VMware Communities
MKohnen
Contributor
Contributor

Bridged networking does not transmit all packets

I use VMware Workstation 6.5.1 build 126130 on Vista Ultimate x64 SP 1. My guest machines (Windows XP Professional x86 and Windows Server 2008 Enterprise x64) are configured for bridged networking and obtain IP addresses via DHCP successfully. Unfortunately, they are unable to perform name resolution via DNS. Pinging internet hosts by using the IPs does work, using the names does not. I used Wireshark on both the host and the XP guest machine to compare the transmitted packets; the DNS packets only show up on the guest machine, the ICMP packets show up on both guest and host. Interestingly, the guest tries to resolve e.g. www.google.com using NetBIOS after DNS fails - those packets are visible on the host as well.

Can anybody explain and resolve this problem?

Reply
0 Kudos
14 Replies
Scissor
Virtuoso
Virtuoso

Are you running any 3rd party firewalls on your Host? What antivirus are you running on your Host? Any VPN clients on your Host?

Reply
0 Kudos
Scissor
Virtuoso
Virtuoso

Are your Guests bridging to a Wireless or Wired adapter on your Host?

Reply
0 Kudos
MKohnen
Contributor
Contributor

I do not use a 3rd party firewall. Symantec Antivirus Corporate 10 is running on the host. I have the Shrew VPN software installed. I tried to install AVM's software for the Fritz!Box, but it does not support 64bit OSes so the install failed.

My host is connected to the network via the wired adapter. I tried to tie bridging to the wired NIC which did not help. I returned the setting back to automatic and excluded the Bluetooth adapter from the bridging candidates.

Reply
0 Kudos
Scissor
Virtuoso
Virtuoso

I should have asked this first. Can you confirm that your Guests are configured to use a valid DNS server?

I do not use a 3rd party firewall. Symantec Antivirus Corporate 10 is running on the host.

Can you verify that your Symantec administrator has not enabled the "Symantec Client Firewall" as part of your Symantec AntiVirus installation?

My host is connected to the network via the wired adapter. I tried to tie bridging to the wired NIC which did not help. I returned the setting back to automatic and excluded the Bluetooth adapter from the bridging candidates.

Good, keep bridging with the Wired adapter while you are troubleshooting. Verify that you have the latest drivers installed for your Wired adapter. On your Host can you look at your Wired adapter's properties and (temporarily) disable any "Task Offload" or other "offload" settings to see if that makes a difference?

I have the Shrew VPN software installed. I tried to install AVM's software for the Fritz!Box, but it does not support 64bit OSes so the install failed.

I assume that your Shrew VPN software is not running while you are troubleshooting this, correct? Otherwise, perhaps this thread applies to you:

http://lists.shrew.net/mailman/htdig/vpn-help/2008-August/001686.html

Reply
0 Kudos
MKohnen
Contributor
Contributor

> I should have asked this first. Can you confirm that your Guests are configured to use a valid DNS server?

The guests obtain their IPs from the same DHCP server as the host does and are configured to use the same DNS server. The Wireshark packet analysis showed that the guests try to use the correct DNS server.

> Can you verify that your Symantec administrator has not enabled the "Symantec Client Firewall" as part of your Symantec AntiVirus installation?

I am the administrator of the system. Only the AntiVirus components are installed.

> Good, keep bridging with the Wired adapter while you are troubleshooting. Verify that you have the latest drivers installed for your Wired adapter. On your Host can you look at your Wired adapter's properties and (temporarily) disable any "Task Offload" or other "offload" settings to see if that makes a difference?

The latest drivers are installed. The adapter (Broadcom NetXtreme 57xx)

does not support offloading - at least there are no driver options.

> I assume that your Shrew VPN software is not running while you are troubleshooting this, correct? Otherwise, perhaps this thread applies to you:

Shrew is not running. Another VPN using Windows VPN functions was up during some tests, but I disconnected that as well which did not solve the problem.

Reply
0 Kudos
Scissor
Virtuoso
Virtuoso

> Good, keep bridging with the Wired adapter while you are troubleshooting. Verify that you have the latest drivers installed for your Wired adapter. On your Host can you look at your Wired adapter's properties and (temporarily) disable any "Task Offload" or other "offload" settings to see if that makes a difference?

The latest drivers are installed. The adapter (Broadcom NetXtreme 57xx)

does not support offloading - at least there are no driver options.

This link ( http://www.broadcom.com/support/ethernet_nic/faq_drivers.php ) has the following instructions on how to disable "Large Send Offload":

41.) How can I configure Large Send Offload?

In Microsoft Windows, right-click the Network Adapter in Network Connections and then click Properties.

Click the Configure button and then the General tab.

Set the "Large Send Offload" parameter to Disable or Enable.

Reply
0 Kudos
MKohnen
Contributor
Contributor

The latest drivers are installed. The adapter (Broadcom NetXtreme 57xx)

does not support offloading - at least there are no driver options.

This link ( ) has the following instructions on how to disable "Large Send Offload":

41.) How can I configure Large Send Offload?

In Microsoft Windows, right-click the Network Adapter in Network Connections and then click Properties.

Click the Configure button and then the General tab.

Set the "Large Send Offload" parameter to Disable or Enable.

I don't know for which Windows version this guide shall fit, but at least it does not fit to Vista 64. On the General tab, there is only general information about the NIC, no options. On the Advanced tab, there are the options Flow Control (disabled), Priority & VLAN (Priority & VLAN enabled), Speed & Duplex (auto), VLAN ID (0) and Wake Up Capabilities (Both). No other options are configurable this way.

Reply
0 Kudos
Scissor
Virtuoso
Virtuoso

OK thanks for double-checking for me.

Does this thread help?

- http://communities.vmware.com/message/675649

Can you attach the vmware.log and .vmx file from the directory containing (one of) your Guests? Can you attach the output of running "ipconfig /all" from your Host and from your Guest?

Reply
0 Kudos
MKohnen
Contributor
Contributor

Does this thread help?

Can you attach the vmware.log and .vmx file from the directory containing (one of) your Guests? Can you attach the output of running "ipconfig /all" from your Host and from your Guest?

The switch the machines are connected to is not able to filter MAC addresses. I configured EnableRSS=0 and DisableTaskOffload=1 in both host and guest system - no success. I found no other hints in the linked thread and the threads linked by it. Did you mean these things?

ipconfig /all of the guest outputs (IP addresses and domain and host names anonymized (due to search engines)):

Windows IP Configuration

Host Name . . . . . . . . . . . . : WIN-OSH...

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : x.y.de

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : x.y.de

Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection

Physical Address. . . . . . . . . : 00-0C-29-8B-A2-A4

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:638:... (Preferred)

Link-local IPv6 Address . . . . . : fe80::... (Preferred)

IPv4 Address. . . . . . . . . . . : 123.456.151.225(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : 2.2.2009 16:19:33

Lease Expires . . . . . . . . . . : 3.2.2009 00:39:32

Default Gateway . . . . . . . . . : fe80::...

123.456.151.1

DHCP Server . . . . . . . . . . . : 123.456.151.128

DNS Servers . . . . . . . . . . . : 123.456.3.10

123.456.1.7

123.456.151.136

Primary WINS Server . . . . . . . : 123.456.151.136

Secondary WINS Server . . . . . . : 123.456.150.136

123.456.164.72

NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : x.y.de

Description . . . . . . . . . . . : isatap.x.y.de

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

ipconfig /all of the host:

Windows-IP-Konfiguration

Hostname . . . . . . . . . . . . : abc

Primäres DNS-Suffix . . . . . . . :

Knotentyp . . . . . . . . . . . . : Broadcast

IP-Routing aktiviert . . . . . . : Nein

WINS-Proxy aktiviert . . . . . . : Nein

DNS-Suffixsuchliste . . . . . . . : x.y.de

PPP-Adapter Home:

Verbindungsspezifisches DNS-Suffix:

Beschreibung. . . . . . . . . . . : Home

Physikalische Adresse . . . . . . :

DHCP aktiviert. . . . . . . . . . : Nein

Autokonfiguration aktiviert . . . : Ja

IPv4-Adresse . . . . . . . . . . : 192.168.789.123(Bevorzugt)

Subnetzmaske . . . . . . . . . . : 255.255.255.255

Standardgateway . . . . . . . . . :

DNS-Server . . . . . . . . . . . : 192.168.789.1

NetBIOS über TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter Bluetooth-Netzwerkverbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt

Verbindungsspezifisches DNS-Suffix:

Beschreibung. . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN

Ethernet-Adapter LAN-Verbindung:

Verbindungsspezifisches DNS-Suffix: x.y.de

Beschreibung. . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controlle

r

Physikalische Adresse . . . . . . : 00-19-B9-XX-YY-ZZ

DHCP aktiviert. . . . . . . . . . : Ja

Autokonfiguration aktiviert . . . : Ja

IPv6-Adresse. . . . . . . . . . . : 2001:638:... (Bevorzugt)

Temporäre IPv6-Adresse. . . . . . : 2001:638:... (Bevorzugt)

Verbindungslokale IPv6-Adresse . : fe80::... (Bevorzugt)

IPv4-Adresse . . . . . . . . . . : 123.456.151.134(Bevorzugt)

Subnetzmaske . . . . . . . . . . : 255.255.255.0

Lease erhalten. . . . . . . . . . : 2.2.2009 15:51:01

Lease läuft ab. . . . . . . . . . : 3.2.2009 00:11:00

Standardgateway . . . . . . . . . : fe80::...

123.456.151.1

DHCP-Server . . . . . . . . . . . : 123.456.151.128

DNS-Server . . . . . . . . . . . : 123.456.3.10

123.456.1.7

123.456.151.136

Primärer WINS-Server. . . . . . . : 123.456.151.136

Sekundärer WINS-Server. . . . . . : 123.456.150.136

123.456.164.72

NetBIOS über TCP/IP . . . . . . . : Aktiviert

I removed the thousands of tunneling devices Vista displays.

Reply
0 Kudos
Scissor
Virtuoso
Virtuoso

Sorry, IPCONFIG output is useless if you manually changed all the IP addresses. No worries though.

Although this shouldn't matter for your networking problem, looking at your vmware.log file I see that your Host has 2 CPU cores. Since your Host only has 2 cores, you shouldn't allocate 2 vCPUs to a single Guest as it can cause resource contention. I suggest changing your Guest to have one vCPU.

Sorry to keep asking about your Host Network card, but can you tell me what model Broadcom Network card you have and what driver version you have installed? I have a laptop here running Vista 32-bit with a "Broadcom NetXtreme Gigabit Ethernet" driver version 11.7.3.0 (11/3/2008), and it has the following offload features listed "Large Send Offload (IPv4)", "Large Send Offload v2 (IPv4)", and "Large Send Offload v2 (IPv6)". I would imagine that the 64-bit Vista Broadcom NIC drivers would have the same options listed.

Reply
0 Kudos
MKohnen
Contributor
Contributor

Sorry, IPCONFIG output is useless if you manually changed all the IP addresses. No worries though.

I only changed the first and second octet ("123.456.x.y") and left the third and fourth octet intact, so you can see that the configuration data comes from the same DHCP server on both host and guest.

Although this shouldn't matter for your networking problem, looking at your vmware.log file I see that your Host has 2 CPU cores. Since your Host only has 2 cores, you shouldn't allocate 2 vCPUs to a single Guest as it can cause resource contention. I suggest changing your Guest to have one vCPU.

Thanks for the hint!

Sorry to keep asking about your Host Network card, but can you tell me what model Broadcom Network card you have and what driver version you have installed? I have a laptop here running Vista 32-bit with a "Broadcom NetXtreme Gigabit Ethernet" driver version 11.7.3.0 (11/3/2008), and it has the following offload features listed "Large Send Offload (IPv4)", "Large Send Offload v2 (IPv4)", and "Large Send Offload v2 (IPv6)". I would imagine that the 64-bit Vista Broadcom NIC drivers would have the same options listed.

The NIC is called "Broadcom NetXtreme 57xx Gigabit Ethernet". I have attached a screen shot of the device manager properties. I use the same driver version, but it doesn't have those offload options.

Reply
0 Kudos
MKohnen
Contributor
Contributor

A colleague of mine has the same problem (host OS Vista x64, NIC: Intel 82567LM Gigabit) when using bridged networking. NAT works on his and my computer, but I need bridged networking to equip the machines with their own public IP address. His NIC does not offer any offloading options either. My options on the host are set this way:

Globale TCP-Parameter

Skalierungsstatus Empfangsseite ("RSS") : disabled

Chimney-Abladestatus ("Chimney") : disabled

Autom. Abstimmungsgrad Empfangsfenster : highlyrestricted

Add-On "Überlastungssteuerungsanbieter" : none

ECN-Funktion : disabled

RFC 1323-Zeitstempel : disabled

The default is RSS enabled, but I disabled it using "netsh int tcp set global rss=disabled". It did not help.

TCP communication to the VM using the IP in the local net is possible.

Any hints?

Reply
0 Kudos
MKohnen
Contributor
Contributor

It works now!

I removed the TOE registry keys and uninstalled everything by Broadcom using Control Panel and Device Manager ("Uninstall driver") until Vista used Microsoft's driver for the network card. I also uninstalled Shrew and the Shrew protocol that was bound to the LAN connection using "Uninstall" in the properties of the LAN connection. Aftrewards, I reinstalled driver 11.7.3.0 - now it works.

Reply
0 Kudos
willdeans
Contributor
Contributor

Dear Sirs:

I am having the exact same DNS problem except my Host OS is Ubuntu 8.04 and the Guests are XP and Ubuntu 8.04

I have no firewall enabled and no antivirus on the Ubuntu host / guest.

I have all original network hardware provided in my Lenovo T61p Type 6460-8XU

I am using my wired NIC.

Please advise.

William Deans

william.deans@gmail.com

484 951 8750

Reply
0 Kudos