Hi Folks I am having browse problems on my W2k3 domain. Network Neighborhood is not populated. My network comprises a single site W2k3 AD Domain - htlincs.local. There are two domain controllers: a PDC (TITAN) and a 'BDC'. The BDC is installed on a server that is nearing the end of it's usefulness and which is designed to provide redundancy only until a replacement PDC is up and running. Nothing else is installed on the BDC as it is not reliable. PDC = 192.168.0.2BDC = 192.168.0.5 WINS, DNS, DHCP servers are all on 192.168.0.2 DHCP Scope = 192.168.0.100 - 192.168.0.200 Gateway = 192.168.0.95 The PDC has two NIC's, only one of which is used (the other is disabled). The PDC has a static IP address. We have RADIUS and RAS setup for VPN on the PDC. Reading Microsoft's paper about browser errors [url=http://support.microsoft.com/kb/135404]here[/url], it says that having a VPN server installed will effectively make a server multihomed, and a browse master will not work properly on a multihomed server. We use DHCP to assign reserved addresses to network clients and (un-reserved) addresses to VPN clients. RAS also grabs a number of addresses in the same subnet and reserves them for its own use. What happens is that the _MSBROWSE_ and Domain Master Browser effectively binds to the RAS address 192.168.0.138 and not to the static address 192.168.0.2 The problem, I think, is that when the clients send out a request for the names of computers on the network, they contact the PDC on its static address 192.168.0.2. This is where I am on uncertain ground - does a client contact the PDC on the resolvable address that DNS provides: titan.htlincs.local=192.168.0.2 or does the client get the PC list by sending a request to the IP address that is bound to the Domain Master Browser=192.168.0.138, and is this from WINS? Here is the list of WINS active registrations owned by the PDC titan 192.168.0.2: [code]Record NameIP AddressTypeExpirationStateStaticOwnerVersion--__MSBROWSE__-192.168.0.138[01h] Other28/06/2009 14:59:03Active192.168.0.26C9DHTLINCS192.168.0.138[1Bh] Domain Master Browser28/06/2009 15:49:03Active192.168.0.26514ADMINISTRATOR192.168.0.2[03h] Messenger28/06/2009 14:57:03Active192.168.0.27532HTLINCS192.168.0.138[1Ch] Domain Controller28/06/2009 16:09:03Active192.168.0.26F29TITAN192.168.0.138[00h] WorkStation28/06/2009 15:19:03Active192.168.0.26513TITAN192.168.0.2[03h] Messenger28/06/2009 14:57:03Active192.168.0.272AFTITAN192.168.0.138[20h] File Server28/06/2009 15:09:03Active192.168.0.26512[/code] DHCP shows the following addresses that have been reserved by RAS: [code]Client IPNameExpirationTypeUnique ID192.168.0.129titan01/07/2009 14:50:35DHCPRAS192.168.0.130titan01/07/2009 14:50:40DHCPRAS192.168.0.131titan01/07/2009 14:50:42DHCPRAS192.168.0.132titan01/07/2009 14:50:43DHCPRAS192.168.0.133titan01/07/2009 14:50:45DHCPRAS192.168.0.134titan01/07/2009 14:50:46DHCPRAS192.168.0.135titan01/07/2009 14:50:48DHCPRAS192.168.0.136titan01/07/2009 14:50:49DHCPRAS192.168.0.137titan01/07/2009 14:50:51DHCPRAS192.168.0.138titan01/07/2009 14:50:52DHCPRAS[/code] When I ran browstat I got the following: Browstat status command from my XP client: [code]Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\blood>browstat status Status for domain HTLINCS on transport \Device\NetBT_Tcpip_{1E679FDA-4CF7-489D-BD5D-FA93418A8957} Browsing is active on domain. Master browser name is: TITAN Master browser is running build 3790 1 backup servers retrieved from master TITAN \\TITAN There are 0 servers in domain HTLINCS on transport \Device\NetBT_Tcpip_{1E679FDA-4CF7-489D-BD5D-FA93418A8957} There are 0 domains in domain HTLINCS on transport \Device\NetBT_Tcpip_{1E679FDA-4CF7-489D-BD5D-FA93418A8957} C:\Documents and Settings\blood>[/code] Browstat getmaster from my XP client: [code]C:\Documents and Settings\blood>browstat getmaster \Device\NetBT_Tcpip_{1E679FDA-4CF7-489D-BD5D-FA93418A8957} htlincsMaster Browser: TITAN C:\Documents and Settings\blood>[/code] Browstat status command on the PDC: [code]Microsoft Windows [Version 5.2.3790](C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\administrator.HTLINCS>browstat status Status for domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-929C-E49E570C4F1F} Browsing is active on domain. Master browser name is: TITAN Master browser is running build 3790 1 backup servers retrieved from master TITAN \\TITAN There are 21 servers in domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-929C-E49E570C4F1F} There are 1 domains in domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-929C-E49E570C4F1F} Status for domain HTLINCS on transport \Device\NetBT_Tcpip_{EED39A07-42BB-4665-9835-ECA6C524C25B} Browsing is active on domain. Master name cannot be determined from GetAdapterStatus. Using \\TITAN Master browser is running build 3790 1 backup servers retrieved from master TITAN \\TITAN There are 0 servers in domain HTLINCS on transport \Device\NetBT_Tcpip_{EED39A07-42BB-4665-9835-ECA6C524C25B} There are 0 domains in domain HTLINCS on transport \Device\NetBT_Tcpip_{EED39A07-42BB-4665-9835-ECA6C524C25B} C:\Documents and Settings\administrator.HTLINCS>[/code] Browstat getmaster on PDC [code]C:\Documents and Settings\administrator.HTLINCS>browstat getmaster \Device\NetBT_Tcpip_{EED39A07-42BB-4665-9835-ECA6C524C25B} htlincsUnable to get Master: The system cannot find the file specified. C:\Documents and Settings\administrator.HTLINCS>[/code] I don't know what the last message 'Unable to get Master: The system cannot find the file specified' means for the PDC. [url=http://support.microsoft.com/default.aspx?scid=kb;en-us;191611&Product=nts40]This MS article[/url] suggests that unbinding the WINS Client interface from the adaptor will help, but I'm pretty sure this relates to a physical adaptor and the instructions do not relate to anything I have seen in W2k3: In Control Panel, double-click Network <-- I see 'Network Connections'Click the Bindings tab <-- there is no bindings tab, just a list of adaptors. Despite the server being multihomed the additional address(es) are still in the same 192.168.0.x subnet. I don't understand why clients are unable to get the browse list? After all, the address 192.168.0.138 is titan, the PDC. I can connect to the PDC on either \\192.168.0.2 or \\192.168.0.138 without a problem. I understand that each IP address is effectively a separate endpoint, but the endpoints connect to the same subnet and they are assigned to the PDC. So, if MSBROWSE and Domain Master Browser are both registered why is the information not being fed to the clients when they request it? Is it simply because the address the clients are contacting is a logical one that has been assigned to the server instead of a physical one? Would this matter? We are unable to install another server and move the VPN to that, and I do not want to use the BDC for VPN in case it suddenly fails. Nor do I want to transfer the PDC role to the BDC for the same reason (assuming this would work...). So, as I am stuck with a logically multihomed PDC for the time being I was wondering if it is possible to force the MSBROWSE [01h] and Domain Master Browser [1Bh] WINS registrations to bind to 192.168.0.2? I have asked this question elsewhere and it was suggested that I change the registry entry on the PDC for the browser parameter MaintainServerList from Yes to No. After rebooting the PDC logged this: [code]Event Type:InformationEvent Source:BROWSEREvent Category:NoneEvent ID:8015Date:26/06/2009Time:09:36:08User:N/AComputer:TITANDescription:The browser has forced an election on network \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-929C-E49E570C4F1F} because a Windows Server (or domain master) browser is started.[/code] No browser events were logged by the BDC after it was restarted. Running browstat status and getmaster on my XP showed the following: [code]Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\blood>browstat status Status for domain HTLINCS on transport \Device\NetBT_Tcpip_{1E679FDA-4CF7-489D-BD5D-FA93418A8957} Browsing is active on domain. Master browser name is: TITAN Master browser is running build 3790 3 backup servers retrieved from master TITAN \\RESTORED \\ORION \\TITAN There are 22 servers in domain HTLINCS on transport \Device\NetBT_Tcpip_{1E679FDA-4CF7-489D-BD5D-FA93418A8957} There are 1 domains in domain HTLINCS on transport \Device\NetBT_Tcpip_{1E679FDA-4CF7-489D-BD5D-FA93418A8957} C:\Documents and Settings\blood>browstat getmaster \Device\NetBT_Tcpip_{1E679FDA-4CF7-489D-BD5D-FA93418A8957} htlincsMaster Browser: TITAN C:\Documents and Settings\blood>[/code] The PDC produces exactly the same results [code]Microsoft Windows [Version 5.2.3790](C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\administrator.HTLINCS>browstat status Status for domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-929C-E49E570C4F1F} Browsing is active on domain. Master browser name is: TITAN Master browser is running build 3790 3 backup servers retrieved from master TITAN \\ORION \\TITAN \\RESTORED There are 22 servers in domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-929C-E49E570C4F1F} There are 1 domains in domain HTLINCS on transport \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-929C-E49E570C4F1F} C:\Documents and Settings\administrator.HTLINCS>browstat getmaster \Device\NetBT_Tcpip_{D9E213D5-4839-4EF1-929C-E49E570C4F1F} htlincsMaster Browser: TITAN C:\Documents and Settings\administrator.HTLINCS>[/code] WINS also showed the following registrations: [code]Record NameIP AddressTypeExpirationStateStaticOwnerVersion--__MSBROWSE__-192.168.0.2[01h] Other02/07/2009 09:37:18Active192.168.0.26C9DHTLINCS192.168.0.2[1Bh] Domain Master Browser02/07/2009 09:37:18Active192.168.0.26514ADMINISTRATOR192.168.0.2[03h] Messenger02/07/2009 09:41:43Active192.168.0.2762EHTLINCS192.168.0.5[1Ch] Domain Controller02/07/2009 10:04:23Active192.168.0.27634TITAN192.168.0.2[00h] WorkStation02/07/2009 09:37:18Active192.168.0.26513TITAN192.168.0.2[03h] Messenger02/07/2009 09:37:18Active192.168.0.2762BTITAN192.168.0.2[20h] File Server02/07/2009 09:37:18Active192.168.0.26512HTLINCS192.168.0.114[00h] Workgroup02/07/2009 11:05:27Active192.168.0.2AD3HTLINCS192.168.0.114[1Eh] Normal Group Name02/07/2009 11:07:52Active192.168.0.2AD7[/code] 192.168.0.2 = PDC192.168.0.5 = BDC192.168.0.114 = My XP Client Also, all addresses beyond those reserved by DHCP were only assigned to computers that dial-in. This resulted in the Network Neighborhood being populated. However, the registry edit did not work for long. The next day I noticed a browser error in the System Event log on our W2k3 file server (not a domain controller). [code]Event Type:ErrorEvent Source:BROWSEREvent Category:NoneEvent ID:8032Date:29/06/2009Time:08:36:00User:N/AComputer:ORIONDescription:The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6615B26B-EF74-412B-86C1-562752192717}. The backup browser is stopping.[/code] I checked my XP PC (which is on all the time), and Network Neighborhood was populated. I looked at the WINS registrations on the PDC and the msbrowse and domain master browser functions were/are once again bound to the RAS address 192.168.0.138. So, I rebooted my WinXP client and checked Network Neighborhood and it was empty. The computer list in the messenger program was empty too. I see there is another setting in the Parameters section of the browser section of the registry called IsDomainMaster. This is set to True for the PDC and to False for the BDC and the file server. If I change the IsDomainMaster to false on the PDC and to True on the BDC, might this adversely affect other services running on the PDC/Network? The PDC holds all the FSMO roles. Any help will be gratefully received.

No you cannot do that. The server holding the the FSMO roles is automatically the domain master browser. Also, that is where the clients will look for a browse list. (They broadcast for <Domainname 1B> or look it up in WINS). The reason this sometimes fails is because of the multihomed DC. Occasionally the clients get the "wrong" IP for the DMB and look at the RRAS interface instead of the LAN interface.Thebrowser service relies on Netbios names. You should not have a multihomed DC. It always causes problems of some sort. It should not be a router or remote access server. If you must run your DC as a remote access server, the first thing to try is to disable Netbios over TCP/IP on the RRAS interface. See the instructions near the end of KB292822.Bill

BillThanks very much for your reply.I haveadded the DisableNetbiosOverTcpip registry entry and cleared the WINS database. If it works I'll post back and let you know.Cheers!

Bill & MeinolfIt has worked. This has been plaguing me for several months so I am very grateful for your assistance.Cheers!