Windows XP domain client quering for non-existent netbios name
Posted on 2009-02-24
Windows XP clients are causing unnecessary broadcast traffic by quering for a name that does not exist anymore. This problem was found when scanning network traffic with Microsoft Network Monitor 3.2.
The address is IM.xx.xx.xx (domain bits removed). This used to be a host record for a Debian Linux that had Openfire (jabber server) installed. Now this machine has been removed and Openfire is now running on Windows 2003 server that has host record EIM.xx.xx.xx (using Windows server dns). Clients still have Spark installed and is works like a charm.
I know that Spark is not searching for old address because in network monitor software I can see netbios queries (nbtns) even if Spark is not running.
What is causing these broadcast messages? I have ran "ipconfig /flushdns", "nbtstat -R" and "nbtstat -RR".