Announcement

Collapse
No announcement yet.

Force Browse Master to bind to an adaptor

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Force Browse Master to bind to an adaptor

    Hi Folks

    First things first - this is not an urgent request. I would just like to understand how I might fix this. Secondly, I make a lot of assumptions here as my networking knowledge is not that good when it comes to WINS and FSMO roles etc, so please go easy on me if I have got any of this wrong

    Some time ago I asked for help resolving a browsing issue where computers were not populating Network Neighborhood: http://forums.petri.com/showthread.php?t=25959

    I went back to this recently and I think that I understand what is causing this. My network comprises a single site W2k3 AD Domain - htlincs.local. There are two domain controllers: a PDC (TITAN) and a 'BDC'. The BDC is installed on a server that is nearing the end of it's usefulness and which is designed to provide redundancy only until a replacement PDC is up and running. Nothing else is installed on the BDC as it is not reliable.

    The PDC has two NIC's, only one of which is used (the other is disabled). The PDC has a static IP address. We have RADIUS and RAS setup for VPN on the PDC. Reading Microsoft's paper about browser errors here, it says that having a VPN server installed will effectively make a server multihomed, and a browse master will not work properly on a multihomed server.

    We use DHCP to assign reserved addresses to network clients and (un-reserved) addresses to VPN clients. RAS also grabs a number of addresses in the same subnet and reserves them for its own use.

    What happens is that the _MSBROWSE_ and Domain Master Browser effectively binds to the RAS address 192.168.0.138 and not to the static address 192.168.0.2

    The problem, I think, is that when the clients send out a request for the names of computers on the network, they contact the PDC on its static address 192.168.0.2. This is where I am on uncertain ground - does a client contact the PDC on the resolvable address that DNS provides: titan.htlincs.local=192.168.0.2 or does the client get the PC list by sending a request to the IP address that is bound to the Domain Master Browser=192.168.0.138, and is this from WINS?

    Here is the list of WINS active registrations owned by the PDC titan 192.168.0.2:

    Code:
    Record Name		IP Address	Type				Expiration		State	Static	Owner		Version
    --__MSBROWSE__-		192.168.0.138	[01h] Other			28/06/2009 14:59:03	Active		192.168.0.2	6C9D
    HTLINCS			192.168.0.138	[1Bh] Domain Master Browser	28/06/2009 15:49:03	Active		192.168.0.2	6514
    ADMINISTRATOR		192.168.0.2	[03h] Messenger			28/06/2009 14:57:03	Active		192.168.0.2	7532
    HTLINCS			192.168.0.138	[1Ch] Domain Controller		28/06/2009 16:09:03	Active		192.168.0.2	6F29
    TITAN			192.168.0.138	[00h] WorkStation		28/06/2009 15:19:03	Active		192.168.0.2	6513
    TITAN			192.168.0.2	[03h] Messenger			28/06/2009 14:57:03	Active		192.168.0.2	72AF
    TITAN			192.168.0.138	[20h] File Server		28/06/2009 15:09:03	Active		192.168.0.2	6512

    DHCP shows the following addresses that have been reserved by RAS:

    Code:
    Client IP		Name	Expiration		Type	Unique ID
    192.168.0.129	titan	01/07/2009 14:50:35	DHCP	RAS	
    192.168.0.130	titan	01/07/2009 14:50:40	DHCP	RAS	
    192.168.0.131	titan	01/07/2009 14:50:42	DHCP	RAS	
    192.168.0.132	titan	01/07/2009 14:50:43	DHCP	RAS	
    192.168.0.133	titan	01/07/2009 14:50:45	DHCP	RAS	
    192.168.0.134	titan	01/07/2009 14:50:46	DHCP	RAS	
    192.168.0.135	titan	01/07/2009 14:50:48	DHCP	RAS	
    192.168.0.136	titan	01/07/2009 14:50:49	DHCP	RAS	
    192.168.0.137	titan	01/07/2009 14:50:51	DHCP	RAS	
    192.168.0.138	titan	01/07/2009 14:50:52	DHCP	RAS

    When I run browstat I get the following:

    Browstat status command from my XP client:

    Code:
    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.
    
    C:\Documents and Settings\blood>browstat status
    
    
    Status for domain HTLINCS on transport \Device\NetBT_Tcpip_{1E679FDA-4CF7-489D-B
    D5D-FA93418A8957}
        Browsing is active on domain.
        Master browser name is: TITAN
            Master browser is running build 3790
        1 backup servers retrieved from master TITAN
            \\TITAN
        There are 0 servers in domain HTLINCS on transport \Device\NetBT_Tcpip_{1E67
    9FDA-4CF7-489D-BD5D-FA93418A8957}
        There are 0 domains in domain HTLINCS on transport \Device\NetBT_Tcpip_{1E67
    9FDA-4CF7-489D-BD5D-FA93418A8957}
    
    C:\Documents and Settings\blood>
    Browstat getmaster from my XP client:

    Code:
    C:\Documents and Settings\blood>browstat getmaster \Device\NetBT_Tcpip_{1E679F
    DA-4CF7-489D-BD5D-FA93418A8957} htlincs
    Master Browser: TITAN
    
    C:\Documents and Settings\blood>

    Browstat status command on the PDC:

    Code:
    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.
    
    C:\Documents and Settings\administrator.HTLINCS>browstat status
    
    
    Status for domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-9
    29C-E49E570C4F1F}
        Browsing is active on domain.
        Master browser name is: TITAN
            Master browser is running build 3790
        1 backup servers retrieved from master TITAN
            \\TITAN
        There are 21 servers in domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E
    213D5-4839-4EF1-929C-E49E570C4F1F}
        There are 1 domains in domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E2
    13D5-4839-4EF1-929C-E49E570C4F1F}
    
    
    Status for domain HTLINCS on transport \Device\NetBT_Tcpip_{EED39A07-42BB-4665-9
    835-ECA6C524C25B}
        Browsing is active on domain.
        Master name cannot be determined from GetAdapterStatus.  Using \\TITAN
            Master browser is running build 3790
        1 backup servers retrieved from master TITAN
            \\TITAN
        There are 0 servers in domain HTLINCS on transport \Device\NetBT_Tcpip_{EED3
    9A07-42BB-4665-9835-ECA6C524C25B}
        There are 0 domains in domain HTLINCS on transport \Device\NetBT_Tcpip_{EED3
    9A07-42BB-4665-9835-ECA6C524C25B}
    
    C:\Documents and Settings\administrator.HTLINCS>
    Browstat getmaster on PDC

    Code:
    C:\Documents and Settings\administrator.HTLINCS>browstat getmaster \Device\NetBT
    _Tcpip_{EED39A07-42BB-4665-9835-ECA6C524C25B} htlincs
    Unable to get Master: The system cannot find the file specified.
    
    
    C:\Documents and Settings\administrator.HTLINCS>
    I don't know what the last message 'Unable to get Master: The system cannot find the file specified' means for the PDC.

    This MS article suggests that unbinding the WINS Client interface from the adaptor will help, but I'm pretty sure this relates to a physical adaptor and the instructions do not relate to anything I have seen in W2k3:

    In Control Panel, double-click Network <-- I see 'Network Connections'
    Click the Bindings tab <-- there is no bindings tab, just a list of adaptors.

    Despite the server being multihomed the additional address(es) are still in the same 192.168.0.x subnet. I don't understand why clients are unable to get the browse list? After all, the address 192.168.0.138 is titan, the PDC. I can connect to the PDC on either \\192.168.0.2 or \\192.168.0.138 without a problem. I understand that each IP address is effectively a separate endpoint, but the endpoints connect to the same subnet and they are assigned to the PDC.

    So, if MSBROWSE and Domain Master Browser are both registered why is the information not being fed to the clients when they request it? Is it simply because the address the clients are contacting is a logical one that has been assigned to the server instead of a physical one? Would this matter?

    We are unable to install another server and move the VPN to that, and I do not want to use the BDC for VPN in case it suddenly fails. Nor do I want to transfer the PDC role to the BDC for the same reason (assuming this would work...).

    So, as I am stuck with a logically multihomed PDC for the time being I was wondering if it is possible to force the MSBROWSE [01h] and Domain Master Browser [1Bh] WINS registrations to bind to 192.168.0.2?

    Is this possible?
    A recent poll suggests that 6 out of 7 dwarfs are not happy

  • #2
    Re: Force Browse Master to bind to an adaptor

    What you need to do is disable the multi-nic server from ever having the Master Browser role and allow other PCs or Servers become the Master Browser.

    See this thread (last entry):
    http://forums.petri.com/archive/index.php/t-3974.html

    Comment


    • #3
      Re: Force Browse Master to bind to an adaptor

      Thanks for your reply.

      So all I need to do is change MaintainServerList on the PDC titan from Yes to No? It's that simple? The 'BDC' has MaintainServerList set to Yes.
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Re: Force Browse Master to bind to an adaptor

        It worked.

        Made changes to registry on PDC (titan): HKLM\System\...\Browser\Parameters\MaintainServerL ist changed from Yes to No.

        I rebooted the PDC, then rebooted the BDC (restored). After a reboot the PDC logged this:

        Code:
        Event Type:	Information
        Event Source:	BROWSER
        Event Category:	None
        Event ID:	8015
        Date:		26/06/2009
        Time:		09:36:08
        User:		N/A
        Computer:	TITAN
        Description:
        The browser has forced an election on network \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-929C-E49E570C4F1F} because a Windows Server (or domain master) browser is started.
        No browser events were logged by the BDC after it was restarted.

        Running browstat status and getmaster on my XP shows the following:

        Code:
        Microsoft Windows XP [Version 5.1.2600]
        (C) Copyright 1985-2001 Microsoft Corp.
        
        C:\Documents and Settings\blood>browstat status
        
        
        Status for domain HTLINCS on transport \Device\NetBT_Tcpip_{1E679FDA-4CF7-489D-B
        D5D-FA93418A8957}
            Browsing is active on domain.
            Master browser name is: TITAN
                Master browser is running build 3790
            3 backup servers retrieved from master TITAN
                \\RESTORED
                \\ORION
                \\TITAN
            There are 22 servers in domain HTLINCS on transport \Device\NetBT_Tcpip_{1E6
        79FDA-4CF7-489D-BD5D-FA93418A8957}
            There are 1 domains in domain HTLINCS on transport \Device\NetBT_Tcpip_{1E67
        9FDA-4CF7-489D-BD5D-FA93418A8957}
        
        C:\Documents and Settings\blood>browstat getmaster \Device\NetBT_Tcpip_{1E679F
        DA-4CF7-489D-BD5D-FA93418A8957} htlincs
        Master Browser: TITAN
        
        C:\Documents and Settings\blood>
        The PDC produces exactly the same results

        Code:
        Microsoft Windows [Version 5.2.3790]
        (C) Copyright 1985-2003 Microsoft Corp.
        
        C:\Documents and Settings\administrator.HTLINCS>browstat status
        
        
        Status for domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-9
        29C-E49E570C4F1F}
            Browsing is active on domain.
            Master browser name is: TITAN
                Master browser is running build 3790
            3 backup servers retrieved from master TITAN
                \\ORION
                \\TITAN
                \\RESTORED
            There are 22 servers in domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E
        213D5-4839-4EF1-929C-E49E570C4F1F}
            There are 1 domains in domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E2
        13D5-4839-4EF1-929C-E49E570C4F1F}
        
        C:\Documents and Settings\administrator.HTLINCS>browstat getmaster \Device\NetBT
        _Tcpip_{D9E213D5-4839-4EF1-929C-E49E570C4F1F} htlincs
        Master Browser: TITAN
        
        C:\Documents and Settings\administrator.HTLINCS>
        WINS now shows the following:
        Code:
        Record Name		IP Address	Type				Expiration		State	Static	Owner		Version
        --__MSBROWSE__-		192.168.0.2	[01h] Other			02/07/2009 09:37:18	Active		192.168.0.2	6C9D
        HTLINCS			192.168.0.2	[1Bh] Domain Master Browser	02/07/2009 09:37:18	Active		192.168.0.2	6514
        ADMINISTRATOR		192.168.0.2	[03h] Messenger			02/07/2009 09:41:43	Active		192.168.0.2	762E
        HTLINCS			192.168.0.5	[1Ch] Domain Controller		02/07/2009 10:04:23	Active		192.168.0.2	7634
        TITAN			192.168.0.2	[00h] WorkStation		02/07/2009 09:37:18	Active		192.168.0.2	6513
        TITAN			192.168.0.2	[03h] Messenger			02/07/2009 09:37:18	Active		192.168.0.2	762B
        TITAN			192.168.0.2	[20h] File Server		02/07/2009 09:37:18	Active		192.168.0.2	6512
        HTLINCS			192.168.0.114	[00h] Workgroup			02/07/2009 11:05:27	Active		192.168.0.2	AD3
        HTLINCS			192.168.0.114	[1Eh] Normal Group Name		02/07/2009 11:07:52	Active		192.168.0.2	AD7
        192.168.0.2 = PDC
        192.168.0.5 = BDC
        192.168.0.114 = My XP Client

        Also, all addresses beyond those reserved by DHCP are now only assigned to computers that dial-in.

        And.... so far, all PC's are displayed in the domain list under Network Neighborhood, and they are listed in a messenger program too where before the list had been empty.

        Thanks a lot for the help
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Re: Force Browse Master to bind to an adaptor

          Eeugh!

          That fix did not work. This morning I noticed a browser error in the System Event log on our W2k3 file server

          Code:
          Event Type:	Error
          Event Source:	BROWSER
          Event Category:	None
          Event ID:	8032
          Date:		29/06/2009
          Time:		08:36:00
          User:		N/A
          Computer:	ORION
          Description:
          The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6615B26B-EF74-412B-86C1-562752192717}. The backup browser is stopping.
          I checked my XP PC (which is on all the time), and Network Neighborhood was populated. I looked at the WINS registrations on the PDC and the msbrowse and domain master browser functions are once again bound to the RAS address 192.168.0.138.

          So, I rebooted my WinXP client and checked Network Neighborhood but it was empty. The computer list in the messenger program was empty too.

          I see there is another setting in the Parameters section of the browser section of the registry called IsDomainMaster. This is set to True for the PDC and to False for the BDC and the file server.

          If I change the IsDomainMaster to false on the PDC and to True on either the BDC or the file server, might this adversely affect other services running on the PDC/Network? The PDC holds all the FSMO roles.
          A recent poll suggests that 6 out of 7 dwarfs are not happy

          Comment


          • #6
            Re: Force Browse Master to bind to an adaptor

            This is now fixed.

            I posted on Microsoft's Server forum and an MS guy said essentially that my setup is wrong and that using VPN on a server running WINS and which also holds the FSMO roles is inevitably going to result in some sort of problem.

            However, he also pointed me to an MS article that I had not seen. It describes my issue exactly.

            As we already know, the problem is that the master browser binds to the (logical) RRAS IP interface and not to the server's physical adaptor's IP.

            Because the browser service relies on Netbios names you have to prevent the RRAS service from registering Netbios names in WINS. The solution allows this, but does not prevent RRAS from registering the IP address in WINS.

            I was advised to try the last suggestion in the MS article and it has worked. After adding the DisableNetbiosOverTcpip registry entry and clearing the WINS database, the database shows _MSBROWSE_ and Domain Master Browser registered to the physical address 192.168.0.2. This has not changed over several days. I also reversed the registry edit I previously made so that MaintainSeverList is now set to True.

            Phew!

            Thanks to all for their help with this.
            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment

            Working...
            X