Win8 Network Debugging Troubles

WINDBG
1

I finally have a situation where I need to use network debugging, and I am having no end of trouble getting it working.

Target machine:
Win 8 Enterprise
NIC: RTL 8168 (literally the first one listed on the compatability list)

Host:
Win 7 Pro

I’ve tried using both WinDBG and Visual Studio 2012. With VS 2012, I went through the provisioning instructions and VS reported that the connection was working, but the target never connected to the host on reboot.

Is there anyway to get some information from the target about why it’s not connecting?

2

After KDNET is enabled on the target machine, and the target machine has been rebooted.

If KDNET is not working, run regedit on the target machine from an elevated command prompt and check the following key:

HKEY_Local_Machine\System\CurrentControlSet\Services\kdnet

If there is an error string under that entry, then that is the reason for the failure.

Note that most likely you have an unsupported Realtek chip. Realtek ships MANY different chips that are not really the same device, with identical device IDs. This means that some of the 8168 chips are supported, and some are not. You probably have a new machine, with a chip that isn’t supported by the Windows 8 KDNET code. (It is however very likely supported by Windows 8.1…)

There is an internal version register - different from the device ID that determines whether the chip will actually work with KDNET or not. The driver code reads that register and reports unsupported if that version of the hardware is not supported by KDNET yet.

Hopefully Realtek will move towards revising their device ID’s when they change their device silicon.

Joe.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Sunday, June 23, 2013 6:54 PM
To: Kernel Debugging Interest List
Subject: [windbg] Win8 Network Debugging Troubles

I finally have a situation where I need to use network debugging, and I am having no end of trouble getting it working.

Target machine:
Win 8 Enterprise
NIC: RTL 8168 (literally the first one listed on the compatability list)

Host:
Win 7 Pro

I’ve tried using both WinDBG and Visual Studio 2012. With VS 2012, I went through the provisioning instructions and VS reported that the connection was working, but the target never connected to the host on reboot.

Is there anyway to get some information from the target about why it’s not connecting?

WINDBG is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

3

I’ve having similar problems. I have a Broadcom NIC though. Hardware ID: PCI\VEN_14E4&DEV_166A&SUBSYS_166A14E4&REV_10

Under HKEY_Local_Machine\System\CurrentControlSet\Services\kdnet it says

KdInitResultString: InitializeNetwork failed to get the ethernet address of the host debugger.
KdInitStatus: 0x00000b5

Netmon doesn’t show any traffic. Is there a way to statically assign an IP? If not, what’s my next step in troubleshooting this issue?

Thanks!
Scott

4

If you’re not seeing any network traffic, then assigning a static IP is not likely to fix your problem.

KDNET will do DHCP and APIPA before it attempts to get the host MAC address from the assigned host IP using ARP.

If you don’t see any packets coming out of the Broadcom NIC, then that is likely the real issue.

But you need to enable promiscuous mode on the NIC you are running Netmon on, and you need to be watching for DHCP and ARP traffic as well.

You should see KDNET do DHCP, then ARP to make sure no one is using the DHCP assigned address, then ARP for the host MAC.

After that, it will negotiate a debugger connection with the debugger host. All the debug packets will be UDP to the assigned port, and will have encrypted payloads (except for the unencrypted debug packet header).

Is the Microsoft Kernel Network Debug adapter working and sending traffic on the target machine after you boot up? If it is, then your NIC and KDNET are working fine, and the problem is likely the firewall on the host side.

If the Microsoft Kernel Network Debug Adapter has not been assigned an IP address, and has no DNS addresses, etc., then your problem is the NIC isn’t sending or receiving packets.

You may need to set busparams to make sure KDNET is pointed at the NIC you want to use.

Joe.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of skreel+xxxxx@gmail.com
Sent: Tuesday, June 25, 2013 5:04 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Win8 Network Debugging Troubles

I’ve having similar problems. I have a Broadcom NIC though. Hardware ID: PCI\VEN_14E4&DEV_166A&SUBSYS_166A14E4&REV_10

Under HKEY_Local_Machine\System\CurrentControlSet\Services\kdnet it says

KdInitResultString: InitializeNetwork failed to get the ethernet address of the host debugger.
KdInitStatus: 0x00000b5

Netmon doesn’t show any traffic. Is there a way to statically assign an IP? If not, what’s my next step in troubleshooting this issue?

Thanks!
Scott

WINDBG is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

5

Joe-

Thanks for your response.

The Microsoft Kernel Network Debug Adapter does not appear to be sending or receiving traffic. The motherboard has two nics built into it and I believe I’ve set the busparams appropriately. The Microsoft Kernel Network Debug Adapter replaced the nic I specified via the busparams. In netmon, I don’t see KDNET do dhcp. I don’t see any frames coming out of the nic on the target when it boots or at any point after. When I switch network cords to the other nic in the target system, I see it do DHCP and pass traffic via netmon. So I should be able to see this traffic if KDNET was generating it.

I tried the other nic by changing the busparams. The Microsoft Kernel Network Debug Adapter replaced this nic but again KDNET didn’t generate any traffic on the wire.

Are there any other trouble shootings steps you can think of for me to take?

Thanks!
Scott