Server unable to "net send" any machine

  • humbletech99
  • Proficient
  • Proficient
  • User avatar
  • Posts: 300

Post 3+ Months Ago

I have a server that is not able to "net send" any machine. It is running Windows 2003 server and has the messenger service disabled so that it does not receive any incoming "net send" messages. However there is another server that also has the messenger service disabled and can net send out.

Reason I need this: Users run processes on the servers and have these commands at the end of their batch files to let them know when their process has finished.

I have checked all the services manually and the working server does not have any service the broken one does not have. There were a couple of things in netdiag however that I do not quite understand
Code: [ Select ]
    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

NetBT transports test. . . . . . . : Passed
  List of NetBt transports currently configured:
    NetBT_Tcpip_{3CACDC42-9112-412B-A05D-C647833F7952}
  1 NetBt transport currently configured.

NetBT name test. . . . . . . . . . : Passed
  [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.

DNS test . . . . . . . . . . . . . : Passed
     [WARNING] Cannot find a primary authoritative DNS server for the name
      'servername.domain.com.'. [RCODE_SERVER_FAILURE]
      The name 'servername.domain.com.' may not be registered in DNS.
  1.     NetBT name test. . . . . . : Passed
  2.     [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
  3. NetBT transports test. . . . . . . : Passed
  4.   List of NetBt transports currently configured:
  5.     NetBT_Tcpip_{3CACDC42-9112-412B-A05D-C647833F7952}
  6.   1 NetBt transport currently configured.
  7. NetBT name test. . . . . . . . . . : Passed
  8.   [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
  9. DNS test . . . . . . . . . . . . . : Passed
  10.      [WARNING] Cannot find a primary authoritative DNS server for the name
  11.       'servername.domain.com.'. [RCODE_SERVER_FAILURE]
  12.       The name 'servername.domain.com.' may not be registered in DNS.

I suspect I have these NBT warning because the messenger service is disabled, they were not on the working server when I ran netdiag on it but it also has the service disabled. Both servers rebooted on Wednesday at the same time.

I have run nbtstat against both servers and can see the missing name is the 03 messenger service name on the non-working server.

The dns error is a bit perplexing too since I have manually queried every dns server in the list that the non-working server uses. Queries for the servername.domain.com as well as just servername, both forward and reverse, came back successful every single time I queried any of the dns servers, so I don't know what this is really complaining about.

The working server has not had any of these messages in it's netdiag which passed everything.
I have even gone through the network settings, making sure netbios over tcp is enabled and that the dns and wins server settings are identical.

I've done ipconfig/flushdns and nbtstat -RR and nbtstat -R but still no joy.

Can anyone please give me some ideas on things to do here, I'm running out...?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Temporarily disable the firewall on that server. If that works, add c:\windows\system32\net.exe to the exceptions list.

__________________

Run the dig command from your unix box to check the DNS queries.
Is your inside domain the same name as your outside domain?
  • humbletech99
  • Proficient
  • Proficient
  • User avatar
  • Posts: 300

Post 3+ Months Ago

the firewall is controlled via the same gpo for both servers. Hence there should be no difference. Policy also dictates that it stays on so I can't disable it.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Are we both talking about Windows Firewall? What about my suggestion to add net.exe to the exceptions list?
  • humbletech99
  • Proficient
  • Proficient
  • User avatar
  • Posts: 300

Post 3+ Months Ago

yes but the firewalls are configured identically by the same policy.

It worked once I enabled the messenger service again. It seems this created the 03 netbios record. Now disabled again and it still works.

Hmmm. This raises the next question.

Is there a way to keep the messenger service on so that this keeps working but to only allow outbound messages, not inbound?
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

That would be done by a firewall that blocks packets by port numbers.
Net send and messenger service don't use the same ports from what I gather on google but you would have to verify that. As far as I can tell, 169 is net send and messenger service is any of the netbios ports and 443.

http://www.spywareguide.com/txt_messengerspam.php
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Just out of curiosity is RPC running on the machine in question? If I'm not mistaken since Windows 2000 net send works using RPC.
  • bodom321
  • Graduate
  • Graduate
  • bodom321
  • Posts: 141

Post 3+ Months Ago

what about the alerter service, is it enable in the server.

you need to have messenger and alerter enable in servers, and you only need to have messenger in the clients "according to what i remember about the net send command".
  • bodom321
  • Graduate
  • Graduate
  • bodom321
  • Posts: 141

Post 3+ Months Ago

sorry, i was goin g to recommend a tool i used to send messager with net send. there is a program called "NetSendFaker" its name tells you what it does, it wil fake the message that you wanna send " like wit net send command" but it will not show your ip address, but whatever you want it to display. it is pure venom in networks such as the ones at schools to have some fun without getting cought lol.

anyway i just wanted to recommend that, maybe you already new about that tool. by the way, if you use netsend, you might wanna use net meeting too. cya
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

I didn't know about it, but I'll certainly make a note of it.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

halen wrote:
what about the alerter service, is it enable in the server.

you need to have messenger and alerter enable in servers, and you only need to have messenger in the clients "according to what i remember about the net send command".


Not the case Halen. I tested net send on my server before I posted and it worked just fine with Alerter and Messenger disabled which are the defaults on 2003 server. Messenger only needs to be enabled to recieve messages. XP SP2 disabled it by default. And Messenger and Alerter are disabled on both my servers yet I can net send from both just fine.

No there's something else going on. That's why I asked about RPC.
  • humbletech99
  • Proficient
  • Proficient
  • User avatar
  • Posts: 300

Post 3+ Months Ago

Don2007 wrote:
As far as I can tell, 169 is net send

Don't you mean port 139? I guess that was a typo? Nowhere on the page you referenced is there a number 169.

Messenger and Alerter services are disabled on both the working and the non-working server.

Funnily enough, after starting the messenger service I was able to net send again, but then after stopping and disabling it again I was still able to send outgoing net send messages.

I noticed that the messenger service created the 03 netbios record on the server.

I'm not sure about the rpc thing. To my knowledge the firewall blocks rpc except from one or two management stations. So each server cannot connect rpc to anything else and this still works...
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Well apparently you've found your solution. Test it. Apparently all you needed was the 03 netbios record. Remove it and see if net send stops working again. Add it back and see if it is functional.
  • humbletech99
  • Proficient
  • Proficient
  • User avatar
  • Posts: 300

Post 3+ Months Ago

I'm not sure how to actually go about manually adding and deleting this record on the server interface though... is this not supposed to be done automatically?

Actually I think I can create this in lmhosts but I can't remember how, anyway I've not had any complaints that this is not working, so I'm going to leave it to see...

Post Information

  • Total Posts in this topic: 14 posts
  • Users browsing this forum: No registered users and 38 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.