troubleshooting lan or network problems solutions

Upload: prasad-durga-d

Post on 07-Apr-2018

215 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    1/14

    TROUBLESHOOTINGSERVERMESSAGEBLOCK

    INBOUNDCONNECTIONLIMITINWINDOWS

    PEER TO PEERWORKGROUP

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    2/14

    TROUBLESHOOTINGSERVERMESSAGEBLOCK

    INBOUNDCONNECTIONLIMITINWINDOWS

    PEER TO PEERWORKGROUP

    In a peer-to-peer workgroup, when you try to connect to thenetwork resources of a computer that is running any of the

    products listed at the beginning of this article, you may receive

    one of the following error messages:

    Operating system error 71.

    No more connections can be made to this remote

    computer at this time because there are already asmany connections as the computer can accept.

    --------------***-------------

    System error 71 has occurred.

    This remote computer has reached its connectionlimit, you cannot connect at this time.

    --------------***-------------

    This problem occurs when a computer reaches the maximum

    number of host connections that are allowed. In this case, when a

    NULL session connection is generated in the Microsoft Windows

    2000 client, this NULL session connection is counted as one

    session on the Microsoft Windows XP-based server. Therefore, the

    error messages occur that are mentioned in this "Symptom"

    section, even if the number of connections to computers do not

    exceed the limit.

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    3/14

    In addition, when multiple NULL sessions are generated from a

    single Windows 2000 client computer, the multiple NULL sessions

    are counted as multiple sessions. However, a NULL session

    appears as a single session when you run the net session

    command. In this case, when the Restrict Anonymous registryentry is set, and the NULL session connection is rejected, this

    symptom still occurs.

    Notes:

    For Windows XP Professional-based computers, themaximum number of concurrent network connections that

    are allowed is 10. This limit includes all transfer and allresource share protocols. For Windows XP Home Edition-

    based computers, the maximum number of concurrent

    network connections that are allowed is 5. This limit is the

    number of sessions that can be hosted at the same time

    from other computers. Therefore, we cannot use the

    administrative tool usage to connect to the system from a

    remote computer.

    When multiple NULL sessions are connected from a singlecomputer, each one of them is counted.

    Only one IPC$ can be checked by using the net sessioncommand. For example, when a single Windows 2000-basedcomputer tries to use multiple IPC$ sessions, only one singleIPC$ session can be used at a time.

    Restrict Anonymous is not valid for this resolution.

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    4/14

    CAUSE :

    A Windows client workstation may have opened a pipe connection

    to the named pipe...

    A Windows client workstation may have opened a pipe connectionto the named pipe \PIPE\spoolss on either a print server or a

    workstation that has a shared printer. This typically occurs when

    you start a program (such as Microsoft Word) that queries

    printers, or if you open the Printers folder in Control Panel. Printer

    spooling on both the client and the server will open a handle

    related to this connection.

    A Remote Procedure Call (RPC) requires one named pipe instancefor every active RPC call (like Open Printer). If an Open Printer

    call stops responding, RPC keeps open the named pipe

    connection. RPC does not disconnect this connection until the

    context handle (that is Open Printers) has been closed.

    If both the following conditions are true, you may open an

    anonymous connection (also known as null session connection)

    that never closes to the named pipe \PIPE\spoolss on the

    workstation that acts as the server in your peer to peer network:

    Your client has connected a shared printer on the computerthat acts as a 'print server'.

    You have set up a local shared printer on one or moreclients.

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    5/14

    RESOLUTIONS :

    Use one of the following methods to restrict null session

    connections on your wo...

    Use one of the following methods to restrict null session

    connections on your workstation that is acting as a print server.The preferred method is the first one.

    Method 1

    Disable null session connections on the Windows computer that

    exceeds its incoming connection limit and shows some additional

    null session connections either by using the Group Policy GUI or

    by setting a registry key.

    Using the Group Policy User Interface(Local Security Policy MMC Snap-In)

    ____________________________________

    Click Star t , point to Pr og r ams , point to Adm in i st r a t i ve Too ls ,

    and then click Loca l Secur i t y Po l icy .

    Note :If you cannot perform this step because Admin i s t r a t i ve Toolsdoes not appear in the Program list, click Sta r t , point to

    Set t ings , point to Cont ro l Pane l , double-click Admin i s t r a t i ve

    Tools, and then click Loca l Secur i t y Po l icy .

    Note :In Windows XP, the Restrict Anonymous sub key can

    have a value of0 or 1 . A value of 1 restricts null sessionconnections on Windows XP-based clients. For regulation of the

    enumeration of SAM accounts, the following new registry sub key

    has been added:

    HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\

    restrictanonymoussam

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    6/14

    The policy is configurable via Local Security Settings under

    Security Settings\ Local Policies\ Security Options\ Network Access: Do not

    allow anonymous enumeration of SAM accounts.

    1.In Secur i t y Se t t i ngs , double-click Local Pol ic ies, andthen click Secur i t y Op t ions .

    2.Double-click Add i t i ona l r es t r i c t i ons f or anonym ous connec t ions , and then under Loca l po l icy se t t ing : , clickNo access w i t hou t exp l i ci t anonym ous pe r m iss ions .

    3.Restart the computer.This policy restricts null session connections.

    Using Registry Editor

    Important :This section, method, or task contains steps that

    tell you how to modify the registry. However, serious problemsmight occur if you modify the registry incorrectly. Therefore,

    make sure that you follow these steps carefully. For added

    protection, back up the registry before you modify it. Then, you

    can restore the registry if a problem occurs. For more information

    about how to back up and restore the registry, click the following

    article number to view the article in the Microsoft Knowledge

    Base:

    322756 (http:/ / support.microsoft.com/ kb/ 322756/ ) How to back up and restore

    the registry in Window s

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    7/14

    To restrict null session connections (or disable null session

    access):

    1.Start Regis t r y Ed i t o r .2.Locate, and then click the following key in the registry:

    HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ LSA

    3.On theEditmenu, click Add Va lue , and then add thefollowing registry value:

    Value Name: RestrictAnonymous

    Data Type: REG_DWORD

    Value: 2

    Default: 0

    A value of2 restricts nu l l session connections.

    To set the Rest r i ct Anonym ous value, change the registry key

    to 0 or 1 for Windows NT 4.0 or to 0, 1 , or 2for Windows 2000.

    These numbers correspond to the following settings:

    0 None. Rely on default permissions. 1 Do not allow enumeration of SAM accounts and

    names.

    2 No access without explicit anonymous permissions4.Restart the computer.

    ____________________________________

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    8/14

    Method 2

    Use the following method to avoid null session connections that

    have a high session idle time and that have opened a handle to

    the named pipe \PIPE\spoolss.

    Remove Printer Share on Clients

    Identify clients that have local printer shares enabled (see the

    "More Information" section for additional information) and

    remove all local printer shares on these computers:

    1.Open the Pr in te r s folder to verify whether you haveshared a local printer.

    2.Open the Proper t ies window of the shared printer, andthen click Shar ing .

    3.Click to select the Not Shared option.

    STATUS

    Microsoft has confirmed that this is a problem in the Microsoft

    products that ar...

    Microsoft has confirmed that this is a problem in the Microsoft

    products that are listed in the "Applies to" section.

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    9/14

    MORE INFORMATION

    Computers that run Windows NT Workstation 4.0, Windows 2000

    Professional, and Wi...

    Computers that run Windows NT Workstation 4.0, Windows 2000

    Professional, and Windows XP Professional are licensed for amaximum of 10 concurrent client incoming sessions.Computers that run Windows XP Home Edition are licensed for a

    maximum of 5 concurrent client incoming sessions. All logical

    drive, logical printer, and transport level connections combined

    from a single computer are one session.

    If the server service already has the maximum number of open

    sessions and one more user tries to allocate a resource, thecomputer returns the error messages that are described in the

    "Symptoms" section of this article.

    Typically a computer does not have multiple sessions to another

    computer. But there are exceptions. For example, computer A is

    running a service under another user context than the logged-on

    user, and that service creates a logical connection to computer B.

    The logical connection can result from file shares, printers, serial

    ports, and also from communication between computers using

    named pipes and mail slots.

    Use the following commands to get information about sessions

    and open files and shared resources.

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    10/14

    Information About Active Sessions on theComputer That Is Running the Server Service

    To receive information about active sessions on the computer

    that is running the server service, type the following command:

    net session

    Count the number of open sessions to see if the session limit of

    10, or 5 in the case of Windows XP Home Edition, is already

    reached. Typically there is only one session per remote client.

    If there is more than one session from a remote client, view theUser name context on the remote client that has set up more

    than one session:

    View all the services that are running, and find out if oneis running under the user context of the username shown

    in the session table.

    Look for scheduled tasks that are running in a logon scriptand are using a different user account then the one

    logging in.

    Look for rows where the User nam ecolumn is empty andexamine the idle time.

    A session that has an empty user context is anu l l sess ion .

    Temporary null sessions are usually caused by IPC$ connections

    as the first step in establishing a connection. They stay active for

    30 seconds to 90 seconds.

    Note : To disconnect client computer sessions, use thefollowing command:

    net session / delete \ \ computername

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    11/14

    This command disconnects all sessions from that computer and

    closes all open files. This command may cause data loss if open

    files that have not been saved are closed.

    Information About Open Files

    To receive information about open files, on the computer that is

    running the server service, type the following command:

    net files

    If you have seen permanent null user sessions in the session

    table, determine which file or pipe the null user is using.

    Information About NetBIOS Connection Table

    To see a listing of incoming and outgoing connections and the

    amount of traffic carried on these connections, type the

    command:

    nbtstat s

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    12/14

    Information About Shared Resources

    To see file shares, hidden administrative shares and shared

    printers, type the following command:

    net share

    You may have to perform further troubleshooting to determine

    the causes for multiple client sessions.

    Use Network Monitor to find out which component initiates an

    additional session and what security context is used for the

    Server Message Block (SMB) session. To filter the traffic that

    printer spooling causes, use the R_WINSPOOL parser in NetworkMonitor. If a Windows-based computer looks for computers that

    are acting as a Print Queue Server, it uses NetShareEnum

    transactions through the RemAPI protocol (also known as the

    Microsoft Windows Lanman Remote API Protocol). By default,

    when you use a NetShareEnum transaction, you require only

    anonymous access to make NetServerEnum2 and

    NetServerEnum3 requests. By default, Windows operating

    systems have anonymous access enabled.

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    13/14

    For more information, click the follow ingarticle number to view the article in theMicrosoft Knowledge Base:

    122920 (http:/ / support.microsoft.com/ kb/ 122920/ ) Inbound connections limit in Windows

    132679 (http:/ / support.microsoft.com/ kb/ 132679/ ) Local System account and null sessions in

    Windows NT

    143474 (http:/ / support.microsoft.com/ kb/ 143474/ ) Restricting information available to anonymous

    logon users

    149522 (http:/ / support.microsoft.com/ kb/ 149522/ ) System Error 71 and License Manager

    154541 (http:/ / support.microsoft.com/ kb/ 154541/ ) Clients open many \ Pipe\ Spoolss connections

    to WinNT print server

    156431 (http:/ / support.microsoft.com/ kb/ 156431/ ) Error 71 when using NT Server from MSDN

    Select CD

    179483 (http:/ / support.microsoft.com/ kb/ 179483/ ) "No more connections can be made at this

    time" error message

    191611 (http:/ / support.microsoft.com/ kb/ 191611/ ) Symptoms of multihomed browsers

    246261 (http:/ / support.microsoft.com/ kb/ 246261/ ) How to use the RestrictAnonymous registry

    value in Window s 2000

    289655 (http:/ / support.microsoft.com/ kb/ 289655/ ) How to enable null session shares on a

    Window s 2000-based computer

    302099 (http:/ / support.microsoft.com/ kb/ 302099/ ) Windows 2000 clients use multiple connections

    when mapping drives to a single server

    314882 (http:/ / support.microsoft.com/ kb/ 314882/ ) Inbound connections limit in Windows XP

  • 8/4/2019 Troubleshooting LAN or Network Problems Solutions

    14/14