Resuming a Windows 7 VM that uses NAT sometimes triggers an endless loop of NBNS queries/refreshes for the VM's name. From a Wireshark trace it looks like this happens two or three times a second continuously until Fusion is quit (shutting down the VM has no effect). Does anyone know if there's a way to fix this so I stop bombarding the name server?
I'm seeing this same problem. I migrated my Win7 VM from Parallels 8 and I wasn't seeing any weird NetBIOS traffic before. It definitely seems related to the vmnat process. For me once the NetBIOS chatter starts (usually within a few minutes to a half hour of starting my Win7 VM), it generates about 80k/s of traffic!
If anyone else is seeing this problem, please reply. For any VMware guys seeing this, let me know what I can do to try to help debug this situation more.
Thanks for pointing this out. Did you get the NBNS queries/refreshes on your Mac OS or your Windows 7 VM? I could see the NBNS queries on Mac even without Fusion running. Do you mind attaching the sniffer? Thank you.
Thanks for your support. I still could not find NSNB query/refresh packets destinated to device that starts with vmware_XX on my Mac.Which Fusion version are you using? Judging from the packet, it seems your Mad owns ip address 172.20.204.12, and 172.20.204.x should be allocated to your NAT VM? Does your windows 7 network work properly? Would you mind describe your network setup on your Mac and your windows 7 VM? Thanks you very much.
Nancy, are you a representative from VMWare?
Here are some details:
My Mac (host system) is on a private network at my house: 172.20.204.0/24, it's IP address is 172.20.204.12. My DHCP/DNS server is a Windows 2008 server at 172.20.204.2. My screenshot may be a little confusing because it shows my Windows 2008 server as having a VMware MAC address -- that's because it's a virtual machine running inside of an ESXi server
My Windows 7 VM has two network adapters configured -- one NAT and one Bridged. I always prefer to use NAT because sometimes I'm VPN'd in on my Mac and want my Windows 7 VM to be able to reach VPN-based systems. I normally leave the Bridged network device as "disabled" within Windows 7. I don't think it matters, but I configured a custom network range for the shared NAT network between my Mac and NAT-enabled VM instances (172.31.255.240/28) - as you can see it is different than my home network range.
I start seeing a flood of NBNS queries emanating from my Mac's IP address (172.20.204.12) and destined for my DNS/DHCP server (172.20.204.2) after using my Windows 7 VM for a certain period of time. I haven't been able to narrow down exactly when it starts -- or what might be the trigger event that starts the flood. I run LittleSnith and I usually notice the problem when I see LittleSnitch's network graph start getting pegged with traffic when I have no other significant network activity going on. If I suspend or shutdown my Windows 7 VM, the traffic continues. The only way I can get the NBNS flood to stop is to manually kill the vm-natd process and start it again by hand (via sudo). Sometimes when I try to restart it, I get the following error:
7/4/13 10:54:47.889 PM vmnetNAT: Reporting status to parent on status fd: 7 failed, error: Device not configured
As a side note, can you explain in detail what these settings in vmnet8/nat.conf do?
# Timeout for NBNS queries.
nbnsTimeout = 2
# Number of retries for each NBNS query.
nbnsRetries = 3
# Timeout for NBDS queries.
nbdsTimeout = 3
I haven't fiddled with any of these defaults...maybe they are related to this problem?
Nope, I'm not running a WINS server on my W2008 box..
Again, I moved from Parallels 8 to VMware Fusion because of a few quirks I didn't like in Parallels.. I haven't changed the configuration of my Windows 7 VM or my W2008 server and I didn't experience this weird NetBIOS traffic problem under Parallel's NAT solution..
Attached is a small PCAP file from me as well. Another thing to note: all of the NetBIOS traffic in my PCAP is invalid. When I captured this traffic, my Mac was connected to a network away from my normal home network. All of the NetBIOS flood traffic observed was directed at a computer at my house, even though I was on a different subnet and that system wasn't even reachable...
I found a work-around, but not a complete resolution to the issue. If I completely disable NetBIOS support in my Windows 7 VM, the problem went away (setting is listed as "Disable NetIOS over TCP/IP" -- see screenshot). However, I still consider this a bug in vmnet-natd, because I never had to turn that setting off under Parallels.. and I've never seen this problem with any other virtualization technology that supports NAT when running a Windows 7 VM (VirtualBox, ESXi, VMware Player).
The VMWare tech that responded when I opened the ticket was very helpful but the next steps in debugging this issue was to do a remote screen sharing session during a workday (Mon-Fri, 9-5p EST). I have a pretty hectic schedule and couldn't make time during business hours for that. The support ticket is closed now AFAIK, but if I am able to schedule time for more debugging, I may re-open it (or if you want, I'm sure you could pursue that as well).
Seeing the same symptoms here, constant NetBIOS chatter while Windows 7 is running within VMWare Fusion 5.0.3. Disabling NetBIOS within Windows 7 as per previous post didn't help. Looking at /Library/Preferences/VMware Fusion/vmnet8/nat.conf if I bump up the netbios-related timeouts to 20 seconds:
nbnsTimeout = 20
nbdsTimeout = 20
then indeed I see the busts of NetBIOS packets directed at our domain controller (which doesn't answer) only every 20 seconds, which helps to reduce the traffic, but doesn't eliminate the problem. It may be that the problem is also on the domain controller / active directory side, which would cause the domain controller to ignore these WINS queries?
I seem to have gotten the NetBIOS chatter under control. Turns out that the Mac (running 10.8.4) had invalid WINS configuration information, pointing to a Windows 2008R2 which didn't have WINS services enabled, so it was just ignoring all the WINS traffic.
So what worked for me:
- disable NetBIOS over IP in the Windows 7 VM as per previous post
- remove incorrect WINS config in the OS X Network System Preferences panel
Everything now seems to be quiet.
the Mac (running 10.8.4) had invalid WINS configuration information, pointing to a Windows 2008R2 which didn't have WINS services enabled, so it was just ignoring all the WINS traffic.
Did you mean that Windows 2008R2 was specified as a WINS Server?
Yes, the Mac had the IP address of a Windows 2008R2 domain controller set as the WINS server, but that DC didn't have the WINS server role configured. It doesn't look like we need WINS at all in our environment, so disabling it seems to make sense.