XP SP2 Not Appearing in Network Browse List

[Keith Jakobs, MCP]

Greetings to All:

As the subject says, for some bizarre reason, my Windows XP SP2 station
refuses to appear in the network browse lists on our domain.

I checked the 'net config server' setting, and indeed the workstation is NOT
set to hide itself from the network browse list. This is the only place I
have ever seen this 'feature' configured.

Does anyone know of anywhere else I can look, either in registry, network
settings, or otherwise, where I can find out why this one station out of 10
new XP stations, refuses to appear in the browse list?

As the Net Admin, I should actually be grateful that something decided to
hide my system I use for Admin function from the rest of the network, but
having not explicitly set it myself, I am very curious why this is the only
station where this symptom appears.

TIA

Keith C. Jakobs, MCP

 

[Chuck]

Greetings to All:

As the subject says, for some bizarre reason, my Windows XP SP2 station
refuses to appear in the network browse lists on our domain.

I checked the 'net config server' setting, and indeed the workstation is NOT
set to hide itself from the network browse list. This is the only place I
have ever seen this 'feature' configured.

Does anyone know of anywhere else I can look, either in registry, network
settings, or otherwise, where I can find out why this one station out of 10
new XP stations, refuses to appear in the browse list?

As the Net Admin, I should actually be grateful that something decided to
hide my system I use for Admin function from the rest of the network, but
having not explicitly set it myself, I am very curious why this is the only
station where this symptom appears.

TIA

Keith C. Jakobs, MCP

Keith,

Check the registry setting restrictanonymous.
<http://nitecruzr.blogspot.com/2005/07/restrictanonymous-and-your-server.html>
http://nitecruzr.blogspot.com/2005/07/restrictanonymous-and-your-server.html
And check for a misconfigured or overlooked firewall.
<http://nitecruzr.blogspot.com/2005/05/your-personal-firewall-can-either-help.html>
http://nitecruzr.blogspot.com/2005/05/your-personal-firewall-can-either-help.html

 

[Keith Jakobs, MCP]

Hi Chuck,

Thanks for your reply.

I checked both of the settings you referenced. First the firewall service
is NOT turned on (we have a corporate firewall, so by policy it is not
enabled at the workstation level).

As for the restrict anonymous setting, I looked in the registry under they
key you mentioned. Though restrictanonymous is set to 0, there is another
value there called 'restrictanonymoussam' that is enabled with a value of 1.
Could this be the culprit, or is it unrelated?

Thanks.

Keith C. Jakobs, MCP

 

[Chuck]

Hi Chuck,

Thanks for your reply.

I checked both of the settings you referenced. First the firewall service
is NOT turned on (we have a corporate firewall, so by policy it is not
enabled at the workstation level).

As for the restrict anonymous setting, I looked in the registry under they
key you mentioned. Though restrictanonymous is set to 0, there is another
value there called 'restrictanonymoussam' that is enabled with a value of 1.
Could this be the culprit, or is it unrelated?

Thanks.

Keith C. Jakobs, MCP

Keith,

Help me here, please. Were not either of these articles sufficiently clear?
You can help me help others here.

<http://nitecruzr.blogspot.com/2005/05/your-personal-firewall-can-either-help.html>
http://nitecruzr.blogspot.com/2005/05/your-personal-firewall-can-either-help.html
If you're going to run a third party firewall, you must disable Windows
Firewall, but only from the appropriate Control Panel applet - do not make the
mistake of stopping the Windows Firewall service. The Windows Firewall service
breaks several network services, if it is stopped.

Stop Windows Firewall from either the Security Center, or the Windows Firewall,
applet. Settings - Control Panel, then either:
* Security Center, and select Firewall Off.
* Windows Firewall, and select Off.
Please leave the Windows Firewall / Internet Connection Sharing (ICS) service
Started and Automatic, at all times.

<http://nitecruzr.blogspot.com/2005/07/restrictanonymous-and-your-server.html>
http://nitecruzr.blogspot.com/2005/07/restrictanonymous-and-your-server.html
NOTE there are two essential details in the name of the relevant registry
setting.
* CurrentControlSet is the relevant key node. ContolSet001, ContolSet002,
.... are mirrors of that key, and are not relevant when you're working on this
problem.
* restrictanonymous is the relevant value here. restrictanonymoussam is not.
Those are 2 separate values.

 

[Keith Jakobs, MCP]

Hello Chuck,

Yes, these articles were clear, but unfortunately they also didn't seem to
address my environment. At least not the one relating to the firewall.

First, Windows Firewall is disabled across our entire network using Group
Policy. No other station is exhibiting the 'hidden' issue with this service
disabled, and users are not prevented from accessing my station, it just
does not appear in the browse list. Secondly, enabling ICS has been
evaluated as a security risk under our risk management evaluation. Thirdly,
enabling the Windows Firewall in XP breaks most of the administrative
functions we depend on (e.g., remote registry, RPC calls, RDP, etc.) Our
environment is based on the assumption that we explicitly trust our users,
and we use a wide variety of third party products (SMB servers, third party
e-mail servers, linux/unix services, etc.). To enable a local firewall
would be administratively prohibitive. As I said, no other station on our
LAN of over 100 computers exhibits a problem with this setting (though
admittedly, only a handful of them are Windows XP). Also, with the firewall
disabled (actually, set to manual, and not started), we have not been
experiencing any of the 7023 errors indicated in the Knowledge Base article
that you pointed out.

Honestly, the biggest confusion in this topic, IMHO, is conjoining a
'firewall' service with a 'sharing' service. Such nomenclature is
contradictory and oxymoronic. These services should be implemented
separately by MS. In general, in my experience, the XP firewall service is
only useful in a home environment.... in a business environment already
protected by an external firewall, it introduces more issues and
administrative headaches than it solves. In a secure environment, any such
service (ICS) would be disabled by default until identified as needed.

Also, please note that the third party firewall I referred to is a network
level appliance between us and our ISP, not a third party application on
each station. Individual stations are NOT firewalled from each other.

So as I said, any settings related to firewalls are applied at the Group
Policy Level, which is not affecting any other XP station on my network.
However, for testing purposes, I went ahead and enabled it on the station in
question. I waited about 15 minutes and checked the browse lists again. It
still does not appear in the network browse list.

Secondly, my point about the restrictanonymoussam was that I did check the
setting you described, and was pointing out that it was NOT enabled, but
that the other value was. I did not think it was the same, but wanted to be
sure it was not related.

Any other suggestions?

Keith C. Jakobs, MCP

 

[Chuck]

Hello Chuck,

Yes, these articles were clear, but unfortunately they also didn't seem to
address my environment. At least not the one relating to the firewall.

First, Windows Firewall is disabled across our entire network using Group
Policy. No other station is exhibiting the 'hidden' issue with this service
disabled, and users are not prevented from accessing my station, it just
does not appear in the browse list. Secondly, enabling ICS has been
evaluated as a security risk under our risk management evaluation. Thirdly,
enabling the Windows Firewall in XP breaks most of the administrative
functions we depend on (e.g., remote registry, RPC calls, RDP, etc.) Our
environment is based on the assumption that we explicitly trust our users,
and we use a wide variety of third party products (SMB servers, third party
e-mail servers, linux/unix services, etc.). To enable a local firewall
would be administratively prohibitive. As I said, no other station on our
LAN of over 100 computers exhibits a problem with this setting (though
admittedly, only a handful of them are Windows XP). Also, with the firewall
disabled (actually, set to manual, and not started), we have not been
experiencing any of the 7023 errors indicated in the Knowledge Base article
that you pointed out.

Honestly, the biggest confusion in this topic, IMHO, is conjoining a
'firewall' service with a 'sharing' service. Such nomenclature is
contradictory and oxymoronic. These services should be implemented
separately by MS. In general, in my experience, the XP firewall service is
only useful in a home environment.... in a business environment already
protected by an external firewall, it introduces more issues and
administrative headaches than it solves. In a secure environment, any such
service (ICS) would be disabled by default until identified as needed.

Also, please note that the third party firewall I referred to is a network
level appliance between us and our ISP, not a third party application on
each station. Individual stations are NOT firewalled from each other.

So as I said, any settings related to firewalls are applied at the Group
Policy Level, which is not affecting any other XP station on my network.
However, for testing purposes, I went ahead and enabled it on the station in
question. I waited about 15 minutes and checked the browse lists again. It
still does not appear in the network browse list.

Secondly, my point about the restrictanonymoussam was that I did check the
setting you described, and was pointing out that it was NOT enabled, but
that the other value was. I did not think it was the same, but wanted to be
sure it was not related.

Any other suggestions?

Keith C. Jakobs, MCP

Keith,

Well, the browser visibility issue, with or without the 7023 error, has been the
main symptom reported here to date when there's a Windows Networking problem,
with Windows Firewall stopped. I used to have a Microsoft link to an article
mentioning both issues.

So I'm not sure why your other XP systems would not display this problem (I
presume that they don't?). I guess the only thing I can see for you to do is go
thru my tutorial, and see if there are any other settings that may be missing.
<http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html>
http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html

Other than that, I can just suggest that you examine the problem computer and
another Windows XP computer that doesn't have the browser visibility problem,
and look for differences. The browser is a pretty complicated subsystem, you
can read about it in my article, and linked articles:
<http://nitecruzr.blogspot.com/2005/04/nt-browser-or-why-cant-i-always-see.html>
http://nitecruzr.blogspot.com/2005/04/nt-browser-or-why-cant-i-always-see.html

Do you have any Windows 9x computers on your LAN?
<http://nitecruzr.blogspot.com/2005/05/windows-9x-9598me-and-browser.html>
http://nitecruzr.blogspot.com/2005/05/windows-9x-9598me-and-browser.html

Does the problem computer not advertise to ANY browser, or maybe just to the one
that your computer gets its Network Neighborhood from? What does browstat show?
<http://nitecruzr.blogspot.com/2005/05/browstat-utility-from-microsoft.html>
http://nitecruzr.blogspot.com/2005/05/browstat-utility-from-microsoft.html