NetBios name resolution weird behaviour

[ziggy filek]

The name resolution on my network intermittently produces
a WRONG translation for one specific computer name.
The problem appears intermittently on different OS's from
Windows NT workstation to W2000 server. In NO case the
translation exists in lmhosts or hosts file. On a W2000
server I enabled capture using the Network Monitor and did
the following:

C:\>nbtstat -R
C:\>nbtstat -c (to confirm the name is NOT in cache
C:\>ping <name>

pinging [<here WRONG IP address appears>]

Reply from ...

When I close capture in Network Monitor I clearly see a
WINS query about the name, and WINS server response with
the RIGHT IP address for the name!!!! This is quite
amazing: the WINS server returns the right IP address, and
the querying computer insists on using the WRONG
translation coming out of nowhere...There is no trace of
any broadcast queries for the name.

Seems this is some kind of undocumented behaviour. Any
ideas, anyone?

 

[Guest]

oddly enough i seem to be having the exact same problem myself. i don't really have a clue as to what might be causing it ... the only thing i can think of ( and i am not sure if this is technically correct ) is that another machine on the same segment is acting as a segment master browser of some sort and that machine is caching the incorrect name resolution and then propogating it out to other machines on that segment. but, as mentioned, that is just a desperate guess ...

 

[Guest]

I am still having a similar problem - I removed two ( of four ) NICs from a DC, but netbios still wants to resolve to their old IP addresses for some strange reason (?). The IP addresses are no longer in the WINS database, I rebooted the server, shut down all other machines on the network, changed the netbios node type to x2/Peer, and flushed the netbios cache but still to no avail. Where does it get the outdated/nonexistant Netbios info from ??

 

[zfilek]

-----Original Message-----
I am still having a similar problem - I removed two ( of

four ) NICs from a DC, but netbios still wants to resolve
to their old IP addresses for some strange reason (?).
The IP addresses are no longer in the WINS database, I
rebooted the server, shut down all other machines on the
network, changed the netbios node type to x2/Peer, and
flushed the netbios cache but still to no avail. Where
does it get the outdated/nonexistant Netbios info from ??

.
I also stopped the Computer Browser service, the TCP/IP

NetBIOS Helper Service and DNS Client Service for good
measure. None of that had any visible effect. The
workstation continues to resolve names and still
intermittently resolves to the wrong name. Tomorrow I'll
try the packet sniffer again, but this time I'll get thru
the capture with fine-toothed comb without filtering out
all traffic except the NBT. Obviously the Microsoft
documentation of name resolution hides some shortcuts they
implemented. This simply cannot happen according to all
docs and RFC's in the world.

ziggy

 

[zfilek]

-----Original Message-----
I am still having a similar problem - I removed two ( of

four ) NICs from a DC, but netbios still wants to resolve
to their old IP addresses for some strange reason (?).
The IP addresses are no longer in the WINS database, I
rebooted the server, shut down all other machines on the
network, changed the netbios node type to x2/Peer, and
flushed the netbios cache but still to no avail. Where
does it get the outdated/nonexistant Netbios info from ??

.
From Ziggy:

I think I finally know where it's coming from.
The server in question has twin build-in Gbit Ethernet
intefaces. One was configured with a static address and
the second one was not supposed to be plugged in. By a
mistake we plugged it in anyway, and into the same switch
to boot. That caused it to pick up a second IP address
(the "WRONG" address, but on the same subnet), from a DHCP
server, and also to register the same computer in WINS for
the second time with the nother IP address. Now, there is
an obscure option in NetBIOS that was a primitive version
of load balancing: te WINS server, upon a name query,
returns BOTH addresses, and basically asks the querying
workstation to pick one up at random. I checked it with a
packet sniffer: both addresses are positively there! The
problem is, the WINS server management screens display
only one address: the "right" one (under both WNT and
W2K). The WRONG address is kept somewhere in the bowels of
all my WINS servers (because this crap has replicated
everywhere!), but is not visible. Anybody knows how to get
at it?

Ziggy