You May Lose Network Connectivity on SBS 2008 When Using a Driver Which Utilizes TDI

[Today's post comes to us courtesy of Wayne McIntyre, Damian Leibaschoff, Chris Puckett, and Justin Crosby]

We have been seeing cases where the users are losing network connectivity with their SBS 2008 server after a few days to a few weeks.  Rebooting SBS 2008 will temporarily resolve the issue.  This issue occurs when you are using a filter driver (commonly a firewall) that utilizes the Transport Driver Interface, which is now being deprecated and replaced with WFP in Vista/2008 and beyond.  If you are experiencing this problem we have released a hot fix that you can obtain here: https://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=961775&kbln=en-us

Note: If you do not see the option for Windows 2008 you can use the Windows Vista version on your SBS 2008 server.

image

961775 A Windows Server 2008 or Windows Vista SP1 system encounters user authentication failure and a large number of leaked handle for the system process when it is installed on a machine with multiple processors and TDI filter drivers are installed
https://support.microsoft.com/default.aspx?scid=kb;EN-US;961775

Symptoms

Some of the symptoms you may see when you encounter this issue include:

--------------------

Active Directory consoles will open with an error:
Naming information cannot be located for the following reason: The server is not operational.

--------------------

System Event Log:
Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Event ID:      1054
Level:         Error
User:          SYSTEM
Description:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.

--------------------

DNS Server Event log:
Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Event ID:      408
Level:         Error
Description:
The DNS server could not open socket for address 0.0.0.0.

Verify that this is a valid IP address for the server computer.  If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces.  Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error.  In that case remove the DNS\Parameters\ ListenAddress value in the services section of the registry and restart.)

If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.

--------------------

Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Event ID:      404
Level:         Error
Description:
The DNS server could not bind a Transmission Control Protocol (TCP) socket to address 0.0.0.0.  The event data is the error code.  An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use.

Restart the DNS server or reboot the computer.

--------------------

Note: This is not a comprehensive list of errors.  If you are encountering any sort of connectivity issue that is only fixed through a reboot, and are running a program that uses TDI please install this hotfix.