wjlloyd
asked on
Lost Domain Network
When I add a Windows 7 or Windows 8 PC to the domain everything goes fine for a while. At some point, however, the workstation ends up loosing track of the fact that it was joined to the domain and the network location is classified at "unidentified", instead of "domain". So, of course, the Windows firewall messes with the user and prevents them from accessing any network or Internet resources. If I disable the Windows firewall service, everything works fine. Now disabling this service isn't quite as bad, if it is a PC that is in our office. But when it is a laptop or a Surface I don't want the firewall to be off, especially when the machine travels.
I have no idea what to do to resolve this issue, short of removing it from the domain and re-adding it. The problem then is the user Profile gets totally messed up.
How do I track down the issue? It is possible it is a GPO, but how do I track down the GPO that is causing the issue. We also use ScriptLogic, so that might be impacting things as well. I'd even be willing to pay for a Microsoft support call, if I knew which number to call. Anyone have the number for MS workstation support?
Bill
I have no idea what to do to resolve this issue, short of removing it from the domain and re-adding it. The problem then is the user Profile gets totally messed up.
How do I track down the issue? It is possible it is a GPO, but how do I track down the GPO that is causing the issue. We also use ScriptLogic, so that might be impacting things as well. I'd even be willing to pay for a Microsoft support call, if I knew which number to call. Anyone have the number for MS workstation support?
Bill
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's why you asked the question - to work through it in a forum. If you're rather call MS, you can but I don't know that this qualifies for free phone support - paid phone support is $500 or so per incident. (With prices like that, it's probably cheaper to reinstall your PC).
There are folks here who will do it for you - check a person's profile for a "hire me" button - we're not allowed to actively solicit for business through this site.
You can also look at groups like Third Tier - www.thirdtier.net - who can be hired but their rates, while USUALLY better than MS, are hourly and not cheap either.
I don't recall resolving specifically a workstation issue with this problem, but in many areas the differences between workstation and server are actually non-existent. The recommendations should work and I would want to see if you entered the information in the right areas, restarted services, etc.
Where did you specify it? Can you post a screen shot.
There are folks here who will do it for you - check a person's profile for a "hire me" button - we're not allowed to actively solicit for business through this site.
You can also look at groups like Third Tier - www.thirdtier.net - who can be hired but their rates, while USUALLY better than MS, are hourly and not cheap either.
I don't recall resolving specifically a workstation issue with this problem, but in many areas the differences between workstation and server are actually non-existent. The recommendations should work and I would want to see if you entered the information in the right areas, restarted services, etc.
Where did you specify it? Can you post a screen shot.
ASKER
Lee,
I've been trying to figure this out since our last interaction, based on the links and suggestions you sent to me, but I just can't get to the bottom of it. The information you sent me is very helpful and gave me a much better understanding of how Windows 7 workstations connect to the network.
Having said that, we still don't have NLA working properly. Let me provide a little more information that might help. If not all, almost all of our workstations fail to set the NLA location correctly, if the Windows firewall is running. The minute I stop the firewall service, everything works great. This would be fine, except when I have laptops leave the office. If the firewall is stopped then they become vulnerable.
All of our workstations are on a separate VLAN than the servers. Our Cisco switches relay DHCP requests to the server, which is a DC, and then they are assigned an IP address. Some of the workstations are getting Event Log errors saying that their PTR requests are being rejected by the DNS server. Our DCs serve as DNS servers and one of the DCs is the DHCP server. We only have 2 DCs. The Cisco switch stack is Layer 3 and therefore routes the traffic between the VLANS.
Any ideas? Does this information help?
I've been trying to figure this out since our last interaction, based on the links and suggestions you sent to me, but I just can't get to the bottom of it. The information you sent me is very helpful and gave me a much better understanding of how Windows 7 workstations connect to the network.
Having said that, we still don't have NLA working properly. Let me provide a little more information that might help. If not all, almost all of our workstations fail to set the NLA location correctly, if the Windows firewall is running. The minute I stop the firewall service, everything works great. This would be fine, except when I have laptops leave the office. If the firewall is stopped then they become vulnerable.
All of our workstations are on a separate VLAN than the servers. Our Cisco switches relay DHCP requests to the server, which is a DC, and then they are assigned an IP address. Some of the workstations are getting Event Log errors saying that their PTR requests are being rejected by the DNS server. Our DCs serve as DNS servers and one of the DCs is the DHCP server. We only have 2 DCs. The Cisco switch stack is Layer 3 and therefore routes the traffic between the VLANS.
Any ideas? Does this information help?
ASKER
Lee's input was very helpful. However, even after trying the things he suggested, I still wasn't able to get past the problem. I'm a rookie on Experts Exchange so I don't think I closed this question correctly. Given that no one else is commenting on the issue, I'll try to close this question out and continue to search for a solution.
ASKER