Problem
Windows VMs (VMware vSphere) experience issues when trying to resolve DNS names and encounter network timeouts or packet loss on other protocols as well.
For example, running a simple PowerShell script shows the problem (change *YourFQDN* to your FQDN and ‘*DNS-Server-IP*’ to your DNS server ip address):
1..1000 | Foreach-Object -Process { [pscustomobject]@{ Try = $_ ElapsedTime = (Measure-Command -Expression { Resolve-DnsName -DnsOnly -QuickTimeout -NoHostsFile -Name ‘*YourFQDN*’ -Server ‘*DNS-Server-IP*’ }).TotalMilliseconds -as [int] }} | Group-Object -Feature ‘Elapsed Time’ | Sort Object -Property ‘Number’
Responded 541x in 1000 DNS queries within 2ms 243x in 1000 DNS queries 57x in 1000 DNS queries in 1ms Responded 57x in 3ms 153 DNS queries not answered, timeout >1000ms
vnetWFP’s Debug Logs show event “DEBUG: ALEInspectInjectComplete: Package inject status: c000021b”.
Solution
Update your VMware Tools 11.x to version 11.2.6 with the Guest Introspection Driver and restart your VM or uninstall the Guest Introspection Driver. We first suspected it was VMware NSX-T or VMware Carbon Black EDR but it wasn’t. This was the NSX Guest Introspection Driver.
Root Cause: Packet drop is seen due to intermittent error reported by Microsoft WFP packet injection API.
https://ift.tt/3r0QW1S
After updating or uninstalling the driver, the problems disappeared:
985x out of 1000 DNS queries 10x replied in 1000 DNS queries within 1ms 2ms 10x replied in 1000 DNS queries 3ms 3x replied in 1000 DNS queries 4ms 1x replied in 1000 DNS queries 35ms 1x replied in 1000 DNS queries 0x timed out.