Some Windows 10 users have issues with DNS resolution after installing the latest Windows 10 cumulative updates released this week.
As part of this week's April 2021 Patch Tuesday, Microsoft released the Windows 10 KB5001330 & KB5001337 cumulative updates to fix various security vulnerabilities and bugs discovered in the operating system.
Since installing the updates, some corporate users have reported having issues with DNS resolution that prevent access to shared folders on servers when trying to access them by the server's name. If attempting to access the shared folder via the server's IP address, users can properly connect to the shared folders.
To access shared folders again, admins had to uninstall the cumulative update, which is not a good solution as it removes security fixes.
After users began reporting the issue on BleepingComputer's forum, users determined that many affected users are using the Dentrix Dental Practice Management software in their offices.
A longstanding support recommendation for Dentrix customers to reduce network lag has been to disable multicase name resolution (LLMNR) on Windows workstations. This is done by enabling the 'Turn off multicast name resolution' group policy under Computer Configuration > Administrative Templates > Network > DNS Client.
However, since installing the latest cumulative updates, this policy prevents users from accessing their shared server folders.
Dentrix has acknowledged the issue and stated that after coordinating with Microsoft, disabling this group policy is the recommended way to resolve this issue.
"After working with Microsoft, we believe that we have found a solution that allows you to keep the critical Microsoft Security Update installed. It appears that this issue can be resolved by enabling "Link Layer Multi-cast Name Resolution" (LLMNR). This is a Windows Group Policy that many users have disabled over the years. Re-enabling it seems to restore proper IP Address resolution which in turn restores connectivity to the Dentrix Database. To enable LLMNR, follow the steps below."
To disable the policy (enable LLMNR) and fix the DNS resolution issues, the recommended steps are:
- Go to Start>Run and type GPEdit.msc
- This should open the Local Group Policy Editor.
- Use the Group Policy Editor to navigate to Local Computer Policy>Computer Configuration>Administrative Template>Network>DNS Client.
- Double-Click "Turn Off Multicast Name Resolution."
- Mark the radio button labeled "Disabled."
- Click Apply and OK.
- Open a Windows Command Prompt Window (Start>Cmd.exe) and enter the command ipconfig /flushdns .
Dentrix customers do not see this as an adequate solution as LLMNR could cause lag while using the software. Instead, they recommend users add the affected server's name and IP address to the HOSTS file, which seems to fix the issue.
"Enabling Multicast is definitely not an option for Dentrix due to slowness.
Microsoft needs to release a fix asap.
Best resolution we have found so far is the host file fix, the DNS service fix hasn't fixed any of them yet for us but was reported by someone else as a fix." - a Dentrix customer posted to our forums.
This bug is not related solely to Dentrix users but instead to whoever has LLMNR disabled, which for the most part, has been Dentrix customers who were told to disable it.
While it is unknown what caused this bug, Microsoft fixed two DNS vulnerabilities [1, 2] this month that may have contributed to this abnormal behavior.
BleepingComputer has contacted Microsoft regarding this bug but has not heard back.
Comments
fromFirefoxToVivaldi - 2 years ago
There's more: ghacks.net wrote about KB5001330 causing issues with gaming or even boot loops.
Lawrence Abrams - 2 years ago
Saw those reports but those are common on almost every release of a cumulative update.
deebee62 - 2 years ago
I continue to have DNS issues. And yes I recently installed the Microsoft update linked to the problem. I'm really considering alternative operating systems at this point. I'm tired of the public fixing problems that should be vetted by the company releasing the software.
BossV - 2 years ago
OMG - WHAT A MESS!!!! I spent the last 2 nights trying to resolve Mapping a Drive and File Sharing. You'd think this is simple stuff.
April 16, and finished up today on April 17, 2021.
Total 5 computers on net - 2 win7, 3 win10.
Added a new Win 10 - 10.0.17763 N/A Build 17763 (Three)
could not see on the network - 10.0.17763 N/A Build 17763 (One)
Attempted to connect to a current good - share file from One to Three... by mapping a drive on Three. Using the user name and password. NO GO! Yes I tried using the IP address, no success. (Thanks Microsoft!)
Checked Network Discovery on all computers on the net: All good.
Disabled:
UAC - to zero
Firewall - OFF
Group Policy Edit - Enable insecure guest logons
Check and set services:
Function Discovery Provider Host
Function Discovery Resource Publication
SSDP Discovery
UPnP Device Host
I was a hair away from resetting the network settings on ONE.
Wait - it gets better!
!! Restaurant environment!! Dinner rush.
ONE had a DB error which required me to stop all incoming connection to the DB. Staff not co-operating.. I rebooted 3 of the units to disconnect from DB. Resolved my DB problems.
Now after coming back online 2 of the 3 rebooted computes could not connect to ONE. HARD Face Palm plant.
Not accepting User and Password.
Discussed with a collogue, Network and Sharing Center > Disabled password protected sharing!
(Not how this is supposed to be done)
Bingo. It worked.
Question - can my wife sue MS if I die of a heart attack, while stressing out from attempting to fix MS messes? (I'm certain there's a more "pe·jo·ra·tive" way of saying this)
krdondon - 2 years ago
https://admx.help/?Category=Windows_7_2008R2&Policy=Microsoft.Policies.DNSClient::Turn_Off_Multicast
[Enabled Value]
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0
[Disabled Value]
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 1
(It’s no use.My guess.)
My story.
I recently caught a virus.
PUM.Dns
dns.. in-addr.arpa
dns lookup (I did not implement it.
I'm a beginner on the computer beginner.)
:)