none
NetBT 4321 Errors in Member Server's System Event Logs

    Question

  • Hi,

    I've searched high and low and can't find a resolution to this issue.  We have approximately 30 windows server 2003 servers, most R2, all SP2.  We have 2 domain controllers - 10.0.0.10 & 10.0.0.11 (the first one holds the PDC role).

    In the System event log of nearly all the member servers is the NetBT 4321 error, with the following text:

    "The name "OURDOMAIN :1d" could not be registered on the Interface with IP address 10.0.0.43. The machine with the IP address 10.0.0.10 did not allow the name to be claimed by this machine."

    On each machine the first IP mentioned is always that machine's IP (10.0.0.43 in this case), with the second one (the one not allowing 1d to be registered) being the PDC emulator's IP (10.0.0.10).  Now I can understand why this is failing - these machines are all on the same subnet and I would guess that the domain (1d) should only be registered by the PDC emulator anyway.  What I can't work out is why these errors started appearing about 3 months ago - we can't work out what, if any, change occured at that time.

    We run a DNS-only environment (no WINS), 2k3 Native domain.  We're looking to upgrade to a 2k8 Native domain (ie upgrading our DCs) but are wanting to get this niggling issue sorted first.

    Any help would be much appreciated.

    Regards,
    Ben N.

    • Edited by Ben N Monday, June 29, 2009 10:34 PM
    Monday, June 29, 2009 10:34 PM

Answers

  • Hi Ben,


    Please refer to the steps to troubleshoot the isuse
    1. Disable Netbios over TCP/IP on all Multiple NICs and reboot

    2. Point the Client to a non-existent WINS server. If the error ceases after reboot then check the WINS Server

    3. Check the owner of the record

    4. Delete the Duplicate Entries and Tombstone from the owning WINS server

    5. Delete the entry from other wins server

    Hope it will be helpful.

    Thanks and regards,
    Scorprio

    MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin
    • Marked as answer by David Shen Monday, July 06, 2009 3:42 AM
    Thursday, July 02, 2009 3:12 AM
  • Hi Bill,

    Thanks for your reply.  I'd rather get to the bottom of this than just disable NetBT.   We have some old legacy gear and am unsure as to what it's level of interaction with our domain is anyway.

    Thanks,
    Ben.


         The easiest way to find out what legacy gear depends on Netbios is to turn it off an see what stops working. Making changes to your DNS settings has NO effect whatever on this. The <domainname 1D> has no bearing on anything in AD. It is only of relevance to the legacy computer browser service. You probably don't want your virtual server to be a browse master anyway.
    Bill
    • Marked as answer by David Shen Monday, July 06, 2009 3:42 AM
    Thursday, July 02, 2009 10:01 AM

All replies

  • hi there,

    when you said

    On each machine the first IP mentioned is always that machine's IP (10.0.0.43 in this case), with the second one (the one not allowing 1d to be registered) being the PDC emulator's IP (10.0.0.10).   are you referring to DNS entries ?

    try pointing to PDC which is 10.x.x.10 on your member servers, and try performing ipconfig /flushdns & ipconfig/registerdns.

    make sure that you are not broadcasting NETBIOS requests.

    Also follow the below link which is really handy

    http://www.eventid.net/display.asp?eventid=4321&eventno=1822&source=NetBT&phase=1


    sainath !analyze
    Tuesday, June 30, 2009 7:57 AM
    Moderator
  • Hi,

    Thanks for your response.  The member servers are all pointing to the PDC emulator for primary DNS, and the second DC for secondary DNS. We have performed multiple flushs and registers already.

    When you say "make sure that you are not broadcasting NETBIOS requests.", what option are you talking about? In network connections?

    I've been right through that link already thanks, google has been exhausted!

    Thanks,
    Ben.
    Tuesday, June 30, 2009 8:07 AM
  • Hello,

    if i understand you correct all your servers have 2 ip addresses? Why did you configure this? Are the DCs also having 2 ip addresses? Please post an unedited ipconfig /all from the DCs and one problem server.

    Also with 2 ip addresses on each machine make sure only one NIC is configured to "Register this connection's addresses in DNS" on the DNS tab in the advanced NIC properties.

    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, June 30, 2009 11:02 AM
  • hi there,

    You need to turn off netbios broadcasts on router if it is enabled.


    sainath !analyze
    Tuesday, June 30, 2009 12:42 PM
    Moderator
  • Hi,

    At some stage I've not been clear - no we most certainly don't have two IPs per server - the two IPs together above are the two domain controllers.

    Here's the IPconfig:

    DOMAIN CONTROLLER:
    
    Windows IP Configuration
       Host Name . . . . . . . . . . . . : svrdomain1
       Primary Dns Suffix  . . . . . . . : us.local
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : us.local
    


    Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : HP Network Team #1 Physical Address. . . . . . . . . : 00-0B-CD-23-12-F9 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.0.0.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.0.1 DNS Servers . . . . . . . . . . . : 10.0.0.10 10.0.0.11 PROBLEMATIC SERVER: Windows IP Configuration Host Name . . . . . . . . . . . . : svrfile1 Primary Dns Suffix . . . . . . . : us.local Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : us.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter Physical Address. . . . . . . . . : 00-50-56-89-14-79 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.0.0.43 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.0.1 DNS Servers . . . . . . . . . . . : 10.0.0.10 10.0.0.11

    Thanks,
    Ben.

    Tuesday, June 30, 2009 8:32 PM
  • Hi,

    You need to turn off netbios broadcasts on router if it is enabled.

    I don't understand how this would help when the servers are all on the same subnet.

    Cheers,
    Ben.
    • Edited by Ben N Tuesday, June 30, 2009 9:34 PM
    Tuesday, June 30, 2009 8:33 PM
  •    If it worries you, why not simply disable Netbios over TCP/IP on the vmware server.
    Bill
    Tuesday, June 30, 2009 11:53 PM
  • Hi Bill,

    Thanks for your reply.  I'd rather get to the bottom of this than just disable NetBT.   We have some old legacy gear and am unsure as to what it's level of interaction with our domain is anyway.

    Thanks,
    Ben.
    Wednesday, July 01, 2009 12:57 AM
  • Hi Ben,


    Please refer to the steps to troubleshoot the isuse
    1. Disable Netbios over TCP/IP on all Multiple NICs and reboot

    2. Point the Client to a non-existent WINS server. If the error ceases after reboot then check the WINS Server

    3. Check the owner of the record

    4. Delete the Duplicate Entries and Tombstone from the owning WINS server

    5. Delete the entry from other wins server

    Hope it will be helpful.

    Thanks and regards,
    Scorprio

    MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin
    • Marked as answer by David Shen Monday, July 06, 2009 3:42 AM
    Thursday, July 02, 2009 3:12 AM
  • Hi Bill,

    Thanks for your reply.  I'd rather get to the bottom of this than just disable NetBT.   We have some old legacy gear and am unsure as to what it's level of interaction with our domain is anyway.

    Thanks,
    Ben.


         The easiest way to find out what legacy gear depends on Netbios is to turn it off an see what stops working. Making changes to your DNS settings has NO effect whatever on this. The <domainname 1D> has no bearing on anything in AD. It is only of relevance to the legacy computer browser service. You probably don't want your virtual server to be a browse master anyway.
    Bill
    • Marked as answer by David Shen Monday, July 06, 2009 3:42 AM
    Thursday, July 02, 2009 10:01 AM
  • Its the server's (Computer) Browser service: restart it on the complaining server and consider the problem resolved.
    Friday, July 26, 2013 1:10 AM
  • Restarting Browser on DNS server. This fixed it for me.
    • Edited by keith501 Wednesday, March 19, 2014 11:55 AM
    • Proposed as answer by jgkean Thursday, March 20, 2014 8:51 PM
    Wednesday, March 19, 2014 11:54 AM