Monday, July 11, 2005

what's in a name?

client site presented with windows update failure errors on workstations since being migrated to sbs 2003.

two primary error codes were being returned, depending on the client platform (2000 or XP). both error codes pointed to dns issues, but focused mainly on hosts file entries (bogus or not), which was eliminated as a cause.

went hunting in microsoft's newgroups, and found a post that caught my eye concerning dns failures on server 2003, including a reference to kb article 828731.

in a nutshell, the firewall at the client site was kicking the dns query response packets, since edns (new supported spec in 2003's dns server...rfc 2671 if you are uber-geek) was specifying that they could use udp and be bigger than 512 bytes.

after deciding to make a change to the dns server rather than the firewall, ran the following at a command prompt on the sbs server:

dnscmd /Config /EnableEDnsProbes 0

*poof*

issue fixed

here's another kb article that goes into some more detail about this: 828263

caveat lector: disabling edns makes dns server use tcp for external queries...which might not be good for your given environment.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home