You May Lose Network Connectivity on SBS 2008 When Using a Driver Which Utilizes TDI
[Today's post comes to us courtesy of Wayne McIntyre, Damian Leibaschoff, Chris Puckett, and Justin Crosby]
We have been seeing cases where the users are losing network connectivity with their SBS 2008 server after a few days to a few weeks. Rebooting SBS 2008 will temporarily resolve the issue. This issue occurs when you are using a filter driver (commonly a firewall) that utilizes the Transport Driver Interface, which is now being deprecated and replaced with WFP in Vista/2008 and beyond. If you are experiencing this problem we have released a hot fix that you can obtain here: https://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=961775&kbln=en-us
Note: If you do not see the option for Windows 2008 you can use the Windows Vista version on your SBS 2008 server.
961775 A Windows Server 2008 or Windows Vista SP1 system encounters user authentication failure and a large number of leaked handle for the system process when it is installed on a machine with multiple processors and TDI filter drivers are installed
https://support.microsoft.com/default.aspx?scid=kb;EN-US;961775
Symptoms
Some of the symptoms you may see when you encounter this issue include:
--------------------
Active Directory consoles will open with an error:
Naming information cannot be located for the following reason: The server is not operational.--------------------
System Event Log:
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Event ID: 1054
Level: Error
User: SYSTEM
Description:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.--------------------
DNS Server Event log:
Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Event ID: 408
Level: Error
Description:
The DNS server could not open socket for address 0.0.0.0.Verify that this is a valid IP address for the server computer. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parameters\ ListenAddress value in the services section of the registry and restart.)
If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.
--------------------
Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Event ID: 404
Level: Error
Description:
The DNS server could not bind a Transmission Control Protocol (TCP) socket to address 0.0.0.0. The event data is the error code. An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use.Restart the DNS server or reboot the computer.
--------------------
Note: This is not a comprehensive list of errors. If you are encountering any sort of connectivity issue that is only fixed through a reboot, and are running a program that uses TDI please install this hotfix.
Comments
Anonymous
January 01, 2003
Bryan, This issue is specific to vista and server 2008, you are experiencing some other issue, and the hotfix does not apply. regards,Anonymous
January 01, 2003
I'm experiencing the issue on Windows Small Business Server 2008 (x64) which would not let me apply the hotfix. I'm assuming that is because it is for sp2 and (x86) as shown on the download page. Is there a x64 version or a real Windows 2008 x64 version yet?Anonymous
January 01, 2003
Michael Hall - Yes you can install the x64 version on EBS. EBS blog post is in the works.Anonymous
January 01, 2003
Recently, I have seen some mail and some posts around losing network connectivity after applying a securityAnonymous
January 01, 2003
I think I've run into this issue with Windows XP Pro SP3. Client loses connection to network printers, shared drives...can still ping the server. I went into his network properties and unchecked a firewall driver and everything seemed to come back. The hotfixes are for Vista only from what I can tell.Anonymous
January 01, 2003
Thanks to Chris Puckett and his team for working on this to get a resolution. We have seen this primarilyAnonymous
January 01, 2003
What a great event!  We had over 30 partners show for the technology packed day.  A lot ofAnonymous
January 01, 2003
The comment has been removedAnonymous
February 13, 2009
I've deployed two SBS 2008 servers running Trend Micro WFBS v5.1, and both Active Directory systems are dying at 7-10 day intervals with the noted symptoms. I had both angry customers on the phone yesterday - both went down on the same morning! As mentioned, a restart makes it good for another 7-10 days. I love the advances made in new products like SBS 2008!Anonymous
February 18, 2009
Dear mitchell, There's 64 bit version of the fix available on the same page. In the "select hotfix section" there's a link just next to the "1" symbol, which says "Show hotfixes for all platforms and languages (3)". Click on that link and you will find 64bit ver. RegardsAnonymous
February 19, 2009
there should be version for x64 drivers, you can call MS and ask for it , this should be freeAnonymous
February 19, 2009
Just click on the link that is marked with "(1) Show hotfixes for all platforms and languages (3)" Then you can see all 3 available version: x86, x64, IA64.Anonymous
February 22, 2009
The comment has been removedAnonymous
February 23, 2009
I experienced this issue with a customers brand new sbs2008 with Trend Micro Worry-Free Business security. The first time this happened two weeks ago I managed to get it up and running with pure luck (after a full day of troubleshooting). This time I found this post, installed the hotfix and everything is working fine :) But how can I be sure that this error does not come back? "a few days to a few weeks" is the worst type of error. I would really like som specific indication that it doesnt come back.Anonymous
February 24, 2009
Thank you very much. I have this problem since ever!!.Anonymous
February 24, 2009
I found this link from the EBS connect site. I have this problem with EBS and WFBS from Trend. Will the 64bit version of the hotfix work on it. If not, what can I do to manually fix it.Anonymous
February 26, 2009
Thanks. I'll be glad to have that problem fixed. MikeAnonymous
February 26, 2009
Seen this on 3 servers, 2 SBS 2008 (HP ML350) and 1 2008 Standard (HP DL360), all running Trend Micro WFBS v5.1. Going to install the hotfix and will report back.Anonymous
February 27, 2009
The comment has been removedAnonymous
March 02, 2009
same problem here, it looks like it's trendmicro causing this. Installed the fix on two servers, let's see ... .Anonymous
March 03, 2009
Same issue, Trend was seemingly the cause. I contacted Microsoft and they provided me with the hotfix. So far so good. Trend is ugh.Anonymous
March 05, 2009
I have this issue with SBS2003--it quits talking to clients unless you are connecting via IP and secure--RDP for instance can connect where you can not ping it but IP. Been round and round with Microsoft. Anyone know a fix for this issue?Anonymous
March 06, 2009
The comment has been removedAnonymous
March 11, 2009
We are also having this issue with SBS 2003. We have replaced the system board (dell 2900), disabled the onboard broadcom nics, installed intel pro 1000 nics, changes network switches, network cables, loaded all windows updates, disabled trend micro.... still having the issue. It is random, but I seem to be able to force it to happen by kicking off backup exec 12.5 and running a full backup job of a remote (local lan) server. The server will lose contact with the network and not regain it until you reboot. It can ping 127.0.0.1 still however.