We help IT Professionals succeed at work.

Stop XP workstations from trying to be MASTER BROWSER?

1,248 Views
Last Modified: 2012-06-27
Recently I have experienced some workstations becoming master browsers.  This began after I put them behind a firewall to prevent their network traffic from broadcasting on the primary LAN subnet (they are developing network code).  I suspect that the firewall is blocking NetBios traffic in some form.  Anyway, I have tried changing the registry key from Auto to FALSE for MaintainServerList on one workstation as a test.  This stops the problem, but even though my WINS is running on two servers, browsing on those workstations becomes extremely slow - 10 secs to find the domain, another 10 to get the server list.  I know users will not like this since they are used to fast browsing (35 users).  Should I expect it to be this slow? Or is there some other config I need to check.  WINS looks fine - is running and registrations are correct.  BROWSTAT shows the PDC as MASTER and other servers as backups.  Oh - I also tried shutting down the browser service instead of the registry change with identical results.  Thanks --Dale
Comment
Watch Question

CERTIFIED EXPERT

Commented:
You can disable the browser service.

Go to Start and select Administrative Tools or (Settings, Control Panels, then Administrative Tools). Select Services. Right-click on Computer Browser and select Properties. Change Startup Type to Disabled. Click Stop and OK.
In case it doesn't go without saying, be sure to =test= entcee's recommendation before deploying it en masse, as you may have some applications or services that depend on that services being running.

Author

Commented:
Thanks - but - see my post - when I shut down the browser service (or set the DWORD to FALSE) I get the very slow browsing response on the wkstations which I can't pass on the the users.  Is this slow behaviour to be expected? I only have 35 users.
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
When using NetBIOS, you will need (at least) one Master Browser (not to be confused with the Domain Master Browser) *per* *subnet*. Having a WINS server alone isn't enough. Since you seem to have at least two subnets, likely one with your servers and another one for your desktops, you'll have the PDC Emulator as Domain Master Browser in your server network, any other DCs will be Backup browsers, other domain members will be potential browsers.
In your desktop subnet, if there are 35 machines, you'll have/need one master browser and one backup browser. There's usually no need to disable the browser service on machines that aren't multi-homed.

Description of the Microsoft Computer Browser Service
http://support.microsoft.com/?kbid=188001

Author

Commented:
Thanks - I have one subnet on my LAN which includes my servers and the desktops.  I have one other subnet hidden behind a router. Router WAN address makes is a member of my primary subnet.    I am trying to find the reason for the very slow workstation broswing when that workstation has browsing service turned off or MaintainServerList=FALSE.  Does this indicate a problem elsewhere on the LAN?   I'd like to be able to stop any or all workstations from asserting a master browser election but can't do it if this slow behaviour is the cost.  Thanks -Dale
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
Now, where, how, and why exactly is that firewall installed? Sorry, but you lost me here.
If the workstations can't access the domain master browser because of the firewall (that is, if NetBIOS traffic to the DC is blocked), then of course a browser election will be forced, because when a machine uses NeBIOS, it needs a master browser, even if it is itself. (From the link above: "If there is not a domain controller present on a given network segment, then an election process is started that chooses a master browser and backup browser from the computers on the segment [...]".) There's no point in using NetBIOS in your network if at the same time you're blocking NetBIOS by a firewall.
NetBIOS requires UDP ports 137/138 and TCP port 139 to function.

Service overview and network port requirements for the Windows Server system
http://support.microsoft.com/?kbid=832017

Troubleshooting the Microsoft Computer Browser Service
http://support.microsoft.com/?kbid=188305

Information on Browser Operation
http://support.microsoft.com/?kbid=102878

Author

Commented:
I am in a network hardware/software development environment. The firewall is used to temporarily isolate a development project from my primary LAN so that broadcast traffic on the equipment being developed does not impact others.  It's functioning like a router.  It's apparently blocking NetBios traffic so the workstations behind it are trying to become the master browser.  I can solve this for now by opening up the firewall to pass netbios traffic both directions, but I was considering a network wide prohibition against workstations forcing an election as a general rule (using group policies).  When testing this on a sinlge workstation, I noticed the very slow response when a workstation has the browser service disabled, etc.  Let me restate my question , and I'll try to break it down.  (1) Do I need to worry about imposing this restriction on workstations this or is this generally not a problem, and (2) if I should (or reasonably CAN) disable workstations from trying to become a master, is it expected to see this very slow browsing?  I know my users will never accept that delay.  I hope this makes more sense.
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
To answer both at once: No, I've never seen a network where it was necessary to manipulate the browser service in a major way.
The only machines that should *never* become a browser are multi-homed machines.
The problems you're experiencing should stop once the NetBIOS traffic can pass again.
Any specific reason why you don't just put the development machines into a real subnet, thus containing the development broadcasts automatically?

Author

Commented:
Thanks - I have a very simple LAN environment - one subnet, one DHCP scope, etc.  I am using unmanaged switches.  I guess I'm not clear on the steps to create a "real" subnet given this configuration - I would not want to destabilize or further complicate the existing environment - but I'm open to any suggestions! --Dale
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
Usually with a hardware router, or through a W2k3 machine with 2 NICs and RRAS.
Then again: are you really producing that much broadcast traffic with 35 clients that it's noticeable?
How did you determine that it's broadcast traffic that slows down your network, and where is it coming from?

Author

Commented:
I am placing software developers on this subnet. They are working on network code - very much "under development".  We have had the LAN slow to a halt from excessive broadcasts and that surfaced the need for some isolation.  The hardware router option you are suggesting is exactly what I am doing with the firewall.  The WAN side of the firewall is on the company LAN, and it is serving dynamic addresses etc to the clients behind it, as well as acting as a default gateway to access LAN/WAN resources.  This essentially creates a "real" subnet unless I'm missing something. Am I?
--Dale
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
A few days ago I opened up the NetBIOS ports on the router/firewall and I have not had any browser election issues so far.  I think I'll keep an eye on this - I just had a managed switch delivered - maybe I can set up VLANs and do the isolation that way.  In any case, thanks for your persistent help - I appreciate it.  --Dale
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.