Works for me! : ) I agree with you completely...there is no reason to send data to a network that is unreachable. But in this case, the firewall client makes it reachable without a default gateway. I'm preaching to the choir though, I'm sure. : ) [cid:image001.jpg@01C96E5C.074C5760] Richard Hicks Senior Sales Engineer Celestix Networks, Inc. 48001 Fremont Blvd. Fremont, CA 94538 510.668.0700 x229 [Office] 949.330.3919 [Cel] rhicks@xxxxxxxxxxxx<mailto:rhicks@xxxxxxxxxxxx> www.celestix.com<http://www.celestix.com/> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Sunday, January 04, 2009 10:13 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Name Resolution for Windows Vista Clients ..in this email? :) If you think about it, there is no benefit in trying to send data to a network your IP configuration dictates is unreachable. If you want to have some more fun. I triple-dog-dare you to successfully install Office 2007 on any machine that lacks a default gateway. From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Richard Hicks Sent: Sunday, January 04, 2009 9:42 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Name Resolution for Windows Vista Clients Oh...I love new features! ; ) What are the chances this new 'feature' is documented somewhere? Thanks! [cid:image001.jpg@01C96E5C.074C5760] Richard Hicks Senior Sales Engineer Celestix Networks, Inc. 48001 Fremont Blvd. Fremont, CA 94538 510.668.0700 x229 [Office] 949.330.3919 [Cel] rhicks@xxxxxxxxxxxx<mailto:rhicks@xxxxxxxxxxxx> www.celestix.com<http://www.celestix.com/> From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Friday, January 02, 2009 1:43 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Name Resolution for Windows Vista Clients Sorry; nothing you can do. "it's a feature"... From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Richard Hicks Sent: Tuesday, December 30, 2008 4:51 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Name Resolution for Windows Vista Clients Hi Everyone, Recently while working with one of my customers I came across some odd behavior on a Windows Vista client workstation. We noticed that Windows Vista workstations that were configured as Web Proxy and Firewall Clients only (no default gateway) were unable to access non-web based remote resources (e.g. RDP and FTP) by hostname (single label or fully qualified). They could, however, connect by IP address. The odd thing was that Windows XP clients configured in the identical manner did not exhibit this behavior. Windows XP clients configured as Web Proxy and Firewall Clients without a default gateway could access non-web based remote resources without issue, by hostname or IP. In either case, web proxy communication (HTTP, HTTPS, tunneled FTP) worked perfectly. Name resolution on the Windows Vista client worked flawlessly, so I opened a case with Microsoft (SRZ081223000024) so they could shed some light on this for me. After some additional research on their part they were able to determine that this was expected behavior on Windows Vista. Apparently the DNS resolver in Windows Vista filters out hostnames for destinations that are not reachable from the local host. Without a default gateway, Vista had determined that it couldn't connect to the resource because it had no route to the remote network (obviously not aware of the Firewall Client) and so communication fails. So, my question to the group is this: Is there a way to alter the Vista client to eliminate this filtering and have it operate in the same manner as an XP client? And if this is possible, is it advisable? I see that in the registry of my Windows Vista workstations that there is a DWORD value called 'QualifyingDestinationThreshold' in HKLM\System\CurrentControlSet\Services\TCPIP\Parameters key. I have been unable to locate any documentation for this registry value, and attempts at setting it to zero or one didn't seem to resolve my problem. Suggestions anyone? Thanks! [cid:image001.jpg@01C96E5C.074C5760] Richard Hicks Senior Sales Engineer Celestix Networks, Inc. 48001 Fremont Blvd. Fremont, CA 94538 510.668.0700 x229 [Office] 949.330.3919 [Cel] rhicks@xxxxxxxxxxxx<mailto:rhicks@xxxxxxxxxxxx> www.celestix.com<http://www.celestix.com/>