Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1999-q4

NTBugtraq And NTSecurity Archives: Re: Help - Strange Group and

Re: Help - Strange Group and Unique Mapping type showing up in WINS - Caused by DS AVTK ME

Subject: Re: Help - Strange Group and Unique Mapping type showing up in WINS - Caused by DS AVTK ME
From: Tony Richards (tony.richardsDB.COM)
Date: Thu Dec 09 1999 - 11:38:42 CST

Next message: Gary Kuyat: "Re: AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running"
Previous message: Gregory, James: "Help - Strange Group and Unique Mapping type showing up in WINS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

James,

This is caused by the NetBIOS support of Dr Solomons AVTK Management Edition
update agent.

E.g. this is the NetBIOS name table of a Dr Solomon’s managed device that has
the Dr Solomon’s management agent installed with NetBIOS support:

          Name Type Status
          ----------------------------------------------------------------------
          -----------------
          ZZ-XYZ11 <00> UNIQUE Registered
          ZZ-XYZ11 <20> UNIQUE Registered
          ZZ-XYZ <00> GROUP Registered
          ZZ-XYZ <1C> GROUP Registered
          ZZ-XYZ <1B> UNIQUE Registered
          ZZ-XYZ <1E> GROUP Registered
          MLI_GROUP_BRAD <20> GROUP Registered
          MLI2EA0CA17BRAD <20> UNIQUE Registered
          ZZ-XYZ11 <03> UNIQUE Registered
          ZZ-XYZ <1D> UNIQUE Registered
          ..__MSBROWSE__. <01> GROUP Registered

The two entries starting with MLI have been produced by the NetBIOS support used
by the Dr Solomon’s management agent. These entries are then registered with
WINS through the normal Windows NT process.

For reasons as yet unexplained by Network Associates (the developers of Dr
Solomon’s) the MLI_GROUP_BRAD entry then elects itself as the segment master
browser disabling the browsing functionality on that segment.

When the procedure described in this mail is followed the NetBIOS name table is
reduced to:

           Name Type Status
          ----------------------------------------------------------------------
          -----------------
          ZZ-XYZ11 <00> UNIQUE Registered
          ZZ-XYZ11 <20> UNIQUE Registered
          ZZ-XYZ <00> GROUP Registered
          ZZ-XYZ <1C> GROUP Registered
          ZZ-XYZ <1B> UNIQUE Registered
          ZZ-XYZ <1E> GROUP Registered
          ZZ-XYZ11 <03> UNIQUE Registered
          ZZ-XYZ <1D> UNIQUE Registered
          ..__MSBROWSE__. <01> GROUP Registered

As can be seen, the entries produced by the Dr Solomon’s management agent have
been removed. Browsing will then return to normal when all NetBIOS management
agents are removed from a segment. The machine will still be manageable through
the Dr Solomon’s management console.

1 Locate the directory containing the Management Console executable.

2 Underneath the installation directory is a subdirectory named DEFCOMP.
Within that directory is another named MTHNT151. Change to that directory.

3 Locate and rename the MCSCRIPT.INI file within this directory to
MCSCRIPT.OLD.

4 Copy the new MCSCRIPT.INI file into the MTHNT151 directory, replacing the
old one.

5 Start the Management Console and click the Repository toolbar button.

6 Select the 'Products' tab and expand the 'Management Agent' object in the
displayed tree so that 'NT' is displayed with 'Version 1.51' underneath it. You
should see this:
          - Management Agent
               - NT
                    - Version 1.51

7 Right-click the 'Version 1.51' object and select 'Remove'. Click 'Yes' to
the confirmation dialog box.

8 Click the 'Install' button at the bottom of the repository dialog box
followed by Product'.

9 In the 'Browse for Folder' dialog box, select the relevant hard disk and
navigate the tree until you have found the \NTTKME\DEFCOMP directory. Select
this directory and click 'OK'.

10 Once the 'Browse for Folder' dialog reappears click 'Cancel'. The
'Maintenance' tab should now be displayed and under the 'Software installed in
this session' box 'Management Agent for NT, Version 1.51' should be displayed.
If it is not, you may not have removed the old version correctly (steps 6 and
7), copied the new MCSCRIPT.INI file correctly (steps 1-4) or selected the
appropriate directory (steps 9 and 10).

11 To install the updated Management Agent to a Windows NT member machine,
first locate the necessary machine (or members group). If the machine/members
group is not displayed in bold, skip to step 13.

12 Right-click the bold machine/members group and select 'Allow Reapply'.
Click 'Yes' to the confirmation dialog.

13 Right-click the machine/members group and select 'Apply Configuration'. The
machine or group of machines will now be updated and the Management Agent will
be installed without NetBIOS communications support. If you later need to revert
back to the Windows NT Management Agent which includes NetBIOS support, repeat
all the previous steps, but in step 3 delete the current MSCRIPT.INI file and
rename MCSCRIPT.OLD back to its original MCSCRIPT.INI name.

(See attached file: mcscript.ini)

Regards,

Tony Richards.

Deutsche Bank.
EM IT Infrastructure.

application/octet-stream attachment: mcscript.ini

Next message: Gary Kuyat: "Re: AuditBaseObjects set reveals Event 560 Object Access Audit when Taskmanager is running"
Previous message: Gregory, James: "Help - Strange Group and Unique Mapping type showing up in WINS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Thu Dec 09 1999 - 17:54:37 CST