Previous Page | Next Page

  1. Introduction
  2. Windows 2000 Professional
  3. Windows 2000 Server
  4. Windows 2000 Advanced Server
  5. Windows 2000 Datacenter Server
  6. Application Support
  7. System Operation
  8. Disks and Volumes
  9. Filesystems
  10. Configuration Files
  11. Security
  12. Network Support
  13. Access Management
  14. Processes
  15. AD Structure
  16. AD Objects
  17. AD Object Naming
  18. AD Schema
  19. AD Sites
  20. Domains
  21. AD Functions
  22. AD Replication
  23. DNS
  24. AD Security
  25. AD Installation
  26. AD Configuration
  27. AD Performance
  28. Installation
  29. Installation Options
  30. Unattended Installation
  31. Software Distribution
  32. Remote Installation Service
  33. Language
  34. Accessibility
  35. File Attributes
  36. Shares
  37. Distributed File System
  38. Control Panel
  39. Active Directory Tools
  40. Computer Management Console Tools
  41. MMC Tools
  42. Network Tools
  43. Network Monitor
  44. System Performance Monitoring
  45. Tools
  46. Managing Services
  47. Connections
  48. TCP/IP
  49. DHCP
  50. Printing
  51. Routing
  52. IPSec
  53. ICS
  54. Fault Tolerance
  55. Backup
  56. System Failure
  57. Services
  58. Remote Access
  59. WINS
  60. IIS
  61. Certificate Server
  62. Terminal Services
  63. Web Services
  64. Authentication
  65. Accounts
  66. Permissions
  67. Groups
  68. User Rights and Auditing
  69. Auditing
  70. User Profiles
  71. Policies
  72. Group Policies
  73. Miscellaneous
  74. Terms
  75. Credits

Windows 2000 WINS

The purpose of WINS is to allow a NetBIOS name to be converted to an IP address. Therefore computers using WINS must be using NBT (NetBIOS over TCP/IP). WINS was originally put in place to compensate for a shortcoming of NetBEUI which is the fact that it is not routable. Therefore on large Networks IP is used to transport NetBIOS and rather than using broadcasts, information is sent to the WINS server.

WINS converts Windows computer names to IP addresses but does not do name lookups based on IP addresses. The use of Windows Explorer or NET commands invokes the NetBIOS interface. NetBIOS names, if repeated on another domain that is on the network, may cause a problem since there is no way to distinguish NetBIOS names between two domains. Each computer, when booted, sends a name registration broadcast. If there is no response, the computer will use the name it registered. A NetBIOS broadcast releases the computer name when the computer is shutdown gracefully.

WINS reduces this broadcast traffic when using NBT. The registration and release is sent to the WINS server rather than being broadcast. The clients have the IP address of the WINS server and they are configured to use WINS before using NetBIOS broadcasts. A backup WINS server may be available on the network for fault tolerance.

Five NBT Name Resolution Methods

  • B-node - broadcast - Uses UDP broadcast datagrams. Default node type.
  • P-node - Peer to peer - Uses a NetBIOS name server such as WINS. If a WINS server is not available, broadcasts are not used as a backup. The WINS IP address must be specified at each client?
  • M-node - Mixed - Tries B-node, then P-node resolution.
  • H-node - Hybrid - Tries P-node, then B-node resolution. After this attempt for Windows 2000, LMHOSTS and HOSTS files are used, then the DNS server is used.
  • Microsoft enhanced B-node - Checks address cache which is loaded brom the lmhosts file when the system boots. After checking address cache, a broadcast is sent, then the lmhost file is checked if broadcasting did not resolve the query.

NetBIOS Names

On the WINS server, there is a NetBIOS name for each service a NetBIOS computer offers. This uses the 16th hidden character of the NetBIOS names. Up to 25 records of groups, domain browsers, and multihomed computers may be registered. The characters and their meanings are:

  • 00 - Workstation service (Domain name) or (Workgroup name) or (Computer name)
  • 03 - Messenger service (Computer name) or (User name)
  • 06 - RAS server service (Computer name)
  • 1B - Primary domain controller (Domain name)
  • 1C - Domain controller or PDC or BDC (Domain name)
  • 1D - Master browser (Domain name)
  • 1E - Only is on servers, indicates the computer would become a browser if requested.. (Domain name) or (Workgroup name)
  • 1F - NetDDE service (Computer name)
  • 20 - Server service (Computer name)
  • 21 - RAS client (Computer name)
  • BE - Network Monitoring Agent service (Computer name)
  • BF - Network monitor utility service (Computer name)

WINS Operation

When a NetBIOS broadcast is to go out, a computer sends over TCP/IP to a WINS server to resolve NetBIOS names. WINS dynamically builds its database. When a client uses WINS it announces to the WINS server over TCP/IP rather than broadcasting to all computers. WINS Message Modes:

  • Client Name Registration - When a client service is started, the appropriate NetBIOS name for that service, for all NetBIOS processes (Using the hidden 16th byte) is sent to the WINS server. If the registration fails, the client retries every ten minutes. If the primary WINS server fails to respond, the request is sent to the secondary WINS server after three tries. If no WINS server responds, B-node broadcasts are used by the client. When contacted, the WINS server returns a time to live (TTL) field containing the length of time the client may use that name. If a duplicate name is received, the server sends a wait for acknowledgement (WACK) to the registering client. Then a challenge is sent by the server to the registered client. If the current owner responds correctly, the new client request is rejected.
  • Client Lease Renewal - When the name lease is at 50%, the client sends a name renewal request to the WINS server with its name and IP address. When the lease is 7/8 up, the client will try again then attempt a lease with the secondary WINS server. After 4 attempts with the secondary WINS server, it attempts lease renewal with the primary WINS server again.
  • Client Name Release - The client sends a name release message with its name and IP address. The server responds with a positive release message. If no confirmation is received by the client a NetBIOS broadcast release is sent up to three times.
  • Server Name Query and Name Resolution response - With WINS server on the network, resolution is done using H-node on UDP port 137 (NetBIOS Name Service). Name query order:
    1. Local cache
    2. WINS server (primary then secondary, two times).
    3. Broadcast
    4. Lmhosts file
    5. Hosts file
    6. DNS

WINS Database

When a client is turned off, it releases its name, but there is a WINS extinction interval that allows the record to remain for some period of time in case the client is turned on again (as in the case of a reboot). The extinction interval reservs the record for some period so other clients cannot use it until the interval expires. WINS files are in SystemRoot\System32\Wins. A file names WINS.MDB is used to store a WINS database which can be backed up and repaired. The WINS service will back up the database every three hours (by default) to the configured backup path. Version numbers can be used to backup minor changes. The only way to replace a new copy with an older copy is to delete the old database copy first. The easy way to restore a database is to force replication from a WINS partner with a good copy of the database.

The database contains the following records:

  • Renewal interval - Equivalent to the DHCP lease interval, it is the amount of time for the client to re-register the NetBIOS name before it is released.
  • Extinction interval - The time a releast record exists before being tombstoned.
  • Extinction timeout - The time a tombstoned record exists before being erased.
  • Verification interval - The time an active record exists before being verified with the name owner.

WINS Proxy Agent

A WINS proxy agent can be configured to act as a relay for non-WINS clients. The WINS proxy agent can intercept client broadcast requests, forward them to a WINS server and return the response. It may also reply with the response without contacting the WINS server if the required information is in its cache. One WINS proxy is used on each subnet that has non-WINS clients. This means that machines that are not using WINS (Even Windows machines such as those without TCP/IP) can use a proxy agent to let them find resources on other subnets. There should be a maximum of two proxy agents per subnet. The agent must be a Windows based client, not a server. When NetBIOSs names are registered, both the proxy agent and the WINS server checks the name. The proxy agent is configured at the following registry location:

Hkey_Local_Machine\System\CurrentControlSet\Services\NetBT\Parameters

Set the EnableProxy parameter to REG_DWORD value of 1 and restart the computer.

WINS Replication

When two WINS servers are configured to communicate with each other replication occurs any time the data base on one of them changes. Servers are configured as a push or pull partner. A server can be both a push and pull partner. Push partners send update notices when a database change is made. A pull partner asks push partners for database entries more recent than their current listings. Only changes are replicated. Pull servers are used across slow links since pull requests can be set for specific times.

  • A pull server will pull updates when it is started, then at chosen times thereafter.
  • A push partner will send updates when a change threshold is reached. A thershold and update interval may be set.

WINS Properties Box

The WINS properties box can be opened by right clicking on a server in the WINS snap-in and selecting "Properties". Tabs:

  • General - Can set how often databases and logs are updated with new information. Set where database files are backed up
  • Intervals - The following intervals can be set (described above):
    • Renew interval
    • Extinction interval
    • Extinction timeout
    • Verification interval
  • Database Verfication - Controls whether the WINS database integrity is verified and how often this is done.
  • Advanced - Controls logging of events. Also can set the number of requests the server can handle at one time. The location of the database is set.

Replication Properties Box

Tabs:

  • General
  • Push Replication
  • Pull Replication
  • Advanced