Technical: Microsoft – Network – Error – NetBt – A duplicate name has been detected on the TCP network

Technical: Microsoft – Network – Error – NetBt – A duplicate name has been detected on the TCP network

 

Background

Seeing a lot of errors bearing the signature “A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.”

 

Event Viewer

For System Logs, turned on Filtering for Event Source = NetBT

System-FilteredOn-Source--NetBT

 

And, here is a run down of errors

EventViwer-System-FilteredOnNetBT

 

Diagnosis

Thanks Microsoft for good directions, the error message is precinct as it clearly reads:

Use nbtstat -n in a command window to see which name is in the Conflict state.

 

And, so started a command shell and issued “nbtstat -n” and here is what we came back with.

nbtstat -n -- before

 

We readily see that we have two sets of data that have identical Netbios name;   there are two IP Addresses.

Upon looking more closely the two IP Addresses are on the same box, as it is multi-home box.

 

Resolution

To fix please access network connections and disable “Netbios over TCP/IP” on the public/internet facing Interface.

Here are the steps:

  • Launch Control Panel
  • Access the Network applet
  • Select the Interface we want to review
  • In the General Tab, select “Internet Protocol (TCP/IP) properties”
  • Access the “General” Tab and click on the “Advanced” button
  • In the “Advanced TCP/IP” settings, access the “WINS” tab
  • In the “Netbios setting” panel, select the “Disable Netbios over TCP/IP” button

 

DisableNetbioisOverTCPIP

 

 

Review Results

Upon re-issuing “nbtstat -n”, we see a single result set:

nbtstat -n -- after (2)

 

One needs to pay attention as we can see that we have kept the two interface connections.  It is just that the Internet Interface is empty.

It is no longer registering any Netbios names and the entries are replaced with “No names in cache“.

Later review of our event log shows that we do not have recent error entries.

 

Summary

I was not so sure what the acronym “NetBt” stood for.  And, so goggled for it, and I am glad I did.  Wikipedia contains good data @ NetBIOS over TCP/IP (http://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP).

In the “Security Vulnerability” section of the article, one is strongly encouraged to disable the services:

Two such vulnerable network protocols that provide services are: the Server Message Block (SMB) protocol and NetBIOS over TCP/IP. Both services can reveal incredible amounts of detail and vital, security information about an exposed network. When not mitigated, NetBIOS over TCP/IP and SMB provide recurring vectors for malicious attacks upon a network. Specifically, NetBIOS provides attackers with a means to map the network and also freely navigate a compromised intranet. In regards to public Web Servers, neither service is necessary for the successful operation of a public Web server and disabling both services in such scenarios can greatly enhance the security status of a network.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s