Skip navigation
Menu
Security

A NetBIOS Bug Fix; Browsing on Multihomed Systems

An intermittent NetBIOS name-registration problem has been cropping up on Windows 2000 systems recently. If you disconnect the network cable from the adapter long enough for Plug-n-Play (PnP) to recognize the disconnection (you'll see a "network cable unplugged" message if you have chosen to display the adapter status icon on the taskbar) and then reconnect the cable, the Messenger service won't reregister the computer’s NetBIOS name. The same problem occurs when you release and renew a DHCP lease. When a machine’s NetBIOS name isn't registered, the machine doesn't appear in the browser list, and the machine can't share or connect to shared resources in networks that rely on NetBIOS to locate resources (i.e., Win2K mixed mode and Windows NT 4.0 environments).

Microsoft has released an updated version of the Messenger service that correctly registers the NetBIOS name after a cable disconnection and reconnection. The update, msgsvc.dll, has a release date of August 23. You must call Microsoft Support to get the fix. Microsoft article Q306257 documents this problem and explains that processor speed, which affects how quickly PnP can detect the cable state change, contributes to the problem.

Successful Browsing on Multihomed Win2K Systems
Here are a few configuration tips that might come in handy if you have browsing problems on a Windows 2000 system with two network adapters. The most common multihomed system setup includes one adapter that connects to the Internet and a second adapter that connects to an internal network. Browsing problems on systems with two network adapters come in several common varieties, including:

  • My Network Neighborhood takes a long time to display the Entire Network or fails
  • Windows Explorer hangs while trying to display My Documents and Settings
  • The command net view \\server-name or net view \\<ip-address> returns Error 53, "network path not found"

When configuring a system with two network adapters, you can follow several configuration rules to avoid the common pitfalls. The LAN adapter that connects to the internal network provides local DNS and WINS name resolution for systems on the internal network. In a Win2K domain, the default settings and protocols should be fine. If the multihomed system is routing traffic to and from the internal to the external network, leave the LAN adapter default gateway blank.

The WAN adapter that connects to the Internet doesn't typically provide local DNS or WINS name resolution. If you use your ISP's DNS server or a DNS server on the far side of the corporate router, enter that DNS server’s TCP/IP address manually. You must also enter the default gateway that your ISP provides or, alternatively, the TCP/IP address of the corporate router the system connects to. If the WAN side connects to a non-Win2K network or to an ISP, disable dynamic name registration on the DNS tab of TCP/IP properties for network adapter. To eliminate browsing problems, clear the Microsoft Networking Client and File and Printer sharing on the WAN adapter and disable NetBIOS over TCP/IP on the WINS tab of TCP/IP properties.

With this configuration, the LAN adapter provides DNS and WINS name resolution for the local network, registers NetBIOS names, and supports local file and printer sharing. The WAN adapter directs DNS queries to the external DNS server and uses either the ISP or corporate gateway, without attempting to register the DNS name dynamically and without providing file and printer sharing. When you disable NetBIOS, you disable NetBIOS name registration and you prevent Win2K from querying the second adapter for NetBIOS names.

Another network configuration detail you must check is the binding order of the network adapters (the order in which the OS queries the network adapters is known as the binding order). By default, Win2K uses network adapters in the order in which the hardware detector recognizes them at startup. For browsing, Win2K always queries the first network adapter in the binding order list for DNS and NetBIOS name resolution requests. To ensure that the browser can resolve names on the local network, the adapter that connects to the LAN must appear first in this list. You can check the binding order by clicking Start, Settings, Network and Dialup Connections, and selecting the Advanced menu. If necessary, move the LAN adapter to the top.

The last ingredient you need for successful browsing is a properly configured DNS. Win2K relies heavily on DNS for name resolution, which means even a minor problem in the configuration can wreak browsing havoc. Likewise, when you install a firewall, you must configure it to let DNS packets travel to and from all internal systems. If you forward DNS queries to an external server or you configure the WAN adapter to use your ISP’s DNS servers, the firewall must also permit DNS traffic to and from external name servers.

I just finished troubleshooting a system that was experiencing major browser indigestion. The network adapter cards were configured correctly, and the binding order was fine. Up front, the problem looked complicated, but like most such adventures, the answer was very simple: The firewall was acting on two conflicting DNS rules, and the net result was that the firewall was silently restricting DNS traffic between the multihomed system and the Win2K DCs.

When a firewall blocks DNS traffic, Win2K components that initiate DNS requests either hang or display an error message stating that you don't have permission to access the requested object or perform the requested operation. So, for example, when I tried to browse Entire Network or the Directory, the browser would hang forever. When I tried to connect to one of the DNS or RRAS servers, the DNS snap-in placed a red x on the server and told me I didn’t have permission to access the server, even though I had logged on as a domain administrator.

If you follow these configuration steps and DNS is functional, you should be able to successfully browse the local network and the directory on a Win2k system with two network adapters. If browsing is still spotty or slow, consult the following Microsoft articles for the technical details of how Win2k uses network protocols to register and query for names on the browse list and in the Directory:

Name Resolution and Connectivity Issues with RRAS and NAT

Slow Computer Browsing from Multihomed Clients

Active Directory communication Fails on Multihomed Domain Controllers

Unbinding File and Printer Sharing from Primary Network Adapter on a Multihomed DC Causes Policy Problems

Symptoms of Multihomed Browsers

Browsing Domain Master Browsers with Multiple NICs

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024