TCP/IP, NetBIOS, NetBT & WINS Troubleshooting
This page deals with TCP/IP & NetBIOS problems. You can find other network troubleshooting resources here:
- Wireless & Bluetooth
- Tutorials and General Network Troubleshooting
- Network File Sharing and Offline Files
- Network Printing
- Internet Connection Sharing
- DSL, Cable & Dialup Modems
- Remote Assistance
- Remote Desktop and Terminal Services Client
- Virtual Private Networking
TCP/IP, NetBIOS, NetBT & WINS
 |
In Microsoft Windows XP, the TCP/IP stack is considered a core component of the operating system, and you cannot remove TCP/IP. Therefore, when you view the list of components for a network interface, you may notice that the Uninstall button is disabled when Internet Protocol (TCP/IP) is selected. In extreme cases, the best solution for this issue may be to reinstall the Internet Protocol stack. But with the NetShell utility, you can reset the TCP/IP stack to restore it to its state that existed when the operating system was installed. This article describes how to use the NetShell utility for this purpose.  |
||
 |
Describes how to determine the cause of TCP/IP networking problems by using the basic and advanced diagnostic tools that are included in Windows XP. |
||
 |
This article provides information about port assignments for various TCP/IP ports. This was previously documented in RFC 1700. The assignments are now listed as living documents, regularly updated and revised when new information is available and new assignments are made. |
 |
 |
 |
After you install Simple TCP/IP Services (SimpTcp) and Print Services for UNIX, the following two SimpTcp warning messages may appear when the Simple TCP/IP service starts: Event Type: Warning Event Source: SimpTcp Event Category: None Event ID: 19 Description: The Simple TCP/IP Services could not open the TCP QOTD port. The TCP QOTD service was not started. |
||
|
Windows supports file and printer sharing traffic by using the Server Message Block (SMB) protocol directly hosted on TCP. This differs from earlier operating systems, in which SMB traffic requires the NetBIOS over TCP (NBT) protocol to work on a TCP/IP transport. Removing the NetBIOS transport has several advantages, including:
|
||
|
When you run a program that uses the Windows Sockets API, you may experience slow performance when you copy data to a TCP server. If you make a network trace with a network sniffer such as Microsoft Network Monitor, the TCP server sends a TCP ACK segment to the last TCP segment in a TCP data stream in the delayed acknowledgement timer (also known as the delayed ACK timer). By default, for Windows operating systems, the value for this timer is 200 milliseconds (ms). A typical data flow for sending 64 kilobytes (KB) of data looks similar to the following sequence: Client->Server 1460 bytes Client->Server 1460 bytes Server->Client ACK Client->Server 1460 bytes Client->Server 1460 bytes Server->Client ACK .... Client->Server 1460 bytes Client->Server 1460 bytes Server->Client ACK-PUSH Client->Server 1296 bytes -> delayed ACK 200 ms |
||
|
|
|||
|
The Windows Kerberos authentication package is the default authentication package in Microsoft Windows Server 2003, in Microsoft Windows XP, and in Microsoft Windows 2000. It coexists with the NTLM challenge/response protocol and is used in instances where both a client and a server can negotiate Kerberos. Request for Comments (RFC) 1510 states that the client should send a User Datagram Protocol (UDP) datagram to port 88 at the IP address of the Key Distribution Center (KDC) when a client contacts the KDC. The KDC should respond with a reply datagram to the sending port at the sender's IP address. The RFC also states that UDP must be the first protocol that is tried. A limitation on the UDP packet size may cause the following error message at domain logon: Event Log Error 5719 Source NETLOGON No Windows NT or Windows 2000 Domain Controller is available for domain Domain. The following error occurred: There are currently no logon servers available to service the logon request. Additionally, the Netdiag tool may display the following error messages: Error message 1 DC list test........... : Failed [WARNING] Cannot call DsBind to COMPUTERNAMEDC.domain.com (159.140.176.32). [ERROR_DOMAIN_CONTROLLER_NOT_FOUND] Error message 2 Kerberos test........... : Failed [FATAL] Kerberos does not have a ticket for MEMBERSERVER$.] The Windows XP event logs which are symptoms of this issue are SPNegotiate 40960 and Kerberos 10. |
||
|
Microsoft Windows XP Service Pack 2 (SP2) includes Windows Firewall. Windows Firewall is an enhanced version of Internet Connection Firewall (ICF). Windows Firewall is a host-based, stateful, filtering firewall that discards unsolicited incoming traffic through TCP/IP version 4 (IPv4) connections, and through TCP/IP version 6 (IPv6) connections. By default, Windows Firewall is enabled on computers that are running Windows XP SP2. Because Windows Firewall is enabled, Microsoft SQL Server cannot listen to the network, even if it was previously configured to do this. This article describes how to manually enable TCP/IP on computers that are running Microsoft Windows XP Service Pack 2 (SP2) for Microsoft SQL Server 7.0, and how to configure Windows Firewall in Windows XP SP2 to enable SQL Server 7.0 to listen for TCP/IP traffic on a static port. |
|
|
|
When you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Microsoft Windows Server 2003-based computer, the failover process does not occur. The computer may stop responding. Note: This article applies to Microsoft Windows XP Professional x64 Edition. |
||
|
Consider the following scenario:
|
||
|
On a computer that is running Microsoft Windows Server 2003 or Microsoft Windows XP, TCP packets are retransmitted if the TCP acknowledgement (ACK) packet is delayed for more than 300 milliseconds (ms). The ACK packet is transmitted between a server and a domain controller. |
||
|
TcpAckFrequency is a new registry entry in Microsoft Windows XP and Microsoft Windows Server 2003 that determines the number of TCP acknowledgments (ACKs) that will be outstanding before the delayed ACK timer is ignored. |
||
|
When you use the Add Standard TCP/IP Printer Port Wizard in Microsoft Windows XP or Microsoft Windows 2000, you may receive the following error message: Error loading the TCP MIB library. When you click OK, you receive the following additional error message: Specified port cannot be added. Operations could not be completed. When you click OK, the Add Standard TCP/IP Printer Port Wizard quits, and no port is added. |
|
|
|
In communication streams where there is bidirectional traffic, the TCP congestion window may not return to an optimal length for the network conditions. |
||
|
After you run the System Preparation tool (Sysprep.exe) mini-Setup Wizard, TCP/IP settings that were statically entered, such as DNS server settings, may be lost. Also, the computer configuration settings may return to obtaining an IP address automatically. |
||
|
This article describes how to use automatic Transmission Control Protocol/Internet Protocol (TCP/IP) addressing without a Dynamic Host Configuration Protocol (DHCP) server being present on the network. The operating system versions listed in the "Applies to" section of this article have a feature called Automatic Private IP Addressing (APIPA). With this feature, a Windows computer can assign itself an Internet Protocol (IP) address in the event that a DHCP server is not available or does not exist on the network. This feature makes configuring and supporting a small Local Area Network (LAN) running TCP/IP less difficult. |
||
|
When you view a capture created in the Network Monitor tool, the checksum for the TCP header may show as being corrupted. |
||
|
You experience slow TCP/IP performance and long data transfer delay times on a Microsoft Windows Server 2003-based computer or on a Microsoft Windows XP Professional x64 Edition-based computer. This behaviour causes some time-critical applications to fail. Additionally, other users take a long time to log on to the domain. This problem occurs if the following conditions are true:
|
|
|
|
This article discusses the Port Reporter tool. The Port Reporter tool runs as a service on computers that are running Windows Server 2003, Windows XP, and Windows 2000. The tool logs TCP and UDP port activity. This article contains information about how to obtain and install the tool. When you install the tool, the Setup program creates the appropriate registry entries and installs the Port Reporter service. This article also contains information about how to use start parameters to configure the Port Reporter service and information about the Port Reporter log files that are generated by the Port Reporter service. |
||
|
If you try to set up TCP connections from ports that are greater than 5000, the local computer responds with the following WSAENOBUFS (10055) error message: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full. |
||
|
Portqry.exe is a command-line utility that you can use to help troubleshoot TCP/IP connectivity issues. Portqry.exe runs on Windows 2000-based computers, on Windows XP-based computers, and on Windows Server 2003-based computers. The utility reports the port status of TCP and UDP ports on a computer that you select. Note: Version 2 of Portqry.exe is now available. The Microsoft Download Center link at the end of this article has been updated to reflect the new version. Version 1.0 of Portqry.exe has been removed from the Microsoft Download Center. |
||
|
This article describes TRACERT (Trace Route), a command-line utility that you can use to trace the path that an Internet Protocol (IP) packet takes to its destination. This article discusses the following topics: How to Use the TRACERT Utility; How to Use TRACERT to Troubleshoot; How to Use TRACERT Options. |
||
|
n a Microsoft Windows XP Service Pack 2 (SP2)-based computer, when you map a network drive or connect to a network share by using a UNC path name such as \\server_name\share_name, the following event log warning entry may be written in the System Event log: Event ID: 3019 Source: MRxSmb Type: Warning Description: The redirector failed to determine the connection type. This problem can occur when NetBIOS over TCP/IP (NetBT) tries to query a loopback adaptor as a destination device to determine network speed. The loopback adaptor does not handle speed negotiation. Therefore, the loopback adaptor cannot negotiate network speed. |
|
|
|
By default, Windows Terminal Server uses TCP port 3389 for client connections. As a security option, you may want to change this port. This article describes how to change the default listening port in the Terminal Server Web Client. |
||
|
When you try to connect your computer to a network, you may receive the following error message: An operation was attempted on something that is not a socket. This symptom occurs on a computer that obtains an IP address from a Dynamic Host Configuration Protocol (DHCP) server. If you assign a static IP address to your computer, you do not receive this message. |
||
|
You may not be able to connect to an instance of SQL Server, and you may receive one of the following error messages. Error message 1 [Named Pipes]SQL Server does not exist or access denied. [Named Pipes]ConnectionOpen (Connect()). Error message 2 Unable to connect to server <SQL Server instance name> Server: Msg 17, Level 16, State 1 [Microsoft][ODBC SQL Server Driver][Named Pipes]SQL Server does not exist or access denied. Error message 3 Cannot connect to <SQL Server instance name> This behavior occurs when you do one of the following:
|
||
|
Consider the following scenario. You are working on a Microsoft Windows XP-based computer for which the following conditions are true:
|
||
|
After you update to Microsoft Windows XP Service Pack 2 (SP2) or to Microsoft Windows XP Tablet PC 2005, you cannot change the name of an excepted TCP or User Datagram Protocol (UDP) port in an interface by using the Netsh.exe tool and the following Netsh command: netsh firewall set portopening protocol=[TCP|UDP] port=value name=new_port_name interface="interface_name" When you use this command, the Netsh.exe tool will return the message "OK." However, if you type Netsh firewall show port, the port name will remain unchanged. |
|
|
|
On Windows XP-based computers that are configured as members of a workgroup in a peer-to-peer network environment, you may experience one or more of the following symptoms:
This behaviour may occur if all the following conditions are true:
|
||
|
After you remove McAfee Personal Firewall, one or more of the following issues may occur:
|
||
|
You set the Configure Slow Link Speed Group Policy so that networked computers use offline files when those computers access a network share over a slow connection. However, Microsoft Windows XP-based computers go offline and use the Offline Files feature even when the network to which these computers are connected has sufficient speed and bandwidth available. This problem occurs because Windows XP does not correctly calculate the network throughput over a TCP/IP connection. When TCP reports the network throughput in this situation, no averaging is performed against the reported network speeds. Instead, TCP reports only the throughput of the most recent send operation. Therefore, the reported network speeds may greatly vary. |
||
|
When you connect a Microsoft Windows XP Home Edition-based computer to a network that has Microsoft Windows Millennium Edition-based computers connected to it, the Windows XP Home Edition-based computer will be not be able to connect to any of the Windows Millennium Edition-based computers on the network. This problem may occur if the Windows Millennium Edition-based computers do not have the TCP/IP network protocol installed. By default, Windows XP uses the TCP/IP networking protocol to connect to other computers on a network. |
||
|
If you try to set up TCP connections from ports that are greater than 5000, the local computer responds with the following WSAENOBUFS (10055) error message: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full. |
|
|
|
When you connect to a network from a Microsoft Windows XP Starter Edition-based computer, the Network Status icon may not correctly indicate when the network is connected. The Network Status icon may show the following message: Acquiring network address This message appears even though the network connection has already acquired an IP network address. |
||
|
When you view a capture created in the Network Monitor tool, the checksum for the TCP header may show as being corrupted. |
||
|
When you shut down a Microsoft Windows XP-based computer, you may receive a "Stop 0xD1 in TCPIP.SYS" error message. You must then turn off and then turn on the computer to recover. User profile changes may be lost. When you restart the computer, you may receive the following error: Windows has recovered from a serious error These symptoms may not occur every time that you shut down the computer. |
||
|
You may notice slow copy performance when you copy files from a Windows XP-based client computer to a Windows 2000-based domain controller (when you use the Server Message Block [SMB] protocol). This slow performance occurs only when you copy files from a Windows XP-based client to a Windows 2000-based domain controller (push mode) and not when you copy files from the domain controller to the client (get mode). The slow SMB performance may occur if a delayed TCP/IP acknowledgement (also known as a TCP ACK) occurs in a "SMB: C NT transact - Notify Change" packet. Typically, this issue occurs if you use Windows Explorer to copy the files to a domain controller. However, this issue may also occur if you use a command prompt to copy files or if the focus is on the destination folder in Windows Explorer (when the Change notification is involved). This issue occurs as soon as you perform an SMB copy procedure (from any program) to a remote target folder that has been also invoked by a "change notification" request (from any program). |
||
|
This article discusses the essential network ports, protocols and services that are used by Microsoft client and server operating systems, server-based programs and their subcomponents in the Microsoft Windows server system. Administrators and support professionals may use this Microsoft Knowledge Base article as a road-map to determine what ports and protocols Microsoft operating systems and programs require for network connectivity in a segmented network. The port information in this article should not be used to configure Windows Firewall. |
|
|
|
When you list the contents of a remote folder to which your computer is connected by TCP/IP, the results may take much more time to display than when you view a local folder. |
||
|
On a computer that is running Microsoft Windows XP with Service Pack 2 (SP2), programs that connect to IP addresses that are in the loopback address range may not work as you expect. For example, you may receive an error message that says that you cannot establish a connection. |
||
|
Consider this scenario: You have a client computer that is running Microsoft Windows XP and a server that is running Microsoft Windows Server 2003. Programs that access data files on the client or on the server and that perform byte range locking operations may fail because of a connectivity problem. You may receive an error message that is similar to the following: Error 64: The specified network name is no longer available. The error message may vary with the program. |
||
|
After you install the free version of Pretty Good Privacy version 7.03, you may be unable to browse the Internet or connect to an IP-based network. When you try to establish a Dial-Up Networking or RAS connection, you may receive the following error message: Unable to Negotiate Connection ------------------------------ PGP Error Cannot establish connection with the PGP SDK service. [OK] When you try to start PGPTray and PGPKey, you may receive the following error message: Launching PGPDisk: ------------------ PGPDisk The PGPDisk application could not start because: "PFLError #-11939." [OK] |
||
|
After you install Microsoft Windows XP Service Pack 2 (SP2), you may experience a significant slowdown in network performance and in data throughput on your computer. This issue may occur because Windows Firewall does not work correctly with Large Send Offload (LSO) if all the following conditions are true:
|
|
|
|
NBLookup is a command line diagnostic tool that uses the User Datagram Protocol (UDP) to send NetBIOS name queries to Microsoft Windows Internet Naming Service (WINS) servers. NBLookup requires TCP/IP version 4 to run. WINS servers accept name resolution requests on UDP port 137. |
||
|
When you have a program that sends IP multicasts with a time-to-live (TTL) setting of 0 (zero) to communicate with other local programs, multicasts with a TTL setting of 0 should not be transmitted on the network (they should only be looped back to other programs in the local computer). However, if you monitor network traffic you see that IP multicasts with a TTL setting of 0 are transmitted on the network. This may cause the network to become overloaded. |
||
|
This article discusses the LMHOSTS file. The LMHOSTS file is a local text file that maps IP addresses to NetBIOS names of remote servers that you want to communicate with over the TCP/IP protocol. |
||
|
Some of the IP addresses that are assigned to a DHCP client in a Microsoft Windows XP environment are marked as BAD_ADDRESS in the DHCP server address lease table. This issue occurs even though the IP addresses that are assigned to a DHCP client are not duplicates. For example, this issue may occur when you perform the following procedure on a network that has a DHCP server:
|
||
|
A new registry parameter, MaximumReassemblyHeaders, has been added to Windows NT 4.0 Service Pack 5 (SP5) and above and Windows 2000 to limit the number of the Internet Protocol (IP) reassembly headers the Transmission Control Protocol (TCP)/IP stack allows. |
|
|
|
Windows XP includes TCP/IP-based printing. You can use Print Services for UNIX to: Make your Windows computer work as a Line Printer Daemon (LPD) and Remote Line Printer client; Manage print jobs from remote UNIX clients; Send print jobs to UNIX servers. |
||
|
There may be instances when you experience name resolution issues on your TCP/IP-based network and you need to use an LMHOSTS file to resolve NetBIOS names. This article describes how to create an LMHOSTS file to aid in name resolution and domain validation. |
||
|
This article defines the term "black hole" router, describes a method of locating black hole routers, and suggests three ways to avoid the data loss that can occur because of a black hole router. On a TCP/IP-based wide area network (WAN), communication over some routes may fail if an intermediate network segment has a maximum packet size that is smaller than the maximum packet size of the communicating hosts--and if the router does not send an appropriate Internet Control Message Protocol (ICMP) response to this condition or if a firewall on the path drops such a response. Such a router is sometimes known as a "black hole" router. You can locate a black hole router by using the Ping utility, which is a standard utility that is installed with the Microsoft Windows TCP/IP protocol. You can then use one of three methods of fixing or working around black hole routers. When a network router receives a packet that is larger than the size of the Maximum Transmission Unit (MTU) of the next segment of a communications network, and that packet's IP layer "don't fragment" bit is flagged, the router is expected to send an ICMP "destination unreachable" message back to the sending host. If the router does not send a message, the packet might be dropped, causing a variety of errors that vary with the program that is communicating over the unsuccessful link. (These errors do not occur if a program connects to a computer on a local subnet.) The behavior may seem intermittent, but closer examination shows that the behavior can be reproduced, for example, by having a client read a large file that is sent from a remote host. |
||
|
This article describes how to enable SQL Server connectivity on Windows XP Service Pack 2. By default, Windows Firewall is enabled on computers that are running Microsoft Windows XP Service Pack 2. Windows Firewall closes ports such as 445 that are used for file and printer sharing to prevent Internet computers from connecting to file and print shares on your computer or to other resources. When SQL Server is configured to listen for incoming client connections by using named pipes over a NetBIOS session, SQL Server communicates over TCP ports and these ports must be open. SQL Server clients that are trying to connect to SQL Server will be not be able to connect until SQL Server is set as an exception in Windows Firewall. To set SQL Server as an exception in Windows Firewall, use the steps that are listed in the "More Information" section. |
||
|
By default, Microsoft Windows Firewall is enabled on computers that are running Microsoft Windows XP Service Pack 2 (SP2). Windows Firewall closes ports, such as 445, that are used for file and printer sharing. Windows Firewall does this to prevent Internet computers from connecting to file shares and print shares on your computer or on other resources. When Microsoft SQL Server is configured to listen for incoming client connections by using Named Pipes over a NetBIOS session, SQL Server communicates over TCP ports. The TCP ports must be open. Therefore, SQL Server 2000 Analysis Services cannot connect until you set Analysis Services as an exception in Windows Firewall. |
|
|
|
Windows XP includes support for Internet Connection Sharing (ICS), which provides the ability to share an internet connection with other computers on a local network. ICS in Windows XP allows services to be mapped to hosts on the internal network, so that requests coming from the internet and destined for a particular service will be redirected by Windows XP to the appropriate computer on the internal network. For example, you may want to place a Point-to-Point Tunnelling Protocol (PPTP) server on the internal network and configure Windows XP ICS to forward the Virtual Private Networking (VPN) traffic to the PPTP server. This article describes the process that is required to map PPTP back to an internal host, so that an incoming VPN connection can pass through the Windows XP ICS computer. For the purposes of this article, it is assumed that the PPTP server is already configured properly and is able to accept PPTP connections from clients on the local network. |
||
|
If you use the TCP/IP protocol and you have a 100-megabit network adapter, you may notice slow network performance while you copy files. You may also experience this slow performance while you use Windows Explorer in Windows XP. |
||
|
This article describes the default ports that are required to play Microsoft Windows DirectX multiplayer games through a firewall, a proxy server, a router, Network Address Translation (NAT), or Internet Connection Sharing. For the specific ports that are required by your game, see the game product documentation. |
||
|
By default, Internet Connection Firewall (ICF) is enabled in Microsoft Windows XP Professional Service Pack 2. For a Windows Services for UNIX product to work correctly with Windows XP Professional Service Pack 2, you have to make sure that the required ports are open. |
||
|
DNSLint is a Microsoft Windows utility that helps you to diagnose common DNS name resolution issues. |
|
|
|
Note: This article talks about Windows 2000 Support Tools, however the tools are also available for Windows XP. This article describes NetBIOS Browsing Console (Browcon.exe), a utility that you can use to troubleshoot NetBIOS network browsing problems. NetBIOS Browsing Console builds on the power of Browstat.exe, a command-line tool that is included in Windows 2000 Support Tools. NetBIOS Browsing Console leverages the power of Browstat.exe and makes Browstate.exe easier to use and understand. NetBIOS Browsing Console is a Windows program that was built on Microsoft .NET Framework (v1.1.4322). Like Browstat.exe, it runs on Microsoft Windows NT 4.0 and Windows 2000 and later operating systems that have the TCP/IP protocol installed. After you install and start the console, you enter relevant information in the console that helps to automate many troubleshooting steps. |
||
|
This article discusses the Port Reporter tool. The Port Reporter tool runs as a service on computers that are running Windows Server 2003, Windows XP, and Windows 2000. The tool logs TCP and UDP port activity. This article contains information about how to obtain and install the tool. When you install the tool, the Setup program creates the appropriate registry entries and installs the Port Reporter service. This article also contains information about how to use start parameters to configure the Port Reporter service and information about the Port Reporter log files that are generated by the Port Reporter service. |
||
|
A metric is a value that is assigned to an IP route for a particular network interface that identifies the cost that is associated with using that route. For example, the metric can be valued in terms of link speed, hop count, or time delay. Automatic Metric is a new feature in Windows XP that automatically configures the metric for the local routes that are based on link speed. The Automatic Metric feature is enabled by default, and it can also be manually configured to assign a specific metric. The Automatic Metric feature can be useful when the routing table contains multiple routes for the same destination. For example, if you have a computer with a 10 megabit (Mb) network interface and a 100 Mb network interface, and the computer has a default gateway that is configured on both network interfaces, the Automatic Metric feature assigns a higher metric to the slower network interface. This feature can force all of the traffic that is destined for the Internet, for example, to use the fastest network interface that is available. |
||
|
When you log on to your network from a Microsoft Windows XP-based computer, you receive an error message that is similar to the following: The roaming profile cannot be found. This problem may occur if you use NetBIOS over TCP/IP (NetBT) to connect to your network, and you have a roaming user profile. |
||
|
When you use the Ipconfig.exe utility with the /all switch that shows the TCP/IP configurations on your computer, the node type may appear as "unknown." |
|
|
|
When you analyse a network trace, you may see Internet Control Message Protocol (ICMP) Type 3 "Destination Unreachable" packets with a code value of hexadecimal 0X0D or decimal 13: IP: Source Address = <dotted-IP-address-of-router> ICMP: Destination Unreachable: <dotted-IP-address-of-target-host> ICMP: Packet Type = Destination Unreachable ICMP: Unreachable Code = 0x0D The code value of the ICMP Destination Unreachable packet is 0x0D. The hexadecimal code 0X0D (code decimal 13) translates to "Communication Administratively Prohibited" from Requests for Comments (RFC) 1812: 13 = Communication Administratively Prohibited - generated if a router cannot forward a packet due to administrative filtering; This is generated if a router cannot forward a packet because of administrative filtering. This is the code value for an administrative denial, which indicates that a router is filtering a port and is not permitting traffic to pass. The packet is typically seen when traffic is refused to pass through a router or a firewall. For example, if a firewall or a router is not allowing Transmission Control Protocol (TCP) port 139, you may receive the following error messages: Error 121: The semaphore timeout period has expired (ERROR_SEM_TIMEOUT). Error 1231: The remote network is not reachable by the transport (ERROR_NETWORK_UNREACHABLE). Additionally, because the user process may ignore the ICMP packet, the redirector and TCP may try many times before they receive these types of error messages. If a firewall or a router is blocking TCP or User Datagram Protocol (UDP) port 53, the error indicates the reason for the failing Domain Name System (DNS) queries. The ICMP packet is sent as a response to a DNS name query by using TCP/UDP port 53. To troubleshoot this problem, you can use the tracert command to the destination host. Check the source address for the ICMP packet to identify the router that is sending the packet. In the Detail pane of Network Monitor, you can see the Internet Protocol (IP) header, which displays information about the IP address of the router or the node from where the packet is coming. Contact the router or the firewall administrator to open the filtered port. |
||
|
When you try to run the nbtstat command with a command-line switch such as nbtstat -a remotename in Microsoft Windows XP or in Microsoft Windows Server 2003, the command does not run. Additionally, you receive the following error message: Failed to access NetBT Driver - NetBT may not be loaded. |
||
|
When a client is issued an x.x.x.255 address, either from a DHCP server or by statically configuring it, the client may not be able to communicate by using the TCP/IP protocol. |
||
|
When a Microsoft Windows-based computer becomes vulnerable, an attacker typically uses the resources of the Windows-based computer to inflict more damage or to attack other computers. This kind of attack typically involves activities such as starting one or more processes, or using TCP and UDP ports, or both. Unless an attacker hides this activity from the Windows-based computer itself, you can capture and identify this activity. Therefore, looking for indications of this kind of activity can help you determine whether a system is vulnerable. The Port Reporter tool is a program that can run as a service on a computer that is running Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000. The Port Reporter service logs TCP and UDP port activity. On Windows Server 2003-based and Windows XP-based computers, the Port Reporter service can log the following information:
|
||
|
This article describes how to enable Transmission Control Protocol/Internet Protocol (TCP/IP) forwarding on a Windows XP-based computer. By default, TCP/IP forwarding is not enabled in Windows XP. |
|
|
|
Describes how to use Registry Editor to change TCP/IP and NBT configuration parameters in the rare circumstance where you must use this configuration. Defines standard and optional parameters and describes the parameters that should not be changed. |
||
|
This article tells how to run the Ipconfig utility and lists the options that you can use. Ipconfig.exe is included with Windows XP. This utility provides you with diagnostic information related to TCP/IP network configuration. |
||
|
The Maximum Transfer Unit (MTU) specifies the maximum transmission unit size of an interface. Each interface used by TCP/IP may have a different MTU value specified. |
||
|
This article describes how to use the Alternate Configuration functionality to establish multiple-network connectivity. If you are a mobile computer user, you can use the Alternate Configuration functionality to maintain seamless operations on both office and home networks without having to manually reconfigure TCP/IP settings. |
||
|
When you open the Transmission Control Protocol/Internet Protocol (TCP/IP) Properties dialog box, the Alternate Configuration tab is not displayed. |
|
|
|
When you attempt to connect to a Remote Access Service (RAS) server by using the TCP/IP protocol, you may receive the following error message: Error 720: No PPP control protocols configured. |
||
|
After you disable NetBIOS over TCP/IP (NetBT) on a remote access connection, you may receive the following error message: System error 53 has occurred. The network path was not found. You may also receive other error messages when you attempt to connect to network resources on the remote access connection over port 445 (using direct-hosted server message block [SMB] over TCP/IP). |
||
|
The following article will help you to resolve the error "The system cannot log you on due to the following error: The RPC server is unavailable" There can be a few reasons for this problem:
|
||
|
f a Microsoft Windows NT 3.5-based client computer does not receive a response from the primary Windows Internet Name Service (WINS) server, it queries the secondary WINS server to resolve a NetBIOS name. However, if a NetBIOS name is not found in the primary WINS server's database, a Windows NT 3.5-based client does not query the secondary WINS server. In Microsoft Windows NT 3.51 and later versions of the Windows operating system, a Windows-based client does query the secondary WINS server if a NetBIOS name is not found in the primary WINS server's database. |
||
|
When you use a multi-homed computer to connect to another computer, and the multi-homed computer is running one of the versions of Microsoft Windows that is referred to in the "Applies to" section, there may be a delay in establishing the connection. |
|
|
|
The NetBIOS "computer name <03>" name (as shown by the nbtstat -n command) may remain unregistered under the following conditions:
|
||
|
The _NCB structure that is returned when a NetBIOS Listen call completes may have a changed server name offset. |
||
|
When you start a Microsoft Windows XP workstation, you may receive the following error message: Duplicate name exists. Additionally, network basic input/output system (NetBIOS) name registration may not complete and the following event ID message may be logged in the System event log: Event Type: Error Event Source: NetBT Event Category: None Event ID: 4321 Date: Time: User: N/A Computer: ComputerName |
||
|
By default, Netbios Proxy is enabled for incoming Remote Access Service (RAS) or virtual private network (VPN) connections on Windows XP and Windows Server 2003-based systems. This setting permits RAS clients to resolve the Netbios name on the local area network (LAN) that the RAS client is connected to. If you run the Ipconfig /all command from the command shell on the computer that is configured as the RAS or VPN server, this returns the information that the WINS Proxy Enabled value is set to Yes. In some cases, you may want to disable this setting. |
||
|
This article describes an action plan for administrators and for support professionals to follow when domain controllers that are running Microsoft Windows 2000 or Microsoft Windows Server 2003 cannot replicate Active Directory because of DNS lookup failures. Administrators who are troubleshooting replication or other component failures that occur because of a lack of DNS name resolution should follow this action plan. This article also discusses two new events, event ID 2087 and event ID 2088, that are logged by destination domain controllers that are running Windows Server 2003 with Service Pack 1 (SP1). These events occur when a lack of DNS name resolution prevents the inbound replication of Active Directory directory service partitions. More significantly, in this problem scenario, Windows Server 2003 SP1-based destination domain controllers will use the source domain controller's fully qualified domain name in DNS or the source domain controller's NetBIOS computer name in Windows Internet Name Service (WINS). The goal of the enhancements in Windows Server 2003 is to minimize the effect of DNS client or DNS server configuration errors on Active Directory replication. |
|
|
|
When a program that is running on a Microsoft Windows Server 2003-based computer, a Microsoft Windows 2000-based computer, or a Microsoft Windows XP-based computer uses the NetUserGetLocalGroups function to query Active Directory in another domain, and the user name is in the Domain Name\User Name format, you may receive the following error message: A system error has occurred: 1722 You do not receive an error message if the user name does not include the domain name. For example, the query is successful if you use the User Name format instead of the Domain Name\User Name format. |
||
|
This article describes the mechanism that Windows XP Professional uses to locate a domain controller in a Windows-based domain. The article details the process of locating a domain by its DNS-style name and by its flat-style (NetBIOS) name, which is used for backward compatibility. In all other cases, it is recommended that you use DNS-style names as a matter of policy. The article also addresses issues that are involved in troubleshooting the domain controller location process. |
||
|
This article contains information about the Microsoft Baseline Security Analyzer tool (MBSA). This tool centrally scans Windows-based computers for common security misconfigurations and generates individual security reports for each computer that it scans. MBSA runs on computers that run Windows Server 2003, Windows 2000, and Windows XP. MBSA can scan for security vulnerabilities on computers that run Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. MBSA scans for common security misconfigurations in Windows, Internet Information Services (IIS), SQL Server, Internet Explorer, and Microsoft Office. MBSA also scans for missing security updates in Windows, IIS, SQL Server, Internet Explorer, Windows Media Player, Exchange Server, Microsoft Data Access Components (MDAC), Microsoft XML (MSXML), Microsoft virtual machine (VM), Content Management Server, Commerce Server, BizTalk Server, Host Integration Server, and Office (local scans only). A graphical user interface (GUI) and command-line interface are available in version 1.2.1. MBSA replaced the stand-alone HFNetChk tool and fully exposes all HFNetChk switches in the MBSA command-line interface (Mbsacli.exe). |
||
|
You may not be able to join a Microsoft Windows XP Professional-based computer to a Microsoft Windows NT 4.0-based domain. When you try to change the domain membership for the Windows XP Professional-based computer in the Identification Changes dialog box, you receive the following error message: Network Identification: The following error occurred validating the name "domain name". The specified domain either does not exist or could not be contacted. If you try to use the net view command from the Windows XP Professional-based computer, you receive the following error message: System error 53 has occurred. The network path was not found. If you try to ping by name from the Windows XP Professional-based computer, it does not work. You can ping by IP address. |
||
|
You try to use the Local Users and Groups MMC snap-in on a Microsoft Windows XP-based computer to connect to a computer that is on a peer domain. However, you cannot connect to the computer, and you receive the following error message in the details pane of the Computer Management snap-in: Unable to access the computer <Computer_Name>. The error was: The network path was not found. |
|
|
|
Windows 2000 unattended Setup has a new section in the answer file that allows you to disable network bindings on the network card during an unattended Setup. However, after using this section in the unattended Setup file, the bindings appear to be unaffected and still enabled. This is due to incorrect parameters specified in the [Netbindings] section. The Unattend.doc has incorrect information on the format of the [Netbindings] entries. There should not be any commas (,) between the entries, and not all bindings paths follow the example listed in the Unattend.doc. Note: The above article talks about win2k but is relevant to Windows XP. |
||
|
You may receive an Internet advertisement in a Messenger service window. The advertisement contains text that is similar to the following text: Messenger Service Message from source to your_computer_name.ISP_name on date time Message Text These messages are also known as "messenger spam." |
||
|
This article describes what actions are taken if you select the Repair option on a local area network (LAN) or high-speed Internet connection. |
||
|
If you try to create a user account on a computer and try to use the computer name for the user account name, you receive the following error message: The user name may not be the same as the computer name computer name |
||
|
When you open a command prompt on a Microsoft Windows XP Service Pack 2 (SP2)-based computer or on a Microsoft Windows XP Tablet PC Edition 2005-based Tablet PC, and then you run the net send command to send a message to your computer or your Tablet PC, you may receive the following error message: An error occurred while sending a message to ComputerName When you run the nbtstat -n command to display the NetBIOS local name table of your computer, the following entry may be present in the table: Name Type Status ------------------------------------- ComputerName <03> UNIQUE Unregistered |
|
|
|
Microsoft Active Directory services in Windows 2000 and Windows XP replace the computer browser service used in earlier versions of Windows to provide the network basic input/output system (NetBIOS) name resolution. The browser service in Windows 2000 is provided for backwards compatibility with client computers that are running earlier versions of Windows. This article describes the basic methods by which a server computer provides browse list functionality to client computers on the network. |
||
|
You may not be able to use the fully-qualified domain name (FQDN) to connect to a Web folder on a Microsoft Internet Information Server (IIS) Web server that requires basic authentication. For example, when you try to use the Add a Network Place Wizard to add a Web folder for server.domain.company.com to "My Network Places," you are prompted for a user name and password to connect. When you enter a valid user name and password, you are again prompted for a user name and password. |
||
|
This article describes the registry settings and the Group Policy settings that affect periodic wide area network (WAN) traffic and Integrated Services Digital Network (ISDN) costs. If you have a dial-on-demand link, it might be unexpectedly enabled by periodic WAN traffic. You can configure the system's components and services to minimize periodic WAN traffic and to reduce ISDN costs. |
||
|
ser Datagram Protocol (UDP) broadcasts are transformed into directed datagrams. Upon inspection of the media access control address, network packets have been transformed from the expected broadcast address (FFFFFFFF) to a specific media access control address. An event that resembles the following may be logged in the System log of the Master Browser: Event Type: Error Event Source: MRxSmb Event Category: None Event ID: 8003 User: N/A Computer: DC-01 Description: The master browser has received a server announcement from the computer <Browser-Server-in-other-subnet> that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EADD435F-5125-4F5. The master browser is stopping or an election is being forced. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: (shown in Words) 0000: 00000000 004e0003 00000000 c0001f43 0010: 00000000 00000000 00000147 00000000 0020: 00000000 00000000 |
||
|
When you try to search for a file in a folder that is redirected to a Distributed File System, your connection to the network may be forced offline. This problem may occur if the folder you are searching is redirected by Folder Redirection to a Distributed File System (DFS), and the DFS is replicated between two domain controllers. The search uses the NetBIOS name of the shared folder, but the Multiple Universal Naming Convention Provider (MUP) processes the search request on the server. MUP does not support NetBIOS name searches. |
|
|
|
When you map a network drive to a local share, the following error message may be reported in the system event log: Event ID: 3019 Source: MRxSmb Description: The redirector failed to determine the connection type. This behavior can occur when NetBIOS over TCP/IP (NetBT) attempts to query the destination device (in this case, the loopback adapter) for network speed. The loopback adapter does not handle speed negotiation and therefore cannot negotiate the speed. This behavior is associated only with the TCP/IP protocol because TCP/IP is the only protocol that uses the Loopback adapter. |
||
|
This article discusses some of the common causes of Event ID 8021 and Event ID 8032 on a master browser system. The article also provides different methods that you can use to work around the issue. |
||
|
When you change the IPX frame type for your network connection from Auto Detect to any other IPX frame type, you may receive a "STOP 0x0000001D" or "STOP 0x000000A" Stop error that occurs in Ndis.sys. This problem may occur if you installed the NWLink IPX/SPX/NetBIOS Compatible Transport protocol on your computer and you are using the Driver Verifier Manager to troubleshoot your Ndis.sys driver's Special Pool feature. |
||
|
Consider the following scenario:
Additionally, when the computer switches the primary and secondary WINS server settings, the wide area network (WAN) traffic may increase because the secondary WINS server is located in a hub site.
|
||
|
When you remove a network adapter, and then Microsoft Windows detects and reinstalls the adapter, the following event appears in the system log in Event Viewer: Event Source: NetBT Event Category: None Event ID: 4311 Date: date Time: time Type: Error User: N/A Computer: computername Description: Initialization failed because the driver device could not be created. |
|
|
|
When you browse the network by using My Network Places or by typing net view at a command prompt, you may receive the following error message: System Error 1230 has occurred. An invalid operation was attempted on an active network connection. |
||
|
Under the following conditions, you may experience one or more of the following symptoms: When you double-click My Network Places in Windows Explorer, an incomplete browse list is displayed. Computers that do not have file and printer sharing turned on do not appear in the browse list. If a Windows-based domain controller does not have file and printer sharing turned on, Windows-based computers that try to use the browse list display the following information about Event ID 8032: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{XXXXXXX-9F03-42B2-AB84-12EEEFD572E9}. The backup browser is stopping. A Windows-based client user who is trying to browse My Network Places receives the following information about Event ID 8032: Event Type: Error Event Source: Browser Event Category: None Event ID: 8032 Date: 16-Feb-2000 Time: 10:22:31 User: N/A Computer: Client Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{XXXXXXX-9F03-42B2-AB84-12EEEFD572E9}. The backup browser is stopping. Data: 0000: 0000007a On the Windows-based domain controller that does not have file and printer sharing turned on, the following information appears: Event Type: Error Event Source: Server Event Category: None Event ID: 2504 Date: 16-Feb-2000 Time: 11:59:22 User: N/A Computer: DC Description: The server could not bind to the transport \Device\NetBT_Tcpip_{XXXXXXX-F096-4E5C-A847-F8F095C45053}. Data: 0000: aa 05 00 00 Event Type: Error Event Source: Server Event Category: None Event ID: 2505 Date: 16-Feb-2000 Time: 11:59:31 User: N/A Computer: DC Description: The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start. Data: 0000: 34 00 00 00 4... |
||
|
This article describes the names that are are registered by the Windows Internet Naming Service (WINS) server. This list of registered names is grouped by:
Names listed here are indicated by \\name followed by the hex value [xxx]. Names are padded with spaces to extend to the sixteenth byte.
|
||
|
n a peer-to-peer workgroup, when you try to connect to the network resources of a computer that is running any of the products listed at the beginning of this article, you may receive one of the following error messages: Operating system error 71. No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept. System error 71 has occurred. This remote computer has reached its connection limit, you cannot connect at this time. This problem occurs when a computer reaches the maximum number of host connections that are allowed. In this case, when a NULL session connection is generated in the Microsoft Windows 2000 client, this NULL session connection is counted as one session on the Microsoft Windows XP-based server. Therefore, the error messages occur that are mentioned in this "Symptom" section, even if the number of connections to computers do not exceed the limit. In addition, when multiple NULL sessions are generated from a single Windows 2000 client computer, the multiple NULL sessions are counted as multiple sessions. However, a NULL session appears as a single session when you run the net session command. In this case, when the RestrictAnonymous registry entry is set, and the NULL session connection is rejected, this symptom still occurs. |
||
|
You configure folder redirection for the My Documents folder for all Microsoft Windows XP Professional-based computers. However, folder redirection does not redirect folders from the local profile location, or from an existing remote Universal Naming Convention (UNC) path, to the new location. When you view the Fdeploy log, you see the following error message: Unable to expand %HOMESHARE%%HOMEPATH%, error 59. ERROR_UNEXP_NET_ERR winerror.h # An unexpected network error occurred. Problem identified to function CUsrInfo::GetHomeDir where NetUserGetInfo returned error 53 ERROR_BAD_NETPATH winerror.h # The network path was not found. Note "Error 59" errors can occur because of other issues also. "Error 59" errors are not specific to this issue only. |
|
|
|
After you install Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000 Server, you may receive the following error message:
The network BIOS command limit has been reached.
|
||
