Duplicate name exists error
Now, I'm pretty advanced I think on this subject (AD), but this particular issue has just got me baffled to no end! If I could give 1000pts I would! :)
Here's my AD environment & my issue - a simple single forest/domain, W2K3 SP2, 10 branch locations with sites/subnets configured for each. All run well...except at 1 branch. At this problem branch, everything is fine really, EXCEPT for the fact that upon bootup of my DC, I get the nice "Duplicate name exists on the network" error. Now, I certainly and by all means know what this is saying.....BUT, there is absolutely no device at this branch or on my entire domain with this same hostname. An extra caveat to note...the error only occurs at this branch on there subnet. We have different subnets (10.100.., 10.101...etc. This branch is a 10.108 subnet). If I place this server on a different subnet with its current hostname, it's fine. But, in the 10.108 subnet, I get this error. I've checked every PC, & printer at this location to verify they have different host names and they all do. I've run the "Find" feature in AD U&C and came up with NOTHING but this server name. When I ping this server name, it returns with it's current static IP address. If I rename the server and ping this problem name, I get no replies. We do not run WINS. Can someone direct me how to maybe run a query or something to find the problem? I've tried flushing the DNS cache on several machines and this server. Thing is, the server has been rebuilt and even replaced and still receive the error. When I did do a rebuild, etc., I ran the metadata cleanup NTDSUTIL and that didn't resolve it either.
And btw....this issue has actually been going on for over 2yrs!!!! (seriously; I inherited it..oh joy)
Thanks in advance!
~coolsport00-
Here's my AD environment & my issue - a simple single forest/domain, W2K3 SP2, 10 branch locations with sites/subnets configured for each. All run well...except at 1 branch. At this problem branch, everything is fine really, EXCEPT for the fact that upon bootup of my DC, I get the nice "Duplicate name exists on the network" error. Now, I certainly and by all means know what this is saying.....BUT, there is absolutely no device at this branch or on my entire domain with this same hostname. An extra caveat to note...the error only occurs at this branch on there subnet. We have different subnets (10.100.., 10.101...etc. This branch is a 10.108 subnet). If I place this server on a different subnet with its current hostname, it's fine. But, in the 10.108 subnet, I get this error. I've checked every PC, & printer at this location to verify they have different host names and they all do. I've run the "Find" feature in AD U&C and came up with NOTHING but this server name. When I ping this server name, it returns with it's current static IP address. If I rename the server and ping this problem name, I get no replies. We do not run WINS. Can someone direct me how to maybe run a query or something to find the problem? I've tried flushing the DNS cache on several machines and this server. Thing is, the server has been rebuilt and even replaced and still receive the error. When I did do a rebuild, etc., I ran the metadata cleanup NTDSUTIL and that didn't resolve it either.
And btw....this issue has actually been going on for over 2yrs!!!! (seriously; I inherited it..oh joy)
Thanks in advance!
~coolsport00-
ASKER
Thank you for the posts "Chief". I don't believe I have metadata.. DCDiag is fine. I have checked DNS/AD many times and am clean there. Have no multi-homed servers/PCs in our environment. As far as the MS article, I saw that some time ago, which prompted me to run nbtstat...I found nothing. The MS article references using netdom for XP to do a rename...but that's not what I want to do. Let me say that yes, I could rename this DC to something else, but that isn't solving the root problem, which of course is a duplicate computer name somewhere seemingly only in this subnet. I'd like to somehow learn how I can find this PC with the same name as my DC and change its name. Thank you in advance.
~coolsport00
~coolsport00
LET's NOT rename the DC:
I think you were on the right track with NBTstat.
WINS cache purge and LMhost files:
Try NBTstat -RR (This reparairs and refreshes the WINS cache). If this is truley a netbios problem, check your servers c:\windows\system32\driver
DNScache purge and HOST files
Simularly: Flush the DNS cache by going to the command prompt and typing IPconfig /flushDNS.
Also, check the c:\windows\system32\driver
(MUP provider) You might have a cached MUP (multiple UNC provider) setting on the server. Rebooting the server doesn't get rid of these. So, maybe purging the MUPcache will remove this error: At the command prompt, you could try DFSutil /purgemupcache
__________________________
This is what I think your problem is. I think you have a multihomed domain controller. This is defined as a domain controller with two or more IPs. This could mean 2+ IPs on one NIC or 2+nics with IPs. If they are on the same subnet, bot NICs could be providing Netbios. So, you may get a "duplicate name exists" error because both NICs are saying "Howdy" when sending out netbios broadcast that say, "I am Here." Both IPs are picked up and you get "duplicate name exists" on the network.
I think you were on the right track with NBTstat.
WINS cache purge and LMhost files:
Try NBTstat -RR (This reparairs and refreshes the WINS cache). If this is truley a netbios problem, check your servers c:\windows\system32\driver
DNScache purge and HOST files
Simularly: Flush the DNS cache by going to the command prompt and typing IPconfig /flushDNS.
Also, check the c:\windows\system32\driver
(MUP provider) You might have a cached MUP (multiple UNC provider) setting on the server. Rebooting the server doesn't get rid of these. So, maybe purging the MUPcache will remove this error: At the command prompt, you could try DFSutil /purgemupcache
__________________________
This is what I think your problem is. I think you have a multihomed domain controller. This is defined as a domain controller with two or more IPs. This could mean 2+ IPs on one NIC or 2+nics with IPs. If they are on the same subnet, bot NICs could be providing Netbios. So, you may get a "duplicate name exists" error because both NICs are saying "Howdy" when sending out netbios broadcast that say, "I am Here." Both IPs are picked up and you get "duplicate name exists" on the network.
ASKER
I will look at your suggestion a bit more tomorrow. One thing I can respond on is multi-homed. That can't be true. Why? As I originally posted, this error only happens in the 10.108 subnet. I have only 1 DC in that subnet. I have 1 DC in my other subnets (2 at my Main branch location). If I boot this server in any of those other subnets, I do not receive the dup name error.
Thank you for all your input "Chief". :)
Thank you for all your input "Chief". :)
Do you have any kind of smb gateway services running ? something similar to SAMBA on linux.
ASKER
No
Do you have access to a tool to run a network trace of a bootup to see if it's really getting a conflict off the network, or if it's just something internal to the server?
Coolsport:
According to the M$ article, this has to do with netbios names, not DNS.
Are you running WINS? If so, could this be a tombstoned WINS record or a left over WINS record. Those wouldn't show up on a DCdiag or netdiag test, I don't believe.
According to the M$ article, this has to do with netbios names, not DNS.
Are you running WINS? If so, could this be a tombstoned WINS record or a left over WINS record. Those wouldn't show up on a DCdiag or netdiag test, I don't believe.
ASKER
Yeah...this really does has something to do with netbios. We're not running WINS (& I apologize, i hadn't attempted your previous post as yet...been away from the office). I ran many switches with the nbtstat util and came up empty. How do I find a tombstoned WINS record (even though we haven't ran that the past 2 1/2 yrs I've been here?
Thanks "Chief".
Thanks "Chief".
ASKER
"Dexro"...how do I do that? Again, this really can't be specifically server (only) related becuz I've rebuilt this server, and even replaced it at one point (but due to other issues, have since reinstalled the previous server). So, it's certainly something on the network, and even more specific, on this particular subnet ONLY. We don't run WINS on this subnet, nor the domain as a whole. The only thing we run on this DC is print services and DHCP.
It might be more than you want to get in to. If you have a team that supports the network directly, you might ask them about setting up a network trace.
If you can recreate the error when the server is on-line, the easiest thing to do would probably be to set up Windows network monitor (serach microsoft.com for "network monitor" for the latest version download, or just install the built-in version from CD) and capture traffic that way. If this only happens when the server is booting up, you might look at something like Wireshark (www.wireshark.org) running on another machine to trace the traffic.
Once you have a tool set up to capture traffic, you repro the error, and then walk through the network trace packet by packet looking for evidence there of the error.
If you can recreate the error when the server is on-line, the easiest thing to do would probably be to set up Windows network monitor (serach microsoft.com for "network monitor" for the latest version download, or just install the built-in version from CD) and capture traffic that way. If this only happens when the server is booting up, you might look at something like Wireshark (www.wireshark.org) running on another machine to trace the traffic.
Once you have a tool set up to capture traffic, you repro the error, and then walk through the network trace packet by packet looking for evidence there of the error.
http://compnetworking.about.com/od/windowsnetworking/f/duplicate_name.htm
Since everything I am reading on this subject leads to netbios, let's track down netbios records that are stored and cached on the server.
Wins/netbiosnames has many similarities to DNS/HostA records.
1) DNScache is like WINS cache. To delete Wins cache go to the command prompt and type NBTstat -rr
2) Client computers and servers have a C:\system32\drivers\ect\HO
3) The computer NetBIOS name is stored in the system registry at:Are there duplicate registry keys>
\CurrentControlSet\Control
4) If I remember right you can ping by hostname and it should resolve by hostname. Then, you can ping by hostname2 and it will supply the address to hostname2. Try that and see if you get a different resolution to the host IP.
__________________________
5) Do you have NetBEUI installed: I have read a post where NetBEUI was the culprite. They uninstalled NetBEUI and the problem went away. I am thinking you may have looked at this thread because you said you looked at printers.
http://forums.speedguide.net/showthread.php?t=65527&page=3
I was recommending you look for tombstoned WINS records. But, you haven't installed WINS and therefore shouldn't have a WINS database> (not having WINS narrows this down to pretty much any of the above:
http://technet.microsoft.com/en-us/library/cc759148.aspx
Since everything I am reading on this subject leads to netbios, let's track down netbios records that are stored and cached on the server.
Wins/netbiosnames has many similarities to DNS/HostA records.
1) DNScache is like WINS cache. To delete Wins cache go to the command prompt and type NBTstat -rr
2) Client computers and servers have a C:\system32\drivers\ect\HO
3) The computer NetBIOS name is stored in the system registry at:Are there duplicate registry keys>
\CurrentControlSet\Control
4) If I remember right you can ping by hostname and it should resolve by hostname. Then, you can ping by hostname2 and it will supply the address to hostname2. Try that and see if you get a different resolution to the host IP.
__________________________
5) Do you have NetBEUI installed: I have read a post where NetBEUI was the culprite. They uninstalled NetBEUI and the problem went away. I am thinking you may have looked at this thread because you said you looked at printers.
http://forums.speedguide.net/showthread.php?t=65527&page=3
I was recommending you look for tombstoned WINS records. But, you haven't installed WINS and therefore shouldn't have a WINS database> (not having WINS narrows this down to pretty much any of the above:
http://technet.microsoft.com/en-us/library/cc759148.aspx
ASKER
Yes...everything I've researched leads me to believe it's netbios as well. But, this is NOT server-based. This server in question, if you recall, has been 1. rebuilt and 2. replaced with a different server. The problem is somewhere ON THE PARTICULAR SUBNET as this is the only place I get this error.
I tried deleting the cache, but only on the server; I guess I could try other workstations on this subnet. I checked most of their HOST/LMHOST file and they are clean.
NetBEUI can't be the issue because that protocol was discontinued with 2K3/XP (see: http://support.microsoft.com/kb/317507 and http://support.microsoft.com/kb/306059/). Pinging by hostname gives me the IP address of the server, which is correct. It doesn't give me the IP of the "duplicate" as well. My server is named "computer" (for posting purposes, keeping it simple here). Somewhere else ON THIS SUBNET ONLY I assume there is another computer name called "computer". So, I don't understand what you mean by pinging hostname then hostname2?
This is just ridiculous isn't it???
I tried deleting the cache, but only on the server; I guess I could try other workstations on this subnet. I checked most of their HOST/LMHOST file and they are clean.
NetBEUI can't be the issue because that protocol was discontinued with 2K3/XP (see: http://support.microsoft.com/kb/317507 and http://support.microsoft.com/kb/306059/). Pinging by hostname gives me the IP address of the server, which is correct. It doesn't give me the IP of the "duplicate" as well. My server is named "computer" (for posting purposes, keeping it simple here). Somewhere else ON THIS SUBNET ONLY I assume there is another computer name called "computer". So, I don't understand what you mean by pinging hostname then hostname2?
This is just ridiculous isn't it???
I didn't expect this to be easy, as I have seen your skills in action. Knowing that you have been trying to track this down made me anticipate this one will be tricky.
Since these are most likely netbios broadcasts, have you considered something like wireshark to see who is spitting out that name?
Since these are most likely netbios broadcasts, have you considered something like wireshark to see who is spitting out that name?
ASKER
Hmm...not sure if that'll work. My netwk engnr uses that on occasion here at my org, and he says that it probably won't work as it captures things after getting to the OS, whereas this error occurs upon bootup. I'm not sure NETBIOS/this error is a broadcast type is it?
Yes...everything I've researched leads me to believe it's netbios as well. But, this is NOT server-based. This server in question, if you recall, has been 1. rebuilt and 2. replaced with a different server. The problem is somewhere ON THE PARTICULAR SUBNET as this is the only place I get this error.
Then, this almost has to be a conflict with the browselist. The old DC that this server replaced may have a cached record on the server that holds the browselist. That should be your PDCe.
Go to the command prompt and type. Browstat /status. That should give you a list of master browsers and backup browsers for that site. Then, go to each one of those that carry the browselist and type NBTstat -rr. You may have to do this twice. I have seen NBTstat -rr not work the first time.
Go to the PDCe and the backup
Then, this almost has to be a conflict with the browselist. The old DC that this server replaced may have a cached record on the server that holds the browselist. That should be your PDCe.
Go to the command prompt and type. Browstat /status. That should give you a list of master browsers and backup browsers for that site. Then, go to each one of those that carry the browselist and type NBTstat -rr. You may have to do this twice. I have seen NBTstat -rr not work the first time.
Go to the PDCe and the backup
If the above doesn't work, with this problematic server unplugged, ping the name to see if it resolves to an IP address. If so. Go to your browser and look at the C$ admin shares of that comptuer that still exists to see if you can figure out what computer it is.
ASKER
I have 10 DCs, but only 1 (at our main branch) hosts all FSMO roles. So, run it there? Then run nbtstat on the servers that show what? I'm sorry "Chief"...I guess I need a bit more clarity on running this as I've never run browstat before.
Thanks a bunch for the continued support!!! It's MUCH appreciated!
Thanks a bunch for the continued support!!! It's MUCH appreciated!
ASKER
You know something I also forgot to add...when I go to the NIC on this server, I can uncheck Enable LMHOSTS lookup and the error doesn't happen. At least I think that was what I did (I did this a couple mos or so ago). But, that would only be a band-aid fix; I want to get to the root of this, ya know? What are the ramifications of leaving that setting unchecked? I assume nothing since we don't run WINS
Well, there is the issue. There are two LMHOST records. If you enabled LMHOST lookup, your server will look in it's LMHOST file prior to looking for a WINS server.
There might be more than one LMHOST file. The one we want to edit, I think, is in C:\Windows\System32\driver
Remove all records, including the loopback address of 127. I just looked at mine and they are no addresses in those.
LMHOST files were used if a WINS server was needed, but WINS server was not available. It is similar with DNS. HOST files can be manually configured if a DNS server is needed but not available on that site. SINCE YOU DO NOT NEED WINS, (unless you want both site A, and B to combine the browselist), then you don't need these LMHOST files.
There might be more than one LMHOST file. The one we want to edit, I think, is in C:\Windows\System32\driver
Remove all records, including the loopback address of 127. I just looked at mine and they are no addresses in those.
LMHOST files were used if a WINS server was needed, but WINS server was not available. It is similar with DNS. HOST files can be manually configured if a DNS server is needed but not available on that site. SINCE YOU DO NOT NEED WINS, (unless you want both site A, and B to combine the browselist), then you don't need these LMHOST files.
ASKER
The server has no entries...and I checked several PCs earlier today (am at home now) and they were all empty as well. I didn't make it through all PCs, but could that be it...a PC with an entry in it conflicting with this server host name?
ASKER
All PC LMHOST files are "clean"...no entries; the HOST file only has the loopback addy. I'm stumped. :(
On top of these "most common causes" of your error>
http://windowswideopen.com/blog/2007/09/10/event_id_7023_-_a_duplicate_name_exists_on_the_network_split_registration_behavior/
I also heard host based printers may cause this problem. Host based printers may be registering as the host computer name. I will have to look up the fix. Please review the above article to see if this resolves your problem, while I look up HOST based printer problems with Netbios registration.
http://windowswideopen.com/blog/2007/09/10/event_id_7023_-_a_duplicate_name_exists_on_the_network_split_registration_behavior/
I also heard host based printers may cause this problem. Host based printers may be registering as the host computer name. I will have to look up the fix. Please review the above article to see if this resolves your problem, while I look up HOST based printer problems with Netbios registration.
ASKER
I don't even get an event in EV. I assume cuz this is error happens upon bootup. I tested the LMHOST setting again and that actually doesn't rectify this error. So I re-enabled the LMHOST setting and instead selected to "Disable NETBIOS over TCP/IP" and that is what makes the error not appear.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
"Chief"...no dice :(
I ran nbtstat -c and it displayed 2 devices (dev1234 <20> UNIQUE 10.10.10.10 123)
OK...as I'm typing this, I did another NBTstat command that is interesting. Let's use my name ID on here to refer to the conflicting/duplicate hostname to ease confusion.
I ran NBTstat -a coolsport00 (using -A you have to use the IP, which I'm not having a problem with; only the hostname so I used the -a switch). What I got displayed was the following:
C:\NBTstat -a coolsport00
Node IpAddress: [10.10.10.10]
NETBIOS REMOTE MACHINE NAME TABLE
NAME TYPE STATUS
COOLSPORT00 (00) UNIQUE REGISTERED
NTLXVIDEO (00) GROUP REGISTERED
MAC = XX-XX-XX-XX-XX-XX
Now, I have NO idea what NTLXVIDEO is. It's not the name of any host on our network or subnet. But, it seems (maybe) this is our problem?...not sure. And, the MAC addy is not the MAC of "coolsport00" (the server name). So, I find this quite interesting.
I ran nbtstat -c and it displayed 2 devices (dev1234 <20> UNIQUE 10.10.10.10 123)
OK...as I'm typing this, I did another NBTstat command that is interesting. Let's use my name ID on here to refer to the conflicting/duplicate hostname to ease confusion.
I ran NBTstat -a coolsport00 (using -A you have to use the IP, which I'm not having a problem with; only the hostname so I used the -a switch). What I got displayed was the following:
C:\NBTstat -a coolsport00
Node IpAddress: [10.10.10.10]
NETBIOS REMOTE MACHINE NAME TABLE
NAME TYPE STATUS
COOLSPORT00 (00) UNIQUE REGISTERED
NTLXVIDEO (00) GROUP REGISTERED
MAC = XX-XX-XX-XX-XX-XX
Now, I have NO idea what NTLXVIDEO is. It's not the name of any host on our network or subnet. But, it seems (maybe) this is our problem?...not sure. And, the MAC addy is not the MAC of "coolsport00" (the server name). So, I find this quite interesting.
ASKER
And, when I run NBTStat -c it actually displays that "device" (or whatever it is)
NetBIOS Remote Cache Name Table
NAME TYPE HOST ADDRESS LIFE
NTLXVIDEO (00) GROUP 10.10.10.11 123
NetBIOS Remote Cache Name Table
NAME TYPE HOST ADDRESS LIFE
NTLXVIDEO (00) GROUP 10.10.10.11 123
Well, I think we found it!!!
I looked up NTLXVIDEO, (google search):
The NTLXVIDEO is a component of American Dynamics Software Development Kit:
So, I looked at the manual for that:
http://www.americandynamics.net/WebApps/getDocument.aspx?filename=8200-0755-00%20A0%204.1%20API%20SDK%20User%20Manual.pdf
Where it says in the system overview:
That the device is a DVR and storage server for video data.
The overview also says it is network compatible.
That could mean your CCTV (closed circuit TV or security camera computer/DVR) may have the same name as your server.
I looked up NTLXVIDEO, (google search):
The NTLXVIDEO is a component of American Dynamics Software Development Kit:
So, I looked at the manual for that:
http://www.americandynamics.net/WebApps/getDocument.aspx?filename=8200-0755-00%20A0%204.1%20API%20SDK%20User%20Manual.pdf
Where it says in the system overview:
That the device is a DVR and storage server for video data.
The overview also says it is network compatible.
That could mean your CCTV (closed circuit TV or security camera computer/DVR) may have the same name as your server.
ASKER
Exactly. I spoke w/my director who is mostly responsible for this setup throughout our org (including the branch locations) and he mentioned this could be the case. They actually are not part of our domain but are on our network. A vendor actually is responsible for these devices. So, that being said, I will look at the "naming" on these DVR devices at this branch. Until I can get out there to verify, I will keep this open. THANKS A BUNCH CHIEF! :)
Coolsport:
Since this was a netbios problem. I'm thinking this has to be the local CCTV system. Netbios is not routeable without WINS. In disabling the netbios over TCP/IP, you told me this is local because Netbios resolves off broadcasts. So, focus on your local CCTV (security camera) system.
Since this was a netbios problem. I'm thinking this has to be the local CCTV system. Netbios is not routeable without WINS. In disabling the netbios over TCP/IP, you told me this is local because Netbios resolves off broadcasts. So, focus on your local CCTV (security camera) system.
ASKER
What I actually needed to run was "NBTSTAT -a problemhostname". ChiefIT commented on a lot of switches, but just had the wrong one displayed; BUT, he certainly got me pointed in the right direction.
Since I'm still waiting on the Branch Mgr to get in touch with me about this, I'm not going to keep this open, since it may be a while before I can actually check what I need to. If I need to re-address this, I'll open another question and reference this post. Thanks "Chief"!!!
Since I'm still waiting on the Branch Mgr to get in touch with me about this, I'm not going to keep this open, since it may be a while before I can actually check what I need to. If I need to re-address this, I'll open another question and reference this post. Thanks "Chief"!!!
ASKER
In my "closing post", I meant to say that I'm going to CLOSE this question....(not keep it open). Ooops :)
ASKER
Hey "Chief"...just wanted to give you an update (finally) on this, even tho this is closed. This WAS due to the DVR equipment as we assumed it was. I had the ADT team go to the branch and rename both DVRs. I haven't had a chance to actually be at the branch to reboot the server to see if the error has gone away, but I certainly assume so since 1 of the 2 DVR names were called the same as my server. Thanks again for all the work/troubleshooting!
Regards.
Regards.
Excellent:
As a side note, as soon as I saw your name on this, I knew this wasn't going to be easy. I think you have excellent skills and hope to see you around more often.
As a side note, as soon as I saw your name on this, I knew this wasn't going to be easy. I think you have excellent skills and hope to see you around more often.
Sounds like you have metadata from that node. Run DCdiag to see if there is any records of tombstones. It sounds like you checked DNS and AD.
Another possibility is both NICs have been registerd in DNS. Do you have a multi-homed computer that could be registering more than one set of DNS data?