Resource Page CIS 2153 Syllabus Chapter Lesson Notes: 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Chapter 8 Lesson Notes
Installing, Configuring, Managing, Monitoring, and Troubleshooting WINS
I. Introduction to NetBIOS Name Resolution
Prior to Windows 2000, Microsoft networks used the NetBIOS transport protocol and NetBIOS Extended User Interface. The growth of the Internet convinced Microsoft to abandon NetBEUI, which is not a routable protocol, to concentrate on TCP/IP. TCP/IP is unaware of NetBIOS names, and the majority of programs written for Microsoft networks were written for NetBIOS.
A. NetBIOS over TCP/IP
1. To establish sessions with other computers through their NetBIOS names, NetBIOS broadcasts the destination computer’s name over the segment and waits for the destination computer to respond with its MAC address.
2. TCP/IP uses destination IP addresses and port numbers as the endpoint of communication, requiring a session layer interface to be added. This NetBIOS session layer interface is known as NetBIOS over TCP/IP, or NetBT. NetBT resolves NetBIOS names to IP addresses.
3. To access the networking protocols, programs can use a two session layer interface like NetBT or Windows Sockets.
4. Names and Naming Conventions
a. NetBIOS names are 16-byte names, and no two computers on a NetBIOS-based network can have the same NetBIOS name.
b. Limit your NetBIOS names to DNS-compatible characters to avoid conflicts between your DNS host name and NetBIOS naming conventions; especially the use of the underscore character ( _ ).
c. Service Identifiers
Figure 8-1 on page 531 shows the results of the nbtstat –n command, which lists the registered NetBIOS names for your computer. Table 8-2 on page 535 shows common NetBIOS name suffixes.
B. Resolving NetBIOS Names to IP Addresses
1. Broadcasts
Broadcasts are the default resolution type used by NetBIOS if no name server is available.
a. Routers do not forward NetBIOS broadcast messages.
b. When the broadcast is issued, a request is sent for the IP address of a given NetBIOS name.
c. An IP address is returned, and another broadcast is issued in the form of an ARP (Address Resolution Protocol).
2. LMHOSTS
a. LMHOSTS file is a plain-text file that contains NetBIOS names to IP address mappings. See Figure 8-2 on page 534.
b. The actual file location is: \winnt\system32\drivers\etc
c. LMHOSTS files support the file tags shown in Table 8-2 on page 535.
d. Remember these points about the LMHOSTS file:
i. It does not have a file extension.
ii. It is parsed (read) from top to bottom.
iii. Parsing stops after the first successful match.
iv. The NetBIOS Names are not case sensitive.
v. Tags are case sensitive (i.e. #PRE and not #Pre).
e. Perform Exercise 8-1 on page 536: Creating an LMHOSTS File.
3. NetBIOS Name Server
A NetBIOS Name Server, such as the WINS server, runs server software dedicated to resolving NetBIOS names to IP addresses.
4. The Order of NetBIOS Name Resolution and Node Types
a. Name resolution occurs according to the following steps (given in detail on page 538):
i. Cache
ii. WINS
iii. Broadcast
iv. LMHOSTS
v. HOSTS
vi. DNS
b. To process NetBIOS queries, NetBIOS clients must have a specific node type. These node types are described on pages 539-541.
i. b-node
Uses broadcasts instead of a WINS server
ii. p-node
WINS client issues requests directly to a WINS server and does not issue broadcasts
iii. m-node
Uses both broadcasts and a WINS server; issues a broadcast first f followed by a WINS request
iv. h-node
Similar to an m-node, but issues the WINS request first followed by a broadcast
C. WINS Network Components
1. WINS Servers
WINS Servers maintain a database of NetBIOS name-to-IP-address mappings.
2. WINS Clients
WINS Clients are computers that can register their names and TCP/IP information and query a WINS server (for all versions of Windows including Windows for Workgroups plus LAN Manager 2.x).
3. WINS Proxy Agents
WINS Proxy Agents are similar to DHCP Relay Agents. They intercept NetBIOS name resolution requests for b-node clients and forward them directly (possibly through routers) to a WINS server for resolution (for example, the UNIX computer that is running a NetBIOS Service and requires NetBIOS name resolution for remote NetBIOS hosts. See the Configuration dialog box shown in Figure 8-3 on page 543).
4. Perform Exercise 8-2 on page 545: Configuring a Windows 2000 Member Server as a WINS Proxy Agent.
D. How WINS works
1. Name Registration
a. At startup, a WINS client attempts to register its NetBIOS names with its Primary WINS server. If no entry exists for the NetBIOS name, the WINS server accepts the registration and sends a Positive Name Registration Response. If the desired name already exists in the WINS database, it challenges the TCP/IP address to make sure it is on the network.
b. If the current registrar is valid, the WINS server sends a Negative Name Registration Response and the computer that is registering cannot complete its TCP/IP initialization.
c. If the current registrar is not valid, then the WINS server deletes its record and registers the new WINS client name and TCP/IP address and responds with a Positive Name Registration Response (page 548).
d. The primary WINS server is either configured statically in the TCP/IP configuration, or is allocated dynamically via DHCP.
2. Renewal
The WINS server sends the WINS client a Positive NetBIOS Name Registration Response and a Renewal Interval or TTL (Time to Live). The WINS client must renew its name during this TTL to keep its name active in the WINS database (page 549).
3. Release
WINS clients send a NetBIOS Name Release message to the Primary WINS server when the client is properly shut down.
4. Resolution
The WINS client goes through the process on page 550 to resolve a NetBIOS name to IP address.
5. Perform Exercise 8-4 on page 551: Installing the WINS Server Service.
6. Perform Exercise 8-5 on page 552: Configuring Intervals on the WINS Server.
E. New and Improved Windows 2000 WINS Server Features
1. Persistent Connections
The WINS server can maintain an open channel with its replication partners, so the session setup process only needs to be done once.
2. Burst Handling
a. After a system-wide power outage when all machines come online simultaneously and attempt to register their NetBIOS names, the WINS server becomes overwhelmed and begins to drop NetBIOS Name Registration Requests. Burst Handling alleviates this bottleneck.
b. It alleviates the bottleneck by bypassing the validation process and simply accepting the registration. It also sends a short TTL (Time to Live) so the clients must reregister themselves shortly after, hoping that the ‘rush’ on registration has passed.
3. Tombstoning Records
After the extinction interval has passed, the inactive record is marked extinct and is tombstoned.
a. The Value of Tombstoning
Increases speed and responsiveness, as illustrated in Figure 8-4 on page 556.
b. Manual Tombstoning
i. If you Tombstone a record instead of deleting it, the Tombstone marker will be passed to all WINS replication partners. This gives them the information that the record is invalid and it can be removed.
ii. If you simply delete the record, the deletion will not be passed to all replication partners, and the record will remain at all other replicated WINS servers until its TTL has expired.
c. Perform Exercise 8-6 on page 558: Configuring Burst Handling.
F. WINS Replication
WINS Replication maintains the same NetBIOS information across all WINS servers on a network.
1. WINS Replication Partners
a. Pull partner receives WINS database information based on a configured replication interval.
b. Push partner sends database information based on how many changes have taken place in the WINS database.
c. Automatic partner discovery enables WINS servers to use the multicast address 224.0.1.24 to find other WINS servers.
d. To reduce errors, Microsoft recommends that replication partners be configured as both push and pull partners.
G. Disabling NetBT
1. Use the list on page 562 in deciding whether or not to disable NetBIOS over TCP/IP (NetBT).
2. NetBT can be disabled through
a. Using the WINS tab of the Advanced TCP/IP dialog box, shown in Figure 8-6 on page 563
b. Using the vendor-specific options at DHCP server
II. Planning and Implementing a WINS Solution
A. Installing and Configuring the WINS Server and Client
WINS service must be installed on a Windows 2000 Server family machine, not Professional.
1. Configuring Replication
a. Perform Exercise 8-7 on page 564: Configuring WINS Replication.
2. Using Static Mappings
a. It may be necessary to resolve the NetBIOS name of a remote host that is not a WINS client, for example:
i. The UNIX Scenario: Use static mapping when the WINS client needs to contact a UNIX server running a NetBIOS application. By registering the UNIX server’s IP address statically in WINS, other WINS clients can resolve its IP address.
3. Perform Exercise 8-8 on page 568: Creating a Static Mapping.
B. Managing the WINS Database
1. Finding and Viewing WINS Records
This is accomplished using the dialog boxes shown in Figures 8-7, 8-8, 8-9, and 8-10 on page 569-571.
2. Compacting the Database
Windows 2000 WINS databases use the performance-enhanced Extensible Storage Engine. The database should be compacted periodically to maintain optimal efficiency.
a. Table 8-4 on page 572 describes the WINS database files and their functions.
b. Perform Exercise 8-9 on page 572: Compacting the WINS Database.
3. Checking for Consistency
This function compares all of the entries in the database with entries on other WINS servers that are replication partners of the WINS server being checked.
4. Backing Up and Restoring the Database
This is automatically done every three hours. You must first configure a directory to store the WINS database backup files. To do this, refer to Figure 8-11 on page 574.
a. Backing Up the WINS Registry Settings
The WINS Registry settings are stored in
HKLM\SYSTEM\CurrentContolSet\Service\WINS
which can be backed up through Regedt32.b. Restoring the WINS Database
Follow the steps on page 575.
III. Interoperability Issues
A. WINS and DHCP
1. If a DHCP client is configured with a WINS server, it will register with that WINS server after receiving an IP address from the DHCP server.
B. WINS and DNS
1. Page 577 describes how the Windows 2000 DNS server queries the WINS server.
a. Interoperability with downlevel DNS Servers
Be sure that the Do Not Replicate This Record check box is checked to prevent problems with zone transfers if you plan to make downlevel DNS servers authoritative for any zone on which WINS lookups have been enabled. See Figure 8-12 on page 578.
2. Perform Exercise 8-10 on page 579: Configuring a DNS Service to Perform WINS Lookups.
IV. Monitoring and Troubleshooting WINS
A. Troubleshooting WINS Client-Related Problems
1. Is the WINS client configured correctly?
2. Is there an interruption in connectivity between the WINS client and the server?
3. Does the WINS client have secondary WINS servers configured?
4. Has NetBIOS been disabled?
B. Troubleshooting WINS Server-Related Issues
1. Is there a problem with the WINS database?
2. Is there a static mapping for the name?
3. Did the WINS server service start?
4. Are the network traffic problems on the WINS server’s interfaces?
5. See Figure 8-13 on page 583 for detailed event logging.
C. System Monitor
1. The system monitor has a number of counters added when WINS Server is installed. See Table 8-5 on page 583.
2. Perform Exercise 8-11 on page 584: Configuring WINS Server Startup Behavior.