Solved

Windows XP NLA Service Polling Cycle

Posted on 2009-05-05
6
740 Views
Last Modified: 2012-05-06
In Windows XP SP2 & SP3 does anyone know what the default polling / timeout settings are for the NLA service? How can I change this vaule in the registry?
0
Comment
Question by:compdigit44
  • 4
  • 2
6 Comments
 
LVL 26

Expert Comment

by:Pber
ID: 24316766
The NLA service is doesn't actually poll the network itself at a set interval.  It just provides the functions and methods for applications to invoke queries.
This MSDN site explains how applications can use it: http://msdn.microsoft.com/en-us/library/ms700657(VS.85).aspx
The TCP/IP Protocol Driver and Winsock (afd.sys) use NLA to provide Network Awareness.  I looked through those drivers in the registry and can't seem to find a polling value.  This may be a hardcoded item or a query on demand setup.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 24316927
OK... I might to looking in the wrong direct. The reason for me opening this questions is becuase I need to find a why to "extened" the timeout period for our network connects. What happens is that we have using connecting in from remote sites and it the link goes down they loose there connection then their windows firewall turns on which causes a whole bunch of problems....Any idea on a fix / workaround????
0
 
LVL 26

Expert Comment

by:Pber
ID: 24317156
I think that is one of those "This is by design"  "features" as Microsoft would put it.  
The firewall is meant to turn on almost immediately when the network connection is lost.  If your policy allows it, you could adjust the standard firewall profile to allow for local network access when the link goes down.  
I don't think there is much that can be done with respect to how the firewall uses NLA to enable itself.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 19

Author Comment

by:compdigit44
ID: 24317380
HUmmmmmmmmmm... Is there someway to extend the timeout period for a windows before it seems a network connection as disconnected then??
0
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
ID: 24317929
I've been surfing through MSDN and it seems that it is definitely up to the application using the NLA to query for status change.  This page explains how it works.
See this: http://msdn.microsoft.com/en-us/library/ms739957(VS.85).aspx
This also further explains the WSANSPIoctl function and how it is implmented:
http://msdn.microsoft.com/en-us/library/ms741658(VS.85).aspx
So I would suspect TCP/IP or Winsock as the culprit that does the NLA querying.  I'm still scouring through the registry trying to find if there is some parameter that may be of use.
0
 
LVL 26

Expert Comment

by:Pber
ID: 24366929
Further to this, I still couldn't find any attribute that can be controlled.  I went to the extent of running regmon to see there were reg keys queried that related to this issue during network failures and still nothing conclusive.
Sorry
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now