Throughout this discussion of the Windows NT Browser, browsing has been discussed in terms of a routed LAN environment. This section covers how LAN switching affects the browser service.
LAN switching is a technology that replaces hubs and shared media with a switch. A switch is a device that operates at layer 2 and/or layer 3 of the OSI model, building dedicated segments between two computers, thus eliminating the congestion associated with shared media. The net effect of switches is increased bandwidth to the desktop. LAN switching builds upon the concept of microsegmentation, or the ability to provide a dedicated segment to the desktop. Each port on the switch provides that dedicated segment. Switches working at layer 2 of the OSI model have the ability to build tables that associate a specific port with MAC addresses, which then allows packets to be forwarded directly to the appropriate port.
A connection can be dynamically generated between two ports on the same switch or directly from a specific port to the default gateway. Switches can have multiple data streams passing through them simultaneously. However, when a switch receives a broadcast or multicast packet, the switch must flood all of the ports except the originating port. This is a technique known as broadcast flooding. Under this circumstance the switch is operating like a simple bridge, and a network that is built only on switch technology appears flat. A flat network is a network that is comprised of only one broadcast collision domain. A network that is reduced to one collision domain is susceptible to broadcast storms and does not scale well.
Modern switches support VLANs as a mechanism to administer and scale switched networks. The VLAN in its simplest form is a grouping or collection of specified ports that form a single collision domain. Advanced VLAN configurations can be defined on a per-protocol basis or even by a user-defined specification. VLANs provide a great amount of flexibility in designing collision domains.
Browsing in a switched environment follows the same principles that were established in the previous sections of this paper. Additionally, you should consider the impact of VLAN design on the collision domains. Do the VLANs map to the IP subnets or not? The same steps that were discussed in the troubleshooting browsing section still apply, but they must be extended to include the VLANs as collision domains. You can no longer just consider physical segments as collision domains; a VLAN may be the new broadcast boundary.
Appendix B:
The Multihomed Windows NT
Browser
For the PDC to build a single domain-wide list, it cannot be a multihomed server. Each master browser on remote segments establishes a connection to the PDC. Since there is no guarantee that every master browser will choose the same interface on the PDC, the PDC must be single-homed so that a single domain-wide list can be built. Also, all master browsers must also be single-homed. Every 12 minutes, the master browser connects to the PDC and requests the domain-wide list. The master browser then issues a Master Announcement Browser frame to the PDC, telling it to connect to the master browser and obtain its local lists. Since the PDC does not maintain separate IP addresses for each interface on the master browser, when the PDC connects to the master browser, it obtains only the list of computers and servers collected on that particular interface.
Windows NT 4.0 provides a new registry parameter that allows the computer browser service to be disabled on one or more network interfaces. When the UnboundBindings registry parameter is added, it enables a multihomed domain master browser to provide a comprehensive browse list to computers on all subnets.
For more information, see the following Knowledge Base articles:
Q158487: Browsing Across Subnets w/ a Multihomed PDC in Windows NT 4.0
Q133241: Browsing Domain Master Browsers w/ Multiple NICs and Protocols
Q135404: Multihomed Master Browser May Cause Event ID 8021 and 8032
Appendix C:
Windows NT Printer Browsing
Windows NT allows the familiar browsing mechanism found in File Manager to enumerate printers for remote printing. This appendix describes the mechanism used for print browsing in a Windows NT–based environment and the registry keys that affect its behavior.
Shared printers are found when a user browses for a printer in a domain. A remote procedure call (RPC) (EnumPrinters) is made to the browse master. The RPC returns only the computers in the browse list that have set the printer flag (SV_TYPE_PRINT) in their host announcements.
The following is a network trace fragment that illustrates a client browsing a Windows NT Print Server:
Client request:
SMB: C transact TransactNmPipe, FID = 0x80a
MSRPC: c/o RPC Request: call 0x1 opnum 0x0 context 0x0 hint 0x364
R_WINSPOOL: RPC Client call winspool:RpcEnumPrinters(..)
R_WINSPOOL: DWORD Flags = 64 (0x40)
R_WINSPOOL: STRING_HANDLE Name = \\NTSERVER
R_WINSPOOL: DWORD Level = 1 (0x1)
R_WINSPOOL: LPBYTE pPrinterEnum [..] = 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00...
R_WINSPOOL: DWORD cbBuf = 804 (0x324)
Server response:
SMB: R transact TransactNmPipe (response to frame 89)
MSRPC: c/o RPC Response: call 0x1 context 0x0 hint 0x338 cancels 0x0
R_WINSPOOL: RPC Server response winspool:RpcEnumPrinters(..)
R_WINSPOOL: LPBYTE pPrinterEnum [..] = 08 00 00 00 DA 02 00 00 B4 02 00 00
B2 02 00 00 08 00 00 00 58 02 00...
R_WINSPOOL: LPDWORD pcbNeeded = 460 (0x1CC)
R_WINSPOOL: LPDWORD pcReturned = 3 (0x3)
R_WINSPOOL: Return Value = 0 (0x0)
The network trace above shows the network client receiving back a response from the server containing information from the RPC call EnumPrinters.(Additional information on this function is available in the Win32 SDK.)
Windows NT Server- and Workstation–based computers update the browse master by default every 10 minutes with print share information. This is done by the AddPrinter function.
The following is a network trace fragment that demonstrates a client enumerating shared resources to the print browse master:
SMB: C transact TransactNmPipe, FID = 0x200c
MSRPC: c/o RPC Request: call 0x1 opnum 0x5 context 0x0 hint 0x11C
R_WINSPOOL: RPC Client call winspool:RpcAddPrinter(..)
R_WINSPOOL: STRING_HANDLE pName = \\NTSERVER
R_WINSPOOL: PPRINTER_CONTAINER pPrinterContainer {..}
R_WINSPOOL: DWORD Level = 1 (0x1)
R_WINSPOOL: (Untyped 1) PrinterInfo {..}
R_WINSPOOL: Switch Value = 1 (0x1)
R_WINSPOOL: LPPRINTER_INFO_1W pPrinterInfo1 {..}
R_WINSPOOL: DWORD Flags = 24 (0x18)
R_WINSPOOL: LPWSTR pDescription = 35780264 (0x221F6A8)
R_WINSPOOL: LPWSTR pName = 35781864 (0x221FCE8)
R_WINSPOOL: LPWSTR pComment = 12163832 (0xB99AF8)
R_WINSPOOL: LPWSTR pDescription = \\NTCLIENT\Lexmark Optra PS,Lexmark Optra PS,
R_WINSPOOL: LPWSTR pName = \\NTCLIENT\Lexmark Optra PS
R_WINSPOOL: LPWSTR pComment =
R_WINSPOOL: PDEVMODE_CONTAINER pDevModeContainer {..}
R_WINSPOOL: DWORD cbBuf = 0 (0x0)
R_WINSPOOL: LPBYTE pDevMode = 0 (0x0)
R_WINSPOOL: PSECURITY_CONTAINER pSecurityContainer {..}
R_WINSPOOL: DWORD cbBuf = 0 (0x0)
R_WINSPOOL: LPBYTE pSecurity = 0 (0x0)
The following is a list of registry entries that manipulate client and server behavior in regard to print browsing:
HLM\SYSTEM\CurrentControlSet\Control\Print
DisableServerThread – REG_DWORD
Range: 0 or 1
Default: 0 (false)
Set this to 1 (true) to disable the browse thread on the current computer. This thread is used to call other print servers to notify them that this printer exists.
ServerThreadTimeout – REG_DWORD
Range: Milliseconds
Default: 36,000 (36 seconds)
Specifies the amount of time that the ServerThread sleeps before it calls all the other print servers to notify them of the printers on this computer.
NetPrinterDecayPeriod – REG_DWORD
Range: Milliseconds
Default: 3,600,000 (1 hour)
Specifies how long to cache a network printer. The cache is used to present the list of printers when the browse dialog is used.
RefreshTimesPerDecayPeriod – REG_DWORD
Range: 1–5
Default: 2
Specifies how many times to inform the browse masters and backup servers per decay period. The default value is two times per hour. Do not set a 0 value if you specify both RefreshTimesPerDecayPeriod and ServerThreadTimeout; the system waits for the maximum of either the ServerThreadTimeout or the RefreshTimesPerDecayPeriod.
At system startup, the Windows NT Service Controller starts Services.exe (formerly Lmsvcs.exe, the LanmanServer service). For each service under its control, Services.exe creates a thread that begins execution at the service’s service routine entry point. The browser service’s service routine, in Browser.dll, proceeds as follows:
Registers a service control routine for the browser service stop, pause, and continue
Initializes the service from any hard-coded, registry, or command-line parameters
Sends initialization information to the kernel mode datagram receiver (Browser.sys/Rdr.sys) code
Starts the thread that does the actual work of the service
Browser.dll is a user mode component responsible for maintaining the browse list, forwarding APIs, and managing the various roles of the browser. When using Wnet functions to browse Windows NT network resources, the functions resolve, by the NTLM API (NETAPI32.DLL), to the NTLM service DLL Browser.dll. Browser.dll uses an internal API to work with the kernel mode NTLM datagram receiver to carry out the requested resource browsing functions. Both Lmsvcs.exe and Services.exe can be found under \\System32 for their respective operating system versions.
The kernel mode portion of the browser functions as a datagram and remote mailslot receiver (second-class datagram-based mailslot messages). Datagrams of interest to browser services include NetServerEnum. In Windows NT 3.1, the kernel mode functions resided in Browser.sys, but for Windows NT 3.5x and Windows NT 4.0 these functions are incorporated into Rdr.sys.
All browser datagrams destined for computers running LAN Manager, Windows for Workgroups–, Windows 95–, Windows NT Workstation–, or Windows NT Server–based computers are sent to the mailslot name \Mailslot\Lanman. Browser datagrams destined only for computers running Windows NT Workstation or Windows NT Server are sent to the mailslot name \Mailslot\Msbrowse. Both Browser.sys and Rdr.sys are located in \\System32\Drivers.
| 