Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

The DNS Server service binds to all ports in the Windows Deployment Services port range on a server that is running Windows Server 2008 R2 or Windows Server 2008


View products that this article applies to.

Symptoms

Consider the following scenario:
  • You have a server that is running Windows Server 2008 R2 or Windows Server 2008.
  • You install both the Domain Name System (DNS) Server service and Windows Deployment Services on the server.
In this scenario, the DNS Server service may bind to all ports in the Windows Deployment Services port range. Additionally, Windows Deployment Services cannot respond to client requests.

Note By default, the Windows Deployment Services port range is 64,000 to 65,000.

Also, other symptoms of this problem include the following:
  • TFTP downloads fail.
  • Multicast downloads fail. You may receive an instance of error code 2 when the download fails.
  • If you have Windows Deployment Services tracing enabled, you find one or more error messages that resemble the following in the Wdsserver.log tracing log file:
    [2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\udpportrange.cpp:755] Expression: , Win32 Error=0x2
    [2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\regudpendpoint.cpp:192] Expression: , Win32 Error=0x2
    [2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\inc\RegEndpoint.h:354] Expression: , Win32 Error=0x2
    [2416] 16:01:36: [WDSTFTP][UDP][Ep=0] Registration Failed (rc=2)
  • The Windows Deployment Services port range of 64,001 to 65,000 is displayed as being used when you run the netstat �abn command at a command prompt.

    Note The �b option of the netstat command causes the file name of the executable file that is using the port to be included in the list. If DNS is causing the problem on a port, the file name of the executable file is listed as Dns.exe.

↑ Back to the top


Cause

This problem occurs after you apply security update MS08-037. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
953230 MS08-037: Vulnerabilities in DNS could allow spoofing

↑ Back to the top


Workaround

Windows Server 2008 R2

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To work around this problem if you do not require Windows Deployment Services to use a static port range, you can configure Windows Deployment Services to dynamically query WinSock for available ports instead of using a port range.

To do this, follow these steps:
  1. Start Registry Editor. To do this, click Start
    , type regedit in the Start Search box, and then press ENTER.

    If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.
  2. Locate and then click to select the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Parameters
  3. Right-click UdpPortPolicy, and then click Modify.
  4. In the Value data box, type 0, and then click OK.
  5. On the File menu, click Exit to exit Registry Editor.
  6. Restart Windows Deployment Services.

Windows Server 2008

To work around this problem, use one of the following methods to increase the port range.

Method 1: Windows Deployment Services MMC snap-in

  1. Click Start
    , click Administrative Tools, and then click Windows Deployment Services. If there is no server that is listed under the Servers node, right-click the Servers node, and then click Add Server to add the local computer.
  2. In the navigation pane of the Windows Deployment Services MMC snap-in, expand the list of servers.
  3. Right-click the server for Windows Deployment Services, and then click Properties.
  4. Under Network, increase the UDP Port range. For example, if the current port range is 3,000 ports, increase the port range to 4,000 ports.

Method 2: WDSUTIL command prompt utility

  1. Open a Command Prompt window. To do this, click Start, right-click Command Prompt, and then click Run as administrator.
  2. At the command prompt, run the following command:
    wdsutil /set-Server /Transport /StartPort:50000 /EndPort:65000

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: kbtshoot, kberrmsg, kbbug, kbexpertiseinter, kbsurveynew, kbprb, KB977512

↑ Back to the top

Article Info
Article ID : 977512
Revision : 3
Created on : 11/19/2009
Published on : 11/19/2009
Exists online : False
Views : 747