848
Actually, according to that article (which was very helpful, thanks), it *does* rely on WINS (or an lmhosts, or being on the same subnet and using broadcasts), because the PDC needs to be able to resolve the SMB's name in order to receive its list.  I went through the troubleshooting steps in the article and found that the PDC is unable to resolve the name of the SMB, so this is almost certainly why it's not working.
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11766909
You're absolutely right, I had forgotten that pesky little detail :)

When you built the new 2000 server on subnet B, did you configure its network adapter with the correct WINS address? If so, you might try running a "nbtstat -R" and "nbtstat -RR" to refresh its WINS records, and see if the PDC can resolve the name correctly.
0
 
LVL 1

Author Comment

by:mnuss
ID: 11766992
Well as I mentioned, we disabled WINS, that's why it isn't working!

We're going to turn WINS back on tomorrow once we're satisfied that the other issue has been solved.
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11767012
Someone slap me. Sorry for the idiot comment :)
0
 
LVL 1

Author Comment

by:mnuss
ID: 11767204
No problem, it happens to the best of us ;-)
0
 
LVL 1

Author Comment

by:mnuss
ID: 11773842
Success! Thanks for the help.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now