Certain machines hiding in My Network Places

Hello,

We are having trouble seeing PCs and other servers in My Network Places from domain controllers only.  We inherited this network, so we wonder if the previous network admins set something on the domain controller to force hiding of computers and other domain controllers in My Network Places.  We need to remote install some anti-virus software to the workstations from the domain controller, but as long as the domain controller appears to hide machines and other domain controllers, the anti-virus software will not see the computer/server list coming from My Network Places either.  Please help.

Mike
miket71Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

authen-techCommented:
Go to one of the servers that does not show up...go to control panel...network connection properties...

Click Install / Protocol
Select NWlink..blahblah...NetBIOS.

After installing this you should be able to see that server on the network neighborhood screen from other computers.  

hope that helps!

0
miket71Author Commented:
They never had Novell though, so we're not sure if adding NWLink would help.  It would only have to removed later anyways.  The original builders of the domain must have done something else to make the original domain controllers hide themselves and PCs in My Network Places when trying to browse from the domain controller.
0
kadadi_vIT AdminCommented:
How many pc's on your network menas can you identify that pc's which are not shown in Mynetwork places...?
Firstly check any group policy assigned for that perticular computer names and check this command
net config server /hidden:yes

If policy is not defined then check how many pc's are not shown and check the all network settings -IP address/subnet masek/Gateway & DNS  OR Personel firewall is installed  on that pc's.

Regards,
vijay kadadi
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

ChiefITCommented:
If you are seeing nothing in my network places, they probably disabled the browser service or prevented netbios over TCP/IP. Microsoft is trying to get administrators to revert to AD queries rather then netbios queries. However, the browser service is still putting up a good fight.

All of these play a factor:
let us know if you have VLANS, how many computers you are not seeing (example ALL), If you see events 8032 and 8021 in the PDCe's event logs, whether you have remote sites, whether clients and servers see eachother at all, If your domain servers are behind a NAT firewall.

Much of the troubleshooting of this depends upon your Network topology since netbios broadcasts are not routeable. Not routeable is simply defined as not able to propogate over a NAT firewall, through a VPN tunnel, over a NAT router. routed over the server, ect....
0
michaelconstantCommented:
What operating system are you running on your Domain Controller? If you are running Server 2003 you may want to verify where all of your computers are residing in the Active Directory. They should all be in whatever proper OUs you have set up. If they are being dropped somewhere else or happen to be "hiding" in another folder, try moving them to the proper folder after you try Authen-tech's advice.

The only other thing that I can think of off teh top of my head is, it may also be a policy out there that is hiding the individual machines. Go to the Microsoft site and download the Group Policy Management Tools (http://www.microsoft.com/downloads/details.aspx?familyid=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en). It may help you also find other stuff that was "handed down". Good luck.
0
miket71Author Commented:
We just added a new domain controller to the domain recently, and that domain controller can see everything except for the originally configured domain controllers as well as anything via the WAN link.  There are two locations with one original domain controller at each location, and a new domain controller added.
0
miket71Author Commented:
We are running Windows Server 2003.  The original domain controllers seem to be hiding themselves, but newly added DCs don't hide My Network Places objects.  We keep thinking that the original techs wanted to lock down network browsing capability on the original domain controllers.
0
authen-techCommented:
I wasn't suggesting you use Novell...I have had this exact problem and corrected it by adding netbios protocol as explained in my first post.  At least try it to see if it works before disregarding please.  You may need to restart the computer/server afterwards...then you will know if it is available to view on the network and if the problem is solved.  
0
kadadi_vIT AdminCommented:
Did you check the Computer Browser service is working properly...?May be its disabled on that hiding pc.

Regards,
vijay kadadi
0
ChiefITCommented:
Netbios over TCP/IP is not a protocol you install, it is actually an option on the TCPIP.sys driver.

File and print sharing is a protocol you install.

As authen-tech was eluding to:
1) either, netbios over TCP/IP is disabled on the TCP/IP>>properties>>WINS tab
2) or file and print sharing was uninstalled

Or even simpler yet:
3) the browser service was turned off. You can find this out by going to START>>RUN>>type in "services.msc">>press enter>>scroll down to the browser service.



0
miket71Author Commented:
The Computer Browser service is running on the affected domain controller.

We just tried running net config server /hidden:no on the affected domain controller.  We're trying to attempt any ideas without having to reboot the domain controller as users are logged into it right now.

At this point, we believe no PCs or member servers are being affected by this.  It appears to be only domain controllers, especially the original two DCs.

Authen-tech, we understand where you are coming from, and will try your suggestion after hours.
0
miket71Author Commented:
In the WINS tab, the default NETBIOS setting was chosen which enables NETBIOS over TCP/IP if a static IP is used.  The servers have static IPs.  We also tried choosing the Enable NETBIOS over TCP/IP option.  So far, that hasn't worked.
0
miket71Author Commented:
The affected domain controller currently shares files and printers too.
0
miket71Author Commented:
When trying to browse the domain name in My Network Places from the affected DC, an error comes up saying:  The "domain name" is unavailable.  You might not have permission to use this network resource.  The list of servers for this network is currently unavailable.
0
ChiefITCommented:
Then, this is a registry Key entry that tells your servers not to participate within browser elections or to become a domain master or backup browser.

Let me ask you one more time. Are these servers within their own lan or behind a nat firewall. If so, netbios broadcasts will not route over that and will need help through wins.

Please provide the following information on what they are set to for these registry keys:
\HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Browser \Parameters

For these keys:
MaintainServerList  
Announce
Isdomainmaster

I am going to give you an article that explains the browser service. Though this is an NT4 article, all applies to a 2003 and 2008 domain. However, IPversion 6 will NOT support netbios broadcasts and this registry key is a wee bit different.

On NT4 the registry key is:
Isdomainmasterbrowser

On 2000 server and above the registry key is:
isdomainmaster.

http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true

Your problem is one of three issues.
1) These DCs were told not to maintain a serverlist through registry keys manual edits.
2) These two problem children are behind a nat firewall or on a remote site where netbios broadcasts do not reach. In that case, follow the WINS/WAN configuration of that NT4 article. Or you could create a LMHOST file that lists the two computers and the domain's PDCe in them.
3) You have netbios cache entries that are messed up. In that case you can view the netbios cache by going to the command prompt and typing:
NBTSAT -c
or you can purge netbios and WINS and start over by typing:
NBTSTAT -RR
or you can purge the netbios cache only by typing:
NBTSTAT -R
0
ChiefITCommented:
OOPS, couple more things came to mind.

One other thing it could be is NODE type:

Go to the command prompt and type IPconfig /all:

About the fourth line down you should see the node type:
Here are the node types and what they can do for you:
http://support.microsoft.com/kb/160177

If you are on the WINS node type and you don't have a wins server this could prevent the browser service from working.
____________________________________________
One last thing that could cause this is if you have a multihomed computer and netbios is bound to the OUTSIDE NIC. However, I think I would check the other information out first. This gets complicated sometimes.
0
miket71Author Commented:
Thanks again everyone for all your posts.  We will let you know our outcome.
0
miket71Author Commented:
Update:  We added the following registry entry on the DCs:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netbt\Parameters

"DhcpNodeType"=dword:00000008

After rebooting the DCs, the PCs are now able to see the DCs in My Network Places.  However, the original DCs still cannot see themselves or each other in My Network Places.  We also tried installing WINS to see what that would do, and that didn't help anything either.  We normally don't use WINS though, and this issue doesn't exist for our other clients.  Please let us know if you have any other suggestions.
0
ChiefITCommented:
What does this registry key say?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netbt\Parameters
MaintainServerList

Go to the command prompt of these problem child machines and type. NBTstat -RR
0
ChiefITCommented:
We can fix this without to much distress:

For a direct answer to how to fix this, I will need a little info from you.

1) Are these computers on a remote site, on their own VLAN, behind a nat firewall, behind a software firewall?
2) I see that you tried to impliment WINS. The WINS connection has to be between the two site's master browser. That's all you really need to share the browselist and make netbios routeable. (That and the node type to be correct, of course). Then, your browser service must be running as well as netbios over TCP/IP and file and print sharing.

So, it looks like this:

Site A or VLAN A populates through netbios broadcasts>>WINS connection between the site or VLAN master browsers>>Site B or VLAN B that netbios broadcasts

0
miket71Author Commented:
We have two locations (subnets) liked together with one WAN link.  No VLANS.  There are the two original domain controllers, one for each subnet.  There is a hardware firewall at one location which stands between the internal LAN and the internet.  The techs before us must have done something to make the original two DCs hide like this.  After putting in the registry entry above onto both of the original DCs, all workstations can now see both of the original two DCs that were hiding, even over the WAN.  We still have to do what was asked by CheifIT in post ID:24504593.  We'll probably be onsite again Monday to do that.

We have other clients where we only use DNS, and everything can see everything else just fine, so we'd like to avoid using WINS in the end if at all possible.
0
ChiefITCommented:
OK:

That's what I was trying to dig out of you. You are different subnets. Netbios broadcasts will not router to different subnets. It may for a short period of time and then die on you.

You have two choices:
First off, go to the command prompt of each subnet's PDCe, type Browstat Status. That will tell you who the elected domain master browser is for those two subnets. Most likely it IS the PDCe as your elected master browser.

Then, here is your two choices:
You can create a WINS server conenction between the two domain master browsers.
or
You can crate a LMHOST file that includes both domain master browser in that LMHOST file.  That LMHOST file can be found on>
C:\Windows\system32\drivers\ect\LMHOST.SAM
It is editable with a text editor, like notepad or wordpad.

________________________________________________________

Now, Netbios and SMB shares (server message block shares), are often highly targeted by hackers and melicious code writers. So, sometimes an ISP will block the ports for you. You may have a problem with port blockage. Let me tell you how the Browser service works OLD SCHOOL AND NEW SCHOOL>

OLD SCHOOL:
Netbios broadcasts populate the browselist (My network Places). It does this on these ports:
WINS/NETBIOS port 137 UDP/TCP
Netbios Datagram port 138 UDP
Netbios Datagram port 139 UDP

NEW SCHOOL WAY:
Netbios over SMB is much like Netbios over TCP, however SMB is routeable.
That uses ports.
Netbios Datagram port 139 UDP
and netbios over SMB 445 UDP and TCP.

New Sonic Walls have a firewall that routes SMB over HTTPS port 443 to secure this connection.

Your issue right now is Netbios is NOT routeable. So, you need to find a way to route it to the different subnet. The easiest way to do so is create a WINS server connection between the two subnet domain master browsers.

Or another plausible issue is your ISP is blocking SMB shares as well as the WINS/Netbios ports across your WAN connection between the subnets.

0
ChiefITCommented:
I should have told you that BOTH the old school way and new school way are used simultaneously.
0
miket71Author Commented:
I'm wondering why this isn't happening at any of our other client sites though, as the other client sites use the same WAN link provider, like AT&T, to connect two or more buildings together.  We will check into what you said though, and let you know.  Hand-me-down networks are fun to deal with especially when we have to figure out what the previous admins did, and why.  Thanks for the consistent followups.
0
ChiefITCommented:
It's probably because they are using enhanced node type, the default setting:
This article is very important to your success:
Completely understanding Node Types:>>
http://www.tech-faq.com/understanding-netbios-name-resolution.shtml

 
0
ChiefITCommented:
OOPS, I gave you the wrong article:
http://www.thenetworkencyclopedia.com/d2.asp?ref=1382
0
miket71Author Commented:
We also get the following screenshot when trying to browse the domain name via the Microsoft Windows Network on the original domain controller.
nobrowse.JPG
0
ChiefITCommented:
Do all your sites have WINS servers on them, or just the PDCe?
0
miket71Author Commented:
Just PDCs on a total of 2 sites.  We tried installing WINS, but that didn't help.  We only use DNS.
0
ChiefITCommented:
After putting in the registry entry above onto both of the original DCs, all workstations can now see both of the original two DCs that were hiding, even over the WAN.  We still have to do what was asked by CheifIT in post ID:24504593

This statement tells me either the browser service was shut off, or  you have a software firewall blocking the ports for Netbios translation.

Those ports would be 137, 138, and 139.
0
miket71Author Commented:
We couldn't find this string:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netbt\Parameters
MaintainServerList

but we did find this string which shows this:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
MaintainServerList=Yes
0
ChiefITCommented:
Let's do a quick portquery to make sure these two problem children are listening on the right ports.

We want it to listen to:
WINS/Netbios port 137 TCP
Netbios datagram 138 UDP
Netbios datagram port 139 UDP

and for netbios over SMB we want:
port 445 UDP & TCP
as well as port 139 UDP

To run portqry go to a remote stations command prompt and type:
portqry -n problemchildcomputername -p both -e 137, 138, 139, 445

NOTE: Portqry is a tool on the 2003 server support tools. So, running this is best done from another DC with these support tools.
0
ChiefITCommented:
Maintain server list looks good!
0
miket71Author Commented:
Okay, we have solved this long overdue problem.  Microsoft determined that IPSec was enabled in the Default Domain Controllers Group Policy.  After turning that off, we stopped and disabled the IPSec service, and there were some registry entries that had to be cleared out for IPSec.  After that, we reregistered a dll to put the default registry entries back in for IPSec, then rebooted, re-enabled the IPSec service back to Auto, and restarted the service.  Now the server comes up much faster after rebooting.  It can now see itself and everything else on the network.
0
ChiefITCommented:
Hmm, never would have guessed the IPsec was causing this issue. I could see how it would.

Well done.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.