Windows Server 2008 DNS not resolving, but nothing in the logs? route print not showing the gateway?

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


If you are running Linux KVM / Libvirt and have a Windows 2k8r2 guest:
Try changing the nic type to e1000 - chuck this in the network stanza. 
     <model type='e1000'/>

Ok, all this below is somewhat true, but this works for me: - Thanks vmadmin.co.uk!
http://www.vmadmin.co.uk/microsoft/43-winserver2008/259-svr2008losinggw
As usual, here is a summary in case that page vanishes: 
From the CONSOLE!!! (you will loose networking - if you even have it - ha ha ha).
netsh int ip reset
- If you get an error of "access denied", try this:
https://davidvielmetter.com/tricks/netsh-int-ip-reset-says-access-denied/
David, looks like you might give attribution to your find from here? (publish date 11/28/2016 for your article vs 10/28/2015!
https://community.spiceworks.com/how_to/104602-how-to-reset-your-tcp-ip-stack-by-using-the-netshell-utility
in case that breaks, here is the short version: 
HKLM\SYSTEM\CCS\Control\Nsi
look for {eb004a00-9b1a-11d4-9123-0050047759bc}
expand and find 26 - permissions set Everyone to Full Control

And of course - retry the reset op and see that you don't have the access denied and continue on.


Reboot (this is Windows after all)
Re-fill the ip, netmask, and gateway for the interface
Reboot - again, you know why...
Check for success.

It seems like this might be a known issue for the fine programmers at MS:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1016878
Again, summary time:
It would seem that the registry can get hosed up (carriage returns in keys or some such crap).
Check keys here HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\clsid -(the adapter you are fixing)
Verify the DefaultGateway and DefaultGatewayMetric keys and add if needed....
The keys are REG_MULTI_SZ (binary) on my hosed up instance.
Make sure you are not setting the default gateway in a startup script via netsh either!
http://support.microsoft.com/kb/973243
It would seem this is a "corner case" as well. Nobody would do that anyway, so you should not worry MS.
Good luck!
So, it seems they figured out a patch for 2008 (not R2) that fixes that damn issue:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;973243
If you run 2008 R2, you are out of luck. Edit the keys!

Check the default gateway!
If you just changed some network settings and are not getting the DNS server to resolve, the default gateway might have been changed.
If the "networking sharing center" (what a stupid name), shows that you are on an "unidentified network" due to the bad gateway, network services will go pear shaped.

Or, it might just be that Windows is broken: http://support.microsoft.com/kb/968372
Horribly, horribly broken: http://support.microsoft.com/kb/2524478
Don't you feel safe in knowing your Wintoy might quit using any network stack to "save" you.
Even more: http://penguinpackets.com/~kelly/kblog/blog/01281981898
Not just me: https://www.softwareab.net/wordpress/?p=175
Or, it just might be because there is lots of "stuff" on the network - poor, poor windows: http://support.microsoft.com/kb/974909 
From the kb 974909: - so wonderful!

You establish many concurrent network connections, or there is heavy outgoing network traffic.

In this scenario, the network connection on the virtual machine may be lost sporadically.
Additionally, the network adapter is disabled.

Bonus! - disable the network adapter.  That will show them who is boss!  Server OS, my arse.

Look ma, Windows Update - without any networking! No bugs here with that "automatic" network detection eh?

I think the intern should not be the one to program the new "features" next time.
Also, it is still in 2012, so it is good to see that the trend of - "possibly fixing it in the next release", continues...
Bug me someday and I will list the issues with the "old bugs" versus pushing new half-baked "new features" MS has done over the years, and write another blog post.
Nobody wants that.

Well, here I am again. Tired due to this so-called OS taking a server out in the wee-hours of the morning.
Another nic taken down by the NCSI monster.... "No Internet access" and a yellow triangle with an exclamation point..
I am suspecting that the inability of the NCSI crap trying to get to: 
1. Do a dns lookup on www.msftncsi.com (and failing)
2. Trying to get http://www.msftncsi.com/ncsi.txt (and failing - could be proxy issue)
3. Doing a dns lookup for dns.msftncsi.com = 131.107.255.255 (and failing - why would this work if the first one failed eh?)

What happens:
End result - there must not be any Internet connectivity, disable networking altogether until I get a reboot.

What ultimately happens:
I get up in the middle of the night to reboot until things work again.

What should happen:
I change the registry key to keep a "server" from doing this crap-tacular gob of "helping the end user":
HKLM\SYSTEM\CCS\Services\NlaSvc\Parameters\Internet\EnableActiveProbing
(and set it to 0 to skip all that nonsense)...

Some folks suggest changing the other parameters to internal resources for the hosts to interact with.
I would suggest localhost :-)



[æ]