Christopher R. Hertel
crh at ubiqx.mn.org
Mon Jun 16 22:27:19 GMT 2003
On Tue, Jun 17, 2003 at 01:01:27AM +0300, Eugen SAVIN wrote:
> > Hmmm... It looks as though we are talking about two different types of
> > messenger service (which is not surprising in the Windows world). The
> > error message you are reporting is a DCE/RPC error message, which means
> > that you're using RPC for this connection (port 135, perhaps?). I'm
> > digging into the older Messenger Service system. Very different.
> > Sorry for the confusion.
> My mistake if I did not specified the port number. Yes, it is indeed the
> DCE/RPC protocol.
> If I get a reponse, that means some services must be listening on the port
Port 135 runs the DCE endpoint resolution so, even if the endpoint itself
is not there, the endpoint mapper will probably respond. I'm guessing on
that, though. I am not up-to-speed on MS-RPC yet.
> I also believe that some of the service packs (the computer I have tried to
> send the message is a Win NT 4) rejects the message if they do
> not have the interface you're sending the message to.
Probably. I also know that you can disable specific services, such as the
RPC Messenger Service, even though MS-RPC is still running. Jean-Baptiste
Marchand wrote up some docs on this. See:
> The interface is hard coded in the program, it works ok with some 2000 and
> XP machines and also fails on some. What I can tell you for sure, is that
> the one which fails is a NT machine.
> There is no rule so that I can find out what is happening.
Which suggests per-machine configuration...
> Does the "net send" command use the NMB protocol, first queries the port 137
> in order to get the computer name and services, and after that sends the
> message via port 139? I guess the net send is not using the port 135
> anymore, isn't it ?
The 'net send' command uses old NBT-based protocols. If it is sending a
group message (to all users in a domain, for example) it will broadcast a
UDP datagram (port 138/UDP). Since it is broadcast, no name lookup is
needed. If the message is directed at a specific machine or user then a
name lookup is performed (port 137/UDP), after which an SMB session is
established (SMB over NBT via port 139/TCP).
One annoyance of the NBT-based Messanger Service is that the message may
be delivered with no errors reported but, if WinPopup isn't running, the
message will never be delivered.
I *think* that Win/9x and ME will only handle the older WinPopup-style NBT
messages, and not the newer RPC-based. If that's true, then there is
nothing available that will reliably deliver pop-up message to end users.
This would be the worst possible combination because it would mean that
popup-spammers have a tool they can use to hit a large population while
system administrators have nothing to use to get their message out
Worth further investigation.
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical