http://www.hightechdad.com/2007/05/09/how-to-fix-master-browser-mrxsmb-event-id-8003-errors/
The master browser has received a server announcement from the computer [computer] that believes that it is the master browser for the domain on transport NetBT_Tcpip_{
The master browser is stopping or an election is being forced.
Here are some steps you can follow (no guarantee that they will work, but it worked for me and for others based on the various things that I read).
- Look at the System Event log on your Server and look for the Error 8003 (like the one listed above). Within that log, identify the “computer” that is announcing itself as a master browser.
- Go on to the computer identified in step 1 and go to the Services Administration panel. You can usually find this by going to Control Panel - Administrative Tools - Services.
- Once you have Services open, look for an entry called “Computer Browser”. If that Service is “started,” you have found your culprit. If not, you may have to try the registry hack listed in step 6 a few steps
- Double click on the “Computer Browser” service to edit it. STOP the service and then change the type to Disabled (from either Manual or Automatic). Click OK to apply your changes.
- That should have resolved the issue. You should check your main servers event logs periodically to be sure that the error doesn’t show up. If it continues to show…
- …you
have to check the registry value on the computer. You do this by
launching your registry editor and going to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster
and ensure that it is set to FALSE. If it isn’t, you can change it to FALSE. Caution: registry edits are dangerous so only do this if you are sure you know what you are doing and the previous fix didn’t work. You probably have to reboot the machine to make the change take place.
More detail on the Computer Browser Service can be read here at Microsoft.
Steps 1-5 worked for me. I hope that this was a useful tip (given that it is so hard to find the solution).
========================
http://social.technet.microsoft.com/forums/es-ES/windowsserveres/thread/8f48a98c-7d23-4889-8046-10b55684815f
El evento es cuando el serviico de Browser se encuentra detenido o cuando existen dos master browsers en la red y sólo puede haber uno.
Te dejo más información:
Te recomendaría que fuerces que tu DC sea master browser.
=======================http://www.eventid.net/display.asp?eventid=8003&eventno=680&source=mrxsmb&phase=1
Here are some steps you can follow:
1. Look at the System Event log on your server and look for the error 8003. Within that log, identify the “computer” that is announcing itself as a master browser.
2. Go on to the computer identified in step 1, go to the Services Administration panel. You can usually find this by going to Control Panel -> Administrative Tools -> Services.
3. Once you have Services open, look for an entry called “Computer Browser”. If that service is “started, ” you have found your culprit. If not, you may have to try the registry hack listed in step 6.
4. Double click on the “Computer Browser” service to edit it. Stop the service and then change the type to „Disabled” (from either Manual or Automatic). Click OK to apply your changes.
5. That should have resolved the issue. You should check your main servers event logs periodically to be sure that the error does not show up. If the error continues to appear read step 6.
6. Check the following registry value on the computer: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster". Ensure that it is set to false. You probably have to reboot the machine to make the change take place.
x 109
EventID.Net
As per Microsoft: "This computer is a master browser, and another computer has announced that it is the master browser. There can be only one master browser on a subnet at any given time. This message is logged for informational purposes only". See MSW2KDB for more details on this issue.
See M191611 for details on symptoms of multihomed browsers.
See M190930 if IP Helper has been enabled on a Cisco switch.
See M188305 for information on troubleshooting the Microsoft Computer Browser service.
From a newsgroup post: "I just resolved a similar issue. My IP address and netmask were correct so according to TechNet I should not be getting this error message. I did an "ipconfig /release" followed by a "/renew" and received the 8003 message again. Therefore, I disabled the adapter then enabled it and everything is fine. Did another "ipconfig /release, /renew" and no message came up on the server. Note: This adapter had a static IP configuration at one time when it was connected to another network. Perhaps that was not cleaned up 100% when I changed it to DHCP. Disabling and enabling the adapter seemed to reset the configuration completely".
See the links to "EventID 8003 from source Rdr", "EventID 8003 from source Browser" and "Computer Browser and Browsing Roles" for additional information on this event.
x 15
NBJ
Make sure the routers on the network are not forwarding UDP broadcasts, keeping browser elections on NetBT local to each subnet, and enable WINS or lmhosts on the network for netbios name resolution.
x 9
David Fosbenner
In my case, I have a Windows 2003 Standalone server. Once I installed ISA Server 2006, I started to get these errors about once per hour. I disabled the Computer Browser service and the Print Spooler service since neither of these are necessary on an ISA Server, and the messages ceased. This error will occur in the same circumstances on ISA Server 2004 also.
x 11
James
I resolved this issue by stopping and disabling the Browser service on the remote host.
x 13
Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here!
Robert H.
This error can occur if the computer forcing the election has an incorrect subnet mask.
x 13
Lingod
This event occurred when we had to computers with the same name in the same domain. Giving one PC some other name and joining both PCs again in the domain solved the problem.
x 14
Nebil Ben Jeddou
In my case, all I had to do was to restart the Netlogon Service on the PDC.
x 13
Steve Marek
I had this problem after disabling the Sygate personal firewall. It seems that sygate needs to be uninstalled if you do not want to use it anymore. In my case, Sygate blocked all incoming and outgoing data without any warnings or something else. After reactivating it, everything worked fine again.
x 12
Shaun Smallwood
I used the answers from Anonymous about DNS entries and from Dave Murphy to solve this problem:
1. I had several entries listed as “(same as parent folder)” that were incorrect so I deleted them. There should only be an entry for each DC on your network.
2. I changed the "IsDomainMaster" key that Dave Murphy mentions above to “TRUE”.
x 12
Matthias Kock
I got this error after a W2k3 migration. There was still old information in the lmhost-file (c:\windows\system32\drivers\etc\). After a correction (correct domain name, correct ip address), the problem was solved. As an alternative, you can turn off the use of the lmhost-file (in the nic-properties).
x 11
Anonymous
This event started to occur every hour on our DC1 about the DC2. Solutions already listed here and in MS KB were not applicable to us. (Disabling/re-enabling NIC stopped the error for one day but then it showed up again) I believe the browser elections were being caused by DNS misconfig. (We use MS DNS AD-Integrated zones) Someone changed the IP address of the DC1 NS record (the record marked "same as parent folder"). When I finally noticed, I also noticed that the Host record for DC1 in DomainDNSZones disappeared entirely (replicated out). I manually changed the NS record back to the correct IP. I also manually added the Host record back in, under DomainDNSZones. (I allowed for replication time but the Host record did not come back on its own). Since then the error has not reoccurred.
x 8
EventID.Net
This issue was found on a Windows 2000 domain with two subnets connected by a Cisco router that has the ip helper command enabled. See the link to "Cisco Support Document ID: 49860" for a solution to this problem.
x 10
Doug Hall
We were getting this event frequently on our PDC Emulator DC which is Windows 2003. It turned out that the offending Windows XP PC had two enabled network cards, both with valid IP addresses, only one of which was connected to the network. Disabling the second network card solved the problem.
x 11
Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here!
Anonymous
I got this error because in my W2k3 migration, supplying the personal firewall with the new server IP address had been missed. I supplied the address and the event disappeared.
x 11
Timothy Riegel
If 2 servers are involved, and one server appears in the others’ event log, check the DHCP scope options on the server whose name appears in the event log. This error is most commonly attributed to the subnet mask but if the domain name in the scope options is different on one of the servers it will cause this error to appear. Correcting the domain name in the scope options fixes the error message.
x 11
Maikel Martens
There is a hotfix available for Windows 2003 member server if a workstation becomes the master browser instead. See M843517 for the hotfix.
x 9
Benjamin Turner
We had this occurring on our network from an XP machine and within 30 minutes the server would crash. We called Microsoft and we were told that XP could cause servers running Win2k or NT 4.0 to crash because of the forced election. We were instructed to set the “Computer Browser” service on the culprit machine to Disabled and to recreate the Paging File on the server. We did both and the server has been up and running since.
x 10
Anonymous
This is a common event when you have multiple computers in a local workgroup and no domain.
x 9
Anonymous
Windows XP Pro clients with the inbuilt firewall enabled on the LAN interface cause this event to appear in the server logs. Disabling this sorted the problem.
x 9
Dave Murphy
Some considerations and ways to keep this from happening. As one other post mentioned, stopping the browser service on the workstation can clear this out. Other options to look into also consist of editing the "IsDomainMaster" key, under HKLM\System\CCS\Service\Browser\Parameters, on the domain controllers and changing the key to TRUE. This gives an extra boost the election process to help ensure the domain controllers retain the master browser status. Also on the domain controllers, change the "MaintainServerList" key to "Yes" instead of Auto, and on the workstation, change the entry to "No" instead of Auto. This should resolve a number of browsing issues.
There is also a tool, called the NetBIOS Browsing Console to help with browsing issues. The software and instructions can be found via M818092 article.
x 5
Anonymous
Setting MaintainServerList to False will cause 2550 errors from the Browser service on restarts. The Browser service consequently fails every time. The solution to this can be to remove the Browser service with "instsrv browser REMOVE" at the command prompt.
x 2
Anonymous
In my case I had an open pair in my cat5 cabling. Repaired the cable and the error message stopped.
x 3
Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here!
Dan Israel
Client desktop or workstations using Win XP Pro can cause this issue if the built in Internet Connection Firewall is active. Because this feature interferes with the network browsing, the client will attempt to become the Master Browser. Disabling the setting under browser/parameter will block the attempt to become master, but the client will still have difficult seeing and being seen in the workgroup/domain.
x 2
Woodrow Wayne Collins
See also Microsoft W2K Resource Kit link.
x 4
Michael Hopkinson
The actual commands to be applied to the Cisco router are:
"no ip forward-protocol udp NetBIOS-ns"
and
"no ip forward-protocol udp netbios-dgm"
This will prevent each VLAN or segment from seeing the others when sending out NetBIOS broadcasts. You should end up with a valid master browser in each segment and no longer have these Events on your DC.
x 2
Damien Murphy
Related to Cisco routers that have IP helper statements that point back to the DHCP server: This also occurs with "ip-helpering" if the DHCP server is a Windows 2000 Domain Controller holding the PDC Emulator Role (as it is the Domain Master Browser).
x 2
EventID.Net
In order to stop this error from occuring, use Regedit and set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList from Auto or YES to FALSE
This will prevent the computer from attempting to become a Domain Master Browser and compete with Domain Controllers. If the server is a domain controller it is advisable to leave it with the default settings.
x 3
Kevin Biddick
Look for NT 4.0 Domain controller that is hosting DHCP and Cisco routers that have IP helper statements that point back to the DHCP server. The default IP helper setings cause master browser elections.