Solution for Windows cross-subnet browsing issue in mid-2016

Hello all-

this is a follow-up to my original post in which I discussed how to setup cross-subnet browsing so that all computers come up in “Network” or “Network Neighborhood”.

For the last few months, my “Network” browse list has disappeared and would ONLY show computers from my LAN subnet.  My remote (VPN-to-VPN) network subnet disappeared from my “Network” computer list.

After >>MUCH<< research I have found the problem and will present the solution.

The problem is due to the Microsoft Windows Update (for both desktop and server OS’s) KB3161949  (read about it here).

Part of the effect of this update was to “harden” the NETBIOS service and prevent NETBIOS data from being sent between subnets.

 

THE SOLUTION:

Two ways of handling this.

  1. You can remove this specific hotfix
  2. You can add a registry setting to override it.

(YOUR CHOICE)

To REMOVE the hotfix:

On SERVERS:  Go to Control Panel, Uninstall a program, View Installed Updates… Remove 3161949.  You’ll need to reboot.  After rebooting, go check for windows updates again (MANUALLY)  3161949 will pop up.  Right click and HIDE UPDATE.

On Desktops:  Same process as above – HOWEVER – Depending on which version of windows, which OS Rollup you are on, 3161949 might not show up.  If you cannot remove 3161949, simply add the registry key below.

–OPTIONAL METHOD–

Involves a registry key addition, then you need to reboot the machine.

SUBKEY: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Value Name: AllowNBToInternet
Type: Dword
Value: 1

 

** REMEMBER TO REBOOT after you do either the uninstall or registry key.

** It will take 5-60 minutes for the Network browse lists to refresh

*** MOST IMPORTANT ***

You MUST do this on your domain servers (Master Browsers) on each side of the subnet.  For example, I have for domain servers, two on each side.  I did this procedure on both, then rebooted all four domain servers.

Then I did this on my Windows 10 Pro workstation (via registry key) and rebooted.

When I checked my computer 30 minutes later, all machines were showing up in the browse list under “Network” in Windows 10.

** ADDITIONAL NOTE:  Just for the heck of it, you might as while put that registry key onto all your domain servers.  Even though I had uninstalled 3161949 from all 4 of my domain servers (and hidden that update), one of my DC’s re-applied that patch and rebooted, thereby messing up my Network list again.  So I just went and put that reg key onto all 4 DC’s just in case they get that update somehow in the future.

** NOTE: Do this at your own risk.  I’m not responsible for your network security.  You have to make the decision on what’s more important to you here.  Being able to see the entire cross-subnet network, or security.  I can’t speak as to how this increases or decreases your security risk.

Let me know if any questions…

3 comments

Leave a Reply

Your email address will not be published. Required fields are marked *