question

rannday-6051 avatar image
0 Votes"
rannday-6051 asked SunnyQi-MSFT commented

"net stop dnscache" Not working

The requested pause, continue, or stop is not valid for this service.

More help is available by typing NET HELPMSG 2191.


net helpmsg 2191

The requested pause, continue, or stop is not valid for this service.

Real helpful help message, there...

So, what's going on? /flushdns seems to be working. /displaydns shows only a few sites that I'm currently on after. nslookup still showing incorrect IP for a DNS entry. Dig through WSL or any other system shows the correct entry. Pinging the domain from CMD also shows the incorrect IP.

Read try to the "net stop dnscache", but I'm receiving that error, and I can't find any resources on how to resolve it.

windows-10-network
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yes, I've tried running these commands through CMD with administrator priveleges. Yes, I've tried rebooting.

0 Votes 0 ·

I gave up. Just edited the hosts file.

0 Votes 0 ·

Hi,

Just want to confirm the current situations. Was the issue resolved now?

Best Regards,
Sunny

0 Votes 0 ·

1 Answer

GaryNebbett avatar image
0 Votes"
GaryNebbett answered GaryNebbett commented

Hello @rannday-6051,

The message from "sc stop dnscache" is perhaps more revealing; it says, on my PC:

[SC] OpenService FAILED 5:

Access is denied.

The command "sc sdshow dnscache" shows:

D:
(A;CI;CCLCSWRPLORC;;;BU)
(A;CI;CCLCSWRPDTLORC;;;BA)
(A;CI;CCLCSWRPDTLORC;;;SY)
(A;;CCLCSWRPLORC;;;IU)
(A;CI;CCLCSWRPLORC;;;NS)
(A;CI;CCLCSWRPLORC;;;LS)
(A;CI;CCLCSWRPDTLORC;;;NO)
(A;CI;CCLCSWDTLOCRRC;;;S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582)
(A;CI;CCLCSWRPLORC;;;AC)
(A;CI;CCLCSWRPLORC;;;S-1-15-3-1)
(A;CI;CCLCSWRPLORC;;;S-1-15-3-2)
(A;CI;CCLCSWRPLORC;;;S-1-15-3-3)
S:
(AU;FA;CCLCSWRPDTLORC;;;WD)

Most other services show this security descriptor:

D:
(A;;CCLCSWRPWPDTLOCRRC;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)
(A;;CCLCSWLOCRRC;;;SU)
S:
(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

So the ability to stop the service is not granted to anyone. This is an unusual way of refusing to stop - normally the service control function just returns ERROR_CALL_NOT_IMPLEMENTED for controls (such as SERVICE_CONTROL_STOP) that it wants to block.

Gary

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Same error - Acces is denied.

D:(A;CI;CCLCSWRPLORC;;;BU)(A;CI;CCLCSWRPDTLORC;;;BA)(A;CI;CCLCSWRPDTLORC;;;SY)(A;;CCLCSWRPLORC;;;IU)(A;CI;CCLCSWRPLORC;;;NS)(A;CI;CCLCSWRPLORC;;;LS)(A;CI;CCLCSWRPDTLORC;;;NO)(A;CI;CCLCSWDTLOCRRC;;;S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582)(A;CI;CCLCSWRPLORC;;;AC)(A;CI;CCLCSWRPLORC;;;S-1-15-3-1)(A;CI;CCLCSWRPLORC;;;S-1-15-3-2)(A;CI;CCLCSWRPLORC;;;S-1-15-3-3)S:(AU;FA;CCLCSWRPDTLORC;;;WD)

Looks like the same output for that one command, too.

How the heck am I supposed to clear the internal dnscache, then? From what I've read, nslookup has its own cache. What about ping? Why does that show the wrong IP as well?




0 Votes 0 ·

Hello @rannday-6051,

I am surprised about the security descriptor, since there is a Microsoft article that talks about stopping the DnsCache service with "sc stop" or "net stop": https://docs.microsoft.com/en-us/windows-server/networking/dns/troubleshoot/disable-dns-client-side-caching.

Some options are:

  • Reboot the system.

  • Save the SDDL of the service, change it to be the same as other services and try to stop the service.

  • Just (try to) kill the service process and see what happens.

  • Use the Microsoft-Windows-DNS-Client ETW trace provider to try to understand why the incorrect address is being reported. Clearing the cache (by whatever means) might not resolve the problem, so it might be useful to get some more insight into what is actually happening.

Gary



0 Votes 0 ·

Reboot didn't help, but I'll try a /flushdns and reboot again for good measure.

Save the SDDL of the service, change it to be the same as other services and try to stop the service.

Use the Microsoft-Windows-DNS-Client ETW trace provider

No clue what either of those are. But I'll look into it.

As for the service. "DNS Client" is the service, I'm assuming? Windows not even giving me the option to start/stop/restart.

https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings/grayed-out-services-in-windows-10/346bd141-13e2-42de-b93a-c4481b23ec43?page=2

I own this system. I'm the admin. Why did Microsoft make it so hard to manage Windows...





0 Votes 0 ·
Show more comments