Wednesday, January 05, 2011

NetBIOS-ssn issue when a naming collision/conflict is detected

I encountered an issue today affecting NetBIOS/CIFS/SMB filesharing, the situation is as follow:
  1. User have one physical Windows 2003 server connecting to a remote CIFS fileserver as mapped drive.
  2. Remote connection is via Firewall and IPS appliances. Firewall only allows TCP/139 outbound, TCP/445 is blocked.
  3. I P2Ved that Windows 2003 server into vSphere
  4. Overall operation of the P2Ved server is OK.
  5. End-user complains that the virtualized server now cannot access the fileshare either directly via UNC or via "net use" command
Unfortunately the end-user did not network-disconnect or powered-off the original physical server, they merely changed its IP address.
This causes the broadcast domain to have a NetBIOS name collision, both the old physical and the new virtualized server uses the same NetBIOS name (but with different IP address).
It seems that when a NetBIOS name collision is detected on the local host, the host refuses to use legacy ports (UDP/137, UDP/138 and TCP/139) and only uses TCP/445 for NetBIOS connection.
Since the connection to the external fileserver has its TCP/445 blocked by the firewall, and since the new server refuses to use legacy NetBIOS ports, i.e.: UDP/137, UDP/138 and TCP/139, the filesharing fails.
Any of the method below should solve the issue:
  • Shutdown or network disconnect the old physical server, Reboot the new server afterwards or
  • Rename the NetBIOS name of the old physical server and reboot the new server or
  • Allow TCP/445 to destination fileserver (destination fileserver must support Microsoft-DS; Windows 2000 and above).

No comments: