Active Directory Domain controller broadcasting UDP – Why?

pts.
Tags:
Active Directory
Desktops
Management
Microsoft Windows
Networking
OS
Routers
Security
Servers
SQL Server
Hi all, I've been noticing some sluggish network performance and was checking through some logs in my PIX firewall, and came across this entry: Aug 04 2006 09:59:54 710003: UDP access denied by ACL from 192.168.1.49/137 to inside: 192.168.1.255/137 Now, 192.168.1.49 is a domain controller (Windows Server 2003 Ent, running DHCP & DNS) and it appears to be broadcasting to my 192.168.1.* segment (all servers). Any idea why, and is it possible to stop it? I ask because I have my servers on the 192.168.1.* segment and my workstations on the 192.168.2.* segment, with a Cisco 2621 in between. The router does not allow broadcasting, so as to keep network traffic to a minimum. Any help is appreciated!!

Answer Wiki

Thanks. We'll let you know when a new response is added.

Your server is advertising NETBIOS services (Port 137) to the network segment that the machine is connected to. This is a normal service for Windows computers, and is usually enabled by default. NETBIOS services are frequently used to advertise Windows Shared items, such as a network share, but can also be used for other services as well, including network printing.

I cannot understand why you would have NETBIOS enabled on a DHCP/DNS server, unless you are also using it as a WINS server. NETBIOS services are usually blocked by a router, especially in this situation, because the packets are being sent to the broadcast address of the local subnet, so the router ignores the packets because they are not required to go any further. In the meantime, these packets are being transmitted to every device on the 192.168.1.* segment, which would certainly slow your traffic down, if they are frequently transmitted.

Some things that you haven’t said is how often these packets are being blocked by the firewall and their size. You also haven’t said if you have logging enabled on the router, which could also assist in diagnosing this problem. The only other item that you haven’t mentioned is what version of Windows Server you are running (2000, 2003

You can disable NETBIOS service advertising, but before you do so, it would be very wise to check that you are NOT running any service that require the UDP packets. Once you find that out, then consult you Server Admin Manual to find the correct procedure to stop NETBIOS services on the segment.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Linger1974
    Sorry about the omissions. I'm running Windows Server 2003 SP1. I am running DNS, DHCP on this server, but the machine does not handle print services. These are handled by a different server, so I'm not sure if this server would be broadcasting available printers or not.. Knowing these facts, should I still disable the Netbios broadcasting? I'm leaning towards yes, since the user segment can print fine, and they're not receiving the broadcasts..
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following