Why is hosts file not being used?

  • Thread starter Thread starter Rick Mortensen
  • Start date Start date
R

Rick Mortensen

I have a couple of applications that rely upon the hosts
file in WIN2K. Through much head banging I have come to
the conclusion that W2K is not using the hosts file (I
have read and investigated the articles on hosts file
corruption with no positive results). This may be due to
a recent software installation and/or security update that
made a registry change. The trouble is I don't know which
software and what the change was...

I have searched the entire registry for 'hosts' both on
the problem machine and a machine that doesn't have the
problem. Neither produced any registry items that seemed
to relate to the problem.

The question is: Where is the use of the hosts file
configurable? I assume it will be found in the registry
somewhere but where and what is it supposed to look like
(vs. what it may look like now).

Thanks in advance..
 
Rick Mortensen said:
I have a couple of applications that rely upon the hosts
file in WIN2K. Through much head banging I have come to
the conclusion that W2K is not using the hosts file (I
have read and investigated the articles on hosts file
corruption with no positive results). This may be due to
a recent software installation and/or security update that
made a registry change. The trouble is I don't know which
software and what the change was...

I have searched the entire registry for 'hosts' both on
the problem machine and a machine that doesn't have the
problem. Neither produced any registry items that seemed
to relate to the problem.

The question is: Where is the use of the hosts file
configurable? I assume it will be found in the registry
somewhere but where and what is it supposed to look like
(vs. what it may look like now).

Thanks in advance..
Click to expand...


Check the advanced TCP/IP settings. You can check the field "enable LMHOSTS
lookup".

Vaya.
 
Rick said:
I have a couple of applications that rely upon the hosts
file in WIN2K. Through much head banging I have come to
the conclusion that W2K is not using the hosts file (I
have read and investigated the articles on hosts file
corruption with no positive results). This may be due to
a recent software installation and/or security update that
made a registry change. The trouble is I don't know which
software and what the change was...

I have searched the entire registry for 'hosts' both on
the problem machine and a machine that doesn't have the
problem. Neither produced any registry items that seemed
to relate to the problem.

The question is: Where is the use of the hosts file
configurable? I assume it will be found in the registry
somewhere but where and what is it supposed to look like
(vs. what it may look like now).

Thanks in advance..
Click to expand...

Check in Internet Explorer to see if the machine is set up to use a
proxy server, I seem to recall this can bypass the HOSTS file
 
Steve,

Thanks for the suggestion but this is outside IE. Ping
doesn't use IE proxy info and still needs to get an IP for
a hostname (i.e. the hosts file) before it can 'ping'.

Consider the following hosts entry (with a CR after the
last entry):
192.168.1.1 testing

Regardless of the validity of the IP address ping is
supposed to go lookup the IP address if it isn't found in
DNS (not sure of the order for MS.... DNS-hosts or hosts-
DNS) and attempt to 'ping' it. Here is the response:

C:\WINNT\system32\drivers\etc>ping testing
Unknown host testing.

Thanks again...
 
If you run AdAware on your computer it should display your hosts file and alert you
to changes to the hosts file or it's default location as some spyware or viruses will
modify both. The hosts file must not have an extension to it which users commonly add
when they save it.

http://www.download.com/3000-2094-10045910.html?legacy=cnet

The registry key that tells the operating system where the hosts file is located is
shown below from the follwing link. --- Steve

http://www.microsoft.com/technet/itsolutions/network/deploy/depovg/tcpip2k.mspx

HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services:
\Tcpip
\Parameters

DatabasePath
Key: Tcpip\Parameters

Value Type: REG_EXPAND_SZ-Character string

Valid Range: A valid Windows NT file path

Default:: %SystemRoot%\system32\drivers\etc

Description: This parameter specifies the path to the standard Internet database
files (Hosts, Lmhosts, Network, Protocols, Services). It is used by the Windows
Sockets interface.
 
Doug,

I tried this after reading and reading and reading... I
tried it with the value being set to both 0 and 1. There
are two interesting things I found reading the article you
list below:

1. This seems to be related to netbios although at this
level it should not matter since it appears netbios just
happens to use the hosts file too.

2. The second thing that caught my attention as the very
name suggests it is to turn on and off DNS; not the use of
the hosts file. The article actually says it controls
both things but it only has two settings so I wonder how
that works....
 
Thank Steve,

I found all this on Microsoft's web (been searching for
two days). I already have AdAware with all the current
updates; it didn't find anything and yes the hosts file is
named 'hosts'.

My head is getting a flat spot from banging it on the
wall. The next and most painful move I do my best to
avoid is starting to look like it would take less time
than fixing this... Format and re-load... Ouch!

Thanks for your help.
Rick
 
In
Rick Mortensen said:
Thank Steve,

I found all this on Microsoft's web (been searching for
two days). I already have AdAware with all the current
updates; it didn't find anything and yes the hosts file is
named 'hosts'.

My head is getting a flat spot from banging it on the
wall. The next and most painful move I do my best to
avoid is starting to look like it would take less time
than fixing this... Format and re-load... Ouch!

Thanks for your help.
Click to expand...

When you run an ipconfig /displaydns, what do you see?

Then run an ipconfig /flushdns, then run a /displaydns again. What you
*should* see is two entries for localhost, and whatever entries you may have
entered in the hosts file.

Curious, how did you determine that its not using the hosts file? How are
you testing it? Pinging? Web address?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Thanks Ace,

ipconfig /displaydns shows everything in the cache; after
clearing it (ipconfig /flushdns) it comes up empty.

Yes I have been testing the hosts file with ping; read
several MS articles regarding a <CR> after the last entry
so I even made sure that was in there. I replaced the
hosts file with a known working copy from another machine
incase there was some corruption not showing up in notepad.

After not really getting the direction I had hoped from
here (this appears to be really deep) I engaged MS Support
and while it is slow it appears they at least are looking
in the right direction. I am starting to suspect one of
the files associated with winsock was either replaced or
corrupted somehow. Everything I check against another
WIN2K PC in the registry appears to be correct...

Feel free to keep posting your thoughts though; you might
beat them to it and while it isn't a race I would like to
get this machine back to health without reloading
Windows...

Thanks

Rick

;>
 
In
Rick Mortensen said:
Thanks Ace,

ipconfig /displaydns shows everything in the cache; after
clearing it (ipconfig /flushdns) it comes up empty.

Yes I have been testing the hosts file with ping; read
several MS articles regarding a <CR> after the last entry
so I even made sure that was in there. I replaced the
hosts file with a known working copy from another machine
incase there was some corruption not showing up in notepad.

After not really getting the direction I had hoped from
here (this appears to be really deep) I engaged MS Support
and while it is slow it appears they at least are looking
in the right direction. I am starting to suspect one of
the files associated with winsock was either replaced or
corrupted somehow. Everything I check against another
WIN2K PC in the registry appears to be correct...

Feel free to keep posting your thoughts though; you might
beat them to it and while it isn't a race I would like to
get this machine back to health without reloading
Windows...

Thanks

Rick
Click to expand...

Hmm, if there is winsock corruption, that can sure cause it. Need to ask,
was there at any time a 3rd party personal firewall on this machine?


Ace
 
Ran into the same problem as you did this morning. Tried a whole lot o
stuff and saw this posting while I was looking for answers. After
hours I discovered that the PC with the problem was a dual-boot PC wit
win 2k3 and win xp and I had been changing the win xp hosts file
DOH!!!

Rick said:
*Thanks Ace,

ipconfig /displaydns shows everything in the cache; after
clearing it (ipconfig /flushdns) it comes up empty.

Yes I have been testing the hosts file with ping; read
several MS articles regarding a <CR> after the last entry
so I even made sure that was in there. I replaced the
hosts file with a known working copy from another machine
incase there was some corruption not showing up in notepad.

After not really getting the direction I had hoped from
here (this appears to be really deep) I engaged MS Support
and while it is slow it appears they at least are looking
in the right direction. I am starting to suspect one of
the files associated with winsock was either replaced or
corrupted somehow. Everything I check against another
WIN2K PC in the registry appears to be correct...

Feel free to keep posting your thoughts though; you might
beat them to it and while it isn't a race I would like to
get this machine back to health without reloading
Windows...

Thanks

Rick

;>
Click to expand...


-
ticanae
 
In
ticanaer said:
Ran into the same problem as you did this morning. Tried a whole lot
of stuff and saw this posting while I was looking for answers. After 3
hours I discovered that the PC with the problem was a dual-boot PC
with win 2k3 and win xp and I had been changing the win xp hosts file.
DOH!!!
Click to expand...

That's interesting! Never would thought of the possibility of a multi boot
machine!
:-)

Ace
 
This is posted as a follow-up to the thread of August/September 2004
(which didn't seem to come to any useful conclusion) because it seems
to be the same or a similar problem...

I use a few entries on HOSTS on several Windows 2000 machines (mainly
to define some local network addresses to override the public
addresses in our DNS server, so we don't have to run a second DNS
server to achieve that). The file is
C:\WINNT\system32\drivers\etc\HOSTS. There are no problems.

On Windows 2003 Server, the file seems to be ignored. There's a
registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath,
as expected. It's of type REG_EXPAND_SZ, as expected and it contains
%SystemRoot%\System32\drivers\etc, as expected. This expands to
C:\WINDOWS\system32\drivers\etc, as expected. There is only one file
called HOSTS on the machine and it's in that directory, but it's
ignored in name resolution. I simplified the file to contain only one
line:

router 192.168.2.1

followed by CR LF, but the file is still ignored.

No, this isn't a dual-boot PC. No, I'm not having any other problems.
Yes, even PING fails to translate the name. Yes, I've remembered to
plug in the PC at the wall. No, it still doesn't work.

Mike
 
The format is:
x.x.x.x name
y.y.y.y name2

and its possible that its actually named hosts.txt if you
cant see filename extensions.

my hosts file is named hosts in lowercase but
I doubt that makes any difference.

good luck

James W. Long
 
The format is:
x.x.x.x name
y.y.y.y name2
Click to expand...
Yes, that was a mistake I made in composing the message. The file
itself is OK.
and its possible that its actually named hosts.txt if you
cant see filename extensions.
Click to expand...
No, I have file extensions displayed.
my hosts file is named hosts in lowercase but
I doubt that makes any difference.
Click to expand...
I already tried both upper and lower case.

I'm fairly sure it's an obscure bug in the name resolution system.
For example, if I edit the file using NOTEPAD, it still doesn't work.
But I've just found that, if I edit it with an old MS-DOS editor, then
remove the change and save the file (so the only difference is a
Ctrl-Z at the end of the file) it then starts to be used in name
resolution.

The file that doesn't work ends 0D 0A.
The file that does work ends 0D 0A 1A.

(But it shouldn't be necessary in 2004 to stick Ctrl-Z at the end of
the file, like we are still using CP/M).

I'll look into this further. I need to check what exactly is the
difference between the old and new files with the MS-DOS editor. The
one I've used renames the original file as HOSTS.BAK, then creates a
new one called HOSTS, so it's possible that some other attributes are
being changed (like the file creation date). Name resolution
shouldn't be looking at that, but Microsoft programmers often don't
understand the complexities of their own filing system, so we can't
assume anything.

Mike
 
Does the "Everyone" and "System" groups
have full access to the etc folder?
Click to expand...

The permissions are shown as:

Administrators group (full)
CREATOR OWNER (full)
Power Users (read, execute, list contents)
SYSTEM (full)
Users (read, execute, list contents)


I've found this:

I have a HOSTS file on the desktop. If I copy that file ((drag with
CTRL) to the 'etc' directory, it's used for name translation. But if
I copy it there (DRAG with no keys), it doesn't get used.

This suggests that you're on the right track (permissions).

Mike
 
My last message was a little confused. I should have said that the
HOSTS file isn't used if I *move* it.

The relevant information seems to be:

* I only ever log into this PC as adminstrator, so it's as that user
that I'm manipulating the HOSTS file and trying to do name resolution
with it (using PING).

* The original HOSTS file has access for 'Administrators', 'Power
Users' and 'SYSTEM'.

* If I copy HOSTS, the new file also has access for 'Users'. This
seems to be what makes it accessible during name resolution.

I don't know in what context name resolution is done. I'd expect
that, logged in as Administrator, name resolution would be done in
that context at least and that, therefore, a file to which
Administrator has read and write access would be accessible. But it
seems it's not that simple...

Mike
 
Back
Top