Albatross1953
asked on
Network Hacked
I service a business with 40 computers that was blocked form Internet access by one PC. The event error read: "The master browser has received a server announcement from the computer TCTRUCKS6-DT that believes that it is the master browser for the domain on transport NetBT_Tcpip~". The network restored after that computer was shut down. It is a peer-to-peer network. The only servers are 3rd party programs. Nobody was physically using the problem PC on the day that this occurred. I noticed that the antivirus (Viper Enterprise, which is the strongest I've seen) was reconfigured just prior to shutdown. The static IP was removed & the workgroup was changed to the default WORKGROUP, but that could have been done by the user previously. It is working normally so far today. I notice in the Windows log that special privileges were assigned to a new logon many times on this & other PCs. What should I do at this point to track this down & prevent recurrence?
ASKER
Why would one computer believe it is the master browser for the domain and block all the others? What logs do you need to see?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm surprised that is not in my A+, Network+ or Server+ books. It explains many things, except why the whole network could not use the Internet until the Master Browse Server was shut down. It also was one of only a few computers on that workgroup. I couldn't even ping 8.8.8.8.
Quite possibly it was the IP address of it that clashed with your gateway/router. The master browser service would not cause that. That was just a red herring throwing you off the scent
ASKER
One last thing is that the assigning of the Master Browse server was logged as an error (red flag) in Event Viewer over 30 consecutive times on the other computers.
Always is. There are LOTS of MS errors that are logged that are not errors as such.
What exactly is "An Unknown error has occurred" ? After all if was known and expected, it would not be an error surely? :P
Experience and Google is always the best friend of the event log reader.
What exactly is "An Unknown error has occurred" ? After all if was known and expected, it would not be an error surely? :P
Experience and Google is always the best friend of the event log reader.
Windows logs with special privs? well unless we can see examples of the logs and and exactly what it said, we have no idea what was going on, again assignment of special privs to an account can be a normal everyday occurrence.
Some more details and logs would be useful.