Re: master browser messages in evenlog on firewalled machine

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/29/05 

Date: Tue, 29 Mar 2005 07:26:26 -0700

Filters are sometimes defined to allow responses to communications
initiated within. The messages that you mention result from either
"hearing" a broadcast stating "I am master browser" or from having
broadcast "I see no master browser, hence I am master now". Either
can result is a short free election, following which the then current
master is identified for all to know and use.
That use then is over defined TCP ports that are apparently for your
system blocked.
In a hosted environment not only is it good that they are blocked, but
it is curious that you have the Browser (and hence Server) and the
Workstation services allowed to run. 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Andy Fish" <ajfish@blueyonder.co.uk> wrote in message
news:%23KfBs6FMFHA.2940@TK2MSFTNGP15.phx.gbl...
> Hi,
>
> I have a hosted server that was set up by the hosting company (uk2) to use
> the local security settings as a firewall (in the "local security
settings"
> console, select "IP security policies on local computer"). This performs
> packet filtering on incoming and outgoing IP packets. I have configured it
> to allow only the things I need (incoming HTTP and Remote Desktop,
outgoing
> SMTP and DNS) and it seems to be working OK.
>
> However, I have noticed messages in the event log like this:
>
> "The master browser has received a server announcement from the computer
> SERVER_XXXX that believes that it is the master browser for the domain..."
>
> The server names in the event log are those typically assigned by the
> hosting provider, so I guess these other servers are in the same hosting
> centre (on the same network segment?). However, What I don't understand is
> how it is receiving announcements from machines over tcp/ip (this is the
> only network protocol installed) when the IP security policy is supposed
to
> be filtering the traffic.
>
> It seems to me that either the packet filtering is implicitly letting
> through some packets regardless of how it is configured, or that the
> communication is not taking place over TCP/IP. Can anyone explain this
> please?
>
> Andy
>
>

Relevant Pages

  • RE: Printer settings coult not be saved.
    ... Server and then the issue occurs. ... Microsoft CSS Online Newsgroup Support ... The master browser has received a server announcement from the computer ... TERESA that believes that it is the master browser for the domain on ...
    (microsoft.public.windows.server.sbs)
  • Re: Access denied to WinXP machine on P-P Network
    ... machine from this WinXP machine on a peer-to-peer workgroup network. ... Server is active on ... NetbiosSmb ... Master browser name is: CHARTRANDNB ...
    (microsoft.public.windowsxp.network_web)
  • Re: domain not visible some time after system start
    ... Sounds like Master browser issue. ... Do you have WINS server on NT. ... If you turn off the XP home and restart the NT, what does the browstat look like? ... How to Setup Windows, Network, VPN & Remote Access on ...
    (microsoft.public.windowsxp.network_web)
  • Re: My Network Places browsing
    ... Browstat status from the subnet and from the server network. ... Master browser name is: DC1 ... There are 93 servers in domain MyDomain on transport ...
    (microsoft.public.windows.server.networking)
  • Re: Computer Browsing Service - anyone want to contribute for a good conversation?
    ... Many of your VLANs will not have a server ... > this have to do with clients netbios over tcp settings? ... >> WINS does not store or replicate browse lists. ... The most common cause of master browser failures is multihomed ...
    (microsoft.public.windows.server.networking)