Discussion:
What is microsoft-ds (TCP 445)
(too old to reply)
AXJ
2008-07-29 19:07:26 UTC
Permalink
Hi all

We are running two Windows 2003 Servers with Active Directory. The first
server automatically created a DNS A record 10.10.10.111 pointing to its own
name.

This is a problem because whenever users wants to connect to the server by
name, the request was resolved to .111 and connection would fail.

I manually deleted the DNS record but it keeps reinserting itself to DNS.

From a client machine, I did a "netstat" and found this entry:

Foreign Address State
10.10.10.111:microsoft-ds ESTABLISHED


What should I do to remove this entry permanently?

Thanks.
axj
Ace Fekay [MVP]
2008-07-29 22:49:16 UTC
Permalink
Post by AXJ
Hi all
We are running two Windows 2003 Servers with Active Directory. The
first server automatically created a DNS A record 10.10.10.111
pointing to its own name.
This is a problem because whenever users wants to connect to the
server by name, the request was resolved to .111 and connection would
fail.
I manually deleted the DNS record but it keeps reinserting itself to DNS.
Foreign Address State
10.10.10.111:microsoft-ds ESTABLISHED
What should I do to remove this entry permanently?
Thanks.
axj
TCP 445 is Direct SMB and is used for communication instead of NetBIOS TCP
139.This is one reason why you can disable NetBIOS and machines will still
communicate. When running a netstat, you are seeing the available port ready
for any domain based communications.

What is port 445?:
http://www.petri.co.il/what's_port_445_in_w2k_xp_2003.htm

As for the DNS registration, you are seeing normal and expected behavior. I
assume the domain controller's IP address is 10.10.10.111. All domain
controllers will register a multitude of records, starting with it's A
record (machinename.domain.com), then the LdapIpAddress, that looks like
this:

(same as parent) A 10.10.10.11

The LdapIpAddress is what GPOs and other domain based functions use to
"find" the DC. Too much to get into, but DO NOT DELETE it.

SRV records and the LdapIpAddress record are automatically registered by the
Netlogon service and you MUST NOT DELETE THEM in order to allow your DCs do
their job.
--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations
Al
2008-08-01 23:26:07 UTC
Permalink
Thanks, Ace, for the info.

But, 10.10.10.11 is the primary IP address of the server. We can't have the
DNS return 10.10.10.111, because, when users try to mount a server share,
they use the server's name. The DNS query to server name now returns .111,
which makes the share mount requests failed.

The bottom line is that the DNS queries must return .10, not .111.

Any idea?

Thanks.
Allen
Post by Ace Fekay [MVP]
Post by AXJ
Hi all
We are running two Windows 2003 Servers with Active Directory. The
first server automatically created a DNS A record 10.10.10.111
pointing to its own name.
This is a problem because whenever users wants to connect to the
server by name, the request was resolved to .111 and connection would
fail.
I manually deleted the DNS record but it keeps reinserting itself to DNS.
Foreign Address State
10.10.10.111:microsoft-ds ESTABLISHED
What should I do to remove this entry permanently?
Thanks.
axj
TCP 445 is Direct SMB and is used for communication instead of NetBIOS TCP
139.This is one reason why you can disable NetBIOS and machines will still
communicate. When running a netstat, you are seeing the available port
ready for any domain based communications.
http://www.petri.co.il/what's_port_445_in_w2k_xp_2003.htm
As for the DNS registration, you are seeing normal and expected behavior.
I assume the domain controller's IP address is 10.10.10.111. All domain
controllers will register a multitude of records, starting with it's A
record (machinename.domain.com), then the LdapIpAddress, that looks like
(same as parent) A 10.10.10.11
The LdapIpAddress is what GPOs and other domain based functions use to
"find" the DC. Too much to get into, but DO NOT DELETE it.
SRV records and the LdapIpAddress record are automatically registered by
the Netlogon service and you MUST NOT DELETE THEM in order to allow your
DCs do their job.
--
Regards,
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Infinite Diversities in Infinite Combinations
Ace Fekay [MVP]
2008-08-02 04:00:30 UTC
Permalink
Post by Al
Thanks, Ace, for the info.
But, 10.10.10.11 is the primary IP address of the server. We can't
have the DNS return 10.10.10.111, because, when users try to mount a
server share, they use the server's name. The DNS query to server
name now returns .111, which makes the share mount requests failed.
The bottom line is that the DNS queries must return .10, not .111.
Any idea?
Thanks.
Allen
Not sure without knowing configuration and other information. I will need
much more information to provide assistance. Please post the following to
better assist.

1. An "ipconfig /all" (unedited please) to get a better understanding of
this server.
2. Are there any errors in any of the logs? Please post their EventID# and
Source names. You can also simply click on the copy button and paste the
errors.
3. How many domain controllers exist?

Thank you,

Ace
Kevin D. Goodknecht Sr. [MVP]
2008-08-02 18:23:37 UTC
Permalink
Read inline please.
Post by Al
Thanks, Ace, for the info.
But, 10.10.10.11 is the primary IP address of the server. We can't
have the DNS return 10.10.10.111, because, when users try to mount a
server share, they use the server's name. The DNS query to server
name now returns .111, which makes the share mount requests failed.
The bottom line is that the DNS queries must return .10, not .111.
The IP you want registered for the servers name must be the DNS listen
address. Check the DNS server properties sheet in DNS Management, Interfaces
tab.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Continue reading on narkive:
Loading...