Tag: NetBIOS Frames protocol

Extracting Identiy NetBIOS name with Ariel query?

IBM Customer Leave a comment
I wrote a log source extension that stores the NetBIOS name in the Identity NetBIOS Name field of events.

What is the right way to get the data in this field from an Ariel query?

The documentation mentions that the identityNetBiosName field in Ariel has been replaced with the AssetHostname function. Is that the best way?

These events are on dynamic IP addresses that change hosts regularly, so I think I should use the time stamp field in the AssetHostname function. Should that be the event start time, stored time, or log source time?

How does this work on the Log Manager, which doesn’t have assets?

Should I just extract the NetBIOS name data to a custom property and use that?

I note that the (non-Advanced) event searches from the Log manager GUI can display these fields.

Related:

Event ID 4320 — NBT Naming

PCIS Support Team Leave a comment

Event ID 4320 — NBT Naming

Updated: January 7, 2009

Applies To: Windows Server 2008 R2

NBT (NetBIOS (network basic input/output system)) over TCP/IP (Transmission Control Protocol/Internet Protocol) naming provides mapping between NetBIOS names and IP addresses.

Event Details

Product: Windows Operating System
ID: 4320
Source: netbt
Version: 6.1
Symbolic Name: EVENT_NBT_NAME_RELEASE
Message: Another computer has sent a name release message to this computer, probably because a duplicate name has been detected on the TCP network. The IP address of the node that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

Resolve
Rename the local computer

Computers must have unique names on the network.

To rename the local computer:

You must be logged on as an administrator or belong to the Administrators group to complete these steps.

  1. Click Start, click Control Panel, click System, and then click Change Settings.
  2. Click Change Computer Name, type the new computer name, and then click OK.

 

Verify

To verify that the name can be resolved, ping a remote host by name:

  1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. 
  2. Type ping [hostname].
  3. If the ping succeeds, then the name was successfully resolved.

Note:  Ping will fail if the remote server does not have File and Print sharing enabled and a File and Printer Sharing exception in Windows Firewall enabled. On Windows Server 2008, installing the File Server or Domain Controller roles will do this, as will sharing a printer.

Related Management Information

NBT Naming

Networking

Related:

Event ID 4319 — NBT Naming

PCIS Support Team Leave a comment

Event ID 4319 — NBT Naming

Updated: April 17, 2008

Applies To: Windows Server 2008

NBT (NetBIOS (network basic input/output system)) over TCP/IP (Transmission Control Protocol/Internet Protocol) naming provides mapping between NetBIOS names and IP addresses.

Event Details

Product: Windows Operating System
ID: 4319
Source: netbt
Version: 6.0
Symbolic Name: EVENT_NBT_DUPLICATE_NAME
Message: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

Resolve
Rename the local computer

Computers must have unique names on the network.

To rename the local computer:

You must be logged on as an administrator or belong to the Administrators group to complete these steps.

  1. Click Start, click Control Panel, click System, and then click Change Settings.
  2. Click Change Computer Name, type the new computer name, and then click OK.

 

Verify

To verify that the name can be resolved, ping a remote host by name:

  1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. 
  2. Type ping [hostname].
  3. If the ping succeeds, then the name was successfully resolved.

Note:  Ping will fail if the remote server does not have File and Print sharing enabled and a File and Printer Sharing exception in Windows Firewall enabled. On Windows Server 2008, installing the File Server or Domain Controller roles will do this, as will sharing a printer.

Related Management Information

NBT Naming

Networking

Related:

Event ID 4313 — NBT Connectivity

PCIS Support Team Leave a comment

Event ID 4313 — NBT Connectivity

Updated: April 17, 2008

Applies To: Windows Server 2008

NBT (NetBIOS (network basic input/output system)) over TCP/IP (Transmission Control Protocol/Internet Protocol) connectivity facilitates file and printer sharing.

Event Details

Product: Windows Operating System
ID: 4313
Source: netbt
Version: 6.0
Symbolic Name: EVENT_NBT_OPEN_REG_LINKAGE
Message: Unable to open the Registry Linkage to read configuration information.

Resolve
Enable NetBIOS

NetBIOS name resolution is the process of successfully mapping a NetBIOS name to an Internet Protocol version 4 (IPv4) address.

To enable NetBIOS name resolution:

You must be logged on as an administrator or belong to the Administrators group to complete these steps.

  1. Click Start, click Control Panel, double-click Network and Sharing Center, click Manage Network Connections, right-click the network interface on which you want to enable NetBIOS, and then click Properties.
  2. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
  3. Click Advanced, click WINS, and then select Enable NetBIOS over TCP/IP.

Verify

Attempt to access a remote shared network folder. If you can access the shared network folder, then the Windows Internet Name Service (WINS) server and the NBT protocol are functioning properly.

Related Management Information

NBT Connectivity

Networking

Related:

Event ID 4306 — NBT Protocol Connectivity to WINS Server

PCIS Support Team Leave a comment

Event ID 4306 — NBT Protocol Connectivity to WINS Server

Updated: January 7, 2009

Applies To: Windows Server 2008 R2

Windows Internet Name Service (WINS) is the Microsoft implementation of the NetBIOS (network basic input/output system) Name Server, a name server and service for NetBIOS computer names. WINS provides a central mapping of computer names to their network addresses.

Event Details

Product: Windows Operating System
ID: 4306
Source: netbt
Version: 6.1
Symbolic Name: EVENT_NBT_NAME_SERVER_ADDRS
Message: Unable to configure the addresses of the WINS servers.

Resolve
Configure WINS

NetBIOS name resolution failed because your WINS server is not configured correctly.

To configure the WINS server:

To perform this procedure, you must be a member of the Administrators group or the Network Configuration Operators group on the local computer.

  1. Click Start, click Control Panel, click Network and Sharing Center, and then click Manage Network Connections.
  2. Right-click the connection you want to edit, and then click Properties.
  3. Click Continue when prompted by User Access Control.
  4. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
  5. Click Advanced, click the WINS tab, and then click Add.
  6. In WINS addresses, in order of use, type the IP address of the WINS server, and then click Add.
  7. Repeat steps 5 and 6 for each WINS server IP address you want to add, and then click OK.
  8. To enable the use of the Lmhosts file to resolve remote NetBIOS names, select the Enable LMHOSTS lookup check box. This option is enabled by default.
  9. To specify the location of a file that you want to import into the Lmhosts file, click Import LMHOSTS, and then select the file in the Open dialog box.
  10. To enable or disable NetBIOS over TCP/IP, do the following:
  • To enable the use of NetBIOS over TCP/IP, click Enable NetBIOS over TCP/IP.
  • To disable the use of NetBIOS over TCP/IP, click Disable NetBIOS over TCP/IP.
  • To have the DHCP server determine whether NetBIOS over TCP/IP is enabled or disabled, click Default.

Verify

To verify the correct configuration of the WINS Server service:

  1. Click Start, Control Panel, Network and Sharing Center, Manage Network Connections, right-click the connection to edit, and then click Properties.
  2. Click Continue when prompted by User Access Control.
  3. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
  4. Click Advanced, and then click the WINS tab.

  5. If WINS is configured correctly, WINS addresses are displayed.

Related Management Information

NBT Protocol Connectivity to WINS Server

Networking

Related:

Event ID 4305 — NBT Protocol Connectivity to WINS Server

PCIS Support Team Leave a comment

Event ID 4305 — NBT Protocol Connectivity to WINS Server

Updated: January 7, 2009

Applies To: Windows Server 2008 R2

Windows Internet Name Service (WINS) is the Microsoft implementation of the NetBIOS (network basic input/output system) Name Server, a name server and service for NetBIOS computer names. WINS provides a central mapping of computer names to their network addresses.

Event Details

Product: Windows Operating System
ID: 4305
Source: netbt
Version: 6.1
Symbolic Name: EVENT_NBT_BAD_PRIMARY_WINS_ADDR
Message: The primary WINS server address is not formatted correctly in the registry.

Resolve
Configure WINS

NetBIOS name resolution failed because your WINS server is not configured correctly.

To configure the WINS server:

To perform this procedure, you must be a member of the Administrators group or the Network Configuration Operators group on the local computer.

  1. Click Start, click Control Panel, click Network and Sharing Center, and then click Manage Network Connections.
  2. Right-click the connection you want to edit, and then click Properties.
  3. Click Continue when prompted by User Access Control.
  4. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
  5. Click Advanced, click the WINS tab, and then click Add.
  6. In WINS addresses, in order of use, type the IP address of the WINS server, and then click Add.
  7. Repeat steps 5 and 6 for each WINS server IP address you want to add, and then click OK.
  8. To enable the use of the Lmhosts file to resolve remote NetBIOS names, select the Enable LMHOSTS lookup check box. This option is enabled by default.
  9. To specify the location of a file that you want to import into the Lmhosts file, click Import LMHOSTS, and then select the file in the Open dialog box.
  10. To enable or disable NetBIOS over TCP/IP, do the following:
  • To enable the use of NetBIOS over TCP/IP, click Enable NetBIOS over TCP/IP.
  • To disable the use of NetBIOS over TCP/IP, click Disable NetBIOS over TCP/IP.
  • To have the DHCP server determine whether NetBIOS over TCP/IP is enabled or disabled, click Default.

Verify

To verify the correct configuration of the WINS Server service:

  1. Click Start, Control Panel, Network and Sharing Center, Manage Network Connections, right-click the connection to edit, and then click Properties.
  2. Click Continue when prompted by User Access Control.
  3. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
  4. Click Advanced, and then click the WINS tab.

  5. If WINS is configured correctly, WINS addresses are displayed.

Related Management Information

NBT Protocol Connectivity to WINS Server

Networking

Related:

Event ID 4321 — NBT Naming

PCIS Support Team Leave a comment

Event ID 4321 — NBT Naming

Updated: April 17, 2008

Applies To: Windows Server 2008

NBT (NetBIOS (network basic input/output system)) over TCP/IP (Transmission Control Protocol/Internet Protocol) naming provides mapping between NetBIOS names and IP addresses.

Event Details

Product: Windows Operating System
ID: 4321
Source: netbt
Version: 6.0
Symbolic Name: EVENT_NBT_DUPLICATE_NAME_ERROR
Message: The name “%2” could not be registered on the interface with IP address %3. The computer with the IP address %4 did not allow the name to be claimed by this computer.

Resolve
Rename the local computer

Computers must have unique names on the network.

To rename the local computer:

You must be logged on as an administrator or belong to the Administrators group to complete these steps.

  1. Click Start, click Control Panel, click System, and then click Change Settings.
  2. Click Change Computer Name, type the new computer name, and then click OK.

 

Verify

To verify that the name can be resolved, ping a remote host by name:

  1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. 
  2. Type ping [hostname].
  3. If the ping succeeds, then the name was successfully resolved.

Note:  Ping will fail if the remote server does not have File and Print sharing enabled and a File and Printer Sharing exception in Windows Firewall enabled. On Windows Server 2008, installing the File Server or Domain Controller roles will do this, as will sharing a printer.

Related Management Information

NBT Naming

Networking

Related:

The Name Query Response could not be sent due to an error. This error is often caused by a problem with the NetBIOS over TCP/IP (NetBT) interface.

PCIS Support Team Leave a comment
Details
Product: Windows Operating System
Event ID: 4189
Source: Wins
Version: 5.2
Symbolic Name: WINS_EVT_SND_QUERY_RSP_ERR
Message: The Name Query Response could not be sent due to an error. This error is often
caused by a problem with the NetBIOS over TCP/IP (NetBT) interface.
   
Explanation

This event record usually results in the WINS service shutting down abruptly. There might also be problems with a resource on the computer or with its protocol stack.

   
User Action

Restart the WINS service. If you continue to receive this message, check the binding of the WINS protocol stack to the network adapter.

Related:

NetBIOS returned an error: The NCB and SMB are dumped above.

PCIS Support Team Leave a comment
Details
Product: Windows Operating System
Event ID: 2506
Source: NetBIOS
Version: 5.0
Symbolic Name: NERR_RplLoadrNetBiosErr
Message: NetBIOS returned an error: The NCB and SMB are dumped above.
   
Explanation

A NetBIOS error occurred.
   
User Action

Restart the workstation. If that fails, your network administrator might have to stop and restart the Remoteboot service on the server.

Related: