messenger service...

Christopher R. Hertel crh at
Mon Jun 16 22:27:19 GMT 2003

On Tue, Jun 17, 2003 at 01:01:27AM +0300, Eugen SAVIN wrote:
> Hello,
> > Hmmm...  It looks as though we are talking about two different types of
> > messenger service (which is not surprising in the Windows world).  The
> > error message you are reporting is a DCE/RPC error message, which means
> > that you're using RPC for this connection (port 135, perhaps?).  I'm
> > digging into the older Messenger Service system.  Very different.
> >
> > Sorry for the confusion.
> My mistake if I did not specified the port number. Yes, it is indeed the
> DCE/RPC protocol.
> If I get a reponse, that means some services must be listening on the port
> 135.

Port 135 runs the DCE endpoint resolution so, even if the endpoint itself 
is not there, the endpoint mapper will probably respond.  I'm guessing on 
that, though.  I am not up-to-speed on MS-RPC yet.

> I also believe that some of the service packs (the computer I have tried to
> send the message is a Win NT 4) rejects the message if they do
> not have the interface you're sending the message to.

Probably.  I also know that you can disable specific services, such as the 
RPC Messenger Service, even though MS-RPC is still running.  Jean-Baptiste 
Marchand wrote up some docs on this.  See:

> The interface is hard coded in the program, it works ok with some 2000 and
> XP machines and also fails on some. What I can tell you for sure, is that
> the one which fails is a NT machine.
> There is no rule so that I can find out what is happening.

Which suggests per-machine configuration...

> Does the "net send" command use the NMB protocol, first queries the port 137
> in order to get the computer name and services, and after that sends the
> message via port 139? I guess the net send is not using the port 135
> anymore, isn't it ?

The 'net send' command uses old NBT-based protocols.  If it is sending a
group message (to all users in a domain, for example) it will broadcast a
UDP datagram (port 138/UDP).  Since it is broadcast, no name lookup is
needed.  If the message is directed at a specific machine or user then a 
name lookup is performed (port 137/UDP), after which an SMB session is 
established (SMB over NBT via port 139/TCP).

One annoyance of the NBT-based Messanger Service is that the message may 
be delivered with no errors reported but, if WinPopup isn't running, the 
message will never be delivered.

I *think* that Win/9x and ME will only handle the older WinPopup-style NBT
messages, and not the newer RPC-based.  If that's true, then there is
nothing available that will reliably deliver pop-up message to end users.  
This would be the worst possible combination because it would mean that
popup-spammers have a tool they can use to hit a large population while
system administrators have nothing to use to get their message out

Worth further investigation.

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list