wsl2 no internet access (unable to resolve host address) on windows 1909 build 18363.1139

[armenic]

Environment

Windows build number: Microsoft Windows [Version 10.0.18363.1139]
Your Distribution version: Ubuntu 18.04 LTS
Whether the issue is on WSL 2 and/or WSL 1: Linux version 4.19.128-microsoft-standard (oe-user@oe-host) (gcc version 8.2.0 (GCC)) #1 SMP Tue Jun 23 12:58:10 UTC 2020

Steps to reproduce

sudo apt update

WSL logs:

Expected behavior

connect to linux archives and fetch the updates

Actual behavior

manukyae@GNELTCG8424MZX:~$ sudo apt update
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu bionic-security InRelease
  Temporary failure resolving 'security.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
manukyae@GNELTCG8424MZX:~$

[cmamigonian]

Yeah I’ve tried the resolv.conf fix using my company’s DNS servers but that didn’t solve the issue. Seems shocking to me that MS is so silent on this. Does anyone get WSL2 working out of the box?

[K2ouMais]

Yes, I also tried putting the DNS server on the resolv.conf and it still doesnt work.

There is only working fix for me. But I dont like this solution.

https://github.com/sakai135/wsl-vpnkit

I want Microsoft to fix this mess.

[pmarreck]

Two things finally fixed this issue for me:

1) editing /etc/resolv.conf and adding the right nameserver at the top 2) Setting my %temp% folder (and all children) to NOT be compressed (I compress pretty much the whole drive by default). I did skip some warnings about files in use in that directory. 3) Rebooting.

Finally, WSL2 was able to access the Internet again.

[K2ouMais]

My whole SSD ist not compressed.

I took a look if the %temp% folder was compressed and it isnt.

I think this has to be how your VPN is setup.

Like I said... I tried all the workarounds found here and the only one that really works is the using the docker vpnkit.

https://github.com/sakai135/wsl-vpnkit

I think Microsoft should add a workaround like that out of the box, where every other fixes dont work.

I dont like it, because you have to have your console everytime open for it to work.

[brvaland]

@craigloewen-msft - I was experiencing the same problem and what worked for is that i had to connect Cisco AnyConnect VPN for internet to work in Ubunto distro. I followed the following steps.

• Run command wsl --shutdown
• Connect Cisco AnyConnect VPN
• Run command wsl
• Now ping google.com works fine and also sudo apt update works fine.

One issue i have is internet speed on wsl is very slow as i am getting download: 25.44 Mbit/s and upload: 7.44 Mbit/s when actual speed I am getting is around 100 Mbit/s and 10 Mbit/s.

I would like it to work even when Cisco VPN is NOT connected. Any suggestion ?

[killshot13]

Yeah I’ve tried the resolv.conf fix using my company’s DNS servers but that didn’t solve the issue. Seems shocking to me that MS is so silent on this. Does anyone get WSL2 working out of the box?

WSL1 worked out of the box for me but lacked the compatibility features for reliable development.

When I heard about WSL2, I decided to give it another shot. I enabled it last August and experienced no issues until this past January, so the bugs are definitely hit and miss. Hopefully, either the upcoming build will either address the problem, or else it will get taped over unknowingly and just disappear.

[whudwl]

Short story : Just fixed a similar issue in a very strange way, it might be worth to give it a try : by deselecting compressing properties of my C:\Users\XXXXX\AppData\Local\Temp folder (Properties->Advanced attributes)

Long story: All of a sudden, my WSL 2 Ubuntu distro wouldn't start anylonger due to issue the the virtual disk. I found out that removing that pesky compression properties on the virtual disk file fixed the pb. But another issue came out, VSCode remote-WSL couldn't connect anymore to my distro. After extensive research I found a dude who fixed the same issue by re-creating his missing C:\Users\XXXXX\AppData\Local\Temp folder Unfortunately my Temp folder was already there, so I tried to uncheck the compression properties as well , and.. it worked

you saved my life! thank you very much for sharing the info.

[johnwiese]

Same issue and have tried all of the suggestions. Version 1 works but not version 2. Sad.

[drkvogel]

@drkvogel I have not tried that yet; honestly I hadn't thought of it but it's certainly worth a shot. Stay tuned, and thank you!

@killshot13 re previous suggestion of wsl --unregister, do not do that! See https://github.com/microsoft/WSL/issues/5324#issuecomment-771626958

There is definitely a problem re clock sync in wsl, which apparently should be fixed soon (it's actually a bug in the Linux kernel). I haven't seen this particular problem at all in WSL, though I get the clock sync issue which I have to deal with every day, and https://github.com/microsoft/vscode-remote-release/issues/3126

[drkvogel]

@killshot13 re previous suggestion of wsl --unregister, do not do that! See #5324 (comment)

wsl --unregister, despite its name, which would seem to suggest that it somehow unregisters but doesn't delete a distro, actually deletes a distro, and all your data, so don't do that unless you really want to!

[killshot13]

@killshot13 re previous suggestion of wsl --unregister, do not do that! See #5324 (comment)

wsl --unregister, despite its name, which would seem to suggest that it somehow unregisters but doesn't delete a distro, actually deletes a distro, and all your data, so don't do that unless you really want to!

@drkvogel I ended up trying this; fortunately, I wasn't distraught because deleting the distro was my next plan of action anyway -- simply out of desperation at the time. I made copies of my .config files, pushed all my local repos, and was about to rm -rf / when wsl --unregister did it for me. 😅

That being said, thank you for circling back with the warning. Quite frankly, I don't think any of us knew exactly what the heck we were doing, being that WSL2 is still relatively new, so it was an excellent period of trial and error for everyone.

I'm just glad that the root cause was finally uncovered with #5324 (comment). That explains why sometimes, right after boot, I would run sudo apt-get update in Ubuntu, and the terminal would return something like this.

focal@si-S-sysinitRED-QUEEN:~$ sudo apt update
Hit:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease    
Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease [111 kB]                                             
Reading package lists... Done
E: Release file for http://ports.ubuntu.com/ubuntu-ports/dists/focal/InRelease is not valid yet (invalid for another 3h 17min 25s). Updates for this repository will not be applied.

[johnwiese]

Same issue and have tried all of the suggestions. Version 1 works but not version 2. Sad.

Happy now! Just did a windows update and now everything works in Version 2. Feature update to Windows 10, version 20H2

[meister245]

Hey @armenic,

I'm having the exact same issue on the same build on my work PC and I've been trying all kinds of workaround with no success.

I built and tried out the latest wsl2 kernels by Microsoft, but it did not solve the issue. On my home PC everything is working fine, so at this point I would say this is not an issue with linux itself, but the windows env / integration.

I was wondering, if this issue itself could be because of pre-installed monitoring / security software? I cannot disable it to test it, as I dont have admin access on the work machine.

@OneBlue Is there a place I could get the 1909 18363.xxx enterprise edition of win10 for home testing?

[K2ouMais]

@meister245

I also tried all workarounds and couldn't find a solution.

This have to be on how your vpn is being handled.

WSL works without a problem when not in a VPN.

[meister245]

This is happening with or without VPN on my work machine.

Tried the VPN fix floating around, if it could be related to the VPN, but it still was the same.

https://gist.github.com/coltenkrauter/608cfe02319ce60facd76373249b8ca6

Also tried:

• Deleting network interface for wsl, having windows reset it on boot.
• Explicitly allowing all Inbound traffic to WSL interface in powershell.

Was not able to test sharing network from other interfaces to wsl interface, because it is admin restricted.

As per the original post, I can confirm ICMP pinging works, but things fail instantly using hostnames.

[meister245]

Hey @armenic ,

I was able to get the root cause of my problem, after I noticed I have Symantec Endpoint Protection installed on my work machine, which was blocking all the traffic I was generating in WSL2. Do you have anything similar installed?

In Symantic Endpoint Protection View Logs -> Network and Host Exploit Mitigation -> Traffic Log

[jaanli]

This is so frustrating. I also have this problem. Please help. WSL2 cannot connect to anything, even github.com, from behind a hospital VPN needed for development and HIPAA.

[K2ouMais]

There is no good solution for this problem.

Search for "wsl_vpnkit" on GitHub.

You have to run it everytime and let the app run on an open terminal.

If you close the terminal you will have to run it again and again.

If you take a look on the most issues here you will see so many people with obscure solutions, but most of them don't work on the vpn of my company.

Microsoft can't or won't fix this... The people are having this problem for years now.

Now it is even worse because of the pandemic and having the most people working from home over VPN.

[gpcimino]

Same problem here. Since the last time WSL 2 was able to connect to the Internet I got this Microsoft update: KB4023057 Could be this the issue?

[rezarms]

I had the same issue and used below code in my /etc/resolv.conf and worked ` nameserver 8.8.8.8

nameserver 8.8.4.4

nameserver fec0:0:0:ffff::1

search lan `

[toddyamakawa]

My company just made us update from build 18xx to 2004 and I hit this issue. Everything was working great until I did a sudo apt update.

I can confirm that the fix from @rezarms works! After replacing the resolv.conf I can't access any internal URLs on our company VPN but I can access the internet. (Whereas before I couldn't access anything, internal or external)

[cprivitere]

Going to post this in a few of the longer running threads. Long story short, the AnyConnect fix for this issue is available. The fix requires two pieces, an update to the client of version 4.10.01075 or later and a new custom attribute in the ASDM. Links to info below:

Release Notes Admin Document Troubleshooting Section that describes the custom attribute that needs to be set up by the VPN adminstrator.

[pdolinic]

Easy fix for me just added the DNS Server of my VPN.

in /etc/resolv.conf nameserver DNS-of-VPN-Server

delete everything else in /etc/resolv.conf

[snakesgun]

Easy fix for me just running, because I have install some VPN software, such as EasyConnect

netsh winsock reset

then restart computer, everything goes to be OK.

[uscwifi]

Easy fix for me just running, because I have install some VPN software, such as EasyConnect

netsh winsock reset

then restart computer, everything goes to be OK.

我这边是因为安装了checkpoint vpn软件，卸载掉就好了

[petermicuch]

I have no issue running on 1909 build 18363.1679. I got new machine and installed 20H2 build 19042.1083 and hit exactly the same issue. apt update fails as well as ping to any publicly available URL.

I checked content of /etc/resolve.conf on both machines, they are identical (of course IP is specific according to virtual adapter for each). On the old one, all works, on the new one, it does not. Environment is otherwise identical. No VPN involved. When I used suggestion from @rezarms, I can connect to internet also on the new machine.

@craigloewen-msft - is there any result of investigation on MS side?

[craigloewen-msft]

Hi as updates here we're still investigating WSL's overall networking story, and as others have mentioned in this thread some VPNs have released a fix (For example Cisco AnyConnect V4.10 references WSL 2 fixes in their release notes).

[Noxdor]

I had the same issue and used below code in my /etc/resolv.conf and worked ` nameserver 8.8.8.8

nameserver 8.8.4.4

nameserver fec0:0:0:ffff::1

search lan `

I stumbled across the same problem today setting up WSL2 on my company controlled machine. This suggestion fixed it for me.

EDIT: The system overwrites this configuration after a few minutes. To fix that, I just set up a cron job running every minute to set this configuration again. For now it works like a charme :) I'm no linux expert to know possible side effects of this, I just wanted to share a solution to annoyingly resetting this whenever you need to download a package 😄

[joseananio]

This is what worked for me:

Note:
I had disabled my default windows firewalls previously. I had also disabled docker, settings, resources, wsl integration, Enable integration with my default wsl distro. I relogged in to windows after those. Not sure if they helped

In power shell as admin:

wsl --unregister ubuntu-20.04

The ubuntu instance automatically closed
I opened it again and signed in to the ubuntu wsl
Tried to run docker build but it complained docker was not found
Back in docker, settings, resources, wsl integration, I check/unchecked ubuntu-20.04 until the apply and restart was active and then clicked on it (the check box assumed the connection was already made)
I created a simple docker file and tried the build from the wsl terminal
It worked

[pdolinic]

Last weeks I discovered some issues docker has with VPN-Fulltunnels and they might need additional developers / resources to get this sorted out? Maybe Microsoft could help out here as it might impact WSL2 as well and cause this and other issues?

This has to do with subnets and routing tables, potentially affecting WSL2 as well. https://github.com/docker/for-linux/issues/1308

Here is one quote I want to add from one of those sources or similar related to this problem someone added:

"One of my colleagues has done some more digging, and he thinks the reason the code actually works at the moment, the way it works, is because the code that is going through the routing table is not able to interpret the default route entry because it is not an IP address/netmask. The result is a NIL entry in the routing table object, or whatever it is called in Go, and this in turn results in that the default route is not interfering with the network selection. If he default route would have returned 0.0.0.0/0 for example, then the code would have failed from the beginning.

He also found that it is probably very simple to put a filter in the code that iterates through the routing table, and make sure that it only takes routes with a link scope. If you do this, a lot of people will be a lot happier."

[Thadir]

is there any good solution, I'm behind a heavy VPN/Proxy setup and i do not maintain nor can I access. If I upgrade to WSL2 it doesn't work. I tried the VPN fix but its not a good approach. And from this ticket I do not get a feeling its being worked on. And its more a logging of workarounds and not a permanent fix.

[K2ouMais]

I don't think we will ever see a solution for this. It has been months and nothing has happened.

[lingyanmeng]

I met the same issue with VPN, and in my case, the root cause is the DNS resolution, wsl will update the /etc/resolv.conf automatically based on the network which is nameserver 192.168.1.1, and this nameserver is not right once I enable the VPN, so I followed the steps in https://superuser.com/questions/1533291/how-do-i-change-the-dns-settings-for-wsl2#, and changed to nameserver 8.8.8.8, then it works.

[Anonymous-Coward]

Right now, I switch frequently between several VPNs, from different providers (Cisco, OpenVPN, Array Networks), each one with its own DNS servers. Disabling resolv.conf generation is therefore not an option for me.

What I do is hack my required hosts list together and add it to /etc/hosts (actually (c:\windows\system32\drivers\etc\hosts). This is ugly and error-prone - whenever IPs change for a VPN some things start breaking out of the blue.

From what I can tell, the DNS issue, which seems to be the root cause of this issue, is caused (at least for me) by the fact that the DNS servers provided by the VPNs are IPV6 only, and WSL 2 seems to have sketchy support for IPV6 (didn't dig too deep into it, though, but it seems no IPV6-only site is reachable from within WSL, except things running inside wsl on ::1).

[nikodemus]

Had this issue on Windows 11, changing the nameserver to 1.1.1.1 as per https://superuser.com/questions/1533291/how-do-i-change-the-dns-settings-for-wsl2# fixed it for me.

[weeezes]

Had this issue when I updated to Windows 11, /etc/resolv.conf was empty and everything started to work after creating it and adding the nameserver settings to it.

[themarquee]

I have been using WSL2 on Windows 10 with Ubuntu 20.04 for months. After a recent system update (corporate-managed) I am experiencing this issue. No nameserver entry for resolv.conf seems to work. We must use Cisco AnyConnect. I cannot ping any of the nameservers by IP either. Anyone have any other advice? I am back to using my Virtualbox VM now. 😕

[themarquee]

I have been using WSL2 on Windows 10 with Ubuntu 20.04 for months. After a recent system update (corporate-managed) I am experiencing this issue. No nameserver entry for resolv.conf seems to work. We must use Cisco AnyConnect. I cannot ping any of the nameservers by IP either. Anyone have any other advice? I am back to using my Virtualbox VM now. 😕

This link seemed to fix it for me. https://community.cisco.com/t5/vpn/anyconnect-wsl-2-windows-substem-for-linux/td-p/4179888. I created a powershell script to run the firewall commands on startup 🤮

[natank]

I had the same issue and used below code in my /etc/resolv.conf and worked nameserver 8.8.8.8 nameserver 8.8.4.4 nameserver fec0:0:0:ffff::1 search lan

I stumbled across the same problem today setting up WSL2 on my company controlled machine. This suggestion fixed it for me.

EDIT: The system overwrites this configuration after a few minutes. To fix that, I just set up a cron job running every minute to set this configuration again. For now it works like a charme :) I'm no linux expert to know possible side effects of this, I just wanted to share a solution to annoyingly resetting this whenever you need to download a package 😄

worked for me

[ssgosh]

Facing this issue on Windows 11 after a recent update. OS Build 22000.795.

[ssgosh]

Got fixed after updating again to OS Build 22000.832

[PeterFogh]

I just installed WSL2 on a Windows version: 21H2 - build: 19044.1889

The WSL could not solve domain names, thus the DNS IP was not configured by default. I just followed this guide https://gist.github.com/coltenkrauter/608cfe02319ce60facd76373249b8ca6 which solved the DNS.

[sonvirgo]

Same here, with wsl2 on windows 11 22h2. Ubuntu suddenly refuses to resolve hosts after few days. Softether VPN and SSTap.

[davidhyland]

I had the same issue and used below code in my /etc/resolv.conf and worked ` nameserver 8.8.8.8

nameserver 8.8.4.4

nameserver fec0:0:0:ffff::1

search lan `

Running WSL2 and Docker I had this problem a couple of weeks ago immediately after updating to 22H2. I couldn't find a solution so I had to roll back the update. Just tried updating again and the same issue occured. Started searching again and found this thread. This solution from @rezarms worked for me.

UPDATE - The resolv.conf file gets reset automatically from time to time so adding the following to /etc/wsl.conf seems to sort that out:

[network]
generateResolvConf = false

[UncleCJ]

Not sure why it would be pertinent, but this has occurred intermittently to me - and it effectively was remedied when I disabled sharing my WiFi interface from Windows (was shared to hosts on ethernet during today...)

Do any of you other happen to have network interfaces shared in Windows?

[sonvirgo]

There must be a DNS timeout setting somewhere. Both Wsl2 and WSA on my Windows 22h2 only resolve Urls after 2nd or 3rd try, each waist a click away.

[felipe-gustavo]

It doesn't make sense to me, 'cause when I restart my PC and run to test it (I guess, before some adapter of configuration be set) it works, but after this it just give up, I'm going to 3th week with this issue :/

[castrix]

I just had this issue, this comes out of the blue, yesterday it was working fine, but suddenly I can't pull from github/bitbucket, tried the suggestion above, but nothing work in my case.

Edit: I shutdown my PC and turn it on again, somehow the issue is resolved. (previously I restarted my pc and it doesn't work, but shutdown somehow fixed it)

[sonvirgo]

The most recent solution work for me from here coltenkrauter/fix-wsl2-dns-resolution

[ilyesAj]

from my side the root cause was macfee , https://github.com/microsoft/WSL/discussions/8382 , i m disabling the firewall until figuring out some rules