In tip 0148, we first discussed browser elections.
Browser elections are difficult to track because the event logs don't detail who won or lost the election.
You can create a %SystemRoot%\Bowser.log file (yes, I spelled it correctly), by downloading the checked build of RDR.SYS and performing the following steps:
1. Remame the original %Systemroot%\System32\Drivers\rdr.sys to %Systemroot%\System32\Drivers\rdr.bak
2. Rename the new file (Rdr.chk) to %Systemroot%\System32\Drivers\rdr.sys
3. Use Regedt32 to navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rdr
Edit or Add Value name BowserDebugLogLevel, as a type REG_DWORD,
and set the data using the Hex Radix to ffffffff.
Edit or Add Value name BowserDebugTraceLevel, as a type REG_DWORD,
and set the data using the Hex Radix to ffffffff.
Here is a sample %SystemRoot%\Bowser.log file:
Bowser::Find_Master: Master not found, forcing election. = Could not find the master browser, so force an election.
Bowser: Last election long enough ago, forcing election on \Device\NetBT_El90x1 = Wait a little while to decrease the chance of a browser storm.
Send true election. = The need to force an election that we think we can win is seen.
Send dummy election. = Force an election that we are not hoping to win, for example, shutting down the browser or because we cannot find a backup browser. The criteria of the election is 0x0.
New server: CENTAUR. Periodicity: 240 = A new server (CENTAUR) was found in our domain that we need to remember.
#New domain: EXDOM. Periodicity: 900 = A new domain (EXDOM) was found to add to our list of domains.
Domain pass for \Device\NetBT_El90x1 = We are going to search for new domains on the transport \Device\NetBT_El90x1.
Received election packet on net \Device\NetBT_El90x1 from machine CENTAUR. Version: 1; Criteria: 20010fa8; TimeUp: 8750 = A computer (named CENTAUR) forced an election, on the network transport \Device\NetBT_El90x1, it is running Browser version 1, its criteria is 20010fa8, and it has been up for 8750 seconds.
We lost the election = There was an election and we lost it.
Dummy election request ignored during election. = There is an election in process so we can discard the election packets with the criteria of 0x0.
Bowser:elect_rcv: Better criteria, calling elect_master in 100 milliseconds. = We received an election packet but we have better criteria, send our criteria and if we are not beat we will win in XXX milliseconds. We need to win an election 4 times for it to count.
Bowser: Browser is exempt from election = We recently lost an election, so we will not participate in this one. (Within 12 seconds.)
