|
How Servers Announce Themselves in Microsoft Networks
|
| bet | 3/6 | | Sana | 26.12.2019 | | Hajmi | 272 Kb. | | #5270 |
When a server is started, it announces itself by sending a host announcement to the master browser every minute. This announcement uses the special NetBIOS name of <1d>. As the computer continues running, the time between server announcements is increased until it eventually becomes once every 12 minutes. If the master browser has not received a server announcement from a computer for three announcement periods, the computer is removed from the browse list. Therefore, there might be up to a 36-minute delay between the time that a server goes down and the time that it is removed from the browse list. Client computers sometimes need to retrieve lists of domains, as well as lists of servers in those domains. To support this, when a browser becomes a master browser, it broadcasts a DomainAnnouncement datagram every minute for the first five minutes, and then broadcasts once every 15 minutes after that. Master browsers in domains and workgroups announce their presence to the special NetBIOS name of <01><02>MSBROWSE<02><01> and register their names with this group. Master browsers on other domains receive these DomainAnnouncement datagrams and add the specified domain to the browse list.
DomainAnnouncement datagrams contain the name of the domain, the name of the domain master browser, and whether the master browser is running Windows NT Server, Windows NT Workstation, or Windows 95. If the master browser is running Windows NT Server, the datagram also specifies whether that browser is the domain’s PDC. If a domain has not announced itself for three consecutive announcement periods, the domain is removed from the browse list. Therefore, a domain might be down for as long as 45 minutes before it is removed from the browse list. When a master browser is shut down correctly, it sends a ForceElection broadcast so that a new master browser can be elected. When a backup browser is shut down correctly, it sends an announcement to the master browser that it is shutting down. To do this, it sends a server announcement that does not include the browser service in the list of running services.
NetBIOS Special Names
In a LAN environment using any protocol or combination of protocols, all Microsoft network browsing activities are maintained using broadcasts and special NetBIOS names that identify the type of resource. All browsing services are provided on a per-protocol basis to prevent, for example, a NetBEUI-only client from enumerating a TCP/IP-only server in the process of querying the browser. The NetBIOS name space is not hierarchical, so all names must be unique on the network. Resources are identified by NetBIOS names, which are registered dynamically when the computer starts, a service starts, or a user logs on. The special NetBIOS names used in Microsoft networking are indicated by adding a hexadecimal value as a sixteenth byte at the end of the 15-character computer name or domain name. If the computer or domain name is less than 15 characters, spaces are used to pad the name to the sixteenth byte. The discussion of browsing in this paper uses the special NetBIOS names to explain how names are registered and resolved for browsing on Microsoft networks. The following table shows some of these special names:
Samples of NetBIOS Special Names
Special Name
|
Description
|
Registered unique user name:
|
|
<03>
|
Used to register the name of the user currently logged on in the WINS database so that users can receive net send commands sent to their user names
|
Registered unique computer names:
|
|
<00>
|
Used by Microsoft networking workstations to receive second-class mailslot requests. All workstations must add this name to receive mailslot requests. This is the computer name registered for workstation services by a WINS client.
|
<03>
|
Used as the computer name that is registered for the messenger service on a computer that is a WINS client.
|
<20>
|
Used as the name that is registered for the server service on a Windows NT–based computer that is a WINS client.
|
|
Used as the unique name that is registered when the Network Monitor agent is started on the computer.
|
|
Used as the group name that is registered when the Network Monitor agent is started on the computer. If this name is not 15 characters in length, it is padded with plus (+) symbols
|
<1f>
|
Used as the unique name that is registered for network dynamic data exchange (DDE) when the NetDDE service is started on the computer.
|
Registered group names:
|
|
<01><02>MSBROWSE<02><01>
|
Used by master browser servers to periodically announce their domain on a local subnet. This announcement contains the domain name and the name of the master browser server for the domain. In addition, master browser servers receive the domain announcements sent to this name and maintain them in their internal browse list along with the announcer’s computer name.
|
<00>
|
Used by workstations and servers to process server announcements to support Microsoft LAN Manager. Servers running Windows 95, Windows NT, Windows NT Server, and Windows for Workgroups do not broadcast this name unless the LMAnnounce option is enabled in the server’s properties.
|
<1b>
|
Used to identify the domain master browser name, which is a unique name that only the primary domain controller (PDC) can add. The PDC processes GetBrowserServerList requests on this name. WINS assumes that the computer that registers a domain name with the <1b>character is the PDC. The 1B entry is resolved to when NetGetDcName is called.
|
<1c>
|
Used for the internet group name, which the domain controllers register. The internet group name is a dynamic list of up to 25 computers that have registered the name. This is the name used to find a Windows NT domain controller for pass-through authentication. The 1C entry is resolved to when NetGetAnyDcName is called.
|
<1d>
|
Used to identify a segment master browser (not a domain master browser). The master browser adds this name as a unique NetBIOS name when it starts. Workstations announce their presence to this name so that master browsers can build their browse list.
|
<1e>
|
Used for all domain-wide announcements by browser servers in a Windows NT–based server domain. This name is added by all browser servers and potential servers in the workgroup or domain. All browser election packets are sent to this name.
|
The following example shows a sample NetBIOS name table for a Windows NT 4.0 primary domain controller (PDC), based on the list that appears if you type
nbtstat -n at the command prompt. This example shows the sixteenth byte for special names, plus the type of NetBIOS name (unique or group).
Node IpAddress: [157.56.60.111] Scope Id: []
NetBIOS Remote Cache Name Table
Name Type Status
---------------------------------------------
DOMAINPDC <00> UNIQUE Registered
DOMAINPDC <20> UNIQUE Registered
DOMAINNAME <00> GROUP Registered
DOMAINNAME <1C> GROUP Registered
DOMAINNAME <1E> GROUP Registered
DOMAINPDC <03> UNIQUE Registered
DOMAINPDC <1B> UNIQUE Registered
DOMAINPDC <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
In this example, several special names are identified for the Windows NT Primary Domain Controller (DOMAINPDC in the previous example) and the domain (DOMAINNAME), including the following:
computer\0x00 (shown as <00> in the example) indicates the computer name associated with the Workstation service.
computer\0x20 (shown as <20> in the example) indicates the computer name associated with the Server service.
domain\0x00 indicates the domain to which this computer belongs.
domain\0x1c indicates that the computer is a domain controller.
domain\0x1e indicates that this computer can serve as a backup browser in this domain.
computer\0x03 indicates the computer name associated with the Messenger service.
computer\0x1b indicates that this computer is the domain master browser.
computer\0x1d indicates that this computer is the segment master browser.
..__MSBROWSE__.\0x01 indicates that this computer is the segment master browser.
How Clients Receive Browser Information
When an application running on a client computer makes a NetServerEnum call, the client sends the call to a browser. If this is the first time this call has been made by an application on this client, the client must first determine which computers are the browsers in its workgroup or domain. This datagram is in the form of a Get Backup List Request datagram sent to the special NetBIOS <1d> name that the master browser has registered. This request is processed by the master browser for the client’s domain and subnetwork. The master browser then returns a list of browsers active in the workgroup or domain being queried, via the Get Backup List Response datagram. The client selects the names of three browsers from the list, and then stores these names for future use. The client computer randomly chooses a browser from one of the three browser names and calls NetServerEnum, requesting a list of servers or domains. The browser server returns the list to the client, which then can be displayed in Network Neighborhood.
If the user selects a domain name in the browse list, a new set of browser servers must be found for the new domain. In this case, a Get Backup List Request frame is sent to the new domain name. After a user selects a server, the browser is no longer involved in the process of contacting the server for a list of available resources. The transport protocols on the client computer use whatever name resolution methods are available to find and connect to the server. When the client workstation attempts to connect to a server, a NetBIOS session is established between the two computer names. For example, when a Windows NT–based client workstation on an IP network connects to a Windows NT Server, the following occurs:
The NetBIOS name for the server is resolved to an IP address.
A TCP connection is established from the client to the server.
The client sends a NetBIOS session request to the server name over the TCP connection.
The server responds affirmatively, and the session is established.
The client and server negotiate a higher-level protocol to use over the NetBIOS session.
Only one NetBIOS session at a time is established between two computers. Additional connections for file or printer sharing are multiplexed over the same NetBIOS session.
Microsoft TCP/IP and Name Resolution
All computers are on the same wire in the LAN environment, so a user can browse all workgroups and domains because the network client can communicate directly with all master browsers. Multiple workgroups and domains can coexist on a LAN without incident because both the unique and group NetBIOS names depend on the name of the workgroup or domain. Name resolution becomes more complex in the WAN IP environment, however, because the broadcasts and messages used for name resolution are not forwarded across routers automatically on TCP/IP networks. This section summarizes name resolution issues related to WAN browsing, depending on whether Windows NT–based WINS servers are available in the enterprise.
NetBIOS over TCP/IP
Microsoft TCP/IP uses NetBIOS over TCP/IP, as specified in RFC 1001 and RFC 1002, which define a software interface that supports name resolution for NetBIOS client and server programs in the WAN environment. All Microsoft networking products use NetBIOS over TCP/IP for registering and locating NetBIOS resources on IP networks. The various methods used for name resolution include the following:
NetBIOS name cache
NetBIOS name servers (implemented as WINS for Windows NT networks)
IP subnet broadcasts
Static LMHOSTS files
Static HOSTS files
DNS servers
The order of methods use for NetBIOS name resolution depends on the node type (as defined in RFC 1001/1002) and the particular computer configuration for TCP/IP. The following are the node types:
B-node, which uses broadcasts to resolve names
P-node, which uses point-to-point communications with a NetBIOS name server to resolve names
M-node, which uses broadcasts first (b-node), and then name queries (p-node) if broadcasts are not successful
H-node, which uses name queries first (p-node), and then broadcasts (b-node) if the name server is unavailable or if the name is not registered in the WINS database
If WINS is enabled on a Windows 95 computer, the system uses h-node by default. Without WINS, the system uses b-node by default. To see which node type is configured on a Windows NT–based computer, check the value for NodeType in the following registry key:
Hkey_Local_Machine\System\CurrentControlSet\Services\NetBT\Parameters\NodeType
Value Type: REG_DWORD - Number
Valid Range: 1,2,4,8 (b-node, p-node, m-node, h-node)
Default: 1 or 8 based on the WINS server configuration
For more information, see the following Knowledge Base article:
Q160177: Default Node Type For Microsoft Clients ID.
Computer Name and Host Name Resolution with NetBIOS
over TCP/IP
The following diagrams summarize the methods for attempting name resolution with TCP/IP.
|
| |
