Re: Cisco Solution to Microsoft Browser Election Process - Page 2

amir.safayan · ‎11-06-2002

We have a significant and recurring issue in which PCs will become rogue master browsers. We don't have the human bandwidth to touch every desktop and perform the recommended registry hack to prevent PCs from iniating and winning browsing elections.

How can I prevent the propagation of these broadcast requests to other vlans????? The config of our core 6509 doen't have any ip helper address statements so I don't understand how the damn broadcasts are getting propogated beyond the vlan in which the rogue PC is on anyway????

I have used the no ip forward-protocol udp netbios-ns and no ip forward-protocol udp netbios-dgm statements in global config mode and that didn't help. As I stated earlier, I don't have a helper address configured anyway so why would I try to deny the udp port 137 and 138 broadcasts?????

amir.safayan · ‎03-28-2003

Thanks for the info BUT we are not using the ip helper address syntax and so when I use your recommended no ip forward-protocol udp 137 and 138 statements, I get UDP port 137 not found to delete....

One of my earlier responses stated that we are not using the helper statement. Any further thoughts?

edelman · ‎02-24-2003

Yes, that link to the previous topic solves the problem... Even though this is a network device-based LAN forum, it might be helpful to discuss further how to disable the NetBIOS broadcasts initiated by the computer browsing service...

By properly configuring the 6509, you have effectively stopped the propagation of the broadcasts between LANs... but you still have unneeded broadcasts occuring on each LAN (as long as DNS/WINS is cobfigured) that can be easily terminated.

If you feel that this discussion should end with the 6509's configuration, that's fine too.

7rbowenii · ‎02-24-2003

Discussing it is not a problem. I guess I came out kinda harsh on that last post. The basic deal is that Microsoft products, generally, were built to exist on a flat netork. Cisco propogated the use of different subnets/vlans. So, one would believe that these two industry magnates would converse on delivering solutions for the enterprise. Who knows? Maybe some day...

constav · ‎02-26-2003

Make Change On the Domain Master Browser.

HKEY_LOCAL_MACHINE\System\Current\Controlset\Services\Browser\Parameters

Change the

" IsDomainMaster:REG _SZ: FALSE"

statement TO

" IsDomainMaster:REG _SZ: True "

matt.alvord · ‎03-28-2003

Guess what... Your not sending broadcasts... No surprise, huh. I finally understand your problem and you won't need to block any netbios datagrams, either :)))

Designate one MASTER BROWSER on each subnet and add LMHOST entries for the PDC and other MASTER BROWSERs.

Example:

###

192.168.1.100 PDC_NAME #PRE #DOM:Domain_NAME

192.168.2.100 MB-2_NAME #PRE

192.168.3.100 MB-3_NAME #PRE

###

Master browse elections are normal behavior... You just want to ensure you have at least one system on each subnet correctly configured. i.e. know who the PDC is. Ensure that this one system with the LMHOST entries is hardcoded to act an MASTER BROWSER.

This should fix your problem... Which I believe ultimately to lie w/ name resolution and not anything cisco related....

I hope this helps, the suspense will be terrible I assure you :)))

amir.safayan · ‎03-28-2003

You wrote:

Designate one MASTER BROWSER on each subnet and add LMHOST entries for the PDC and other MASTER BROWSERs

Where do I place these particular LMHOST files? On each PC?

ungerm · ‎04-17-2003

You will find the LMHOST file under the following path (NT example)

C:\WINNT\system32\drivers\etc

Please note that there may be a file named Lmhosts.sam which is a sample file to follow. The file you create must be named LMHOST with no extension. A restart of the workstation will load the LMHOST file.