Avatar of Spike99
Spike99Flag for United States of America asked on

Why are incorrect server names showing up for User Sessions in the Shared Folders Snap-in?

We have a fairly large server farm with nearly 100 terminal servers, 2 or 3 domain controllers, and about 10 file servers.  Since many of our customers are on terminal server load-balanced clusters, it can sometimes be challenging to figure out which terminal server they are on.  So, we use the Shared Folders snap-in in the computer management console for their file server to see which terminal server their session is on.

The problem is:  the server name that shows up in this list of user Shared Folder sessions is just wrong.  The server names that show up for some users make it appear they have sessions on servers they don't have rights to log on to.  Other server names that show up are old servers that are no longer in prodcution.  The incorrect server names are consistent:  Server A always shows up as Server B in the Shared Folders Sessions list.

Where does the MMC Mgt. Console or Shared Folders snap-in get the names for the servers?  I checked DNS & WINS: the old servers no longer have entries.  Obviously, the production servers do have entries, but I don't understand how a user on Server A would appear to have a session on Server B in the Shared Folders snap-in even though that user couldn't possibly be logged on to Server B.  Also, why does a user on Server C appear to have a session on decommissioned Server D, which doesn't even exist anymore (because it has either been moth-balled or reimaged/renamed using our new naming conventions).

Also, the machine accounts for the old servers were removed from active directory.  Some IPs have of decomm'ed server have been re-used, but one of the File Servers in question was put into production AFTER those old servers were re-imaged & the IPs re-used for other servers, so those particular file servers should have no knowledge of terminal servers that went out of prodcution before they went into production themselves.

Thank you in advance for your help,

Alicia
Microsoft Legacy OSMicrosoft Server OSWindows Server 2003

Avatar of undefined
Last Comment
Alan Huseyin Kayahan

8/22/2022 - Mon
SOLUTION
Alan Huseyin Kayahan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Spike99

MrHusy:

Thanks for the reply, but there is no reason why these users would even have "browse" sessions on the terminal servers in question, either because the servers no longer exist or because they would be unable to log on to those servers.

DNS & WINS entries for the old servers have been removed and their Active Directory machine accounts have been deleted.

Perhaps, I have not explained the situation very well.  I'll try to give a generic example.

In the computer management console of FileServer1, a user is listed as having an open "Shared Folders" session on Terminal Server A.  Terminal Server A no longer exists & searching in TSAdmin reveals that the user is actually logged on to Terminal Server X.

Another similar issue is that some users who work for Customer 1 appear to have open Shared Folder sessions on terminal servers belonging to Customer 2.  Both servers are actually in production, but neither customer has rights to log on to the other customer's terminal servers.  Because of HIPPAA regulations, there is no crossover in the teriminal servers pertaining to each customer:  users can only log on to their own terminal servers. In fact, terminal servers aren't even backed up in our environment because they don't host any shared drives, printers or files.  The only "backup" we do is to periodically snap an image of the server in case one fails & we need to put another into production very quickly. So, it wouldn't be possible for Customer 1's users to have an open "browse" session open on Customer 2's terminal server.

I don't think the problem lies it's the DNS cache of the file server since I can't ping the old server from the FS (host not found error).  Also, when I ping the production servers by name, the name resolves to the correct IP addresses.  I don't think I checked the HOSTS file though.

I'll flush DNS & checkthe HOSTS file & then I'll add another note with my results.

Thanks,

Alicia
Alan Huseyin Kayahan

 That sessions mmc snap-in is nothing more than the "net sessions" command. I know that credidentals are cached and you can remove it by running net session \\terminalservername /delete , but I dont think and presume that computernames are cached by net session, but above command worths a try.
   I am still around the previous renaming and reimaging issue. I have a couple of questions
      1)Do you still see the old names listed in My network places> entire network> Microsoft networks> yourdomain in fileservers or terminal servers?
      2) Do you have any errors in domain controllers' eventlogs about a "master browser election" mrxsmb something like that?
         Have you ever restarted your domain controllers after renaming essential servers? If not, I would suggest you to shutdown your domain controllers and renamed servers, wait for a couple of minutes, then power up domain controller that holds fsmos (as previously known as PDC) first , then power up the other servers.
        Under normal circumstances, you shouldnt have to do that kind of power down/ups. Master browser tasks are handled within periods (For example you remove or rename a computer, but when you open my network places, it still gets listed for some time, then gets lost). But it looks like something is wrong with that.
       The only explainations that makes sense for your issue are above I suspect. It would be great if other experts have participated and posted their thoughts and comments.
     
Regards
ASKER
Spike99

MrHusy,

I checked into what you said & I don't think that using the NET SESSION command will really work.  Although, I am not all that familiar with the command, after I googled it, it seems that it has the same effect as disconnecting a user's session in the shared folder snap-in.  We don't have a problem with the sessions being stuck, we just have an issue where the name of terminal server that hosts that "shared folder" session is incorrect.  In any case, all those sessions are cleared out at least twice a week when our terminal servers are rebooted, so I don't think trying it is necessary.

The old server names are not listed in the Windows Network.  There are also a bunch of mrxsmb errors in the event logs but, according to the MS KB article I found, they're of little consequence and no action needs to be taken:

Event Type:                           Error
Event Source:      MRxSmb
Event Category:      None
Event ID:                            8003
Date:            5/29/2008
Time:            11:23:27 AM
User:            N/A
Computer:                           <PDC name>
Description:
The master browser has received a server announcement from the computer <USER CLIENT PC NAME> that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FE59850A-BAD. The master browser is stopping or an election is being forced.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00   ......N.
0008: 00 00 00 00 43 1f 00 c0   ....C..À
0010: 00 00 00 00 00 00 00 00   ........
0018: 03 03 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........


I also checked into the reboot schedule of the domain controllers in our environment: apparently, we don't have one.  I am not high enough in the IT food chain to make decisions on reboot schedules, but I will discuss rebooting the DCs on a regular basis with one of the senior engineers.

In the mean time, I found a workaround to the issue of finding out which server a user is on.  It works really well & is even faster than using the Shared Folders snap-in to find user sessions.

I found a utility called TSSessionNfo.exe that will search all terminal servers in your domain for a user.  I found that utility on this page:

http://www.ctrl-alt-del.com.au/CAD_TSUtils.htm

The syntax for using the TSSessionNfo command is this:

Tssessionnfo <username> /server:*

But since we have so many terminal servers, it can take a while to find a user session unless you narrow it down somewhat, so you can type the command like this to search only terminal servers with names that begin with CC:
Tssessionnfo <username> /server:CC*

I developed a DOS script that will prompt for server name & then the user name.  I put a * at the end of the command to enable people to just enter a portion of the server name so they will search a group of terminal servers (all servers for each customer begin with the same string of letters).  This is much faster than searching for user sessions in the Shared Folders snap-in.

Thanks for you help,

Alicia
@echo off
 
echo type in servername
set /p servername=
 
echo type in username
set /p username=
 
tssessionnfo.exe %username% /server:%servername%*
 
@pause
 
quit

Open in new window

I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER CERTIFIED SOLUTION
Spike99

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Spike99

MrHusy,
For your assistance, I awarded 100 points to you.
Thanks for trying to help.
Alicia
Alan Huseyin Kayahan

Thanks Alicia, nice to hear that issue is resolved