COMMAND

    NetBIOS

SYSTEMS AFFECTED

    Win NT

PROBLEM

    Mike Lonergan found following.  He discovered what appears to be a
    bug  in  the  NetBIOS  name  conflict  resolution  mechanism  that
    manifests itself in  mixed SP3/SP4 domains.   After observing  his
    networks for a  few months thereafter,  he's quite confident  that
    the  proposed  solution  overcomes  the  bug.   Hopefully this bug
    won't strike  your networks,  as most  of you  probably upgrade(d)
    your PDCs and BDCs in a short time frame.

    The problem usually rears  its ugly head when  inter-domain access
    to shared resources begins to fail - users in one NT domain can no
    longer  access  file  shares,  etc.  in  another  trusting domain.
    Domain Monitor  (Dommon.exe from  the NT  Resource Kit)  will show
    that secure channels between the two domains are failing to set up
    properly.  An  examination of the  WINS database reveals  that the
    DOMAIN<1Ch> record for the domain controller in question does  not
    exist.  Even  further examination of  the 'nbtstat' response  from
    the domain controller in question shows that the DOMAIN<1Ch>  name
    is flagged  with a  "Conflict" Status,  not "Registered".   Have a
    look in the System Event Log for that server, and you'll notice an
    Event with  Source "NetBT",  ID "4320",  and Description  "Another
    machine has sent a name  release message to this machine  probably
    because a  duplicate name  has been  detected on  the TCP network.
    The IP address of the node  that sent the message is in  the data.
    Use nbtstat -n  in a command  window to see  which name is  in the
    Conflict state."   A hex  conversion of  the "node  that sent  the
    message" string (see  Knowledge Base article  Q120752 for tips  on
    digging this out) reveals that it comes from one of that  server's
    "sister"  domain  controllers  (i.e.  always  from  another domain
    controller  who  also  registers  the  DOMAIN<1Ch>  name  for that
    domain).

    The domain controller issuing  the "duplicate name" complaint  has
    always been  an NT  4.0 SP3  machine; the  machine which flags its
    DOMAIN<1Ch> name with "Conflict" has always been NT 4.0 SP4.  This
    leads me  to believe  that there  is a  bug or  change in  the way
    NetBIOS name  conflicts are  detected or  resolved, such  that SP3
    domain   controllers   will   effectively   disable   SP4   domain
    controllers.  In this case, it's always been the BDC that  remains
    at SP3 while the PDC went  to SP4, so this problem may  be limited
    to such a configuration.

SOLUTION

    The obvious solution would be to upgrade all domain controllers to
    SP4.  The "Conflict" flag  never cropped up again, once  SP4'd the
    BDC, and rebooted the PDC.  While it would be ideal to upgrade all
    domain controllers at  once, it's probably  sufficient to do  them
    all within  the space  of a  few days  - ideally,  within the WINS
    TTL time  window (Renewal  Interval) -  the default  setting is 72
    hours.

    A similar problem may appear  and it should be fixed  as explained
    in Q178640 (Could Not  Find Domain Controller When  Establishing a
    Trust).  The reason for the problem was mixed SP3/SP4  environment
    with RestrictAnonymous set to 0.