Stumped - Duplicate Name problem reoccuring 3

[djhawthorn]

Ok, this really has me stumped and is starting to become a major problem. I have two NT4 servers - a PDC and a BDC. The PDC runs a WINS Service (amongst other things).

Yesterday I got problems where staff couldn't access a shared folder on the BDC. I had a look, and in the event log was this:

Event ID: 4320
Source: NetBT
Description: Another machine has sent a name release message to this machine probably because a duplicate name has been detected on the TCP network. The IP address of the node that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

I ran nbtstat -n and found it was BDC[20] in conflict (which I believe is the Computer Browser service). Reboot the server, same problem. Turn off the WINS service on the PDC, reboot the BDC, and it comes up fine, but as soon as I restart WINS, the BDC falls over again with the duplicate name error.

So I had to leave WINS turned off, but I can't leave it off for long as its causing name-resolution problems now with servers across the WAN (outside our subnet but on other trusted domains).

This morning I tried turning it back on, and it seemed to work (for a moment) - but then I noticed the PDC had stopped working - it now had the duplicate name problem. Also, people started complaining the services on the BDC had "stopped". So I did a bit of fiddling, turned off WINS, and got both servers running again.

However, I am still getting these NetBT error messages in the Event Log. I have checked the data for the IP address, and it is telling me the name release demands are coming from various PCs around the network. None of them have the same name as the PDC/BDC.

I looked at the KB article

http://support.microsoft.com/default.aspx?scid=KB;EN-US;q269239&

, which says to install a patch to update the netbt.sys file, and apply a registry hack. This will tell the box to "ignore any name release messages from anything but the WINS server it has in its list". Basically designed to stop a DoS attack. So I've installed this patch on both servers, and as such they are ignoring those name release messages. But I know as soon as I turn on that WINS server, one or both the PDC and/or BDC will fall over.

The boxes sending the name release packets (or the ones I've checked anyway) have nothing in their HOSTS file, they don't use the LMHOSTS file, and they all have their own individual computer names, hostnames, and user names (of the user logged in), and none conflict with the PDC/BDC's name.

I have re-service packed both boxes to no effect.
I have emptied the local WINS database to no effect.
I have removed the static entries for those servers at a remote site, to no effect.
Both the PDC and BDC have nothing in their HOSTS/LMHOSTS files.

This seemed to start happening when we changed our IP address range from a.b.c.d to w.x.y.z. The servers IP addresses changed, but not their names. I am thinking I may need to give them brand new names to solve the problem, but being servers this is not a very nice option as things like printers are hard coded to those names.

I am also thinking I could remove the WINS entries from both those servers - leaving them without a WINS server to use, (which would presumably mean they would ignore all name release packets given the security patch), but I don't really want to do this either.

Anyone got any ideas of what I might be able to try to fix this problem? One way or another, I need to get WINS up and running again ASAP. MCSE NT4/W2K

 

[CoolClark]

Try recreating the WINS database. Here's a link:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q168712&

 

[djhawthorn]

Thanks... if only it were that easy.
With offices around the globe (different time zones) and a LOT of replication, rebuilding all WINS Servers at the same time (so we don't replicate the bad entries) will be next to impossible. MCSE NT4/W2K

 

[globalstrata]

Make sure that the servers that are running WINS have both the primary and secondary WINS pointing to themselves.

Also, are you running multiple WINS. Make sure that you remove all all replication pointers from all the WINS servers, then empty the database and re-stup the replication so all WINS servers replicate with one central WINS. Don't mesh replications.

I had this problem several years ago and this is what Microsoft asked me to do and it fixed the problem.

Gladys I. Rodriguez - MCSE, CCDA, MCP+I
GlobalStrata Solutions Inc.

http://www.globalstrata.com

 

[SgtB]

To supplement CooClark's idea;
Tombstone everything in your WINS database. Once the tombstones get replicated to every other WINS server, you can kill your WINS database and start over. This way all your bad entries will not be replicated back to you since the bad entries are tombstoned on the other servers.

This is just an idea off the top of my head, and may cause other problems, as I have not thought this through to completion.

I have no idea how you'd be able to funciton an NT domain w/o WINS, so this idea may cause all sorts of logon problems.

You already mentioned another possible solution. Take the BDC down, backup everthing. Tombstone everything in WINS in regards to that BDC's name. Then rebuild the BDC with a different name. Thus creating new (and correct) WINS entries.

These are just ideas!

Hope it helps a little!

 

[djhawthorn]

I'm hoping that all the entires will have expired by now. The WINS Service has been turned off for a full week now, and I'll start it up (and see what happens) tomorrow or Saturday.

However, I'm STILL getting tons of "Another machine has sent a name release message to this machine" alert in the event log of both PDC and BDC, and all from various NT4 Workstations (desktop PCs) around the office. I can't understand why these messages are happening - its ludecrous. None of those machines have any name that belongs to either of the servers. It's not just one or two PCs either - its lots of them. MCSE NT4/W2K

 

[SgtB]

Are those messages in regards to Computer Browser? The ones from the other workstations?
This could be a side effect of not having a WINS server on an NT domain. Just a thought.

Good luck on Saturday! Let us know what happens!

 

[djhawthorn]

SgtB: possibly. The problem with the MS patch telling the server to ignore such messages, is you can't Use nbtstat -n in a command window to see which name is in the Conflict state, as nothing shows up as being in conflict. Thus I could only guess that you may be right.

Thanks for the offers of support though. Will see what happens over the weekend... MCSE NT4/W2K

 

[djhawthorn]

Update.. Just fenergalled with the two servers. Started WINS, got lots of immediate conflicts on the PDC, BDC stayed fine. I checked the WINS database, and found some static entries referring to the old IP address range. Now I GUARENTEE with utmost certainty that I had long-ago removed them, and had checked the static database when this problem occured. I had also deleted the database, so (can static entries be replicated, then appear "local" on the static entries page?).

Anyway, I threw in the servers IP address for its secondary WINS server, and rebooted the thing. It's come up fine..

I had two more "Duplicate Name" thinies in the Event Log - messages coming from the BDC, but I would presume (as you suggested SgtB) that they are all Computer Browser services..

Anyway, both servers seem to have no conflicts, so will leave all running for now and will check them both again Sunday night.

Thanks all for the help... hopefully this is the last of the recurring problem :|. MCSE NT4/W2K