You May Lose Network Connectivity on SBS 2008 When Using a Driver Which Utilizes TDI

You May Lose Network Connectivity on SBS 2008 When Using a Driver Which Utilizes TDI

  • Comments 24
  • Likes

[Today's post comes to us courtesy of Wayne McIntyre, Damian Leibaschoff, Chris Puckett, and Justin Crosby]

We have been seeing cases where the users are losing network connectivity with their SBS 2008 server after a few days to a few weeks.  Rebooting SBS 2008 will temporarily resolve the issue.  This issue occurs when you are using a filter driver (commonly a firewall) that utilizes the Transport Driver Interface, which is now being deprecated and replaced with WFP in Vista/2008 and beyond.  If you are experiencing this problem we have released a hot fix that you can obtain here: http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=961775&kbln=en-us

Note: If you do not see the option for Windows 2008 you can use the Windows Vista version on your SBS 2008 server.

image

961775 A Windows Server 2008 or Windows Vista SP1 system encounters user authentication failure and a large number of leaked handle for the system process when it is installed on a machine with multiple processors and TDI filter drivers are installed
http://support.microsoft.com/default.aspx?scid=kb;EN-US;961775

Symptoms

Some of the symptoms you may see when you encounter this issue include:

--------------------

Active Directory consoles will open with an error:
Naming information cannot be located for the following reason: The server is not operational.

--------------------

System Event Log:
Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Event ID:      1054
Level:         Error
User:          SYSTEM
Description:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.

--------------------

DNS Server Event log:
Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Event ID:      408
Level:         Error
Description:
The DNS server could not open socket for address 0.0.0.0.

Verify that this is a valid IP address for the server computer.  If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces.  Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error.  In that case remove the DNS\Parameters\ ListenAddress value in the services section of the registry and restart.)

If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.

--------------------

Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Event ID:      404
Level:         Error
Description:
The DNS server could not bind a Transmission Control Protocol (TCP) socket to address 0.0.0.0.  The event data is the error code.  An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use.

Restart the DNS server or reboot the computer.

--------------------

Note: This is not a comprehensive list of errors.  If you are encountering any sort of connectivity issue that is only fixed through a reboot, and are running a program that uses TDI please install this hotfix.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
Comments
  • I think I've run into this issue with Windows XP Pro SP3. Client loses connection to network printers, shared drives...can still ping the server.

    I went into his network properties and unchecked a firewall driver and everything seemed to come back.

    The hotfixes are for Vista only from what I can tell.

  • Thanks to Chris Puckett and his team for working on this to get a resolution. We have seen this primarily

  • Bryan,

    This issue is specific to vista and server 2008, you are experiencing some other issue, and the hotfix does not apply.

    regards,

  • I've deployed two SBS 2008 servers running Trend Micro WFBS v5.1, and both Active Directory systems are dying at 7-10 day intervals with the noted symptoms. I had both angry customers on the phone yesterday - both went down on the same morning! As mentioned, a restart makes it good for another 7-10 days.

    I love the advances made in new products like SBS 2008!

  • I'm experiencing the issue on Windows Small Business Server 2008 (x64) which would not let me apply the hotfix.  I'm assuming that is because it is for sp2 and (x86) as shown on the download page.  Is there a x64 version or a real Windows 2008 x64 version yet?

  • Dear mitchell,

    There's 64 bit version of the fix available on the same page. In the "select hotfix section" there's a link just next to the "1" symbol, which says "Show hotfixes for all platforms and languages (3)". Click on that link and you will find 64bit ver.

    Regards

  • there should be version for x64 drivers, you can call MS and ask for it , this should be free

  • Just click on the link that is marked with "(1) Show hotfixes for all platforms and languages (3)"

    Then you can see all 3 available version: x86, x64, IA64.

  • I have experienced the issue twice in 2 weeks on a new SBS2008 box, also running Trend Micro WFBS v5.1. I am installing the hotfix today, and report back in 3 weeks as to whether it resolved the issue. Andy, can you report back to see if the hot fix resolved your issues as well?

    Cbeers

    Peter

  • I experienced this issue with a customers brand new sbs2008 with Trend Micro Worry-Free Business security. The first time this happened two weeks ago I managed to get it up and running with pure luck (after a full day of troubleshooting).

    This time I found this post, installed the hotfix and everything is working fine :)

    But how can I be sure that this error does not come back? "a few days to a few weeks" is the worst type of error. I would really like som specific indication that it doesnt come back.

  • Thank you very much. I have this problem since ever!!.

  • I found this link from the EBS connect site.  I have this problem with EBS and WFBS from Trend.  Will the 64bit version of the hotfix work on it.  If not, what can I do to manually fix it.

  • Recently, I have seen some mail and some posts around losing network connectivity after applying a security

  • Michael Hall - Yes you can install the x64 version on EBS. EBS blog post is in the works.

  • Thanks.  I'll be glad to have that problem fixed.

    Mike