Event ID 1014. How to stop resolve Microsoft address

Question

Hi Support,

Our server environment is a closed network which cannot connect to internet. All windows servers 2022 just configure DNS to DC for internal resolve and access.

We have some servers have DNS Client events 1014 warning:

"Name resolution for the name xxx.xxx.xxx timed out after none of the configured DNS server responded. "

All of the "xxx.xxx.xxx" are internet website to Microsoft such as microsoft.com, windows.net, live.com, etc.

How to stop these external accesses to Microsoft so servers will not ask to resolve external Microsoft address?

Or how can we trace which MS services try to access these external address?

Answer 1

Hello,

Thank you for posting in Q&A forum.

To stop the server from accessing external Microsoft addresses, we recommend trying the following steps:

Configure firewall rules on the server, only allow communication with other servers in your closed network, and block access to the Internet.

Modify the hosts file of the server, specify the IP address of the Microsoft website, and map them to internal addresses instead of external addresses.

Send all DNS requests to your domain controller (DC) for internal resolution. Confirm the DNS configuration is correct by checking the network settings of the server.

Use network monitoring tools or logs to track all applications and services running on the server, especially Microsoft services, and check for any behavior attempting to connect to external Microsoft addresses. You can also enable log auditing on the server, especially for DNS queries and network connection auditing. This can record all DNS queries and network connection attempts that occur on the server, helping you determine which services or applications are attempting to access external addresses.

Hope this answer can help you well.

Best regards，

Jill Zhou