Event IDs 8032 and 8021 are recorded, and you cannot contact a Windows 2000-based computer on your local network segment (888816)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Advanced Server

SYMPTOMS

Periodically, you cannot contact a Microsoft Windows 2000-based computer that is on your local network segment. For example, when you run the TCP/IP Ping.exe command, the response from this command indicates that the destination host cannot be found. Additionally, the following events may be recorded in the System log on the master or backup browser that is located on the local network segment:

Event ID: 8032
Source: Browser
Type: Error
Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\ Protocol _ NetworkAdaptor. The backup browser is stopping.
Data Words: 0000: 00000005

Event ID: 8021
Source: Browser
Type: Warning
Description:
The browser was unable to retrieve a list of servers from the browser master \\ CurrentMasterBrowser on the network \Device\ Protocol _ NetworkAdaptor. The data is the error code.
Data Words: 0000: 00000005

CAUSE

This issue occurs when the following conditions are true:
  • Your client computer and the Windows 2000-based computer are on the same network segment as a Cisco Systems PIX firewall device.
  • The PIX firewall device is configured with the proxy Address Resolution Protocol (ARP) feature. This feature sends requests through the internal network adaptor of the PIX firewall device.

RESOLUTION

To resolve this issue, turn off the proxy ARP feature. To do this, type the following command, and then press ENTER:

sysopt noproxyarp IPaddress

Note IPAddress is the IP address of the internal network adaptor on the PIX firewall device.

MORE INFORMATION

When a client computer contacts the Windows 2000-based computer on the local network segment, the client computer receives a response from the PIX firewall device and from the Windows 2000-based computer. If the PIX firewall device responds first, the client computer caches the response in the ARP cache. However, the response that the computer caches includes a Media Access Control (MAC) address that is not correct. When this behavior occurs, the client computer will not be able to contact the Windows 2000-based computer or connect to it until the cached MAC address expires.

To verify that you are experiencing this issue, follow these steps on your client computer:
  1. Run the Ping.exe command to contact the Windows 2000-based computer.
  2. When you receive a reply that the Ping.exe command was not successful, type the following command to view the ARP cache:

    arp -a

  3. If you are experiencing this issue, the IP address for the Windows 2000-based computer that you tried to ping in step 1 will correspond to a MAC address that does not belong to the Windows 2000-based computer.

    Note To determine the MAC address, type the following at a command prompt, and then press ENTER:

    ipconfig /all

By default, some PIX firewall devices turn on the proxy ARP feature.

For more information about PIX firewalls, visit the following Cisco Systems Web site:

http://www.cisco.com

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Modification Type:MinorLast Reviewed:1/3/2005
Keywords:kbtshoot kbprb KB888816 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.