Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NT 4.0 WINS is kicking my tail

Status
Not open for further replies.
captnstiles

captnstiles

IS-IT--Management
Oct 15, 2002
59
0
0
US
NT 4.0 Wins Issue is kicking me in the tail. I am blocking port 137 on my firewall, yet my WINS server picks up a 1.x.x.x address and adds it to the server database. I can not tell you how many times I ahave deleted the server yet it keeps coming back. ANy thoughts????
 
Sort by date Sort by votes
Do you have multihomed servers? ie a server with 2 nics? if the binding order is incorrect you may have these kind of problems.

Gary
 
Upvote 0 Downvote
No multihomed servers here. I have looked closely at the logs on my firewall and found that when I click on that server in WINS db, it try's to go to the internet. Ideleted both servers in WINS and add the one, them 2 min. later that 1.x.x.x reappears. This is a wolf in sheeps clothing.
 
Upvote 0 Downvote
Do you have any servers with double nic's installed? one of which may be unused? I have found in the past that admins may enable protocols on unused nics and give "dummy" ip addresses to the nic...
If TCP is enabled and bound on this unused nic it may be registered in wins. You are seeing the firewall logs because your routing is configured to route 1.x.x.x. via your firewall but this does not mean that the server has been registered from the outside.

I would check for unused nics which have been assigned dummy ip addresses.

Gary
 
Upvote 0 Downvote
Do you have any servers with double nic's installed? one of which may be unused? I have found in the past that admins may enable protocols on unused nics and give "dummy" ip addresses to the nic...
If TCP is enabled and bound on this unused nic it may be registered in wins. You are seeing the firewall logs because your routing is configured to route 1.x.x.x. via your firewall but this does not mean that the server has been registered from the outside.

I would check for unused nics which have been assigned dummy ip addresses.

Gary
 
Upvote 0 Downvote
Make sure TCPIP is top of the list in the binding orders,
Then remove the strange server address from WINS manager then restart
 
Upvote 0 Downvote
I would check my clients machines. You may have a client out there registering the address.

What type of service does the WINS entry register/indicate?

Did you filter on the registered machine name to determine if there is another client with the same name?

Someone could have two nics in there hardware and not be aware of the problem.

Do you have users with Laptops used in other environments?

If you have a sniffer, you can try and find out the MAC address of the registering machine. Then this will allow you to search your switches to find the MAC in the MAC tables, or CAM for Cisco switches.

Just a few suggestions.

Hope this helps.

Bob


BTW--The reason it keeps trying to go out your firewall is because of the default route on the routers. Since the 1.x.x.x network does not exist on your network, it will forward the packets out to the internet, e.g default route.
 
Upvote 0 Downvote
Thanks for all of your suggestions. After digging deeper it was an application/database (SYBASE)that is causing this issue. After uninstalling the SYBASE I still have it and will try to make sure the binding order is correct. Will keep you posted.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
135
gbaughma
gbaughma
juniper911
  • Locked
  • Question
Smartcard PIN Cache - is it configurable?
Replies
0
Views
50
juniper911
juniper911
techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
125
araheusaff
araheusaff
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
87
mangentle
mangentle
pomazip
  • Locked
  • Question
Windows Server 2019 mac address issue
Replies
2
Views
138
pomazip
pomazip

Part and Inventory Search

Sponsor

Back
Top