Solved

browstat returning different results when run agains domain and domain.net

Posted on 2008-10-30
4
462 Views
Last Modified: 2012-05-05
I am using browstat.exe to test the browser configuration on our network and I get different results depending if I add .net to the domain or not.

Browstat status domain returns

Status for domain domain on transport \Device\NetBT_Tcpip_{D5445D2E-6909-4A55-BD58-A0ECC5590156}
    Browsing is active on domain.
    Master name cannot be determined from GetAdapterStatus.  Using \\PSTEST
        Master browser is running build 3790
    3 backup servers retrieved from master PSTEST
        \\PSTEST
        \\XAVIER
        \\SESKA
    There are 545 servers in domain daiglobal on transport \Device\NetBT_Tcpip_{D5445D2E-6909-4A55-BD58-A0ECC5590156}
    There are 7 domains in domain daiglobal on transport \Device\NetBT_Tcpip_{D5445D2E-6909-4A55-BD58-A0ECC5590156}


Browstat status domain.net returns

Status for domain domain.net on transport \Device\NetBT_Tcpip_{D5445D2E-6909-4A55-BD58-A0ECC5590156}
    Browsing is NOT active on domain. Status : 6118
    Master name cannot be determined from GetAdapterStatus.

Our domain is domain.net

I am running this check because about two weeks ago some users started being able to browse the network, some computers started trying to authenticate to DCs in other sites, and some computers could not find the domain when attempting to join the domain (sorry exact error not available yet as I am getting the info second hand).

Our network consists of all Windows 2003 domain controllers spread out in about 100 sites world wide.

Any one have any idea on the browser problem?

eb
0
Comment
Question by:Erik Bjers
  • 2
  • 2
4 Comments
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
This is not a browser problem, this is as it should be.
The browser service dates back to NT4, it knows exactly nothing about AD (and it's in fact not even required in an AD unless you still have NT4 clients and if you can live without the network neighborhood).
The browser list will be built for the *NetBIOS* domain name (as this is all the browser service is aware of), never for your AD domain name.
Not being able to find the domain is usually DNS related; check the articles below for the proper configuration.
Authenticating in other sites can happen if the sites aren't configured correctly, or based on DNS problems as well.

10 DNS Errors That Will Kill Your Network
http://redmondmag.com/features/article.asp?EditorialsID=413

Frequently asked questions about Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
0
 
LVL 23

Author Comment

by:Erik Bjers
Comment Utility
what you said about the browser service makes sense, hadn't thought about that.

As far as DNS problems, I can rule those out.  Nslookup returns the correct IP addresses for the domain, when pinging the domain the DC in the site responds (you change sites and the DC from the new site responds).  %logonserver%s shows the correct DC for the site.

So basically everything looks like it is working correctly, there is nothing in any of the logs, but there is a problem and it just started a few weeks ago.

eb
0
 
LVL 82

Accepted Solution

by:
oBdA earned 500 total points
Comment Utility
Neither of those methods will reliably tell you whether DNS is configured correctly.
In short: Nowhere in your domain may external DNS servers appear except for the Forwarders tab in the properties of your DNS servers, full stop. "External DNS" means any DNS server that is not authoritative for your AD domain name (including DNS servers on routers or the like).
nslookup doesn't verify this, ping doesn't verify this, %logonserver% doesn't verify this.
Check these for more troubleshooting (verify SRV entries in DNS, dcdiag.exe, netdiag.exe):
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897


How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000
http://support.microsoft.com/?kbid=321708

Do not install the Support Tools from your installation CD, some tools were updates by the Service Packs. Here are the current versions:

Windows Server 2003 Service Pack 1 32-bit Support Tools
http://www.microsoft.com/downloads/details.aspx?FamilyID=6ec50b78-8be1-4e81-b3be-4e7ac4f0912d&displaylang=en

Windows Server 2003 Service Pack 2 32-bit Support Tools
http://www.microsoft.com/downloads/details.aspx?FamilyID=96a35011-fd83-419d-939b-9a772ea2df90
0
 
LVL 23

Author Comment

by:Erik Bjers
Comment Utility
Our DNS is configured correctly, netdiag and dcdiag both come back clean.  The only place external DNS servers are used are as forwarders.  All SVR records are in place.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Learn about cloud computing and its benefits for small business owners.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now