TCP/IP in Windows 2000 Professional

  • Article

Microsoft TCP/IP uses NetBIOS over TCP/IP (NetBT) as specified in RFCs 1001 and 1002, which define a software interface that supports name resolution for NetBIOS client and server programs in the LAN and WAN environments. Although DNS is the default name resolution method for Windows 2000, NetBT is still provided as a method of providing name resolution for older clients, and for Windows 2000 domains and workgroups that do not implement Active Directory.

The following section describes the type of name resolution methods that are available through NetBIOS over TCP/IP, including WINS. Procedures for configuring the different resolution methods are provided throughout this discussion.

NetBIOS Name Resolution Basics

RFCs 1001 and 1002 define the following four node types:

  • B-node. Uses broadcasts to resolve names.

  • P-node. Uses point-to-point communications with a NetBIOS server (such as a WINS server) to resolve names.

  • M-node. Uses broadcasts first (b-node), then directed name queries (p-node) if broadcasts are not successful.

  • H-node. Uses name queries first (p-node), and then uses broadcasts (b-node) if the name server is unavailable or if the name is not registered in the WINS database.

  • Microsoft-enhanced. Uses the local Lmhosts file plus Windows Sockets gethostbyname( ) calls (using standard DNS and/or local Hosts files) in addition to standard node types.

Microsoft includes a NetBIOS name server known as the Windows Internet Name Service (WINS). If WINS is enabled on a Windows 2000 Professional– based computer, the system uses h-node by default. Without WINS, the system uses b-node by default. Non-WINS clients can access WINS through a WINS proxy, which is a WINS-enabled computer that listens to name query broadcasts and then query the WINS server on behalf of the requesting client.

To see which node type is configured on a Windows 2000 Professional– based computer

  1. At the command prompt, type:
    ipconfig /all

  2. The node type is indicated to the right of the heading Node type .

Using a name server to locate resources is generally preferable to broadcasting for two reasons:

  • Broadcasts are not usually forwarded by routers. Therefore, only local subnet NetBIOS names can be resolved.

  • Broadcast frames are processed by all computers on a subnet.

Figures 22.13 and 22.14 illustrate the NetBIOS name resolution methods used by Windows 2000.

Cc977235.prcc_12(en-us,TechNet.10).gif

Figure 22.13 NetBIOS Name Resolution Flowchart (Part 1 of 2)

Cc977235.prcc_12b(en-us,TechNet.10).gif

Figure 22.14 NetBIOS Name Resolution Flowchart (Part 2 of 2)

Name Resolution Using WINS

Windows Internet Name Service (WINS) is a service that runs on Windows 2000 Server to provide NetBIOS name resolution. It provides a database for registering and querying dynamic NetBIOS name-to-IP address mappings in a routed network environment. You can use WINS either alone or in conjunction with DNS.

WINS reduces the use of local broadcasts for name resolution and allows users to locate computers on remote networks. Furthermore, when dynamic addressing through DHCP results in new IP addresses for computers that move between subnets, the changes are updated automatically in the WINS database. Neither the user nor the network administrator needs to make manual accommodations for name resolution.

WINS consists of two components: the WINS server, which handles name queries and registrations, and the client software (NetBIOS over TCP/IP), which queries for computer name resolution. A WINS server is a Microsoft Windows NT Server version 3.5 or later computer running the WINS server service. When Microsoft TCP/IP is installed under Windows 2000 Professional, WINS client software is installed automatically.

If there are WINS servers installed on your network, you can use WINS in combination with broadcast name queries to resolve NetBIOS computer names to IP addresses. If you do not use this option, Windows 2000 Professional can use name query broadcasts (b-node mode of NetBIOS over TCP/IP), and the local Lmhosts file to resolve computer names to IP addresses. However, broadcast resolution is limited to the local network.

Additionally, a WINS server can be used in conjunction with a DNS server to provide dynamic registration of hosts in an environment without DNS update. When configured to use WINS lookup, a DNS server can forward queries to a WINS server for resolution of unknown A resource records for all WINS clients.

If DHCP is used for automatic configuration, WINS server parameters can be provided by the DHCP server. Otherwise, you must configure information about WINS servers manually. WINS configuration is global for all network adapters on a computer.

Configuring WINS

The following procedure describes how to configure WINS and how to enable DHCP.

To configure a computer to use WINS for name resolution

  1. In Control Panel, double-click Network and Dial-up Connections .

  2. Right-click Local Area Connections .

  3. Select Internet Protocol (TCP/IP) , and then click Properties .

  4. If a DHCP server is available that is configured to provide information on available WINS servers, select Obtain an IP address automatically .
    The addresses of available WINS servers are provided as part of the configuration parameters for the client.

  5. If DHCP is not used, or the WINS address is to be manually configured, click Advanced .

  6. Select the WINS tab.
    Cc977235.prcc13(en-us,TechNet.10).gif

  7. Click Add .

  8. Enter the address of the WINS server, and click Add .

The order of the IP addresses can be rearranged as needed to reflect changes in name server availability, performance, or to implement load balancing.

To set the WINS server search order

  1. On the WINS tab, under the WINS addresses, in order of use box, select the IP address of the WINS server you want to reposition.

  2. Click the up or down buttons to reposition the selected IP address within the list of WINS servers.

B-Node Broadcasts and Lmhosts

By installation default, a Windows 2000 – based computer not configured as a WINS client or WINS server, is a b-node computer. A b-node computer is one that uses IP broadcasts for NetBIOS name resolution.

IP broadcast name resolution can provide dynamic name resolution. However, the disadvantages of broadcast name queries include increased network traffic and ineffectiveness in routed networks. Resources located outside the local subnet do not receive IP broadcast name query requests because IP-level broadcasts are not passed to remote subnets by the router (default gateway) on the local subnet.

As an alternate method to IP broadcasts, Windows 2000 enables you to manually provide NetBIOS name and IP address mappings for remote computers by using the Lmhosts file. Selected mappings from the Lmhosts file are maintained in a limited cache of NetBIOS computer names and IP address mappings. This memory cache is initialized when a computer is started. When the computer needs to resolve a name, the cache is examined first and, if there is no match in the cache, Windows 2000 uses b-node IP broadcasts to try to find the NetBIOS computer. If the IP broadcast name query fails, the complete Lmhosts file is parsed to find the NetBIOS name and the corresponding IP address. This strategy enables the Lmhosts file to contain a large number of mappings, without requiring a large amount of static memory to maintain an infrequently-used cache.

The Lmhosts file can be used to map computer names and IP addresses for computers outside the local subnet, an advantage over the b-node broadcast method. You can use the Lmhosts file to find remote computers for network file, print, and remote procedure services. The Lmhosts file is typically used for smaller networks that do not have name servers.

The Lmhosts file is a local text file that maps IP addresses to NetBIOS names. It contains entries for Windows-networking computers located outside the local subnet. The Lmhosts file is read when WINS or broadcast name resolution fails; resolved entries are stored in a local cache for later access.

You can create an Lmhosts file by using a text editor. Lmhosts is a simple text file. An example of the Lmhosts format is provided in the file named Lmhosts.sam in the Windows 2000 % SystemRoot% \System32\Drivers\Etc directory. This is only an example file. To active the Lmhosts file, rename Lmhosts.sam to Lmhosts. Edit the Lmhosts file to include remote NetBIOS names and IP addresses for each computer with which you communicate.

The keywords listed in Table 22.6 can be used in the Lmhosts file in Windows 2000 Professional.

Table 22.6 Lmhosts Keywords

Keyword

Description

\0x nn

Support for nonprinting characters in NetBIOS names. Enclose the NetBIOS name in double quotation marks and use \0x nn notation to specify a hexadecimal value for the character. This enables custom applications that use special names to function properly in routed topologies. However, Microsoft LAN Manager TCP/IP does not recognize the hexadecimal format.
Note that the hexadecimal notation applies only to one character in the name. Pad the name with blanks so that the special character is last in the string (character 16).

#BEGIN_ALTERNATE

Used to group multiple #INCLUDE statements. Any single successful #INCLUDE statement causes the group to succeed.

#END_ALTERNATE

Used to mark the end of an #INCLUDE statement grouping.

#DOM:< domain >

Part of the computer name-to-IP address mapping entry that indicates that the IP address is a domain controller in the domain specified by < domain >. This keyword affects how the Browser and Logon services behave in routed TCP/IP environments. To preload a #DOM entry, you must first add the #PRE keyword to the line. #DOM groups are limited to 25 members.

#INCLUDE < file name >

Forces the system to seek the specified < file name > and parse it as if it were local. Specifying a Uniform Naming Convention (UNC) < file name > allows you to use a centralized Lmhosts file on a server. If the server on which the specified < file name > exists is outside of the local broadcast subnet, you must add a preloaded entry for the server.

#MH

Part of the computer name-to-IP address mapping entry that defines the entry as a unique name that can have more than one address. The maximum number of addresses that can be assigned to a unique name is 25. The number of entries is equal to the number of network adapters in a multihomed computer.

#PRE

Part of the computer name-to-IP address mapping entry that causes that entry to be preloaded into the name cache. (By default, entries are not preloaded into the name cache but are parsed only after WINS and name query broadcasts fail to resolve a name.) The #PRE keyword must be appended for entries that also appear in #INCLUDE statements; otherwise, the entry in the #INCLUDE statement is ignored.

#SG < name >

Part of the computer name-to-IP address mapping entry that associates that entry with a user-defined special (Internet) group specified by < name >. The #SG keyword defines Internet groups by using a NetBIOS name that has 0x20 in the 16th byte. A special group is limited to 25 members.

The following example shows how all of these keywords are used:

192.176.94.102appname \0x14#special app server

192.176.94.123printsrv#PRE #source server

192.176.94.98localsrv#PRE

192.176.94.97primary#PRE #DOM:mydomain#PDC for mydomain

#BEGIN_ALTERNATE

#INCLUDE \\localsrv\public\lmhosts#adds Lmhosts from this server

#INCLUDE \\primary\public\lmhosts#adds Lmhosts from this server

#END_ALTERNATE

In the preceding example:

  • The servers named printsrv, localsrv, and primary are defined by using the #PRE keyword as entries to be preloaded into the NetBIOS cache at system startup.

  • The servers named localsrv and primary are defined as preloaded and also identified in the #INCLUDE statements as the location of the centrally maintained Lmhosts file.

  • Note that the server named appname \0x14 contains a special character after the first 15 characters in its name (including the blanks), and so its name is enclosed in double quotation marks.

  • The number sign (#), when not used with a keyword, designates the start of a comment.

Disabling NetBT

Windows 2000 file and print sharing components uses NetBIOS over TCP/IP to communicate with prior versions of Windows and other non-Microsoft clients. However, the Windows 2000 file and print sharing components (the redirector and server) now support direct hosting for communicating with other computers running Windows 2000. With direct hosting, DNS is used for name resolution. No NetBIOS name resolution (WINS or broadcast) is used and no NetBIOS sessions are established.

By default, both NetBIOS and direct hosting are enabled, and both are tried in parallel when a new connection is established. The first to succeed in connecting is used for any attempt. NetBIOS support can be disabled to force all traffic to use direct hosting.

To disable NetBIOS support

  1. From Network and Dial-up Connections , select the connection you want to modify, and then right-click Properties .

  2. Select Internet Protocol (TCP/IP) , and then click Properties .

  3. Click Advanced .

  4. Select the WINS Address tab.

  5. Select Disable NetBIOS over TCP/IP .

note-icon

Note

Applications and services that depend on NetBIOS over TCP/IP no longer function after this is done, so it is important that you verify that clients and applications no longer need NetBIOS over TCP/IP support before you disable it. Disabling NetBIOS over TCP/IP can prevent the creation of file and print sharing connections with non-Windows 2000 clients and servers.