Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE

Windows Server 2019 warns No Internet Access after AD, DNS and DHCP setup

Copper Contributor

Hi all.

 

I have a Windows Server 2019 VM (HyperV) where I setup my first DC. I also setup DNS and DHCP on the server. After deploying these, the yellow warning icon appeared on the network icon in the bottom right corner, and it says "No internet access". Indeed, Internet access seems to be working normally. The only issue is the DNS sometimes unable to resolve certain random domains. It seems that unbinding IPv6 from the NIC almost solved this issue, but the warning icon and the No Internet message remains.

 

I tried the troubleshooting tool. It is unable to diagnose the issue, and suggests a network reset. I did it twice, but it did not change anything.

 

I took a dump of the network packets when the diagnostic tool is run, but I see nothing unusual. It finally connects to http://www.microsoft.com:80/ which I think is the normal way to determine if Internet is available. The server responds 200 Ok and some codes.

 

I don't know where to look further. 

 

My ipconfig /all:

 

Windows IP Configuration

Host Name . . . . . . . . . . . . : SrvApp19
Primary Dns Suffix . . . . . . . : psw.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : psw.local

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-00-78-03
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.0.112(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.254
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

 

I attach one of the diagnostic reports.

 

Thank to anyone who can help.

19 Replies

@Luigi_Iotti 

 

Don't unbind IPv6 :) DNS listener binding does use IPv6 too.

 

If it's on boot up, check the Event Log for Event ID 4013 - The DNS server is waiting for Active Directory Domain Services...

 

Normal if you only have the 1 DC and the VM completes the boot process before the services are ready to start. DNS usually waits until AD is complete.   You could always spin up 2nd DC with DNS and point to that and see. 

 

 

 

 

 

 

Same problem here and seen a couple of times already. I'm just testing a W2019 deployment in VMware Workstation. Brought up W2019 server, added DNS, DHCP and promoted to DC. Internet is clearly working as can browse BBC website. DNS settings on the DC look correct - forwarding to the router and using 127.0.0.1 for it's own settings. Also deployed a W10 DC using DHCP and added to domain. It's fine, i.e. not reporting "No internet"

Also noticed that it's on a private network, not the domain network. Wonder if that's part of the problem?

I've got a workaround for this. I appears to be something to do with when you have a single DC where the DNS is configured as 127.0.0.1. With a set-up like this, the "No internet" message occurs although it's clear one has perfect internet access.

 

7F1BT7U[1].png

My workaround is to add the IP address of another DNS server. The upstream router in this example but could equally be 8.8.8.8 (Google DNS):

 

ZzvHoDn[1].png

Once you add that second DNS, the "No internet" message disappears. 

 

In a more normal domain set-up, best practise means you have two domain controllers and DNS servers. In which case, the DC would have DNS settings of 127.0.0.1 (itself) and the IP of the other DNS server.

google DNS knows nothing of your private domain. domain controller should always have at least own static ip address, and loopback (127.0.0.1) listed on connection properties. Never use router or public DNS here. Internet queries are passed on in a top-level down fashion by default to the 13 root hint servers, or optionally any configured forwarders.

 

roothints.jpgforwarders.jpg

 

 

 

 

This fault is nothing AFAIK to do with root hints - they are only ever used when the forwarder DNS server fails or is not configured.

It's some flaw in the check for internet access when running on a single domain controller system. When you promote a member to a domain controller and install a DNS server at the same time, it removes the DNS settings against the NIC, uses that for the DNS server forwarder and replaces it with 127.0.0.1. This works perfectly for everything except for whatever test is being carried out for internet connectivity.

Adding the DNS setting on the DC for an upstream DNS server (e.g. router or Google DNS or OpenDNS) and the check starts working.

The DC itself will refer to itself as 127.0.0.1 is checked first and most of the time will work.

It might be because it's very common for the forwarded DNS server to fail to resolve if it's picked up the upstream router like this. I'm just going to change the forwarder to Google DNS and remove from the static IP configuration to see if that works as well.

 

Z0SdSp0[1].png

 google DNS knows nothing of the internal domain and cannot be used for DNS on server's connection properties. Always use the server's own static ip address plus loopback and no others such as router or public DNS

 

 

 

 

>google DNS knows nothing of the internal domain and cannot be used for DNS on server's connection properties

I'm talking about the forwarders above and Google DNS servers are as good as any others in resolving *external* requests.

 


@rob_nicholson_helios wrote:
>google DNS knows nothing of the internal domain and cannot be used for DNS on server's connection properties

I'm talking about the forwarders above and Google DNS servers are as good as any others in resolving *external* requests.

I'd suggest starting your own thread as opposed to hijacking another. Makes things easier to follow.

 

 

I found that my member server 2019 was having this issue, and it's because the router is giving out IPv6 addresses but there is no internet access on IPv6. The solution was to disable IPv6 on the network adapter on the server

@Luigi_Iottitry restarting the Network Location Awareness service and allow it to restart the Network List service automatically. If it solves the warning then it's because the Network Location Awareness service is starting before DNS. You can fix this by creating a dependency using the following command from an elevated command prompt:

 

sc config nlasvc depend=DNS

 

 

@Jason_Pitts 

1. Press Windows + R keys.

2. Type regedit, click OK.

3. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet.

4. Make sure following values exist in right pane of Internet:

"ActiveDnsProbeContent"="8.8.4.4"

"ActiveDnsProbeContentV6"="2001:4860:4860::8844"

"ActiveDnsProbeHost"="dns.google"

"ActiveDnsProbeHostV6"="dns.google"

"ActiveWebProbeHostV6"="www.msftconnecttest.com"

"EnableActiveProbing"="1"

5. Restart Network Location Awareness service


Referenced from: Arash.Dargahi

On domain controllers using 127.0.0.1 as their primary DNS, run the following:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\Windows\NetworkConnectivityStatusIndicator" /v UseGlobalDNS /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\Windows\NetworkConnectivityStatusIndicator" /v NoActiveProbe /t REG_DWORD /d 0 /f

@Jason_Pitts Yes, that command solved my problems, but AFAIK there is a problem using it like that: 

sc config nlasvc depend= DNS

It overwrites all dependencies the service currently has. So if you want to add and not overwrite the service's dependencies list, a solution would be first to get the dependencies list, runnig this command:

sc qc nlasvc

That outputs this:

SERVICE_NAME: nlasvc
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService -p
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Network Location Awareness
        DEPENDENCIES       : NSI
                           : RpcSs
                           : TcpIp
                           : Dhcp
                           : Eventlog
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

Secondly run this command to add DNS:

sc config nlasvc depend= NSI/RpcSs/TcpIp/Dhcp/Eventlog/DNS

Please, let me know if I am wrong.

created account to like this comment :)

@m32po you are correct, that would be the right way to ensure that nothing was removed inadvertently.

 

In the case of the NLA service, it has no dependencies by default, so nothing to worry about here.

What about "Network List Service" as a dependency?
Mate I just want to say thank you, from the bottom of my heart. I spent way too many hours on this thing. Adding the alternate DNS server as 8.8.8.8 finally solved it. God bless ya.