DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 977512 - Last Review: November 19, 2009 - Revision: 1.2

On This Page

SYMPTOMS

Consider the following scenario:
  • You have a server that is running Windows Server 2008 R2 or Windows Server 2008.
  • You install both the Domain Name System (DNS) Server service and Windows Deployment Services on the server.
In this scenario, the DNS Server service may bind to all ports in the Windows Deployment Services port range. Additionally, Windows Deployment Services cannot respond to client requests.

Note By default, the Windows Deployment Services port range is 64,000 to 65,000.

Also, other symptoms of this problem include the following:
  • TFTP downloads fail.
  • Multicast downloads fail. You may receive an instance of error code 2 when the download fails.
  • If you have Windows Deployment Services tracing enabled, you find one or more error messages that resemble the following in the Wdsserver.log tracing log file:
    [2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\udpportrange.cpp:755] Expression: , Win32 Error=0x2
    [2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\regudpendpoint.cpp:192] Expression: , Win32 Error=0x2
    [2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\inc\RegEndpoint.h:354] Expression: , Win32 Error=0x2
    [2416] 16:01:36: [WDSTFTP][UDP][Ep=0] Registration Failed (rc=2)
  • The Windows Deployment Services port range of 64,001 to 65,000 is displayed as being used when you run the netstat –abn command at a command prompt.

    Note The –b option of the netstat command causes the file name of the executable file that is using the port to be included in the list. If DNS is causing the problem on a port, the file name of the executable file is listed as Dns.exe.

CAUSE

This problem occurs after you apply security update MS08-037. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
953230  (http://support.microsoft.com/kb/953230/ ) MS08-037: Vulnerabilities in DNS could allow spoofing

WORKAROUND

Windows Server 2008 R2

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
To work around this problem if you do not require Windows Deployment Services to use a static port range, you can configure Windows Deployment Services to dynamically query WinSock for available ports instead of using a port range.

To do this, follow these steps:
  1. Start Registry Editor. To do this, click Start
    Collapse this imageExpand this image
    the Start button
    , type regedit in the Start Search box, and then press ENTER.

    Collapse this imageExpand this image
    User Account Control permission
    If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.
  2. Locate and then click to select the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Parameters
  3. Right-click UdpPortPolicy, and then click Modify.
  4. In the Value data box, type 0, and then click OK.
  5. On the File menu, click Exit to exit Registry Editor.
  6. Restart Windows Deployment Services.

Windows Server 2008

To work around this problem, use one of the following methods to increase the port range.

Method 1: Windows Deployment Services MMC snap-in

  1. Click Start
    Collapse this imageExpand this image
    the Start button
    , click Administrative Tools, and then click Windows Deployment Services. If there is no server that is listed under the Servers node, right-click the Servers node, and then click Add Server to add the local computer.
  2. In the navigation pane of the Windows Deployment Services MMC snap-in, expand the list of servers.
  3. Right-click the server for Windows Deployment Services, and then click Properties.
  4. Under Network, increase the UDP Port range. For example, if the current port range is 3,000 ports, increase the port range to 4,000 ports.

Method 2: WDSUTIL command prompt utility

  1. Open a Command Prompt window. To do this, click Start, right-click Command Prompt, and then click Run as administrator.
  2. At the command prompt, run the following command:
    wdsutil /set-Server /Transport /StartPort:50000 /EndPort:65000

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

APPLIES TO
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Web Server 2008 R2
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
Keywords: 
kbtshoot kberrmsg kbbug kbexpertiseinter kbsurveynew kbprb KB977512
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support