Strange browsing problem / MxrSmb 8003 error


I encountered a pretty strange network issue with one Windows 7 laptop.


- Sometimes client cannot browse network (only this pc is visible in the list)
- There is a shared folder on another windows 7 laptop. When pinging this laptop with IP, I get reply. When pinging with host name, it is unreachable. If I check this PC with shared folder with nslookup, it returns wrong IP address.
- The client can ping all other PC's and servers in domain, with host name, except this one laptop.

I noticed there are also MxrSmb (8003) errors in server's event viewer, coming from this PC.

Have already added IsDomainMaster=FALSE to this laptop. No change what so ever.

Right now I am not able to check if the computer browser service is started on that PC, but maybe I should stop and disable it?

I also checked all the domain servers and all of thme have the" IsDomainMaster" set to FALSE in registry.
Shouldn't there be one server with it set to AUTO or TRUE?

Also tried the" browstat status" command and it returned answer that serverXX is the master browser (even though it is set to IsDomainMaster=FALSE).

Any ideas on how to proceed further on this problem would be great, since I am really running out of ideas.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Usually you would set the root DC to browser master, and set all others as "false". (Or in a network without a domain controller, a server running DNS or DHCP.)

Sounds a bit like a DNS issue, so is the laptop set to a static IP address, or does it use DHCP?

If the address is static, check to see if the settings for DNS are correct. (If the machine is in a domain environment, check the domain membership)

Another possibility is the network is set to "public" which would turn off file and computer discovery by default. To check that, go to network and sharing center, (control panel) and check the network settings.
JiiPSAuthor Commented:
Thanks you for your replies.
I stopped and disabled the Computer Browser service from The W7 machine and after this the errors disappeared from server log.
I also set just a minute ago one server to "Is DomainMaster" to TRUE and "MaintainServerList" to Yes.

The suggestion about network might also be correct, since the workstation was sent to end user, who might have chosen the network as "public".

Right now the situation is that from user's point of view, everything seems to be working smoothly.

From my point of view, I cannot even ping the computer via VPN connection, but I am suspecting that there is something screwed with F-Secure client's firewall settings.
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Can you check the office side of the VPN tunnel to verify the connection? (not worth much, but it would give you the IP address)

The default and recommended setting (by M$) is to public, so unless you pre-configured the link, or the user is literate, you won't be able to ping without resetting the network type.

Perhaps a call to the user to address the network designation might get you the last part of the puzzle. Keep us posted.
the problem through a VPN tunnel is the netbios broadcasts will not reach the computers. netbios is not routable, unless you use WINS as a cruch to help populate a database that the clients communicate with to get netbios resolution. IT'S MUCH LIKE DNS.

Clients, on the local network will send out a DNS broadcast to populate the DNS database. Then, outside clients will access the DNS database to get DNS resolution for clients that that DNS server is auhtoritative for.

Netbios and WINS works the same way.

Now, you can cheat. Like DNS, that has a HOST file, that you can configure, WINS has an LMHOST file you can configure. So, instead of accessing a WINS database, you can access a LMHOST file. But, you have to enable LMHOST lookup on the TCP/IP properties>>advanced>>WINS tab.

Important things to remember:
-The browser service works off Netbios.
-Netbios broadcasts are not routeable and therefore will not work over a VPN, over a VLAN, through any IPsec tunnel. etc... The broadcasts are held to the broadcast domain.
-When pinging, know how you are pinging. Ping is a multi-protocol diagnostic tool. You can do an ARP ping, DNS ping, MTU ping, or a netbios ping>

ping   (will translate a routeable IP to a MAC address using ARP and routers)

ping (Since this is less than 15 charactors and also has periods in it, it will query a DNS server for IP resolution, then get the MAC address through an ARP lookup)

ping servername (( This is a netbios ping. There are less than 15 charactors in the name and there are no periods in it. The redirector service will direct this query to the Netbios Name server).

And the MTU ping works like this:

For a VLAN configuration: you can elect to use Netbios helper and allow netbios broadcasts through the router that the router has within its VLAN Trunking protocol (VTP). However, most ISP's forbid, or block, netbios on ports and that will most likely mess up your VPN connection.
A minor correction, ping is an ICMP echo request, and does not rely on netbios. You can use ping to see if specific ports are functioning (like port 25 for smtp) but the underlying protocol is ICMP.
And what can you diagnose with ping 9660kel?

What protocols can you diagnose and what tests can you run with ping?
Ping is useful for simple connectivity tests for almost any network protocol, it also forms the basis for "tracert" in windows, trace route uses ping coupled with time to live to reconstruct the network path to a destination.

A persistent ping can help isolate traffic bottlenecks, intermittent connection problems, and flaky cables.

A ping with <hostname> can test your name resolution locally and to the internet. The host checks its cashe for the address, and if it isn't found, queries the local network for a name resolution server, (DNS) and if found, queries for the address associated with the host or domain. (only computers with netbios enabled will check for a netbios name server, and even then, only after DNS query has failed, unless the ordering has been changed from default.)

A malformed ping packet can be used for a denial of service attack, known as "ping of death".

Another handy command is "netstat", used to list the open connections on a host. Very helpful to find spyware, failing network cards that have become chatty, and find background processes with their corresponding ports.

On a side note regarding protocols blocked by ISP's, you can change the port number used on the network for a given protocol, and thus bypass the blocked port. (this would be done with a combination of RRAS or SAMBA, router config, and DHCP scope options, remember to use a public port number)
The network redirector will query either Netbios or DNS when a ping is made to resolve the DNS or Netbios name. If you use Ping (any name without periods and less than 15 charactors) then you will query the netbios name server. If you ping ( you will then be querying the DNS servers.

So, less than 15 charactors and without periods >>>Netbios Name Server
more than 15 and/or has periods>> DNS server

In many cases, I have seen people with the inability to ping the computername, but able to ping, OR ping by IP address. What that means, (AS IN THIS CASE) is you don't have proper Netbios resolution. I reviewed the comments from the author and he said he could ping by IP but not by hostname. Since this is a VPN connection and Netbios is a non-routable broadcast protocol, held to the broadcast domain, it's safe to conclude this PC going through the VPN doesn't have the ability to communicate with a Netbios Name server to resolve the IP address.

Netbios is used for the RPC locator, Browser services (meaning file and print sharing GUI), and Netlogon service (depending on how you joined the domain). If you can't see computers within my network places, while you can ping computers through the VPN, it's safe to conclude this computer can't resolve the netbios query.

To do so, you have to enable Netbios over TCP/IP (because TCP/IP is a connection based protocol and routeable over a router). Then, you may still have to set up a LMHOST record, or create a WINS server. This will depend upon how many computers are remoting in through the VPN connections. If you have a bunch, then WINS is probably the best way to go. If you have a few, then you can configure an LMHOST record to include the PDCe, and all VPN hosts. That LMHOST record will have to be created on all VPN clients and the PDCe (which by default is the Netbios Name Server or "Domain Master Browser)....

This author corrected most of his errors by preventing client computers from competing with the PDCe for the role of domain master browser. NOW all this author needs to do is get Netbios resolution through the VPN connection.....I can provide over 100 examples of people I have helped on EE to do just that.

Here's a few:
Mostly, I agree with you, and I wouldn't discount the importance of netbios in windows.

The only issue I can see getting in the way of that is the network designation in win7. If the network is set to public, no amount of wins servers will help you get file shares, print shares, or really anything from a remote host.

The key element in my mind is the one way nature of the problem, the remote host can connect to resources, but won't answer a ping.

I could be wrong, but that is what it looks like to me.
If it can't ping, but can connect via host, then this is pretty easy too. It means that there is a security policy that blocks ICMP echo reply (Ping), through the VPN tunnel. This would be a firewall policy or a router policy to block ICMP echo.
JiiPSAuthor Commented:
I'm having the next chance to check on this issue tomorrow.
Will reply on results after that.

JiiPSAuthor Commented:
Ok, the problem seems to be solved.
Obviously there was something screwed up with the F-Secure client.

I completely uninstalled all the F-Secure software, rebooted the PC and then pushed the installation package back again.

After that all the above problems disappeared.

Thank you all, for participating with your ideas.
JiiPSAuthor Commented:
As mentioned in earlier post, the final solution was the reinstallation of F-Secure Client.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.