Hyper-V NDIS Capture Extension Error

I have server 2012 R2 Datacenter running with several HyperV hosts on it.  The Intel Nic Drivers are 2012R2 out of the box drivers. I am setting up a monitoring VM to capture packets following these instructions. (I am also replicating the traffic on my Switch to the port the NIC for the Virtual Switch is connected to that I configured as the Mirror from the instructions.)

http://blogs.technet.com/b/networking/archive/2015/01/06/setting-up-port-mirroring-to-capture-mirrored-traffic-on-a-hyper-v-virtual-machine.aspx

When I enable the Microsoft NDIS Capture Extension on the Virtual Switch I want capture the traffic on, I get the message: 

"The Selected Extension is not operating correctly.  Check the event logs for further information. If this is a non-Microsoft Extention, contact the vendor for further troubleshooting steps." 

I looked in the event logs and cannot find any errors in Application or System.  I even turned on the show analytic and debug logs option and dug into the:

Applications and Services Logs ---> Microsoft --> Windows --> NDIS/NDIS-PacketCapture logs and didn't see any errors.

I cannot figure out why I am getting this error.   Does anyone know where else to look or why this error is coming up and how to fix it?  Again these are out of the box drivers and the Microsoft NDIS Capture Extension.

Thanks

Paul

July 23rd, 2015 8:56pm

Hi Paul, same problem here. Nothing in event logs. I can go plug a laptop into the port I'm mirroring and see all the traffic in Wireshark there, but on my Hyper-V guest plugged into the vSwitch, I get nothing.

This article is from a few years ago and some other people were having the issue, but it looks like they had no luck in finding a solution...

Free Windows Admin Tool Kit Click here and download it now
July 24th, 2015 10:54am

I saw that thread.  I was hoping someone would be able to provide some more info/help.

At this point, it looks like I will have to install VMM and so I can then install the Cisco Nexus1000V virtual switch.  That will allow packet capturing.  Just didn't want to have to do all of that.  But learning the Nexus1000V might be fun.

July 24th, 2015 7:30pm

Hi,

I have the same problem, and need this feature enabled for testing Advanced Threat Analytics.

Does anyone know of a cure?

Cheers

Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 7:31pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics