WINS-WINS Situation

In one domain where the servers seem to be missing, setting up WINS correctly may be the quick fix.

Bill: I'm an administrator in a small firm. We just opened up a branch office that connects to the main office via a VPN. I can ping all the servers in the home office from the desktops in the branch office using their IP addresses, so I know I have good network connections, but the servers don't appear in My Network Places and I can't ping them by name. Only the machines in the branch office show up in My Network Places. What's going on?
—Ralph

George: This is a classic Windows issue that fortunately has a simple fix. It involves a process called Browsing.

Every subnet has one Windows server (or a desktop with the Server service running) that takes on the role of Subnet Master Browser. The server assumes this role via an election process designed to select the most capable platform. If everything works correctly, servers win the election over gaggles of workstations and domain controllers win the election over member servers. The actual hierarchy is a little more convoluted than this, but you get the picture.

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:boswell@101com.com; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

The Subnet Master Browser keeps a little database of all the Windows servers on its subnet and their shared resources. It enlists the help of one or more Backup Browsers to host a copy of this database. When you open My Network Places, the desktop locates the Subnet Master Browser either using WINS or by broadcasting. The Subnet Master Browser refers the desktop to a Backup Browser, which delivers the contents of the database that you see in Explorer as a list of servers and their shared folders or shared printers.

Here's where things get interesting. Each Subnet Master Browser communicates its local browse database to a server called the Domain Master Browser. This is always the PDC of the domain, or the PDC Emulator in an Active Directory domain. The Domain Master Browser consolidates the various local subnet databases into a single master database which it then replicates to each of the Subnet Master Browsers. The Subnet Master Browsers replicate the consolidated database to the Backup Browsers.

Without a copy of the consolidated browse database, a Subnet Master Browser only knows of servers in its local subnet, which is the issue you're having in your branch office. To solve your problem, you need to figure out why the Subnet Master Browser isn't getting a copy of the consolidated database from the PDC Emulator.

The most common cause of the problem is improper WINS configuration. The Domain Master Browser registers a resource record in WINS. If a Subnet Master Browser needs to find this resource record before it can request a copy of the consolidated database.

In your setup, Ralph, you should have two WINS servers in the main office, one to act as primary WINS server and the other to act as a secondary for fault tolerance. Configure the two servers as push-pull replication partners. Point all Windows clients in both offices at the main WINS server for their primary server and the other WINS server as their secondary server.

If this does not solve the problem, identify the local Subnet Master Browser so you can figure out why it's misbehaving. Microsoft provides a tool in the Resource Kit called Browmon. The Browmon utility shows you the Domain Master Browser and Subnet Master Browser and Backup Browsers. Sometimes a Windows 9x box will insist on assuming the role of Subnet Master Browser even though a more capable machine should win the browse election. This can cause browsing problems. A Registry entry called MaintainServerList controls whether a machine will become a browser. Take a look at KnowledgeBase 136712 "Common Questions About Browsing with Windows" for details.

Hope this helps.

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

comments powered by Disqus

Reader Comments:

Sat, Jun 18, 2005 Anonymous Anonymous

I once solved a mole hill in the fiel;d with a small hand grenade!

Wed, Dec 29, 2004 Rick NJ

I went through something similar, only to find out that my firwall was on while I was on the network. You can do that, but you nedd toi config the firewall to do so. Might be worht taking a look

Wed, Mar 3, 2004 John Howard Oxley Atlanta, GA

This is a good answer if you assume WINS and NetBIOS - NetBEUI are in use. But if a network is native 2000, you can just use TCP-IP (strange, the 'slash' character is not supported by this comment box. How is browsing supported in the absence of WINS? That is the question I would like to see more information about.
Browsing is one of those "plumbing" issues which don't receive the attention they should, and can cause real problems.

Wed, Feb 25, 2004 Anonymous Anonymous

Disable Netbios over TCP-IP on the client VPN connection. Don't make a mountain out of a molehill.

I have solved this issue in the field before. This is the correct fix.

Wed, Feb 25, 2004 Anonymous Anonymous

Obviously there are lots of variables here, judging from all of the quality responses. 2 things I might add -
Ralph works for a small company. He doesn't mention whether he is in a domain or workgroup environment.
If it's a workgroup, then there is no Domain Master Browser and therefore each subnet has a workgroup that is an island unto itself.
However, this is more than a browsing problem. As he says, he can't ping by name so he is probably trying to rely on NetBIOS broadcasts, which might not won't work across the VPN connection. It sounds as though there are no DNS or WINS servers that the remote clients are pointing to.
As for the value of browsing, it's overrated and it's pretty apparent that MS is trying to get users to use other methods, such as "Search Active Directory".

Wed, Feb 25, 2004 Anonymous Anonymous

Actually, all he needs to do is disable Netbios over TCP-IP on his VPN connection. He will then be able to map shares on servers other than the VPN server he is directly connected to by name instead of IP. The problem is very common, and I'd try this standard fix before upgrading the whole network.

Tue, Feb 24, 2004 Claus Holm-Jensen Anonymous

Very detailed, very describing, very good response to a common problem - thank you !

Tue, Feb 24, 2004 Anonymous Anonymous

The article has most if not all the solutions and sheds light on a very dark area.

Tue, Feb 24, 2004 mrmmills Texas

The other non scalable solution would be to add the entries to his hosts or lmhosts file, correct? I seem to remember doing something like this back in 1998 with win98 and NT4 when using 2 seperate networks. Of course if he is using DHCP on the network then he would have to reconfigure the hosts or lmhosts file way to much....

Tue, Feb 24, 2004 Luke Edson TX

An important ommision in the article is the fact that if you have a firewall between the VPN connection, you have to open it to allow browser traffic to pass from one network to the other. I just recently helped someone with the exact same problem.

Tue, Feb 24, 2004 JutMan NJ

The problem the that the VPN is not carrying browser traffic and the remote PC's are also probably trying to contact a PC in the local area of it's network only. The since VPN connection are generally setup to timeout because of non-use the VPN link will not carry broadcast packets. If WINS is not an option have the PC's receive a hosts file containing the remote servers ip address / name information (\%systemroot%\system32\drivers\etc\hosts). This hosts file is contacted first before any other source is queried. A Hosts file implementation will be harder to maintain for a large number of PC's but a WINS implementation will require all other sources to timeout as it is the LAST source for name to IP address mapping. The order is hosts file -> DNS -> WINS.
To Editor: If you are going to give a solution at least give all the information and do not leave out all the critical pieces that have to be addressed. Half of the solution to a problem is no solution.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.