Technical: Microsoft – Network – Error – NetBt – A duplicate name has been detected on the TCP network
Seeing a lot of errors bearing the signature “A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.”
For System Logs, turned on Filtering for Event Source = NetBT
And, here is a run down of errors
Thanks Microsoft for good directions, the error message is precinct as it clearly reads:
Use nbtstat -n in a command window to see which name is in the Conflict state.
And, so started a command shell and issued “nbtstat -n” and here is what we came back with.
We readily see that we have two sets of data that have identical Netbios name; there are two IP Addresses.
Upon looking more closely the two IP Addresses are on the same box, as it is multi-home box.
To fix please access network connections and disable “Netbios over TCP/IP” on the public/internet facing Interface.
Here are the steps:
- Launch Control Panel
- Access the Network applet
- Select the Interface we want to review
- In the General Tab, select “Internet Protocol (TCP/IP) properties”
- Access the “General” Tab and click on the “Advanced” button
- In the “Advanced TCP/IP” settings, access the “WINS” tab
- In the “Netbios setting” panel, select the “Disable Netbios over TCP/IP” button
Upon re-issuing “nbtstat -n”, we see a single result set:
One needs to pay attention as we can see that we have kept the two interface connections. It is just that the Internet Interface is empty.
It is no longer registering any Netbios names and the entries are replaced with “No names in cache“.
Later review of our event log shows that we do not have recent error entries.
I was not so sure what the acronym “NetBt” stood for. And, so goggled for it, and I am glad I did. Wikipedia contains good data @ NetBIOS over TCP/IP (http://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP).
In the “Security Vulnerability” section of the article, one is strongly encouraged to disable the services:
Two such vulnerable network protocols that provide services are: the Server Message Block (SMB) protocol and NetBIOS over TCP/IP. Both services can reveal incredible amounts of detail and vital, security information about an exposed network. When not mitigated, NetBIOS over TCP/IP and SMB provide recurring vectors for malicious attacks upon a network. Specifically, NetBIOS provides attackers with a means to map the network and also freely navigate a compromised intranet. In regards to public Web Servers, neither service is necessary for the successful operation of a public Web server and disabling both services in such scenarios can greatly enhance the security status of a network.