locked
Corrupt Name Resolution Table (DirectAccess and Hyper-V) RRS feed

  • Question

  • I was trying to make it possible to connect to Hyper-V virtual machines on my laptop (running Windows Server 2008 R2). It is rather interesting that DirectAccess prevents connecting to virtual machines running on the same machine :( For this reason , a colleague of mine decided to jump off DA pilot boat and removing his machine account from the machine group to which DirectAccess GPOs are targeted, indeed solved Hyper-V management problem. With Hyper-V Manager I was able to start virtual machines but couldn't connect to them receiving an error message along the lines "computer name is not found, use ipconfig /flushdns". Our DirectAccess is deployed with UAG and default GPOs it creates. I tried to create different Connection Security Rules into Local Computer Policy (with wf.msc) and since I couldn't make it to work I "invented" that I could possibly use NRPT entry (in Local Computer Policy) to exempt DNS queries for my own computer from DirectAccess name resolution. Since it didn't work either, I decided to remove addtional entries from Local Computer Policy NRPT. Now the end result is:

    C:\>netsh name show effective
    Name resolution policy table has been corrupted. DNS resolution will fail until it is fixed. Contact your network administrator.

    It has become rather difficult to perform anything since DNS isn't working... Any hints for fixing NRPT are very welcome...

    Sunday, November 1, 2009 5:27 PM

Answers

  • It feels stupid to answer my own question but I managed to fix the corrupt NRPT :) I first checked Technet and learnt the registry location (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig) and found that for some reason, the rules that come from DA GPOs had been duplicated. The originals from GPOs were named as  "UAGDA Rule1" to "UAGDA Rule3" and the duplicates were named simply "Rule 1" to "Rule 3". I first exported the registry key and then started removing values. I didn't restart the DNS Client service after removing the duplicates but since removing DNSPolicyConfig key still didn't fix the netsh message, I restarted the DNS Client service. It worked and after establishing a "legacy" VPN connection to our corporate network I refreshed Group Policy and voíla, everything (DNS name resolution and DA) is working again :) Netsh name sh eff shows the correct entries and only the same three entries exist in the registry under DNSPolicyConfig. At least I already backed up everything in order to be able to revert the system back to Windows Server Backup SystemImage... Now, if I could get Hyper-V working...
    • Edited by Mika Seitsonen Sunday, November 1, 2009 9:53 PM Added a bit more info
    • Marked as answer by Miles Li Monday, November 2, 2009 2:42 AM
    Sunday, November 1, 2009 9:50 PM

All replies

  • can you elaborate on make it possible to connect to Hyper-V virtual machines on my laptop (running Windows Server 2008 R2).

    I have this running on a laptop with no issues.   I also have a complete DA environment working attached to the internet in a hyper-v environment.  No issues.

    Don Murphy
    Sunday, November 1, 2009 5:52 PM
  • Thanks for offering help and sorry for being unclear!

    When I start my computer with hypervisor running I can start Hyper-V Manager and connect to local virtual machine. However, after I start the virtual machine after a few seconds pop-up window appears with title Virtual Machine Connection and text "Cannot find the physical computer that runs the virtual machine. Try to flush you DNS cache (run ipconfig /flushdns). Then try to connect again. If the problem persists, contact the administrator of the physical computer or your network administrator. Would you like to try connecting again?". The windows has two buttons "Connect" and "Exit" with corresponding actions showing same window or exiting. I can't find any errors in any O/S logs related to this issue. I can see CTRL+ALT+DEL displayed in the miniature window of Hyper-V Manager. Unfortunately, I haven't enabled remote desktop connections on my virtual machines :(
    Sunday, November 1, 2009 7:31 PM
  • In addition there is an event 1023 from DNS Client Events with text "Name resolution policy table has been corrupted. DNS resolution will fail until it is fixed. Contact your network administrator. For more information: read policy table for rule UAGDA Rule 1 failed with error 0x1392"

    Also, I learnt that there is DNS Client Events log category which I enabled. The error (ID 60005)  there is

    Warning: 0x410055 Location: 4456519 Context: 2097217

    Sunday, November 1, 2009 8:44 PM
  • It feels stupid to answer my own question but I managed to fix the corrupt NRPT :) I first checked Technet and learnt the registry location (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig) and found that for some reason, the rules that come from DA GPOs had been duplicated. The originals from GPOs were named as  "UAGDA Rule1" to "UAGDA Rule3" and the duplicates were named simply "Rule 1" to "Rule 3". I first exported the registry key and then started removing values. I didn't restart the DNS Client service after removing the duplicates but since removing DNSPolicyConfig key still didn't fix the netsh message, I restarted the DNS Client service. It worked and after establishing a "legacy" VPN connection to our corporate network I refreshed Group Policy and voíla, everything (DNS name resolution and DA) is working again :) Netsh name sh eff shows the correct entries and only the same three entries exist in the registry under DNSPolicyConfig. At least I already backed up everything in order to be able to revert the system back to Windows Server Backup SystemImage... Now, if I could get Hyper-V working...
    • Edited by Mika Seitsonen Sunday, November 1, 2009 9:53 PM Added a bit more info
    • Marked as answer by Miles Li Monday, November 2, 2009 2:42 AM
    Sunday, November 1, 2009 9:50 PM
  • Thanks!  I was seeing a similar issue with NRPT, and after deleting the reg keys and restarting DNS client I can at least get an internet connection again.
    Sunday, November 15, 2009 6:25 PM