Opened 15 years ago
Closed 14 years ago
#6959 closed defect (fixed)
NAT regression from 3.1.8
| Reported by: | cprofitt | Owned by: | |
|---|---|---|---|
| Component: | network/NAT | Version: | VirtualBox 3.2.4 |
| Keywords: | Cc: | ||
| Guest type: | Windows | Host type: | Linux |
Description (last modified by )
After upgrading from 3.1.8 to 3.2.0 or 3.2.4 I encounter a regression in NAT. Details below:
Running 3.2.4: Computer is using NAT for networking
- I can authenticate to Active Directory if I do so immediately. If I allow the machine to sit at the login prompt for more than 60 seconds I get a message 'internal error'
- If I use the Microsoft DNS Management tool I can not access the DNS server and manage it
- If I launch Microsoft DHCP Management tool I can not access the DHCP server
Running 3.2.4: Computer is using Bridged for networking
- I can authenticate to Active Directory
- If I use the Microsoft DNS Management tool I can access the DNS server and manage it
- If I launch Microsoft DHCP Management tool I can access the DHCP server
Running 3.1.8 Computer is using NAT for networking
- I can authenticate to Active Directory
- If I use the Microsoft DNS Management tool I can access the DNS server and manage it
- If I launch Microsoft DHCP Management tool I can access the DHCP server
Attachments (3)
Change History (32)
by , 15 years ago
follow-up: 2 comment:1 by , 15 years ago
| Description: | modified (diff) |
|---|
follow-up: 3 comment:2 by , 15 years ago
Replying to frank: Frank: Is there any other data I can gather to pinpoint this issue?
comment:3 by , 15 years ago
I did an ipconfig on the guest.
3.1.8 Windows IP Configuration
Host Name . . . . . . . . . . . . : Firefly-VM Primary Dns Suffix . . . . . . . : pcsd.monroe.edu Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : pcsd.monroe.edu
monroe.edu
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : pcsd.monroe.edu Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter Physical Address. . . . . . . . . : 08-00-27-43-A9-F5 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.0.2.15 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.2.2 DHCP Server . . . . . . . . . . . : 10.0.2.2 DNS Servers . . . . . . . . . . . : 10.120.255.5
10.120.255.5
Lease Obtained. . . . . . . . . . : Friday, June 11, 2010 1:16:57 PM Lease Expires . . . . . . . . . . : Saturday, June 12, 2010 1:16:57 PM
3.2.4 Windows IP Configuration
Host Name . . . . . . . . . . . . : Firefly-VM Primary Dns Suffix . . . . . . . : pcsd.monroe.edu Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : pcsd.monroe.edu
monroe.edu
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : pcsd.monroe.edu Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter Physical Address. . . . . . . . . : 08-00-27-43-A9-F5 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.0.2.15 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.2.2 DHCP Server . . . . . . . . . . . : 10.0.2.2 DNS Servers . . . . . . . . . . . : 10.120.255.5
10.120.255.5
Lease Obtained. . . . . . . . . . : Friday, June 11, 2010 2:45:55 PM Lease Expires . . . . . . . . . . : Saturday, June 12, 2010 2:45:55 PM
comment:4 by , 15 years ago
Could you please collect pcap file of fail attempts? And other question. Are these tools distributed with Ms servers OSes or they are downloadable from somewhere?
comment:5 by , 15 years ago
I will get the pcap file later today. The programs are part of the server management tools. You can download the versions I have here.
comment:6 by , 15 years ago
The pcap file was too large to capture all the login process and running the application. The file attached is just running the app.
comment:7 by , 15 years ago
When I tried saving the machine state at the login and then starting it to capture just the login -- the login failed. The login apparently only works on initial boot.
by , 15 years ago
| Attachment: | loginfail.pcap added |
|---|
comment:8 by , 15 years ago
The initial bootup and login are too large - 508.1 KB - to attach. Not sure how I can get you that information.
follow-up: 10 comment:9 by , 15 years ago
I just tried the login by itself and it is 450.2 KB -- So I can not even get that to you.
comment:10 by , 15 years ago
Replying to cprofitt:
I just tried the login by itself and it is 450.2 KB -- So I can not even get that to you.
delivery instructions has been delivered.
comment:13 by , 15 years ago
Replying to cprofitt:
Hachiman -- you want the IP of the guest?
No I'd like to know the server's IP to know which traffic I should investigate. There're several destinations in pcap files, that why i'm asking.
follow-up: 16 comment:15 by , 15 years ago
comment:16 by , 15 years ago
follow-up: 19 comment:18 by , 15 years ago
I found the link thanks to help on IRC. The 3.2.6 b2 version still had the same regression.
comment:19 by , 15 years ago
Replying to cprofitt:
I found the link thanks to help on IRC. The 3.2.6 b2 version still had the same regression.
Regarding loginfail.pcap: There're authentication sequences between guest and pointed server: Kerberos and DCERPC. First one looks suspicious, but not invalid or broken: there're sequence of AS and TGS, every first AS-REQ and TGS-REQ are rejected with KRB5KRB_AP_ERR_SKEW (Clock skew too great), but every second is accepted by server. DCERPC looks fine at least no errors are pointed in protocol's headers/bodies. As soon as repeated requests contains the same information, and they're accepted by server and thus it shouldn't lead to login fail.
BTW: what the link which solves your problem? Could you please post it on ticket, probably it will give some hint to me?
follow-up: 21 comment:20 by , 15 years ago
link: http://forums.virtualbox.org/viewtopic.php?f=15&t=32277
I actually thought about issues with time skew and the client machine has the same time (measured in minutes). The link did not solve the problems, merely told me where to download 3.2.6b.
comment:21 by , 15 years ago
Replying to cprofitt:
link: http://forums.virtualbox.org/viewtopic.php?f=15&t=32277
I actually thought about issues with time skew and the client machine has the same time (measured in minutes). The link did not solve the problems, merely told me where to download 3.2.6b.
Probably Kerberos isn't a reason, because finally all requests are satisfied by kerberos server (on second attempt). Could you please try the same login operation with bridged networking and attach guest trace for it (just login).
comment:22 by , 15 years ago
I am bogged down today -- and off tomorrow -- will try to do this Wednesday.
follow-up: 24 comment:23 by , 15 years ago
I tried again to get the file small enough -- but no dice -- is there another way to get it to you?
comment:24 by , 15 years ago
Replying to cprofitt:
I tried again to get the file small enough -- but no dice -- is there another way to get it to you?
you can send it to me via mail [vasily _dot_ levchenko _at_ Sun _dot_ COM].
follow-up: 26 comment:25 by , 15 years ago
Sent an email with two captures -- 3.2.6 both with NAT and Bridged -- the startup process up to the login.
comment:26 by , 15 years ago
Replying to cprofitt:
Sent an email with two captures -- 3.2.6 both with NAT and Bridged -- the startup process up to the login.
Thank you, will take a look later today.
comment:29 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
VBox.log file with NAT issues