Hello, I'm looking for some help regarding win2K WINS Server : I need to remove my old WINS Servers (win2K) on a large enterprise network (more than 1000 Servers) and doing it without any impact for my WINS Client. I've set up my new WINS Servers (WIN2K3), and migrate most of my WINS clients. But watching the statistics on my old servers, I still see that they receive some registrations and some queries. That means there are some WINS Client which use the old WINS servers, but I don't know which ones. So here is my question, how can I identify which Wins client are registering/querying on my old win2k servers ? I tried to open the Wins log file (j50.log) with no success. Is there a way to open (as text, csv ...) this log file and identify my Wins client ? I've tried nblookup.exe tool, but it did not help Any help would be appreciated ! Yannick

i made me a script in the past to replace dns entries on domain computers http://gallery.technet.microsoft.com/Replace-DNS-Entry-in-6616840c if you tinker with the script a bit you should be able to query/replace wins entries instead (see http://msdn.microsoft.com/en-us/library/windows/desktop/aa394217(v=vs.85).aspx). according to the article, win 2000 is minimum supported system, so it should work for your scenario

Thanks for answer FZB and the interesting script :) I've take a look at your script. Actually, you you need to specify an IP range : # Filters for the IP, so only Interfaces that are actually in the net you want to modify are considered $strTargetNICAddress = "192.168.10.*" This does not apply to my company : I have many many subnet, some of them are in DMZ. And several servers are not member of my Active Directory domain.My main point is the fact that some servers (I don't know them from any inventory) currently used in production mode, are using the old WINS ServersSo, I was looking for something from WINS Servers side, so I can identify which WINS Client I have to modify.I'm currently reading the J50.log file, but its a large file, not really "human readable". I've found some bad WINS client in it. To make it more easy, is there a tool, a script or something that may help reading this files ?

You can run a packet capture on the WINS server and create a display filter looking for hosts that communicate with the WINS server on port. Ports 42 and 1512 are ports used for WINS related traffic.IT Guides and Videos | itgeared.com

Thanks for answer Jorge. That is typically the kind of action I wanted to avoid :) This are old physical servers with almost no free space available... But I'm afraid there are no other solution. I've found some server name in the j50.log, but all are correctly set to use the new WINS Servers. So let's go for a sniffing session ! Thanks guys! Yannick

http://blogs.technet.com/b/craigf/archive/2010/07/09/decommissioning-wins.aspx talks about decommissioning, but maybe there is something useful in it for your replacing as well

Hello Yannick... I completely understand... However, I have found through experience with regard to decommissioning DNS and WINS that this is the best and most complete approach.IT Guides and Videos | itgeared.com

Interesting stuff FZB I will check this out (no time today) Then I will post here how did I sort it out Thank you guys :) Yannick

Hi, How are things going? I just want to check the status of the issue. If you have any update or concern, please feel free to let us know. Best Regards, AidenAiden Cao TechNet Community Support

Hi, Actually I had to make a sniffing session to check which WINS client were requesting my server, there is really no other way for me. I tried wireshark but it was not working on my old W2k server (with <1G free space) then I used a free tool from my liberkey : SmartNiff. It is a very simple a good enough sniffing tool. Then I ran SmartSniff to find incoming traffic on TCP ports 42 and 1512 (like Jorge told before). But I found nothing at all ! I found this Microsoft KB http://support.microsoft.com/kb/150543 in which you can read that this is the TCP 137 used for WINS resolution (and other stuff). As far as my WINS Server is no longer a DC or a DNS server, I could filter on this TCP Port 137, and that allow me to find all remaining WINS Clients. I now have to change the settings on all those server (I found more than 50 !) Problem sovled thank you guys !