 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Networking and Web / September 2004XP Home connectivity lost after SP2: NETBT??
A pair of computers linked via Ethernet: one 98, one XP Home. Each belongs to the workgroup WORKGROUP and has shares that the other connects to. After SP2, - TCP/IP works. I can ping from one computer to the other and I can also make TCP connections from one computer to the other. - the 98 computer browsing the network sees WORKGROUP and sees itself but does not see the XP Home computer. - the XP Home computer browsing the network through My Network Places sees WORKGROUP, but WORKGROUP appears blank: it doesn't even see itself there. - Event Viewer reports "4311" error messages for NetBT. - Although TCP/IP > Properties > Advanced > WINS says "Enable NETBIOS", ipconfig/all reports "NetBIOS over Tcpip Disabled". - net view \\xpmachine lists all the XP machine's shares. - net view \\98machine reports "System error 1231 has occurred". - I have checked that the workgroup name is still WORKGROUP. - uninstalling the network card and allowing XP to find it again makes no difference to the problem. - Disabling Windows Firewall makes no difference to the problem. - Disabling and re-enabling the LAN connection makes no difference to the problem. - Repairing the LAN connection fails. The message is "Windows could not finish repairing the problem because the following action cannot be completed: Clearing NetBT". I'm sort of running out of things to try. Does anyone have any suggestions? I should add: both computers have fixed IP addresses, of 192.168.0.4 for Windows 98 and 192.168.0.1 for XP Home - and (as I said) TCP/IP in itself works perfectly. The XP Home machine has no LMHOSTS file. >A pair of computers linked via Ethernet: one 98, one XP Home. Each >belongs to the workgroup WORKGROUP and has shares that the other [quoted text clipped - 24 lines] >I'm sort of running out of things to try. Does anyone have any >suggestions? Event ID 4311 means that "Initialization failed because the driver device could not be created." Are there any other relevant messages in Event Viewer? Anything about TCP/IP Protocol Driver or IPSEC Driver? Make sure that the TCP/IP NetBIOS Helper service is running and is configured to start automatically. This web page has more information: http://www.eventid.net/display.asp?eventid=4311&eventno=910&source=NetBT&phase=1  SignatureBest Wishes, Steve Winograd, MS-MVP (Windows Networking) Please post any reply as a follow-up message in the news group for everyone to see. I'm sorry, but I don't answer questions addressed directly to me in E-mail or news groups. Microsoft Most Valuable Professional Program http://mvp.support.microsoft.com Thank you for your quick response. There were no other relevant messages in Event Viewer. It turns out that someone was concerned about Windows Firewall leaving port 445 open to the Internet (even though, in "Exceptions", it's set up to be "subnet only") and altered HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters to rename the TransportBindName string. This did indeed prevent my computer from listening on port 445, but it also (as we have seen) stopped NetBT working completely. Once I undid that alteration everything was OK. This does, however, raise the question of the unsecured port 445. Now, when I am connected to the Internet, netstat quite often reports ESTABLISHED connections to 'microsoft-ds' on my computer, from remote dialup computers somewhere else on the Internet. These connections are of course unwanted and presumably malicious in intent. 1. Is there any way of blocking these connections, since Windows Firewall won't do it? 2. Are these connections a security risk? > >A pair of computers linked via Ethernet: one 98, one XP Home. Each > >belongs to the workgroup WORKGROUP and has shares that the other [quoted text clipped - 46 lines] > Microsoft Most Valuable Professional Program > http://mvp.support.microsoft.com >1. Is there any way of blocking these connections, since Windows >Firewall won't do it? Martin, I think the Windows firewall will do it if you set a user defined IP address range, rather than selecting subnet. If I'm not mistaken, this is a known defect in the firewall, likely to be fixed soon, but meanwhile the address range should do. This is only from memory, so please test it before you rely on me. Hans-Georg SignatureNo mail, please. I think I did try the address range yesterday, in the form 192.168.0.0/255.255.255.0, with no apparent effect: the incoming connections were still there. Now I've tried 192.169.0.1,192.168.0.4 and that seems to have worked. Thank you for the tip! Martin. > >1. Is there any way of blocking these connections, since Windows > >Firewall won't do it? [quoted text clipped - 15 lines] > -- > No mail, please. >I think I did try the address range yesterday, in the form >192.168.0.0/255.255.255.0, with no apparent effect: the incoming >connections were still there. > >Now I've tried 192.169.0.1,192.168.0.4 and that seems to have worked. Martin, thanks for reporting back! The security hole is so big that they'll have to do something about it soon, methinks. Hans-Georg SignatureNo mail, please. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.