Lost Domain Network

When I add a Windows 7 or Windows 8 PC to the domain everything goes fine for a while.  At some point, however, the workstation ends up loosing track of the fact that it was joined to the domain and the network location is classified at "unidentified", instead of "domain".  So, of course, the Windows firewall messes with the user and prevents them from accessing any network or Internet resources.  If I disable the Windows firewall service, everything works fine.  Now disabling this service isn't quite as bad, if it is a PC that is in our office.  But when it is a laptop or a Surface I don't want the firewall to be off, especially when the machine travels.

I have no idea what to do to resolve this issue, short of removing it from the domain and re-adding it.  The problem then is the user Profile gets totally messed up.  

How do I track down the issue?  It is possible it is a GPO, but how do I track down the GPO that is causing the issue. We also use ScriptLogic, so that might be impacting things as well.  I'd even be willing to pay for a Microsoft support call, if I knew which number to call.  Anyone have the number for MS workstation support?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Make sure you set the DNS suffix on the workstation to match the AD domain.  Basically, you're having problems with NLA - Network Location Awareness.

More information for reference:


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wjlloydAuthor Commented:
I tried specifying the DNS suffix, but that didn't help.  I also tried some of the other things mentioned in the articles you provided, but that also failed to work.  Is there someone I can call to work though this problem.
Lee W, MVPTechnology and Business Process AdvisorCommented:
That's why you asked the question - to work through it in a forum.  If you're rather call MS, you can but I don't know that this qualifies for free phone support - paid phone support is $500 or so per incident. (With prices like that, it's probably cheaper to reinstall your PC).  

There are folks here who will do it for you - check a person's profile for a "hire me" button - we're not allowed to actively solicit for business through this site.

You can also look at groups like Third Tier - www.thirdtier.net - who can be hired but their rates, while USUALLY better than MS, are hourly and not cheap either.

I don't recall resolving specifically a workstation issue with this problem, but in many areas the differences between workstation and server are actually non-existent.  The recommendations should work and I would want to see if you entered the information in the right areas, restarted services, etc.

Where did you specify it?  Can you post a screen shot.
wjlloydAuthor Commented:
I've been trying to figure this out since our last interaction, based on the links and suggestions you sent to me, but I just can't get to the bottom of it.  The information you sent me is very helpful and gave me a much better understanding of how Windows 7 workstations connect to the network.  

Having said that, we still don't have NLA working properly.  Let me provide a little more information that might help.  If not all, almost all of our workstations fail to set the NLA location correctly, if the Windows firewall is running.  The minute I stop the firewall service, everything works great.  This would be fine, except when I have laptops leave the office.  If the firewall is stopped then they become vulnerable.  

All of our workstations are on a separate VLAN than the servers.  Our Cisco switches relay DHCP requests to the server, which is a DC, and then they are assigned an IP address.  Some of the workstations are getting Event Log errors saying that their PTR requests are being rejected by the DNS server.  Our DCs serve as DNS servers and one of the DCs is the DHCP server.  We only have 2 DCs.  The Cisco switch stack is Layer 3 and therefore routes the traffic between the VLANS.

Any ideas?  Does this information help?
wjlloydAuthor Commented:
Lee's input was very helpful.  However, even after trying the things he suggested, I still wasn't able to get past the problem.  I'm a rookie on Experts Exchange so I don't think I closed this question correctly.  Given that no one else is commenting on the issue, I'll try to close this question out and continue to search for a solution.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 8

From novice to tech pro — start learning today.