Forum Discussion
Windows Server 2019 warns No Internet Access after AD, DNS and DHCP setup
Hi all.
I have a Windows Server 2019 VM (HyperV) where I setup my first DC. I also setup DNS and DHCP on the server. After deploying these, the yellow warning icon appeared on the network icon in the bottom right corner, and it says "No internet access". Indeed, Internet access seems to be working normally. The only issue is the DNS sometimes unable to resolve certain random domains. It seems that unbinding IPv6 from the NIC almost solved this issue, but the warning icon and the No Internet message remains.
I tried the troubleshooting tool. It is unable to diagnose the issue, and suggests a network reset. I did it twice, but it did not change anything.
I took a dump of the network packets when the diagnostic tool is run, but I see nothing unusual. It finally connects to http://www.microsoft.com:80/ which I think is the normal way to determine if Internet is available. The server responds 200 Ok and some codes.
I don't know where to look further.
My ipconfig /all:
Windows IP Configuration
Host Name . . . . . . . . . . . . : SrvApp19
Primary Dns Suffix . . . . . . . : psw.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : psw.local
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-00-78-03
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.0.112(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.254
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
I attach one of the diagnostic reports.
Thank to anyone who can help.
Luigi_Iottitry restarting the Network Location Awareness service and allow it to restart the Network List service automatically. If it solves the warning then it's because the Network Location Awareness service is starting before DNS. You can fix this by creating a dependency using the following command from an elevated command prompt:
sc config nlasvc depend=DNSJason_Pitts Yes, that command solved my problems, but AFAIK there is a problem using it like that:
sc config nlasvc depend= DNSIt overwrites all dependencies the service currently has. So if you want to add and not overwrite the service's dependencies list, a solution would be first to get the dependencies list, runnig this command:
sc qc nlasvcThat outputs this:
SERVICE_NAME: nlasvc TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k NetworkService -p LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Network Location Awareness DEPENDENCIES : NSI : RpcSs : TcpIp : Dhcp : Eventlog SERVICE_START_NAME : NT AUTHORITY\NetworkServiceSecondly run this command to add DNS:
sc config nlasvc depend= NSI/RpcSs/TcpIp/Dhcp/Eventlog/DNSPlease, let me know if I am wrong.
m32po you are correct, that would be the right way to ensure that nothing was removed inadvertently.
In the case of the NLA service, it has no dependencies by default, so nothing to worry about here.
1. Press Windows + R keys.
2. Type regedit, click OK.
3. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet.
4. Make sure following values exist in right pane of Internet:
"ActiveDnsProbeContent"="8.8.4.4"
"ActiveDnsProbeContentV6"="2001:4860:4860::8844"
"ActiveDnsProbeHost"="dns.google"
"ActiveDnsProbeHostV6"="dns.google"
"ActiveWebProbeHostV6"="www.msftconnecttest.com"
"EnableActiveProbing"="1"
5. Restart Network Location Awareness service
Referenced from: Arash.DargahiOn domain controllers using 127.0.0.1 as their primary DNS, run the following:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\Windows\NetworkConnectivityStatusIndicator" /v UseGlobalDNS /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\Windows\NetworkConnectivityStatusIndicator" /v NoActiveProbe /t REG_DWORD /d 0 /f
- You the man dog.
I've got a workaround for this. I appears to be something to do with when you have a single DC where the DNS is configured as 127.0.0.1. With a set-up like this, the "No internet" message occurs although it's clear one has perfect internet access.
My workaround is to add the IP address of another DNS server. The upstream router in this example but could equally be 8.8.8.8 (Google DNS):
Once you add that second DNS, the "No internet" message disappears.
In a more normal domain set-up, best practise means you have two domain controllers and DNS servers. In which case, the DC would have DNS settings of 127.0.0.1 (itself) and the IP of the other DNS server.
google DNS knows nothing of your private domain. domain controller should always have at least own static ip address, and loopback (127.0.0.1) listed on connection properties. Never use router or public DNS here. Internet queries are passed on in a top-level down fashion by default to the 13 root hint servers, or optionally any configured forwarders.
- This fault is nothing AFAIK to do with root hints - they are only ever used when the forwarder DNS server fails or is not configured.
It's some flaw in the check for internet access when running on a single domain controller system. When you promote a member to a domain controller and install a DNS server at the same time, it removes the DNS settings against the NIC, uses that for the DNS server forwarder and replaces it with 127.0.0.1. This works perfectly for everything except for whatever test is being carried out for internet connectivity.
Adding the DNS setting on the DC for an upstream DNS server (e.g. router or Google DNS or OpenDNS) and the check starts working.
The DC itself will refer to itself as 127.0.0.1 is checked first and most of the time will work.
- created account to like this comment 🙂
- Mate I just want to say thank you, from the bottom of my heart. I spent way too many hours on this thing. Adding the alternate DNS server as 8.8.8.8 finally solved it. God bless ya.
Don't unbind IPv6 🙂 DNS listener binding does use IPv6 too.
If it's on boot up, check the Event Log for Event ID 4013 - The DNS server is waiting for Active Directory Domain Services...
Normal if you only have the 1 DC and the VM completes the boot process before the services are ready to start. DNS usually waits until AD is complete. You could always spin up 2nd DC with DNS and point to that and see.
Same problem here and seen a couple of times already. I'm just testing a W2019 deployment in VMware Workstation. Brought up W2019 server, added DNS, DHCP and promoted to DC. Internet is clearly working as can browse BBC website. DNS settings on the DC look correct - forwarding to the router and using 127.0.0.1 for it's own settings. Also deployed a W10 DC using DHCP and added to domain. It's fine, i.e. not reporting "No internet"
- Also noticed that it's on a private network, not the domain network. Wonder if that's part of the problem?
I found that my member server 2019 was having this issue, and it's because the router is giving out IPv6 addresses but there is no internet access on IPv6. The solution was to disable IPv6 on the network adapter on the server
