NetBIOS name resoultion problem

  • Thread starter Thread starter Rusty
  • Start date Start date
R

Rusty

After disabling NetBIOS over TCPIP in Windows 2000 server,
we are having problems with NetBIOS name resolution
problems and no local DNS server. We are running a DNS
for our department and all host requests are forwarding to
the main Unix DNS server in our company. Neither DHCP nor
Win server is running on our department network. Please
advise.
 
In
Rusty said:
After disabling NetBIOS over TCPIP in Windows 2000 server,
we are having problems with NetBIOS name resolution
problems and no local DNS server. We are running a DNS
for our department and all host requests are forwarding to
the main Unix DNS server in our company. Neither DHCP nor
Win server is running on our department network. Please
advise.
Click to expand...

Why would it surprise you that disabling NetBIOS would cause problems with
NetBIOS resolution?

If you want DNS to resolve these names all your machines will need to be
registered in DNS in a zone that is in your DNS suffix search list.
Please clarify what you wish to accomplish and post an ipconfig /all so I
can see if the config you have will allow you to resolve host names in DNS.
 
According to our company security team, SMB Ports and
Netbios ports needs to be blocked as most of hacker
attached are performed as open ports such as these.

Even after disabling Netbios port, all workstation are
able to connect to this server, which is Active directory,
domain controller, but another server on our network lost
connection to this server.

Thanks for your help.
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
According to our company security team, SMB Ports and
Netbios ports needs to be blocked as most of hacker
attached are performed as open ports such as these.

Even after disabling Netbios port, all workstation are
able to connect to this server, which is Active directory,
domain controller, but another server on our network lost
connection to this server.
Click to expand...

Check the server that lost connection for the proper DNS Suffix search list
and DNS server.
I'm proponent of disabling NetBIOS as well, as much for internal security as
external security. IMO, Network browsers are as much a security risk as any.
It still won't stop a determined user but if they can't browse Network
Places it sure slows the ocaisional "I wonder what's in here" browser.

You might even find the problem with the server by running netdiag on it to
see what is comes up with.
If youwant me to take a closer look at that particular server piost an
ipconfig /all from it and the DC.
 
In
Rusty in said:
After disabling NetBIOS over TCPIP in Windows 2000 server,
we are having problems with NetBIOS name resolution
problems and no local DNS server. We are running a DNS
for our department and all host requests are forwarding to
the main Unix DNS server in our company. Neither DHCP nor
Win server is running on our department network. Please
advise.
Click to expand...


Just want to reiterate what Kevin said. NetBIOS name resolution requires
NetBIOS to be enabled. Not too much you can do about that.

Keep in mind, if you are using Exchange server (no matter what version), it
still requires NetBIOS for Outlook functionality.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroup so all
can benefit. This posting is provided "AS-IS" with no warranties and
confers no rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
In
[email protected] in said:
According to our company security team, SMB Ports and
Netbios ports needs to be blocked as most of hacker
attached are performed as open ports such as these.

Even after disabling Netbios port, all workstation are
able to connect to this server, which is Active directory,
domain controller, but another server on our network lost
connection to this server.

Thanks for your help.
Click to expand...

I can understand blocking NetBIOS from the Internet, which I do myself as
well, as do many others. AD doesn't use NetBIOS for domain communication
functionality, but other apps do. Assuming your security team has an awesome
firewall and/or ISA or Proxy server in place blocking everything from the
outside world, turning off NetBIOS and SMB internally will harm
productivity, since I bet many folks probably rely on Network Neighborhood,
which will not function, and UNC shares using NetBIOS will also not
function. Weighing the security advantages compared to functionality and
productivity, I would keep NetBIOS and SMB enabled and let the firewall
protect the network. An inside intruder will, as Kevin said, if determined,
doesn';t matter what you turn off, can still phish for stuff. I do it all
the time to test things ...

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroup so all
can benefit. This posting is provided "AS-IS" with no warranties and
confers no rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
When I disable NetBios over Tcpip in the WINS tab of the
Advanced TCP/IP Settings, Primary Wins server and
Secondary Wins server are listed in Ipconfig /all output,
but when I disable NetBios over Tcpip in the Device
Manager, Wins servers are not listed in Ipconfig /all
output and no local DNS server. See below link:

http://www.microsoft.com/technet/Security/prodtech/win2000/
secwin2k/a0604.mspx

DC Ipconfig output:

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix ...sell.com
Description . . . . . . . . : 3Com 3C90x Ethernet
Adapter
Physical Address. . . . . . : 00-60-08-3E-46-07
DHCP Enabled. . . . . . . . : No
IP Address. . . . . . . . . : 10.15.20.24
Subnet Mask . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . : 10.15.20.1
Default Gateway . . . . . . : 10.1.2.15
NetBIOS over Tcpip . . . . : Disabled

Thanks.
-----Original Message-----
In (e-mail address removed)
Click to expand...
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
When I disable NetBios over Tcpip in the WINS tab of the
Advanced TCP/IP Settings, Primary Wins server and
Secondary Wins server are listed in Ipconfig /all output,
but when I disable NetBios over Tcpip in the Device
Manager, Wins servers are not listed in Ipconfig /all
output and no local DNS server. See below link:
Click to expand...
http://www.microsoft.com/technet/Security/prodtech/win2000/secwin2k/a0604.mspx

If you read that entire article it tells you that disabling NetBIOS in
hidden devices also disables SMB which basically disables File Sharing, this
shoudl only be done on pure Web servers and pure DNS servers (e.g. public
Web and DNS servers that provide no other service).
You do _not_ want to do this on Domain controllers and File servers or
machines that Authenticate to a domain.
IF you read the statement at the bottom of the page it prettty much explains
it.

"Potential Impact
No systems will be able to connect to the server via SMB. The servers will
be unable to access folders shared on the network. Many management tools
will be unable to connect to the servers"


You should follow disable Client for MS networks, File sharing and NetBIOS
over TCP/IP (on the WINS tab) on any internet facing interfaces.

If you are using a Win2k machine as a Firewall use the option in the device
manager to disable NetBIOS over TCP/IP, you would not want to do this on a
client or member of a network behind the firewall.
 
Back
Top