After successfully renaming a Windows Server 2008 R2 using Microsoft's recommended netdom commands, many administrators discover an annoying remnant - the old server name still appears in NetBIOS responses. Here's what we typically see in nbtstat -n output:
NETBIOS Local Name Table
Name Type Status
--------------------------------------
NEWSRV <00> UNIQUE Registered
DOMAIN <00> GROUP Registered
NEWSRV <20> UNIQUE Registered
OLDSRV <20> UNIQUE Registered <-- The stubborn entry
When standard renaming procedures don't fully clean up NetBIOS names, check these locations:
# Registry locations to investigate
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters\OptionalNames
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName
When registry checks show no traces of the old name, try these commands in sequence:
# Stop NetBIOS services
net stop lmhosts
net stop netbt
# Clear NetBIOS cache
nbtstat -R
# Restart services
net start netbt
net start lmhosts
# Force re-registration
ipconfig /registerdns
If your environment uses WINS servers, additional cleanup steps are needed:
# Check WINS registration
nbtstat -A server_ip
# Force WINS replication
winscmd reset all
# Verify deletion
winscmd enum records
When all else fails, use packet capture to identify the source of NetBIOS responses:
# Sample Wireshark filter for NetBIOS traffic
netbios && ip.addr == server_ip && netbios.name == "OLDSRV"
# Alternative with PowerShell
Get-NetAdapter | Where-Object {$_.Status -eq "Up"} | ForEach-Object {
Start-Job -ScriptBlock {
& "C:\Program Files\Wireshark\tshark.exe" -i $_.Name -f "port 137 or port 138" -w "netbios_$($_.Name).pcap"
}
}
After performing cleanup, verify with these commands:
# Check active NetBIOS names
nbtstat -n
# Verify AD registration
netdom computername newname /enumerate:ALLNAMES
# Check SPN records
setspn -L newname
# DNS verification
Resolve-DnsName newname -Type ALL
nslookup -type=SRV _ldap._tcp.dc._msdcs.domain.local
After successfully renaming our Windows Server 2008 R2 using Microsoft's recommended netdom commands, we discovered an unexpected behavior - the server continued responding to both old and new NetBIOS names. The standard renaming procedure appeared complete in Active Directory and DNS, but network captures revealed lingering responses to the old name.
The smoking gun came from running nbtstat.exe -n, which showed both names registered:
NEWNAME <20> UNIQUE Registered
OLDNAME <20> UNIQUE RegisteredWe checked the usual suspects in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters\OptionalNames
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerNameNeither contained references to the old name, indicating the issue wasn't in these standard locations.
Using setspn -L confirmed proper SPN registration for the new name only:
setspn -L newname
Registered ServicePrincipalNames for CN=NEWNAME,OU=Servers,OU=Site1,DC=ourdomain,DC=local:
HOST/NEWNAME
HOST/newname.ourdomain.localAfter extensive testing, we found the solution involves clearing the NetBIOS cache and restarting key services:
nbtstat -R # Clears and reloads the remote cache name table
nbtstat -RR # Releases and refreshes NetBIOS names
# Then restart these services:
net stop "Computer Browser" /y
net stop "Server" /y
net stop "Workstation" /y
net start "Computer Browser"
net start "Server"
net start "Workstation"To confirm the old name is truly gone:
# Check NetBIOS name table
nbtstat -n
# Verify network responses
ping -a oldname # Should fail
ping -a newname # Should succeed
# Check WINS resolution (if applicable)
nbtstat -cFor thoroughness, verify these additional registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\ParametersThese sometimes contain cached name references that need manual cleanup.
To avoid this issue, we now follow this sequence:
1. netdom computername oldname /add:newname
2. Reboot
3. netdom computername oldname /makeprimary:newname
4. Reboot
5. netdom computername newname /remove:oldname
6. Clear NetBIOS cache and restart services as above