Thursday, January 9, 2014

WINS - special blog post

Having blogged most recently about Office 365, Windows 2012 and IPv6, I did not foresee the publication of a blog post about WINS.
Here's the situation.
In an environment where WINS has been retained for various reasons, it was discovered that the [1Ch] Domain Controller records (one on each WINS server) contain references to other domain controllers that were retired years ago.
This is not an original or never-before-seen problem. It has been related in various forums and the solution is apparently to delete the record and then recreate it. I was asked to verify that the methods that supposedly recreate the record actually function as advertised.
First, here are some references to the problem:

WINS 1C record problem (Experts Exchange)

Stale WINS 1C IP Address Entries (Microsoft Technet)

Invalid WINS records accross Four 2008R2 Domain Controllers (Microsoft Technet)

Second, after deletion of the record, here are the methods that would apparently recreate it:

1. Restart the netlogon service: "net stop netlogon" and then "net start netlogon"
2. Execute the "nbtstat -RR" command
3. Restart the WINS service

The first two are suggested in the articles cited above, the third is my idea.

Note: my domain controller (a virtual machine) is running Windows 2008 R2.

Once again, but now with illustrations, this is the problem.

In the "Active Registrations" folder of the WINS server, we have a [1Ch] record (domain controller) that contains references to other domain controllers long since retired. No, you do not see them in this screenshot:

In fact, we have to open the properties of the highlighted record to see where these references exist:

Even now, we only see one reference to a domain controller since this is our test environment and not the production environment where we are trying to clean the WINS database. In the production database, there are about 5 records that need to be purged. The screenshot may not show this, but the reader should understand that there are no means by which the record can be edited manually.
So the first step is to delete the [1Ch] domain controller record... or rather the second step, since it would be a good idea to backup the WINS database... just in case.
So... once the WINS database backup is finished, we can delete the record in question:

Since I only have one WINS server, I'll simply delete the record on the local server:

This screenshot proves the record has been deleted:

The question is: can we recreate the record?

I first attempted to recreate the record by stopping and then starting the netlogon service. This failed. Despite waiting a minute or two, refreshing the screen, opening and closing the WINS console, the [1Ch] Domain Controller record would not reappear. I did not take a separate screenshot since it would only be identical to the one above, in which the [1Ch] record is absent.
I then tried the nbtstat -RR command. The [1Ch] record re-appeared almost instantly. At most, I needed to refresh the screen.
I deleted the record once more and attempted to recreate it by stopping and starting the netlogon service. The results were consistent. This failed but the nbtstat -RR command recreated it successfully.

Restarting the WINS service also recreated the records.

In conclusion, it appears that, with at least some of the methods suggested, we can indeed delete and recreate the record with references to retired domain controllers. The results obtained are promising but since my test environment cannot simulate the production environment detail for detail (there are no outdated references in my [1Ch] record), it would be advisable to back up the WINS database first, just in case.
Moreover, my test environment contains only one WINS server. We should consider the effects of inter-WINS server replication on the results of the test - and the choices to make for the deletion of the record (see the screenshot above, related to this subject).

No comments:

Post a Comment