PDF(7.2 KB) View with Adobe Reader on a variety of devices
Updated:July 16, 2014
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Cisco Web Security appliance (WSA) announces itself as a domain master browser, there are no Windows Shares listed, and Event ID 8003 is in the AD event logs even though you installed WSA in your network.
Environment: WSA (using NTLM authentication) in a Windows network together with an AD - all versions
Symptoms: Users cannot see any Windows shares. The AD event log is full of errors (Event ID 8003).
Note: This Knowledge Base article references software which is not maintained or supported by Cisco. The information is provided as a courtesy for your convenience. For further assistance, please contact the software vendor.
This is most likely caused by the net-mask on the Cisco Web Security Appliance (WSA) not matching the one of the Active Directory server.
The master browser has received a server announcement from the computer computer name that believes that it is the master browser for the domain on transport name. The master browser is stopping or an election is being forced.
The subnet mask of the Windows 2000 client computer is incorrect or is different from the primary domain controller. The client computer has attempted to promote itself to the master browser of the subnet and has failed because only one computer in a domain can be running as the master browser.
Change the TCP/IP protocol configuration to the correct subnet mask. -----------------------------------------------------------------------
Please verify that the netmask configured on the S-Series Appliance matches the one of the AD.
On the AD you can check for the netmask in the command line of Windows with command 'ipconfig /all'.
To configure the netmask on the Cisco Web Security Appliance, use CLI command 'interfaceconfig'. Remember to 'commit' your changes.
If this should not resolve the issue for you, please send in a Support Request (GUI > Support & Help > Contact Technical Support) along with the corresponding AD event logs. A Customer Support Engineer can assist you in making the necessary changes. .