A painful Vista networking bug

Why is Windows Vista still not ready for its public beta? One reason is a nasty networking bug that disables Internet access on a slew of popular routers.

When I installed the latest Windows Vista release - the February Customer Technology Preview (CTP), build 5308 - I ran into an odd networking bug. After a little research, I discovered I'm not alone.

The symptoms are baffling. The network adapter installs correctly, and Vista can see all the other computers on the local network. Simple networking commands like nslookup, ping, and tracert show that DNS is working just fine and the system can reach external sites. But trying to open a web site in a browser results in a 404 message, and trying to access e-mail is equally troublesome.

I talked to a couple other testers who were experiencing similar problems, and none of us had a solution. A little extra digging revealed that my Windows Vista installation using the December CTP code (build 5270) was displaying the same symptoms after working fairly well a month ago. What changed since then? Two weeks ago, I installed a brand-new D-Link DI-724U router and have since encountered no problems at all on my Windows XP/2003 network. On a hunch, I called a technical contact at D-Link, who confirmed that the router is indeed part of the problem. According to this source, a known bug in recent builds of Windows Vista affects a slew of recent-vintage routers.

The culprit is the built-in firewall software on the DI-724U router, which features Stateful Packet Inspection (SPI). This is not the only router in the SOHO market that features SPI - Netgear's WGR614 and Linksys' WRT54GS are among dozens of products that offer similar capabilities. Trouble is, the new and improved TCP/IP stack in Windows Vista falls apart when it encounters an SPI-enabled router.

One workaround is to disable SPI on the router. That significantly weakens a key layer of network security, but it allows Internet traffic to get through. Unfortunately, the D-Link DI-724U, like several other products in the same family, doesn't allow SPI to be disabled.

For now, I've replaced the router with a five-year-old Linksys BEFSR81, which handles basic networking just fine. I've also ordered a new DGL-4300 gigabit gaming router, which should arrive today or Monday. My D-Link contacts say this one includes the option to disable SPI, and thus will work just fine with Windows Vista.

Finding and fixing bugs like this one is the whole point of a beta test program. Given the popularity of firewall-equipped routers, this bug needs to be completely squashed before Windows Vista Beta 2 goes out to the general public.