Home > Articles > Certification > Microsoft Certification

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Implementing NetBIOS Name Resolution

Plan a NetBIOS name resolution strategy.

  • Plan NetBIOS name resolution by using the LMHOSTS file.

Microsoft TCP/IP uses NetBIOS over TCP/IP (NetBT) as specified in RFC 1001 and 1002 to support the NetBIOS client and server programs in the local area network (LAN) and wide area network (WAN) environments. Before we look at the specifics of NetBIOS name resolution, let's briefly review how computers communicate on the network. This review should help you understand how the different NetBIOS modes work and why some are preferable to others.


What's multicasting? Multicasting is the act of transmitting a message to a select group of recipients. This is in contrast to the concept of a broadcast, where traffic is sent to every host on the network, or a unicast, where the connection is a one-to-one relationship, and there is only one recipient of the data. Think about sending an email message. If you send an email message to your manager, it is an example of a unicast message. If you send an email message to every user on the system, it is a broadcast. Send an email message to a mailing list, and you have sent a multicast message, which falls between the previous two. Teleconferencing and videoconferencing use the concept of multicasting, as does broadcast audio, where the connection is one to a selected group. At this time, only a few applications take advantage of this feature, but with the growing popularity of multicast applications, you may see more multicast applications in the future. WINS is one that you can keep on the list, but only for small networks.

Computers can use two ways to communicate on a network:

  • Through broadcast messages, which every computer receives

  • Through directed messages, which are sent to a specific computer

Whenever possible, communicating through directed messages is preferable. This approach cuts down on the amount of network traffic and ensures that only the affected hosts receive the message. It also ensures that the messages propagate across routers. So, Microsoft needed to make sure that WINS communicated primarily with directed messages. The company accomplished this by allowing several types of NetBIOS naming methods. These naming methods are commonly called node types. A node is simply a device on a network. Every computer on a Microsoft computer is configured as one of four node types. The node type determines whether the computer will learn names through broadcast messages, directed messages, or some combination of broadcast and directed messages. Before you can work with WINS, you need to know what the node types are and when they are used:

  • B-node (broadcast node)—This node relies exclusively on broadcast messages and is the oldest NetBIOS name resolution mode. A host needing to resolve a name request sends a message to every host within earshot, requesting the address associated with a hostname. B-node has two shortcomings: Broadcast traffic is undesirable and becomes a significant user of network bandwidths, and TCP/IP routers don't forward broadcast messages, which restricts B-node operation to a single network segment.

  • P-node (point-to-point node)—This node relies on WINS servers for NetBIOS name resolution. Client computers register themselves with a WINS server when they come on the network. They then contact the WINS server with NetBIOS name resolution requests. WINS servers communicate using directed messages, which can cross routers, so P-node can operate on large networks. Unfortunately, if the WINS server is unavailable, or if a node isn't configured to contact a WINS server, P-node name resolution fails.

  • M-node (modified node)—This hybrid mode first attempts to resolve NetBIOS names using the B-node mechanism. If that fails, an attempt is made to use P-node name resolution. M-node was the first hybrid mode put into operation, but it has the disadvantage of favoring B-node operation, which is associated with high levels of broadcast traffic.

  • H-node (hybrid node)—This hybrid mode favors the use of WINS for NetBIOS name resolution. When a computer needs to resolve a NetBIOS name, it first attempts to use P-node resolution to resolve a name via WINS. Only if WINS resolution fails does the host resort to B-node to resolve the name via broadcasts. Because it typically results in the best network utilization, H-node is the default mode of operation for Microsoft TCP/IP client computers configured to use WINS for name resolution. Microsoft recommends leaving TCP/IP client computers in the default H-node configuration.


Global replication settings Because we just finished discussing configuring replication partners, these parameters should look familiar. However, in this section the changes apply to any replication partners created after the modifications are made. They are not applied to existing replication partners.


It takes two to replicate Remember that you must configure both partners in a replication relationship to replicate with each other; otherwise, replication does not occur.


Microsoft does test on backward compatibility Don't be fooled. Just because WINS is a legacy technology, that doesn't mean it won't be tested on the exam. Microsoft recognizes the importance of backward compatibility, and as a result, you can expect to see questions on WINS for this exam. If you have not worked with it in a legacy environment, make sure you understand how WINS works.

The Method WINS Uses to Resolve a Name

The time may come when you need to understand exactly how WINS resolves a name. (Because H-node is not only the default but is also the recommended configuration, we restrict our discussion to the H-node name resolution.) When a WINS client computer configured for hybrid node needs to resolve a hostname, it goes through the following series of steps:

  1. The WINS client computer checks its NetBIOS name cache. If the name is found, that name is returned.

  2. The client queries the WINS server. If the name is found, that name is returned.

  3. The client issues a broadcast to find the host on the local network. If the name is found, that name is returned.

  4. The client looks for the LMHOSTS file to check for an entry. If the name is found, that name is returned.

  5. The client looks for the HOST file to check for an entry. If the name is found, that name is returned.

  6. The client queries the DNS server for the entry. If the name is found, that name is returned.

  7. If all these methods fail, the WINS client computer issues an error message saying that it cannot communicate with the host.


Registering with WINS When your Windows client computer enters the network, it registers with WINS so that other Microsoft client computers can resolve its name to an address. For the exam, you should be aware that although a WINS proxy server can be used to resolve names for hosts that have registered with WINS, it cannot be used to register with WINS. You need access to the WINS server to successfully register.


Another point that many people have a misconception about is how clients actually contact the WINS server. Unlike DHCP clients, WINS clients cannot locate a WINS server through broadcasts. A WINS server IP address needs to be provided to a client ahead of time either though DHCP or by manual configuration.

Although networks can be organized using a mixture of node types, Microsoft recommends against doing so. B-node client computers ignore P-node directed messages, and P-node client computers ignore B-node broadcasts. Therefore, it is conceivable that two client computers could separately be established with the same NetBIOS name. If WINS is enabled on a Windows 2000 or XP computer, the system uses H-node by default. Without WINS, the system uses B-node by default. Non-WINS client computers can access WINS through a WINS proxy, which is a WINS-enabled computer that listens to name query broadcasts and then queries the WINS server on behalf of the requesting client computer.

The actual configuration of a computer to use LMHOSTS for NetBIOS name resolution is not done by using the WINS console or a Group Policy Object, as you might expect. You must actually configure it computer by computer by setting the options available to you on the WINS tab of the Advanced TCP/IP Settings dialog box, as shown in Figure 3.18.

Figure 3.18Figure 3.18 On the WINS tab of the Advanced TCP/IP Settings dialog box, you can configure the network connection to use an LMHOSTS file.

You have the following options available to you to allow the use of the LMHOSTS file on the local computer:

  • Enable LMHOSTS lookup—This option, which is selected by default, specifies that an LMHOSTS file is to be used to resolve NetBIOS hostnames to an IP address.

  • Default—This option, which is selected by default, specifies that this network connection is to obtain the NetBIOS over TCP/IP (NetBT) setting from the Windows DHCP server that granted its lease.

  • Enable NetBIOS over TCP/IP—This option specifies that this network connection is to use NetBT and WINS.

  • Disable NetBIOS over TCP/IP—This option specifies that this network connection is not to use NetBT and WINS.

LMHOSTS files typically contain entries similar to the following ones, which are examples given the default LMHOSTS file located in the %systemroot%\System32\Drivers\Etc folder:   rhino  popular  localsrv

Each entry maps a NetBIOS name to an IP address for hosts that are not located on the local subnet, thus allowing legacy clients to locate other legacy clients on the network.

  • + Share This
  • 🔖 Save To Your Account