Sorting out DNS and Name resolution mysteries and deleting registry keys automatically

I’ll start with a weird one.  This is less of an article and more of "Finding a needle in a haystack" story.  It started with a client that had a series of laptops that would not surf off site.

First answer "WINSOCK! FIX THE WINSOCK! SPYWARE!"

Nice try smart guy.

Running the NETSH RESET doesn’t fix it, nor does renaming the WINSOCK,WINSOCK2 and reinstalling TCP/IP OR getting your hands on any one of a dozen "Stack fixers"

NEXT!

How about this

Onsite (Corporate lan) no issue.

Offsite Not working.

"EASY!" You scream out. "PROXY SERVERS!"

Swat.  Back down and sit at the back of the class.  Checking the Proxy settings in the browser.  Clean.

"STATIC DNS!" I see somebody jumping up "STATIC ENTRIES IN THE HOSTS FILE!"

No no no no and No.   Remember I said "Needle in a Haystack."

So let’s see what I have for info.  Notebooks had Novell Client32, 3 party dialup, any one of three internet connections and a domain configuration.

And to boot?  A new install was doing it too.

Right.  System restore.  Back to domain membership and before applications installed.   Install dialer.  Hey it works! It works!  Reboot and test several times STILL WORKING.

Now add in Novell Client32.   Login working.  Offsite NOT WORKING.  My first GUT reaction.  Some type of policy applied with Novell.   Other than the Service Pack, nothing had really changed.  Must be a service pack issue.  I beam with pride having pointed out the troublemaker.

Client taps me on the back.

"We have one with SP2 doing it as well as SP4 Novell Client32"

Magic words burst forth to the computer gods in the sky.   The gods look down and smile with glee.  "Buah hah hah hah! Ye shalt not solveth this one! Buah hah hah hah!"

The only hint.  Running NSLOOKUP would show the two internal Corporate DNS servers as default, hard coded.  Finally in desperation, a regedit search.  Maybe it’s in plain text.

FIND 10.x.x.x

DING.  It shows up under a policy "DNS SERVERS".  My eyes roll in my head.  Some old legacy policy? NT 4! An NTCONFIG.POL file!  But why today?

Why is not relevant.  A fix.   Try renaming the key.  Poof.  Internet surfing working immediately.  The bandaid?  A simple REG file created for the user to purge that entry.

Deleting a registry key is not difficult.  You can do some fancy RUNDLL or Vbscript stuff.  If you have Powershell that’s built in (LOVE Powershell!)

But with a .REG file (text file for importing changes to a registry) it’s not difficult.

Using REGEDIT, use the File/Export option to export the key in question.  Now it all depends if you want to delete the WHOLE KEY or just specific entries.  It’s still easy but a teeny bit different.

So let’s say the contents of "SAVED.REG" is

———————–

Windows Registry Editor Version 5.00

[HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0-07\\bin\\jusched.exe\""

———————–

Let’s pretend the offending key I want to remove is the "iTunesHelper" (not picking on Apple, just a random sample, so put the lawyers away!)

To remove the "Bad Apple" (sorry, bad pun!) from the system you simple make the file look like this.

———————-

Windows Registry Editor Version 5.00

[HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="-

———————–

So you change the contents being assigned to the value in the .REG file with a simple "-" (Minus, dash, hyphen, pokey thing) character

Resaving the file as FIX.REG or UNDO.REG or OHJANESTOPTHISCRAZYTHING.REG will get you a nice little file that will allow a merge into the registry to purge THAT SINGLE ITEM.  You will of course need adminstrative privaledges to do this but it IS handy to know this.

Now if you wanted to delete the entire key (BACK IT UP FIRST!) the command looks like this

———————-

Windows Registry Editor Version 5.00

[-HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

—————————

Did anybody spot the difference and what we use to pull all of this off?  That’s right, the "-" (minus, dash, hyphen or whatever you would LIKE to call it).  Placed just after the "[" in that entry of the REG file will cause it to purge that ENTIRE key.  Careful.   This is a VERY powerful and dangerous option and should be used with extreme caution.

Now back to my "Needle in the Haystack" story

So digging into Group Policy later we found entries in the Default Domain applying hard coded DNS servers.  Why today.   That we didn’t isolate.  But it was revealed to me that the original consultant who setup the network years ago (Think just as A/D came out in Windows 2000) didn’t like using Active Directory Users and Computers and had turned on EVERY stupid legacy feature they could.  Best we could guess some automatic update triggered something between Windows and Novell to cause this beast to rise to the surface.   Normally I would have assumed a Group Policy, but it only applied when Client32 logged in.  

Boy doesn’t THAT throw you for a loop?

But I’ll tell you it was both interesting and frustrating to find it.  It also goes to show what can happen when you start over customizing the system.   Especially a) If you don’t document it and B) if you know JUST enough to get in trouble.

But it also shows that almost ANY problem CAN be solved without a full re-install of the operating system.  You just have to dig sometimes.

Sean
The Energized Tech
Dedication and Inspiration creating the new Generation


[array]$Archive

Energized About Windows PowerShell, , Ottawa, Ontario USA

© 2014 Energized About Windows PowerShell-- All rights reserved.

Email Us
  • Facebook Logo
  • Twitter Logo
  • RSS logo
  • YouTube logo