If you can't find what you need using the site search on the toolbar above, or if you need more detailed help or just need to be pointed in the right direction, post your question to the newly opened kadaitcha.cx forums. Membership is free.

TCP/IP, NetBIOS, NetBT & WINS Troubleshooting

This page deals with TCP/IP & NetBIOS problems. You can find other network troubleshooting resources here:

TCP/IP, NetBIOS, NetBT & WINS

How to reset Internet Protocol (TCP/IP) in Windows XP

In Microsoft Windows XP, the TCP/IP stack is considered a core component of the operating system, and you cannot remove TCP/IP. Therefore, when you view the list of components for a network interface, you may notice that the Uninstall button is disabled when Internet Protocol (TCP/IP) is selected. In extreme cases, the best solution for this issue may be to reinstall the Internet Protocol stack. But with the NetShell utility, you can reset the TCP/IP stack to restore it to its state that existed when the operating system was installed. This article describes how to use the NetShell utility for this purpose.
How to troubleshoot TCP/IP connectivity with Windows XP

Describes how to determine the cause of TCP/IP networking problems by using the basic and advanced diagnostic tools that are included in Windows XP.
Information about TCP/IP port assignments

This article provides information about port assignments for various TCP/IP ports. This was previously documented in RFC 1700.

The assignments are now listed as living documents, regularly updated and revised when new information is available and new assignments are made.
SimpTcp Warning Messages Appear When TCP/IP Print Server Starts

After you install Simple TCP/IP Services (SimpTcp) and Print Services for UNIX, the following two SimpTcp warning messages may appear when the Simple TCP/IP service starts:

Event Type: Warning
Event Source: SimpTcp
Event Category: None
Event ID: 19
Description:
The Simple TCP/IP Services could not open the TCP QOTD port. The TCP QOTD service was not started.

Direct hosting of SMB over TCP/IP

Windows supports file and printer sharing traffic by using the Server Message Block (SMB) protocol directly hosted on TCP. This differs from earlier operating systems, in which SMB traffic requires the NetBIOS over TCP (NBT) protocol to work on a TCP/IP transport. Removing the NetBIOS transport has several advantages, including:
  • Simplifying the transport of SMB traffic.
  • Removing WINS and NetBIOS broadcast as a means of name resolution.
  • Standardising name resolution on DNS for file and printer sharing.
If both the direct hosted and NBT interfaces are enabled, both methods are tried at the same time and the first to respond is used. This allows Windows to function properly with operating systems that do not support direct hosting of SMB traffic.
Slow performance occurs when you copy data to a TCP server by using a Windows Sockets API program

When you run a program that uses the Windows Sockets API, you may experience slow performance when you copy data to a TCP server.

If you make a network trace with a network sniffer such as Microsoft Network Monitor, the TCP server sends a TCP ACK segment to the last TCP segment in a TCP data stream in the delayed acknowledgement timer (also known as the delayed ACK timer). By default, for Windows operating systems, the value for this timer is 200 milliseconds (ms). A typical data flow for sending 64 kilobytes (KB) of data looks similar to the following sequence:

Client->Server 1460 bytes
Client->Server 1460 bytes
Server->Client ACK
Client->Server 1460 bytes
Client->Server 1460 bytes
Server->Client ACK
....
Client->Server 1460 bytes
Client->Server 1460 bytes
Server->Client ACK-PUSH
Client->Server 1296 bytes
-> delayed ACK 200 ms

 
How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in Windows XP, and in Windows 2000

The Windows Kerberos authentication package is the default authentication package in Microsoft Windows Server 2003, in Microsoft Windows XP, and in Microsoft Windows 2000. It coexists with the NTLM challenge/response protocol and is used in instances where both a client and a server can negotiate Kerberos. Request for Comments (RFC) 1510 states that the client should send a User Datagram Protocol (UDP) datagram to port 88 at the IP address of the Key Distribution Center (KDC) when a client contacts the KDC. The KDC should respond with a reply datagram to the sending port at the sender's IP address. The RFC also states that UDP must be the first protocol that is tried.

A limitation on the UDP packet size may cause the following error message at domain logon:

Event Log Error 5719
Source NETLOGON

No Windows NT or Windows 2000 Domain Controller is available for domain Domain. The following error occurred:

There are currently no logon servers available to service the logon request.


Additionally, the Netdiag tool may display the following error messages:

Error message 1

DC list test........... : Failed [WARNING] Cannot call DsBind to COMPUTERNAMEDC.domain.com (159.140.176.32).
[ERROR_DOMAIN_CONTROLLER_NOT_FOUND]


Error message 2
Kerberos test........... : Failed [FATAL] Kerberos does not have a ticket for MEMBERSERVER$.]

The Windows XP event logs which are symptoms of this issue are SPNegotiate 40960 and Kerberos 10.
How to manually enable TCP/IP for SQL Server 7.0 on a computer that is running Windows XP Service Pack 2

Microsoft Windows XP Service Pack 2 (SP2) includes Windows Firewall. Windows Firewall is an enhanced version of Internet Connection Firewall (ICF). Windows Firewall is a host-based, stateful, filtering firewall that discards unsolicited incoming traffic through TCP/IP version 4 (IPv4) connections, and through TCP/IP version 6 (IPv6) connections. By default, Windows Firewall is enabled on computers that are running Windows XP SP2.

Because Windows Firewall is enabled, Microsoft SQL Server cannot listen to the network, even if it was previously configured to do this.

This article describes how to manually enable TCP/IP on computers that are running Microsoft Windows XP Service Pack 2 (SP2) for Microsoft SQL Server 7.0, and how to configure Windows Firewall in Windows XP SP2 to enable SQL Server 7.0 to listen for TCP/IP traffic on a static port.
Failover process does not occur when you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Windows Server 2003-based computer

When you use TCP Offload-enabled network adapters to create a team capable of TCP Offloading on a Microsoft Windows Server 2003-based computer, the failover process does not occur. The computer may stop responding.

Note: This article applies to Microsoft Windows XP Professional x64 Edition.
Network performance becomes very slow when TCP/IP packet filtering is enabled on a Windows Server 2003-based or Windows XP-based computer that has a Large Segment Offload (LSO)-enabled network adapter

Consider the following scenario:
  • You have a computer that is running Windows Server 2003 or Windows XP.
  • The network adapter on the computer is Large Segment Offload (LSO)-enabled.
  • TCP/IP packet filtering is enabled for the network adapter on the computer.
In this scenario, the LSO feature does not function. This behaviour is by design. However, the network performance becomes very slow. Specifically, network applications are delayed when the TCP connections are being closed.
TCP packets are retransmitted if the TCP acknowledgement packet is delayed for more than 300 milliseconds on a computer that is running Windows Server 2003 or Windows XP

On a computer that is running Microsoft Windows Server 2003 or Microsoft Windows XP, TCP packets are retransmitted if the TCP acknowledgement (ACK) packet is delayed for more than 300 milliseconds (ms). The ACK packet is transmitted between a server and a domain controller.
New registry entry for controlling the TCP Acknowledgment (ACK) behavior in Windows XP and in Windows Server 2003

TcpAckFrequency is a new registry entry in Microsoft Windows XP and Microsoft Windows Server 2003 that determines the number of TCP acknowledgments (ACKs) that will be outstanding before the delayed ACK timer is ignored.
"Error Loading the TCP MIB Library" error when you add a standard TCP/IP printer port in Windows XP

When you use the Add Standard TCP/IP Printer Port Wizard in Microsoft Windows XP or Microsoft Windows 2000, you may receive the following error message:

Error loading the TCP MIB library.

When you click OK, you receive the following additional error message:

Specified port cannot be added. Operations could not be completed.

When you click OK, the Add Standard TCP/IP Printer Port Wizard quits, and no port is added.
TCP Congestion Window Does Not Return to Optimal Length in Bidirectional Communication Streams

In communication streams where there is bidirectional traffic, the TCP congestion window may not return to an optimal length for the network conditions.
Statically-entered TCP/IP settings are not present after Sysprep

After you run the System Preparation tool (Sysprep.exe) mini-Setup Wizard, TCP/IP settings that were statically entered, such as DNS server settings, may be lost. Also, the computer configuration settings may return to obtaining an IP address automatically.
How to use automatic TCP/IP addressing without a DHCP server

This article describes how to use automatic Transmission Control Protocol/Internet Protocol (TCP/IP) addressing without a Dynamic Host Configuration Protocol (DHCP) server being present on the network. The operating system versions listed in the "Applies to" section of this article have a feature called Automatic Private IP Addressing (APIPA). With this feature, a Windows computer can assign itself an Internet Protocol (IP) address in the event that a DHCP server is not available or does not exist on the network. This feature makes configuring and supporting a small Local Area Network (LAN) running TCP/IP less difficult.
TCP Header Checksums Shown as Invalid in Network Monitor

When you view a capture created in the Network Monitor tool, the checksum for the TCP header may show as being corrupted.
You experience slow TCP/IP performance and long data transfer delay times on a Windows Server 2003-based computer or on a Microsoft Windows XP x64 version-based computer

You experience slow TCP/IP performance and long data transfer delay times on a Microsoft Windows Server 2003-based computer or on a Microsoft Windows XP Professional x64 Edition-based computer. This behaviour causes some time-critical applications to fail. Additionally, other users take a long time to log on to the domain. This problem occurs if the following conditions are true:
  • The network has a long latency period.
  • High-bandwidth data is being transferred over the network.
Availability and description of the Port Reporter tool

This article discusses the Port Reporter tool. The Port Reporter tool runs as a service on computers that are running Windows Server 2003, Windows XP, and Windows 2000. The tool logs TCP and UDP port activity. This article contains information about how to obtain and install the tool. When you install the tool, the Setup program creates the appropriate registry entries and installs the Port Reporter service.

This article also contains information about how to use start parameters to configure the Port Reporter service and information about the Port Reporter log files that are generated by the Port Reporter service.
When you try to connect from TCP ports greater than 5000 you receive the error 'WSAENOBUFS (10055)'

If you try to set up TCP connections from ports that are greater than 5000, the local computer responds with the following WSAENOBUFS (10055) error message:

An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
Description of the Portqry.exe command-line utility

Portqry.exe is a command-line utility that you can use to help troubleshoot TCP/IP connectivity issues. Portqry.exe runs on Windows 2000-based computers, on Windows XP-based computers, and on Windows Server 2003-based computers. The utility reports the port status of TCP and UDP ports on a computer that you select.

Note: Version 2 of Portqry.exe is now available. The Microsoft Download Center link at the end of this article has been updated to reflect the new version. Version 1.0 of Portqry.exe has been removed from the Microsoft Download Center.
How to Use TRACERT to Troubleshoot TCP/IP Problems in Windows

This article describes TRACERT (Trace Route), a command-line utility that you can use to trace the path that an Internet Protocol (IP) packet takes to its destination. This article discusses the following topics: How to Use the TRACERT Utility; How to Use TRACERT to Troubleshoot; How to Use TRACERT Options.
You see message 3019 in the System Event log when you map a network drive or connect to a network share by using a UNC path name in Windows XP Service Pack 2

n a Microsoft Windows XP Service Pack 2 (SP2)-based computer, when you map a network drive or connect to a network share by using a UNC path name such as \\server_name\share_name, the following event log warning entry may be written in the System Event log:

Event ID: 3019
Source: MRxSmb
Type: Warning
Description:
The redirector failed to determine the connection type.


This problem can occur when NetBIOS over TCP/IP (NetBT) tries to query a loopback adaptor as a destination device to determine network speed. The loopback adaptor does not handle speed negotiation. Therefore, the loopback adaptor cannot negotiate network speed.

How to Change the Listening Port in the Windows Terminal Server Web Client

By default, Windows Terminal Server uses TCP port 3389 for client connections. As a security option, you may want to change this port.

This article describes how to change the default listening port in the Terminal Server Web Client.
You receive an "An operation was attempted on something that is not a socket" error message when you try to connect to a network

When you try to connect your computer to a network, you may receive the following error message:

An operation was attempted on something that is not a socket.

This symptom occurs on a computer that obtains an IP address from a Dynamic Host Configuration Protocol (DHCP) server. If you assign a static IP address to your computer, you do not receive this message.
You may not be able to connect to an instance of SQL Server that is configured to use the Named Pipes server network library on a computer that is running Windows XP Service Pack 2

You may not be able to connect to an instance of SQL Server, and you may receive one of the following error messages.

Error message 1
[Named Pipes]SQL Server does not exist or access denied.
[Named Pipes]ConnectionOpen (Connect()).


Error message 2
Unable to connect to server <SQL Server instance name>

Server: Msg 17, Level 16, State 1
[Microsoft][ODBC SQL Server Driver][Named Pipes]SQL Server does not exist or access denied.


Error message 3
Cannot connect to <SQL Server instance name>

This behavior occurs when you do one of the following:
  • You try to connect to an instance of SQL Server that is installed on a computer that is running Microsoft Windows XP Service Pack 2.
  • You try to connect to an instance of SQL Server that is configured to listen on the Named Pipes server network library only.
When SQL Server is configured to listen for incoming client connections by using named pipes over a NetBIOS session, SQL Server communicates over TCP port 445, just like file and printer sharing. Therefore, the SQL Server clients that are trying to connect to SQL Server receive the error messages that are mentioned in the "Symptoms" section.
You cannot view other workgroup computers on the network on a Windows XP-based computer

Consider the following scenario. You are working on a Microsoft Windows XP-based computer for which the following conditions are true:
  • The computer resides on a network.
  • The computer is a member of a workgroup.
  • Either no firewall is enabled or no firewall is installed on the computer.
  • The computer can ping other computers in the same workgroup. Also, other computers in the same workgroup can ping this computer.
  • NetBIOS over TCP/IP functionality is enabled.
In this scenario, you cannot view other workgroup computers on the network.
You cannot change the name of a port by using the Netsh.exe tool in Windows XP Service Pack 2 or in Windows XP Tablet PC Edition 2005

After you update to Microsoft Windows XP Service Pack 2 (SP2) or to Microsoft Windows XP Tablet PC 2005, you cannot change the name of an excepted TCP or User Datagram Protocol (UDP) port in an interface by using the Netsh.exe tool and the following Netsh command:

netsh firewall set portopening protocol=[TCP|UDP] port=value name=new_port_name interface="interface_name"

When you use this command, the Netsh.exe tool will return the message "OK." However, if you type Netsh firewall show port, the port name will remain unchanged.
You cannot access shared files and folders or browse computers in the workgroup with Windows XP

On Windows XP-based computers that are configured as members of a workgroup in a peer-to-peer network environment, you may experience one or more of the following symptoms:
  • You cannot access shared folders or files.
  • You cannot locate other computers in the workgroup.
  • You receive the following error message when you double-click the workgroup in My Network Places:
Workgroup Name is not accessible. You may not have permission to use this network resource.

This behaviour may occur if all the following conditions are true:
  • NetBIOS over TCP/IP is not turned on (enabled) on one or more computers in the workgroup.
  • The Computer Browser service is not started or is turned off on one or more computers in the workgroup.
  • This behaviour may also occur if File and Print Sharing for Microsoft Networks is not installed or is blocked by Windows Firewall.
TCP/IP Functionality and Internet Connectivity Are Disrupted When You Uninstall McAfee Personal Firewall

After you remove McAfee Personal Firewall, one or more of the following issues may occur:
  • You cannot view Web pages.
  • You cannot ping URL addresses.
  • When you issue the ipconfig /renew command, you may receive the following error message:
An error occurred while renewing interface local area connection: an operation was attempted on something that is not a socket.
Windows XP uses the Offline Files feature even on a fast connection after you set the "Configure Slow Link Speed" Group Policy

You set the Configure Slow Link Speed Group Policy so that networked computers use offline files when those computers access a network share over a slow connection. However, Microsoft Windows XP-based computers go offline and use the Offline Files feature even when the network to which these computers are connected has sufficient speed and bandwidth available.

This problem occurs because Windows XP does not correctly calculate the network throughput over a TCP/IP connection. When TCP reports the network throughput in this situation, no averaging is performed against the reported network speeds. Instead, TCP reports only the throughput of the most recent send operation. Therefore, the reported network speeds may greatly vary.
Windows XP Home Edition-Based Computers Cannot Detect Windows Millennium Edition-Based Computers on a Home Network

When you connect a Microsoft Windows XP Home Edition-based computer to a network that has Microsoft Windows Millennium Edition-based computers connected to it, the Windows XP Home Edition-based computer will be not be able to connect to any of the Windows Millennium Edition-based computers on the network.

This problem may occur if the Windows Millennium Edition-based computers do not have the TCP/IP network protocol installed. By default, Windows XP uses the TCP/IP networking protocol to connect to other computers on a network.
When you try to connect from TCP ports greater than 5000 you receive the error 'WSAENOBUFS (10055)'

If you try to set up TCP connections from ports that are greater than 5000, the local computer responds with the following WSAENOBUFS (10055) error message: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
The Network Status icon may show an "Acquiring network address" message after an address is already acquired in Windows XP Starter Edition

When you connect to a network from a Microsoft Windows XP Starter Edition-based computer, the Network Status icon may not correctly indicate when the network is connected. The Network Status icon may show the following message:

Acquiring network address

This message appears even though the network connection has already acquired an IP network address.
TCP Header Checksums Shown as Invalid in Network Monitor

When you view a capture created in the Network Monitor tool, the checksum for the TCP header may show as being corrupted.
Stop 0xD1 error when you shut down Windows XP

When you shut down a Microsoft Windows XP-based computer, you may receive a "Stop 0xD1 in TCPIP.SYS" error message. You must then turn off and then turn on the computer to recover. User profile changes may be lost.

When you restart the computer, you may receive the following error:

Windows has recovered from a serious error

These symptoms may not occur every time that you shut down the computer.
Slow SMB performance when you copy files from Windows XP to a Windows 2000 domain controller

You may notice slow copy performance when you copy files from a Windows XP-based client computer to a Windows 2000-based domain controller (when you use the Server Message Block [SMB] protocol). This slow performance occurs only when you copy files from a Windows XP-based client to a Windows 2000-based domain controller (push mode) and not when you copy files from the domain controller to the client (get mode).

The slow SMB performance may occur if a delayed TCP/IP acknowledgement (also known as a TCP ACK) occurs in a "SMB: C NT transact - Notify Change" packet. Typically, this issue occurs if you use Windows Explorer to copy the files to a domain controller. However, this issue may also occur if you use a command prompt to copy files or if the focus is on the destination folder in Windows Explorer (when the Change notification is involved). This issue occurs as soon as you perform an SMB copy procedure (from any program) to a remote target folder that has been also invoked by a "change notification" request (from any program).
Service overview and network port requirements for the Windows Server system

This article discusses the essential network ports, protocols and services that are used by Microsoft client and server operating systems, server-based programs and their subcomponents in the Microsoft Windows server system. Administrators and support professionals may use this Microsoft Knowledge Base article as a road-map to determine what ports and protocols Microsoft operating systems and programs require for network connectivity in a segmented network.

The port information in this article should not be used to configure Windows Firewall.
Remote directory lists are slower than local directory listings

When you list the contents of a remote folder to which your computer is connected by TCP/IP, the results may take much more time to display than when you view a local folder.
Programs that connect to IP addresses that are in the loopback address range may not work as you expect in Windows XP Service Pack 2

On a computer that is running Microsoft Windows XP with Service Pack 2 (SP2), programs that connect to IP addresses that are in the loopback address range may not work as you expect. For example, you may receive an error message that says that you cannot establish a connection.
Programs may fail when they access data on a computer that is running Windows Server 2003 or Windows XP

Consider this scenario: You have a client computer that is running Microsoft Windows XP and a server that is running Microsoft Windows Server 2003. Programs that access data files on the client or on the server and that perform byte range locking operations may fail because of a connectivity problem. You may receive an error message that is similar to the following:

Error 64: The specified network name is no longer available.

The error message may vary with the program.
Network problems after you install Pretty Good Privacy 7.03 on Windows XP

After you install the free version of Pretty Good Privacy version 7.03, you may be unable to browse the Internet or connect to an IP-based network. When you try to establish a Dial-Up Networking or RAS connection, you may receive the following error message:

Unable to Negotiate Connection
------------------------------
PGP Error
Cannot establish connection with the PGP SDK service.
[OK]


When you try to start PGPTray and PGPKey, you may receive the following error message:

Launching PGPDisk:
------------------
PGPDisk
The PGPDisk application could not start because: "PFLError #-11939."
[OK]

Network performance and data throughput may be significantly slower after installing Windows XP Service Pack 2

After you install Microsoft Windows XP Service Pack 2 (SP2), you may experience a significant slowdown in network performance and in data throughput on your computer.

This issue may occur because Windows Firewall does not work correctly with Large Send Offload (LSO) if all the following conditions are true:
  • You use a high-speed network environment. For example, you use gigabit network cards, hubs, switches, routers, and target file servers.
  • Your network card and its driver support using LSO.
  • Your Windows XP-based computer sends lots of data to a server.
Large Send Offload (LSO) is a technology where the work of segmenting data into network frames is performed by the network adaptor instead of by the TCP/IP stack. With LSO, TCP/IP sends very large data packets down to the network adaptor driver and the network adaptor hardware. The network adaptor breaks up the data into smaller network-sized frames. This both increases the speed of high-end send operations and decreases the computer's CPU usage because the work is performed on the network adaptor itself. LSO must be implemented in the TCP/IP stack, in the network adaptor hardware, and in the network adaptor driver.
NBLookup.exe command-line tool

NBLookup is a command line diagnostic tool that uses the User Datagram Protocol (UDP) to send NetBIOS name queries to Microsoft Windows Internet Naming Service (WINS) servers. NBLookup requires TCP/IP version 4 to run. WINS servers accept name resolution requests on UDP port 137.
Multicast Packets with a TTL Setting of 0 Are Transmitted by the Windows 2000 TCP/IP Stack and the Windows XP TCP/IP Stack

When you have a program that sends IP multicasts with a time-to-live (TTL) setting of 0 (zero) to communicate with other local programs, multicasts with a TTL setting of 0 should not be transmitted on the network (they should only be looped back to other programs in the local computer). However, if you monitor network traffic you see that IP multicasts with a TTL setting of 0 are transmitted on the network. This may cause the network to become overloaded.
LMHOSTS file information and predefined keywords

This article discusses the LMHOSTS file. The LMHOSTS file is a local text file that maps IP addresses to NetBIOS names of remote servers that you want to communicate with over the TCP/IP protocol.
IP addresses that are assigned to a DHCP client in a Windows XP environment are marked as BAD_ADDRESS in the DHCP server address lease table

Some of the IP addresses that are assigned to a DHCP client in a Microsoft Windows XP environment are marked as BAD_ADDRESS in the DHCP server address lease table. This issue occurs even though the IP addresses that are assigned to a DHCP client are not duplicates.

For example, this issue may occur when you perform the following procedure on a network that has a DHCP server:
  • You disconnect the network cable from the computer when the computer is turned on.
  • In the TCP/IP properties of the current network adaptor, you set a static IP address.
  • You connect the network cable and then verify connectivity.
  • You disconnect the network cable again.
  • In the TCP/IP properties of the current network adaptor, you change the IP configuration back to Obtain an IP address automatically.
  • You connect the network cable again.
Note: This issue does not occur if you shut down the computer in the standard manner or if you release the static IP address before you disconnect the network cable.
New Registry Key to Limit Number of Reassembly Headers

A new registry parameter, MaximumReassemblyHeaders, has been added to Windows NT 4.0 Service Pack 5 (SP5) and above and Windows 2000 to limit the number of the Internet Protocol (IP) reassembly headers the Transmission Control Protocol (TCP)/IP stack allows.
How To Install and Configure Print Services for UNIX

Windows XP includes TCP/IP-based printing. You can use Print Services for UNIX to: Make your Windows computer work as a Line Printer Daemon (LPD) and Remote Line Printer client; Manage print jobs from remote UNIX clients; Send print jobs to UNIX servers.
How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues

There may be instances when you experience name resolution issues on your TCP/IP-based network and you need to use an LMHOSTS file to resolve NetBIOS names. This article describes how to create an LMHOSTS file to aid in name resolution and domain validation.
How to Troubleshoot Black Hole Router Issues

This article defines the term "black hole" router, describes a method of locating black hole routers, and suggests three ways to avoid the data loss that can occur because of a black hole router.

On a TCP/IP-based wide area network (WAN), communication over some routes may fail if an intermediate network segment has a maximum packet size that is smaller than the maximum packet size of the communicating hosts--and if the router does not send an appropriate Internet Control Message Protocol (ICMP) response to this condition or if a firewall on the path drops such a response. Such a router is sometimes known as a "black hole" router.

You can locate a black hole router by using the Ping utility, which is a standard utility that is installed with the Microsoft Windows TCP/IP protocol. You can then use one of three methods of fixing or working around black hole routers.

When a network router receives a packet that is larger than the size of the Maximum Transmission Unit (MTU) of the next segment of a communications network, and that packet's IP layer "don't fragment" bit is flagged, the router is expected to send an ICMP "destination unreachable" message back to the sending host.

If the router does not send a message, the packet might be dropped, causing a variety of errors that vary with the program that is communicating over the unsuccessful link. (These errors do not occur if a program connects to a computer on a local subnet.) The behavior may seem intermittent, but closer examination shows that the behavior can be reproduced, for example, by having a client read a large file that is sent from a remote host.
How to enable SQL Server connectivity on Windows XP Service Pack 2

This article describes how to enable SQL Server connectivity on Windows XP Service Pack 2. By default, Windows Firewall is enabled on computers that are running Microsoft Windows XP Service Pack 2. Windows Firewall closes ports such as 445 that are used for file and printer sharing to prevent Internet computers from connecting to file and print shares on your computer or to other resources. When SQL Server is configured to listen for incoming client connections by using named pipes over a NetBIOS session, SQL Server communicates over TCP ports and these ports must be open. SQL Server clients that are trying to connect to SQL Server will be not be able to connect until SQL Server is set as an exception in Windows Firewall. To set SQL Server as an exception in Windows Firewall, use the steps that are listed in the "More Information" section.
How to enable SQL Server 2000 Analysis Services and OLAP Services on computers that are running Windows XP SP2

By default, Microsoft Windows Firewall is enabled on computers that are running Microsoft Windows XP Service Pack 2 (SP2). Windows Firewall closes ports, such as 445, that are used for file and printer sharing. Windows Firewall does this to prevent Internet computers from connecting to file shares and print shares on your computer or on other resources. When Microsoft SQL Server is configured to listen for incoming client connections by using Named Pipes over a NetBIOS session, SQL Server communicates over TCP ports. The TCP ports must be open. Therefore, SQL Server 2000 Analysis Services cannot connect until you set Analysis Services as an exception in Windows Firewall.
How to Configure Windows XP ICS for an Internal PPTP Server

Windows XP includes support for Internet Connection Sharing (ICS), which provides the ability to share an internet connection with other computers on a local network. ICS in Windows XP allows services to be mapped to hosts on the internal network, so that requests coming from the internet and destined for a particular service will be redirected by Windows XP to the appropriate computer on the internal network.

For example, you may want to place a Point-to-Point Tunnelling Protocol (PPTP) server on the internal network and configure Windows XP ICS to forward the Virtual Private Networking (VPN) traffic to the PPTP server. This article describes the process that is required to map PPTP back to an internal host, so that an incoming VPN connection can pass through the Windows XP ICS computer. For the purposes of this article, it is assumed that the PPTP server is already configured properly and is able to accept PPTP connections from clients on the local network.
High rate of collisions on 100-megabit networks

If you use the TCP/IP protocol and you have a 100-megabit network adapter, you may notice slow network performance while you copy files. You may also experience this slow performance while you use Windows Explorer in Windows XP.
Ports required to play Microsoft Windows DirectX multiplayer games on a network

This article describes the default ports that are required to play Microsoft Windows DirectX multiplayer games through a firewall, a proxy server, a router, Network Address Translation (NAT), or Internet Connection Sharing. For the specific ports that are required by your game, see the game product documentation.
Description of the ports that have to be open for a Windows Services for UNIX product to work correctly

By default, Internet Connection Firewall (ICF) is enabled in Microsoft Windows XP Professional Service Pack 2. For a Windows Services for UNIX product to work correctly with Windows XP Professional Service Pack 2, you have to make sure that the required ports are open.
Description of the DNSLint utility

DNSLint is a Microsoft Windows utility that helps you to diagnose common DNS name resolution issues.
Description of NetBIOS Browsing Console (Browcon.exe)

Note: This article talks about Windows 2000 Support Tools, however the tools are also available for Windows XP.

This article describes NetBIOS Browsing Console (Browcon.exe), a utility that you can use to troubleshoot NetBIOS network browsing problems. NetBIOS Browsing Console builds on the power of Browstat.exe, a command-line tool that is included in Windows 2000 Support Tools.

NetBIOS Browsing Console leverages the power of Browstat.exe and makes Browstate.exe easier to use and understand. NetBIOS Browsing Console is a Windows program that was built on Microsoft .NET Framework (v1.1.4322). Like Browstat.exe, it runs on Microsoft Windows NT 4.0 and Windows 2000 and later operating systems that have the TCP/IP protocol installed. After you install and start the console, you enter relevant information in the console that helps to automate many troubleshooting steps.
Availability and description of the Port Reporter tool

This article discusses the Port Reporter tool. The Port Reporter tool runs as a service on computers that are running Windows Server 2003, Windows XP, and Windows 2000. The tool logs TCP and UDP port activity. This article contains information about how to obtain and install the tool. When you install the tool, the Setup program creates the appropriate registry entries and installs the Port Reporter service. This article also contains information about how to use start parameters to configure the Port Reporter service and information about the Port Reporter log files that are generated by the Port Reporter service.
An explanation of the Automatic Metric feature for Internet Protocol routes

A metric is a value that is assigned to an IP route for a particular network interface that identifies the cost that is associated with using that route. For example, the metric can be valued in terms of link speed, hop count, or time delay. Automatic Metric is a new feature in Windows XP that automatically configures the metric for the local routes that are based on link speed. The Automatic Metric feature is enabled by default, and it can also be manually configured to assign a specific metric.

The Automatic Metric feature can be useful when the routing table contains multiple routes for the same destination. For example, if you have a computer with a 10 megabit (Mb) network interface and a 100 Mb network interface, and the computer has a default gateway that is configured on both network interfaces, the Automatic Metric feature assigns a higher metric to the slower network interface. This feature can force all of the traffic that is destined for the Internet, for example, to use the fastest network interface that is available.
"The roaming profile cannot be found" error message when you log on to your network from a Windows XP-based computer

When you log on to your network from a Microsoft Windows XP-based computer, you receive an error message that is similar to the following:

The roaming profile cannot be found.

This problem may occur if you use NetBIOS over TCP/IP (NetBT) to connect to your network, and you have a roaming user profile.
"Ipconfig /All" Command Shows the Node Type as Unknown

When you use the Ipconfig.exe utility with the /all switch that shows the TCP/IP configurations on your computer, the node type may appear as "unknown."
Internet Control Message Protocol "Destination Unreachable" (Code = 0x0D) Packets

When you analyse a network trace, you may see Internet Control Message Protocol (ICMP) Type 3 "Destination Unreachable" packets with a code value of hexadecimal 0X0D or decimal 13:

IP: Source Address = <dotted-IP-address-of-router>
ICMP: Destination Unreachable: <dotted-IP-address-of-target-host>
ICMP: Packet Type = Destination Unreachable
ICMP: Unreachable Code = 0x0D


The code value of the ICMP Destination Unreachable packet is 0x0D. The hexadecimal code 0X0D (code decimal 13) translates to "Communication Administratively Prohibited" from Requests for Comments (RFC) 1812:

13 = Communication Administratively Prohibited - generated if a
router cannot forward a packet due to administrative filtering;


This is generated if a router cannot forward a packet because of administrative filtering. This is the code value for an administrative denial, which indicates that a router is filtering a port and is not permitting traffic to pass. The packet is typically seen when traffic is refused to pass through a router or a firewall.

For example, if a firewall or a router is not allowing Transmission Control Protocol (TCP) port 139, you may receive the following error messages:

Error 121: The semaphore timeout period has expired (ERROR_SEM_TIMEOUT).

Error 1231: The remote network is not reachable by the transport (ERROR_NETWORK_UNREACHABLE).

Additionally, because the user process may ignore the ICMP packet, the redirector and TCP may try many times before they receive these types of error messages.

If a firewall or a router is blocking TCP or User Datagram Protocol (UDP) port 53, the error indicates the reason for the failing Domain Name System (DNS) queries.

The ICMP packet is sent as a response to a DNS name query by using TCP/UDP port 53. To troubleshoot this problem, you can use the tracert command to the destination host. Check the source address for the ICMP packet to identify the router that is sending the packet. In the Detail pane of Network Monitor, you can see the Internet Protocol (IP) header, which displays information about the IP address of the router or the node from where the packet is coming. Contact the router or the firewall administrator to open the filtered port.
"Failed to access NetBT Driver - NetBT may not be loaded" error message when you run the nbtstat command in Windows XP or Windows Server 2003

When you try to run the nbtstat command with a command-line switch such as nbtstat -a remotename in Microsoft Windows XP or in Microsoft Windows Server 2003, the command does not run. Additionally, you receive the following error message:

Failed to access NetBT Driver - NetBT may not be loaded.
Issues with using supernetted IP address ranges

When a client is issued an x.x.x.255 address, either from a DHCP server or by statically configuring it, the client may not be able to communicate by using the TCP/IP protocol.
Description of the Port Reporter Parser (PR-Parser) tool

When a Microsoft Windows-based computer becomes vulnerable, an attacker typically uses the resources of the Windows-based computer to inflict more damage or to attack other computers. This kind of attack typically involves activities such as starting one or more processes, or using TCP and UDP ports, or both. Unless an attacker hides this activity from the Windows-based computer itself, you can capture and identify this activity. Therefore, looking for indications of this kind of activity can help you determine whether a system is vulnerable.

The Port Reporter tool is a program that can run as a service on a computer that is running Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000. The Port Reporter service logs TCP and UDP port activity. On Windows Server 2003-based and Windows XP-based computers, the Port Reporter service can log the following information:
  • The ports that are used
  • The processes that use the port
  • Whether a process is a service
  • The modules (.dll, .drv, and so on) that a process loads
  • The user accounts that start a process
How to Enable TCP/IP Forwarding in Windows XP

This article describes how to enable Transmission Control Protocol/Internet Protocol (TCP/IP) forwarding on a Windows XP-based computer. By default, TCP/IP forwarding is not enabled in Windows XP.
TCP/IP and NBT configuration parameters for Windows XP

Describes how to use Registry Editor to change TCP/IP and NBT configuration parameters in the rare circumstance where you must use this configuration. Defines standard and optional parameters and describes the parameters that should not be changed.
The Syntax and Options for Using the Ipconfig Diagnostic Utility for Network Connections

This article tells how to run the Ipconfig utility and lists the options that you can use. Ipconfig.exe is included with Windows XP. This utility provides you with diagnostic information related to TCP/IP network configuration.
Default MTU Size for Different Network Topology

The Maximum Transfer Unit (MTU) specifies the maximum transmission unit size of an interface. Each interface used by TCP/IP may have a different MTU value specified.
How to use the Alternate Configuration feature for multiple network connectivity in Windows XP

This article describes how to use the Alternate Configuration functionality to establish multiple-network connectivity. If you are a mobile computer user, you can use the Alternate Configuration functionality to maintain seamless operations on both office and home networks without having to manually reconfigure TCP/IP settings.
The Alternate Configuration Tab Is Not Displayed in TCP/IP Properties

When you open the Transmission Control Protocol/Internet Protocol (TCP/IP) Properties dialog box, the Alternate Configuration tab is not displayed.
Error 720: No PPP Control Protocols Configured

When you attempt to connect to a Remote Access Service (RAS) server by using the TCP/IP protocol, you may receive the following error message: Error 720: No PPP control protocols configured.
Disabling NetBT on a Remote Access Connection Causes Communication Problems

After you disable NetBIOS over TCP/IP (NetBT) on a remote access connection, you may receive the following error message: System error 53 has occurred. The network path was not found. You may also receive other error messages when you attempt to connect to network resources on the remote access connection over port 445 (using direct-hosted server message block [SMB] over TCP/IP).
The system cannot log you on due to the following error: The RPC server is unavailable

The following article will help you to resolve the error "The system cannot log you on due to the following error: The RPC server is unavailable"

There can be a few reasons for this problem:
  • Incorrect DNS settings.
  • Incorrect Time and Time zone settings.
  • The "TCP/IP NetBIOS Helper" service isn't running.
  • The "Remote Registry" service isn't running.
How Windows-based clients resolve NetBIOS names by using WINS servers

f a Microsoft Windows NT 3.5-based client computer does not receive a response from the primary Windows Internet Name Service (WINS) server, it queries the secondary WINS server to resolve a NetBIOS name. However, if a NetBIOS name is not found in the primary WINS server's database, a Windows NT 3.5-based client does not query the secondary WINS server.

In Microsoft Windows NT 3.51 and later versions of the Windows operating system, a Windows-based client does query the secondary WINS server if a NetBIOS name is not found in the primary WINS server's database.
Delay in NetBIOS connections from a multi-homed computer

When you use a multi-homed computer to connect to another computer, and the multi-homed computer is running one of the versions of Microsoft Windows that is referred to in the "Applies to" section, there may be a delay in establishing the connection.
Ipconfig /Release or /Renew Leaves NetBIOS "Computer Name 03" Unregistered

The NetBIOS "computer name <03>" name (as shown by the nbtstat -n command) may remain unregistered under the following conditions:
  • After you first unplug the network cable (for a long enough period of time to detect a Plug and Play event, about 30 seconds), and then plug the cable back in, the NetBIOS "computer name <03>" remains unregistered.
  • When you change the TCP/IP subnet (while the computer is hibernating, connect it to another subnet, and then wake up from hibernate on the new subnet) and run the ipconfig /release command followed by the ipconfig /renew command, ipconfig/release unregisters the NetBIOS "computer name <03>" name, but ipconfig/renew does not restore it.
NetBIOS Listen May Return a Damaged NCB Structure

The _NCB structure that is returned when a NetBIOS Listen call completes may have a changed server name offset.
"Duplicate Name Exists" Error Message When You Start a Windows XP Workstation

When you start a Microsoft Windows XP workstation, you may receive the following error message:

Duplicate name exists.

Additionally, network basic input/output system (NetBIOS) name registration may not complete and the following event ID message may be logged in the System event log:

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date:
Time:
User: N/A
Computer: ComputerName

How to Disable NetBT Proxy on Incoming Connections

By default, Netbios Proxy is enabled for incoming Remote Access Service (RAS) or virtual private network (VPN) connections on Windows XP and Windows Server 2003-based systems. This setting permits RAS clients to resolve the Netbios name on the local area network (LAN) that the RAS client is connected to. If you run the Ipconfig /all command from the command shell on the computer that is configured as the RAS or VPN server, this returns the information that the WINS Proxy Enabled value is set to Yes. In some cases, you may want to disable this setting.
Troubleshooting Active Directory replication failures that occur because of DNS lookup failures, event ID 2087, or event ID 2088

This article describes an action plan for administrators and for support professionals to follow when domain controllers that are running Microsoft Windows 2000 or Microsoft Windows Server 2003 cannot replicate Active Directory because of DNS lookup failures. Administrators who are troubleshooting replication or other component failures that occur because of a lack of DNS name resolution should follow this action plan.

This article also discusses two new events, event ID 2087 and event ID 2088, that are logged by destination domain controllers that are running Windows Server 2003 with Service Pack 1 (SP1). These events occur when a lack of DNS name resolution prevents the inbound replication of Active Directory directory service partitions. More significantly, in this problem scenario, Windows Server 2003 SP1-based destination domain controllers will use the source domain controller's fully qualified domain name in DNS or the source domain controller's NetBIOS computer name in Windows Internet Name Service (WINS). The goal of the enhancements in Windows Server 2003 is to minimize the effect of DNS client or DNS server configuration errors on Active Directory replication.
"Error 1722" error message when a program uses the NetUserGetLocalGroups function in Windows Server 2003

When a program that is running on a Microsoft Windows Server 2003-based computer, a Microsoft Windows 2000-based computer, or a Microsoft Windows XP-based computer uses the NetUserGetLocalGroups function to query Active Directory in another domain, and the user name is in the Domain Name\User Name format, you may receive the following error message:

A system error has occurred: 1722

You do not receive an error message if the user name does not include the domain name. For example, the query is successful if you use the User Name format instead of the Domain Name\User Name format.
How Domain Controllers Are Located in Windows XP

This article describes the mechanism that Windows XP Professional uses to locate a domain controller in a Windows-based domain.

The article details the process of locating a domain by its DNS-style name and by its flat-style (NetBIOS) name, which is used for backward compatibility. In all other cases, it is recommended that you use DNS-style names as a matter of policy.

The article also addresses issues that are involved in troubleshooting the domain controller location process.
Microsoft Baseline Security Analyzer (MBSA) version 1.2.1 is available

This article contains information about the Microsoft Baseline Security Analyzer tool (MBSA). This tool centrally scans Windows-based computers for common security misconfigurations and generates individual security reports for each computer that it scans. MBSA runs on computers that run Windows Server 2003, Windows 2000, and Windows XP. MBSA can scan for security vulnerabilities on computers that run Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. MBSA scans for common security misconfigurations in Windows, Internet Information Services (IIS), SQL Server, Internet Explorer, and Microsoft Office. MBSA also scans for missing security updates in Windows, IIS, SQL Server, Internet Explorer, Windows Media Player, Exchange Server, Microsoft Data Access Components (MDAC), Microsoft XML (MSXML), Microsoft virtual machine (VM), Content Management Server, Commerce Server, BizTalk Server, Host Integration Server, and Office (local scans only). A graphical user interface (GUI) and command-line interface are available in version 1.2.1.

MBSA replaced the stand-alone HFNetChk tool and fully exposes all HFNetChk switches in the MBSA command-line interface (Mbsacli.exe).
Cannot join Windows XP-Professional-based computer to a Windows NT 4.0-based domain

You may not be able to join a Microsoft Windows XP Professional-based computer to a Microsoft Windows NT 4.0-based domain. When you try to change the domain membership for the Windows XP Professional-based computer in the Identification Changes dialog box, you receive the following error message:

Network Identification:

The following error occurred validating the name "domain name".

The specified domain either does not exist or could not be contacted.


If you try to use the net view command from the Windows XP Professional-based computer, you receive the following error message:

System error 53 has occurred.

The network path was not found.


If you try to ping by name from the Windows XP Professional-based computer, it does not work. You can ping by IP address.
Error message when you try to use Local Users and Groups to connect to a computer on a peer domain in Windows XP: "Unable to access the computer <Computer_Name>"

You try to use the Local Users and Groups MMC snap-in on a Microsoft Windows XP-based computer to connect to a computer that is on a peer domain. However, you cannot connect to the computer, and you receive the following error message in the details pane of the Computer Management snap-in:

Unable to access the computer <Computer_Name>.
The error was: The network path was not found.

How to disable network bindings using the [Netbindings] section

Windows 2000 unattended Setup has a new section in the answer file that allows you to disable network bindings on the network card during an unattended Setup. However, after using this section in the unattended Setup file, the bindings appear to be unaffected and still enabled.

This is due to incorrect parameters specified in the [Netbindings] section. The Unattend.doc has incorrect information on the format of the [Netbindings] entries. There should not be any commas (,) between the entries, and not all bindings paths follow the example listed in the Unattend.doc.

Note: The above article talks about win2k but is relevant to Windows XP.
Messenger Service window that contains an Internet advertisement appears

You may receive an Internet advertisement in a Messenger service window. The advertisement contains text that is similar to the following text:

Messenger Service
Message from source to your_computer_name.ISP_name on date time
Message Text

These messages are also known as "messenger spam."
A Description of the Repair Option on a Local Area Network or High-Speed Internet Connection

This article describes what actions are taken if you select the Repair option on a local area network (LAN) or high-speed Internet connection.
Error Message: The User Name May Not Be the Same as the Computer Name...

If you try to create a user account on a computer and try to use the computer name for the user account name, you receive the following error message:

The user name may not be the same as the computer name computer name
You receive an "An error occurred while sending a message to <ComputerName>" error message when you run the net send command to send a message to a Windows XP Service Pack 2-based computer or to a Windows XP Tablet PC Edition 2005-based Tablet PC

When you open a command prompt on a Microsoft Windows XP Service Pack 2 (SP2)-based computer or on a Microsoft Windows XP Tablet PC Edition 2005-based Tablet PC, and then you run the net send command to send a message to your computer or your Tablet PC, you may receive the following error message:

An error occurred while sending a message to ComputerName

When you run the nbtstat -n command to display the NetBIOS local name table of your computer, the following entry may be present in the table:

Name Type Status
-------------------------------------
ComputerName <03> UNIQUE Unregistered

Description of the Microsoft Computer Browser Service

Microsoft Active Directory services in Windows 2000 and Windows XP replace the computer browser service used in earlier versions of Windows to provide the network basic input/output system (NetBIOS) name resolution. The browser service in Windows 2000 is provided for backwards compatibility with client computers that are running earlier versions of Windows.

This article describes the basic methods by which a server computer provides browse list functionality to client computers on the network.
Cannot Add FQDN Web Folders that Require Basic Authentication to "My Network Places"

You may not be able to use the fully-qualified domain name (FQDN) to connect to a Web folder on a Microsoft Internet Information Server (IIS) Web server that requires basic authentication.

For example, when you try to use the Add a Network Place Wizard to add a Web folder for server.domain.company.com to "My Network Places," you are prompted for a user name and password to connect. When you enter a valid user name and password, you are again prompted for a user name and password.
Settings for minimizing periodic WAN traffic

This article describes the registry settings and the Group Policy settings that affect periodic wide area network (WAN) traffic and Integrated Services Digital Network (ISDN) costs. If you have a dial-on-demand link, it might be unexpectedly enabled by periodic WAN traffic. You can configure the system's components and services to minimize periodic WAN traffic and to reduce ISDN costs.
UDP broadcast forwarding by Cisco's IP Helper

ser Datagram Protocol (UDP) broadcasts are transformed into directed datagrams. Upon inspection of the media access control address, network packets have been transformed from the expected broadcast address (FFFFFFFF) to a specific media access control address. An event that resembles the following may be logged in the System log of the Master Browser:

Event Type: Error
Event Source: MRxSmb
Event Category: None
Event ID: 8003
User: N/A
Computer: DC-01
Description: The master browser has received a server announcement from the computer <Browser-Server-in-other-subnet> that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EADD435F-5125-4F5. The master browser is stopping or an election is being forced. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data: (shown in Words) 0000: 00000000 004e0003 00000000 c0001f43 0010: 00000000 00000000 00000147 00000000 0020: 00000000 00000000
Cannot search for a file in a folder that is redirected to a Distributed File System

When you try to search for a file in a folder that is redirected to a Distributed File System, your connection to the network may be forced offline.

This problem may occur if the folder you are searching is redirected by Folder Redirection to a Distributed File System (DFS), and the DFS is replicated between two domain controllers. The search uses the NetBIOS name of the shared folder, but the Multiple Universal Naming Convention Provider (MUP) processes the search request on the server. MUP does not support NetBIOS name searches.
Error message: "The redirector failed to determine the connection type"

When you map a network drive to a local share, the following error message may be reported in the system event log:

Event ID: 3019
Source: MRxSmb
Description: The redirector failed to determine the connection type.


This behavior can occur when NetBIOS over TCP/IP (NetBT) attempts to query the destination device (in this case, the loopback adapter) for network speed. The loopback adapter does not handle speed negotiation and therefore cannot negotiate the speed.

This behavior is associated only with the TCP/IP protocol because TCP/IP is the only protocol that uses the Loopback adapter.
Troubleshooting browser Event ID 8021 and 8032 on master browsers

This article discusses some of the common causes of Event ID 8021 and Event ID 8032 on a master browser system. The article also provides different methods that you can use to work around the issue.
STOP 0x0000001D or STOP 0x000000A Stop Error Occurs in Ndis.sys

When you change the IPX frame type for your network connection from Auto Detect to any other IPX frame type, you may receive a "STOP 0x0000001D" or "STOP 0x000000A" Stop error that occurs in Ndis.sys.

This problem may occur if you installed the NWLink IPX/SPX/NetBIOS Compatible Transport protocol on your computer and you are using the Driver Verifier Manager to troubleshoot your Ndis.sys driver's Special Pool feature.
The computer registers with the secondary WINS server even though the primary WINS server is fully operational when the computer switches the primary and secondary WINS server settings

Consider the following scenario:
  • You have a computer that is running Microsoft Windows XP Service Pack 2 (SP2). Alternately, you have a computer that is running Windows XP Service Pack 1 (SP1)and that has hotfix 811513 installed.
  • The computer has a primary Windows Internet Name Service (WINS) server assigned to it that resides in the local subnet and a secondary WINS server that is located in a hub site.
  • The computer switches the primary and secondary WINS server settings after one of the following conditions occurs:
    • Fifty percent of the Dynamic Host Configuration Protocol (DHCP) lease time has passed.
    • You run the nbtstat -RR command to update the NetBIOS names.
    • You run the ipconfig /renew command to reestablish TCP/IP connections.
In this scenario, the computer registers with the secondary WINS server and sends name update requests to the secondary WINS server, even though the primary WINS server is fully operational and the primary WINS server destination is reachable.

Additionally, when the computer switches the primary and secondary WINS server settings, the wide area network (WAN) traffic may increase because the secondary WINS server is located in a hub site.
Event ID 4311 appears in the system log when you reinstall a network adapter in Windows XP

When you remove a network adapter, and then Microsoft Windows detects and reinstalls the adapter, the following event appears in the system log in Event Viewer:

Event Source: NetBT
Event Category: None
Event ID: 4311
Date: date
Time: time
Type: Error
User: N/A
Computer: computername
Description: Initialization failed because the driver device could not be created.

You Receive a "System Error 1230" Error Message When You Browse the Network

When you browse the network by using My Network Places or by typing net view at a command prompt, you may receive the following error message:

System Error 1230 has occurred.

An invalid operation was attempted on an active network connection.

Browse List Issues on Servers and Clients Include Error Messages About Event ID 8032 and Inability to Browse

Under the following conditions, you may experience one or more of the following symptoms:

When you double-click My Network Places in Windows Explorer, an incomplete browse list is displayed.

Computers that do not have file and printer sharing turned on do not appear in the browse list.

If a Windows-based domain controller does not have file and printer sharing turned on, Windows-based computers that try to use the browse list display the following information about Event ID 8032:

The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{XXXXXXX-9F03-42B2-AB84-12EEEFD572E9}. The backup browser is stopping.

A Windows-based client user who is trying to browse My Network Places receives the following information about Event ID 8032:

Event Type: Error
Event Source: Browser
Event Category: None
Event ID: 8032
Date: 16-Feb-2000
Time: 10:22:31
User: N/A
Computer: Client
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{XXXXXXX-9F03-42B2-AB84-12EEEFD572E9}. The backup browser is stopping.
Data: 0000: 0000007a


On the Windows-based domain controller that does not have file and printer sharing turned on, the following information appears:

Event Type: Error
Event Source: Server
Event Category: None
Event ID: 2504
Date: 16-Feb-2000
Time: 11:59:22
User: N/A
Computer: DC
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{XXXXXXX-F096-4E5C-A847-F8F095C45053}.
Data: 0000: aa 05 00 00

Event Type: Error
Event Source: Server
Event Category: None
Event ID: 2505
Date: 16-Feb-2000
Time: 11:59:31
User: N/A
Computer: DC
Description: The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
Data: 0000: 34 00 00 00 4...

A List of Names That Are Registered by Windows Internet Naming Service

This article describes the names that are are registered by the Windows Internet Naming Service (WINS) server. This list of registered names is grouped by:
  • Computer names
  • Domain names
  • Special names
Each WINS client actually registers its name with the WINS Server three or four times. Several special NetBIOS names are also registered to maintain and retrieve browse lists.

Names listed here are indicated by \\name followed by the hex value [xxx]. Names are padded with spaces to extend to the sixteenth byte.
Troubleshooting Server Message Block (SMB) inbound connection limit in Windows peer-to-peer workgroup

n a peer-to-peer workgroup, when you try to connect to the network resources of a computer that is running any of the products listed at the beginning of this article, you may receive one of the following error messages:

Operating system error 71.
No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept.



System error 71 has occurred.
This remote computer has reached its connection limit, you cannot connect at this time.

This problem occurs when a computer reaches the maximum number of host connections that are allowed. In this case, when a NULL session connection is generated in the Microsoft Windows 2000 client, this NULL session connection is counted as one session on the Microsoft Windows XP-based server. Therefore, the error messages occur that are mentioned in this "Symptom" section, even if the number of connections to computers do not exceed the limit.

In addition, when multiple NULL sessions are generated from a single Windows 2000 client computer, the multiple NULL sessions are counted as multiple sessions. However, a NULL session appears as a single session when you run the net session command. In this case, when the RestrictAnonymous registry entry is set, and the NULL session connection is rejected, this symptom still occurs.
Folder redirection does not redirect folders on Windows XP Professional-based computers

You configure folder redirection for the My Documents folder for all Microsoft Windows XP Professional-based computers. However, folder redirection does not redirect folders from the local profile location, or from an existing remote Universal Naming Convention (UNC) path, to the new location.

When you view the Fdeploy log, you see the following error message:

Unable to expand %HOMESHARE%%HOMEPATH%, error 59. ERROR_UNEXP_NET_ERR winerror.h

# An unexpected network error occurred.

Problem identified to function CUsrInfo::GetHomeDir where NetUserGetInfo returned error 53

ERROR_BAD_NETPATH winerror.h

# The network path was not found.


Note "Error 59" errors can occur because of other issues also. "Error 59" errors are not specific to this issue only.
"The network BIOS command limit has been reached" error message in Windows Server 2003, in Windows XP, and in Windows 2000 Server

After you install Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000 Server, you may receive the following error message:

The network BIOS command limit has been reached.