Symptoms

A Windows Server initially reported as Group Policy failing to update. Further investigation found that the server was unable to resolve the domain name despite having no firewall blocking traffic and having the correct DNS servers configured. Common troubleshooting tools such as Netdom and NSLookup were also failing. Some network traffic was working however.

The server had last restarted 6 months before and the issue had started 2 months after that. For now let’s ignore the elephant in the room of why it had taken 4 months for the issue to be noticed.

Solution

The failing tools all related to UDP traffic.

Running “Netstat –ano –p UDP” showed that all dynamic UDP ports 49152 to 65535 were being used by one process, “Cisco Presence Server Plug-in.exe”. This was UDP port exhaustion. No other service was able to use the UDP dynamic port range which effectively blocked the server from communicating with the domain.

Restarting the server cleared the exhausted ports and the application owner was requested to raise this behaviour with the vendor.