We are migrating our office to Windows 7 64-Bit.
Special Requirements/Restrictions
- We have a requirement to support an old 16-bit (NTVDM) DOS application. The app is run directly from one of our file servers.
- - Implementing Microsoft Virtual PC as a compatible environment. Configuring these guest OS's on end-user workstations maintains support of the DOS application.
- We have a network security restriction to work through, 802.1x port-based authentication.
- - Bridged-Mode networking is not the ideal option due to 802.1x client authentication restrictions.
- - - Enabling Multi-Port authentication on our Cisco switches is not a viable option because it would reduce the security profile on our end-user ports. Testing of this setup has shown that enabling the multi-port feature would allow end-user's on authenticated production systems to bypass authentication on non-validated devices with use of a simple switch. This is unacceptable security posture.
- - - Enabling Multi-Auth authentication on our Cisco switches has not proven successful with our authenticating clients thus far. Additionally, relying on this feature would require a significant amount of work to reconfigure VLAN's for our guest network.
- - - Turning off 802.1x is not an option.
Due to the issues outlined above, we are attempting to configure our clients for functionality on our network with the NAT-Based networking mode. We have already worked through a number of issues related to the NAT-based networking thus far, however there is one sticking problem I'd like to get some assistance or insight with if possible. Note, these are domain joined clients. Appropriate registry edits have been put in place to allow propogation of GPO's under administrator or standard user accounts.
Problem
After launching the DOS-application on the Guest OS and setting that application to run a report on the server (a lengthy process), users will attempt to navigate the host OS via explorer view. Doing so drops the network connection on the Guest OS and terminates the report (and crashes the application). I believe the Host explorer navigation issue is specific to quering network shares mapped to the Host OS for filespace. It appears as if accessing a fileshare on our network with the Host OS takes focus away from the Guest OS (?)
Troubleshooting Conducted Thus far...
- We have tested this configuration with all "xxx" task offload features on the Host OS NIC disabled. Additionally, we have tested with the global task offload settings disabled (via registry). However, the behavior is the same.
- We have tested this configuration with all NIC features disabled. However, the behavior remains the same.
- We have tested a similar configration with the use of a "Microsoft Loopback Adapter" and ICS. However, the behavior is the same.
Additional Details
- The card is an: Intel(R) 82578DM Gigabit NIC
- I have observed the behavior on the Guest OS with processmonitor and noted a TCP Disconnect initiated against the shared drive being used by our DOS-application when browing the "Computer" location on the Host OS (as it populates the mapped drive remaining space bar).
Question/Target
When configured for NAT, why would the DOS-application on the guest OS dropp its connection when we use the host OS to connect to a network share? Is there a known work-around? Is there a better way to approach the issue of supporting domain member Virtual PC guests (Windows XP) in an 802.1x controlled environment?
I do appreciate any insights that anyone can provide.