Windows 7 network profile detected as public not domain

Hi,

I have a starnge issue....newly built Windows 7 pro PC's network profile is detetced as domain profile when first joined to domain but after reboot swtiches to public profile. This happens with both physical and virtual windows 7 OS's
I have tested usual two checks
1. dns suffix for this connection matches reg key “HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName
2. the client is able to connect to our dns server. (telnet to port 389)

when I check into "manage or delete network locations" the domain profile is listed and type is managed but is not in use.
If i delete this profile and remove and readd the workstation to the domain the connection is given the a domain location profile but again losses it on reboot.

>our clients are DHCP
>we have our dns servers on one vlan and workstations on different vlans...( but have tried putting on a win 7 on server vlan too)
>our router which provides the gateway mac is vrrp(hsrp) but havent had a failover so mac for each vlan gateway is consistent but differnet to each other.
>we have windows 2008 r2 active directory domain

these are the first windows 7 images we are about to deploy in our network and have a deadline but wouldnt like to start of on wrong foot.

any ideas please??
mcivorfAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zacharia KurianAdministrator- Data Center & NetworkCommented:
Have you looked into the below MS support?

https://support.microsoft.com/en-us/kb/2524478/


Zac.
0
mcivorfAuthor Commented:
Hi Zac, thanks , sorry I have should have mentioned that I did try to apply this hotfix but it said it wasnt applicaple to my OS...the win7 OS' have had all update applied for windows update.

cheers
Fergus
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Try disable all the windows firewall and try giving static IP instead of DHCP. Make sure to reboot the PC.

By the way make sure all your VLANs configured in your switches has a gate way assigned. Are the VLANs routed?
0
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

StolsieCommented:
Hi mcivorf

Chances are you built your machines on a cable once built and turned off you disconnected them from said cable and put the device in an OU in AD.
Turned on the device and now it’s a little confused, plug a cable back in and type "gpupdate /force" into cmd and is should be fine from then on.
Let me know if that don't work there are a few other commands you can try.
0
mcivorfAuthor Commented:
Hi folks...just an update found this article
https://support.microsoft.com/en-us/kb/938449/
which basically says network delay due to using no microsoft dhcp relay...we use a dhcp relay statement on our networking switches to direct the dhcp requests to a central DHCP server...I have followed the steps in it....but on try  to install hotfix...say not applicable...
have tried the registry entries but still same problem
it is the most recent netwrok driver also so I dont think thast the issue....

yours...at a loss...fergus
0
mcivorfAuthor Commented:
Hi Zac, yes all vlans have gateway and are routed...no firewallas enabled....I will try static and get back to you ...thanks

Hi Stolsie, thanks but no same cabling patching etc, same vlan, comes up when in OU as domain profile only first reboot drops its ident of net connection to domain.
0
mcivorfAuthor Commented:
Hi,
Setting IP to static hasnt made any difference either : (
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Does your DHCP , correctly points the DNS servers to your client PCs? If not, have you tried manually adding the DNS (IP of your domains) to the PC? Can you make sure that you added the primary  DNS suffix to your PC too.

Have you tried update the BIOS of your PC? if not update and see.

It is worth to read the below article too.

http://evansblog.thebarrs.info/2013/02/windows-server-force-your-network.html

Zac
0
StolsieCommented:
If you tried gpupdate and the reconnection to your DC didn't help try "netsh winsock reset"
I have had what you are describing, gpupdate 99% of the time solves the issue.
0
mcivorfAuthor Commented:
Hi Zac, thanks I will have read of the article properly...and will test out. But to answer your other questions
yes DHCP poitns correctly, have assign dns statically and have added the primary  DNS  suffix too but with no effect
I havent updated the bios but this isnt localised to one model of PC and even effects virtual machines.

Hi Stolsie, I have tried the gpupdate /force with no effect, but from my understanding NLA uses two paramaeters, 1. the dns suffix matches the reg entry and 2 can contact the DNS. So I just wiondering why you think gpupdate would effect it as not OU related (according to Microsoft)...just asking becasue might give me some ides.

As far as I can see (logically) as the dns suffix to reg key match is easily verifiable.. it would seem to be the DNS connection. And most of the stuff I read is to do with latency on DNS resolution (wait for netwrok, Dialupdelay entry or portfast on switch etc.) The only error I get is in the resolution of our netbios domain name (pre 2000 name) which is different to our active directory domain name....
in NT days had domain name "MYDOMAIN" we upgrade form NT to 2003 to 2008R2 using "MYNEWDOMAIN.LOCAL" I do get some errors in eventlog saying cannot resolve domain name "MYDOMAIN". Now NLA doesnt use the old format....only the new so I dont know why this would be effecting it ...but I dont like errors...could this be related
0
mcivorfAuthor Commented:
ok.....
removed pc from domain and restarted....
rejoined the domain...no restart yet....cleared eventvwr logs.....restarted....
logged in under domain user and Netwrok profile is "DOMAIN"....No bad log entries
restarted PC logged in under same user ....network profile noe "public"...still no bad log entries
???????? euf!
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
this isnt localised to one model of PC and even effects virtual machines

Have you checked the event logs in your DC?

Could you check if the NLA  & RPC services are running and set to automatic in your PC.

Zac.
0
mcivorfAuthor Commented:
hi,
nothing in DC logs.....NLA and RPC services are on auto...did try setting NLA to auto delayed but no effect so backl to just Auto.

I do agree it seems to be something off the box so to speak....like DNS or DHCP relay or something but why it works  when you join the odmain first and then after first clean reboot..losses it....
im baffeled!
0
StolsieCommented:
I have no reasonable answer if I’m honest. we had a spate of it a couple years ago, after trying everything and reading all sorts that was the answer also the in the most rarest of cases the "netsh Winsock reset" worked by resetting the network card to default. Personally i think the problem was caused by a driver option sat in a "F12" build the builds have since been redone and the issue only once or twice in every 200 - 300 issues is it ever a problem.
The only thing I can thing I can think of is the domain on that network segment is not configured correctly or the active directory server is not set on the domain I kind of ruled that out though as it sounds like for the most part your stuff all works.
What are you using to distribute your DHCP scopes?
Sorry a light bulb just went off... is your ARPA set up for that range correctly?
0
mcivorfAuthor Commented:
Hi Zac and Stolsie,
well im not sure what the problem is exaclty but removed this PC from our group policies and hey presto its fine...
cantunderstand why...
ok found the culprit.....some genius configured

gpo \ computer settings\admin templates\network\network connectivity status\domain determination url

removed this and then NLA behaved correctly ... i presume this was missconfigured but not sure of its purpose as nowhere on this trip mentioned it.

thansk for your help guys and thanks stolsie for the pointer to group policies

in regards to your question about ARPA....how do I know...not sure what you mean? would like to make sure
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StolsieCommented:
Depending on what you are using for DNS you would possibly need to check your IP reverse tables (PTR/ARPA).
So anything looking to talk to your machine(s) via IP is able to do a reverse look up
Example
Machine-1.local.domain - 25.12.168.192.in-addr.arpa - 192.168.12.25

anywho i'm glad you got it sorted
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Glad to hear you got it resolved!
0
mcivorfAuthor Commented:
the other comments were defiantely helpfull but in this case actual problem was down to missconfiguration of a grouppolicy setting which I ofund and place in my comment for others to see
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.