Windows 7 network profile detected as public not domain
Hi,
I have a starnge issue....newly built Windows 7 pro PC's network profile is detetced as domain profile when first joined to domain but after reboot swtiches to public profile. This happens with both physical and virtual windows 7 OS's
I have tested usual two checks
1. dns suffix for this connection matches reg key “HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName”
2. the client is able to connect to our dns server. (telnet to port 389)
when I check into "manage or delete network locations" the domain profile is listed and type is managed but is not in use.
If i delete this profile and remove and readd the workstation to the domain the connection is given the a domain location profile but again losses it on reboot.
>our clients are DHCP
>we have our dns servers on one vlan and workstations on different vlans...( but have tried putting on a win 7 on server vlan too)
>our router which provides the gateway mac is vrrp(hsrp) but havent had a failover so mac for each vlan gateway is consistent but differnet to each other.
>we have windows 2008 r2 active directory domain
these are the first windows 7 images we are about to deploy in our network and have a deadline but wouldnt like to start of on wrong foot.
Hi Zac, thanks , sorry I have should have mentioned that I did try to apply this hotfix but it said it wasnt applicaple to my OS...the win7 OS' have had all update applied for windows update.
cheers
Fergus
Zacharia Kurian
Try disable all the windows firewall and try giving static IP instead of DHCP. Make sure to reboot the PC.
By the way make sure all your VLANs configured in your switches has a gate way assigned. Are the VLANs routed?
Chances are you built your machines on a cable once built and turned off you disconnected them from said cable and put the device in an OU in AD.
Turned on the device and now it’s a little confused, plug a cable back in and type "gpupdate /force" into cmd and is should be fine from then on.
Let me know if that don't work there are a few other commands you can try.
mcivorf
ASKER
Hi folks...just an update found this article https://support.microsoft.com/en-us/kb/938449/
which basically says network delay due to using no microsoft dhcp relay...we use a dhcp relay statement on our networking switches to direct the dhcp requests to a central DHCP server...I have followed the steps in it....but on try to install hotfix...say not applicable...
have tried the registry entries but still same problem
it is the most recent netwrok driver also so I dont think thast the issue....
yours...at a loss...fergus
mcivorf
ASKER
Hi Zac, yes all vlans have gateway and are routed...no firewallas enabled....I will try static and get back to you ...thanks
Hi Stolsie, thanks but no same cabling patching etc, same vlan, comes up when in OU as domain profile only first reboot drops its ident of net connection to domain.
Hi Zac, thanks I will have read of the article properly...and will test out. But to answer your other questions
yes DHCP poitns correctly, have assign dns statically and have added the primary DNS suffix too but with no effect
I havent updated the bios but this isnt localised to one model of PC and even effects virtual machines.
Hi Stolsie, I have tried the gpupdate /force with no effect, but from my understanding NLA uses two paramaeters, 1. the dns suffix matches the reg entry and 2 can contact the DNS. So I just wiondering why you think gpupdate would effect it as not OU related (according to Microsoft)...just asking becasue might give me some ides.
As far as I can see (logically) as the dns suffix to reg key match is easily verifiable.. it would seem to be the DNS connection. And most of the stuff I read is to do with latency on DNS resolution (wait for netwrok, Dialupdelay entry or portfast on switch etc.) The only error I get is in the resolution of our netbios domain name (pre 2000 name) which is different to our active directory domain name....
in NT days had domain name "MYDOMAIN" we upgrade form NT to 2003 to 2008R2 using "MYNEWDOMAIN.LOCAL" I do get some errors in eventlog saying cannot resolve domain name "MYDOMAIN". Now NLA doesnt use the old format....only the new so I dont know why this would be effecting it ...but I dont like errors...could this be related
mcivorf
ASKER
ok.....
removed pc from domain and restarted....
rejoined the domain...no restart yet....cleared eventvwr logs.....restarted....
logged in under domain user and Netwrok profile is "DOMAIN"....No bad log entries
restarted PC logged in under same user ....network profile noe "public"...still no bad log entries
???????? euf!
this isnt localised to one model of PC and even effects virtual machines
Have you checked the event logs in your DC?
Could you check if the NLA & RPC services are running and set to automatic in your PC.
Zac.
mcivorf
ASKER
hi,
nothing in DC logs.....NLA and RPC services are on auto...did try setting NLA to auto delayed but no effect so backl to just Auto.
I do agree it seems to be something off the box so to speak....like DNS or DHCP relay or something but why it works when you join the odmain first and then after first clean reboot..losses it....
im baffeled!
Stolsie
I have no reasonable answer if I’m honest. we had a spate of it a couple years ago, after trying everything and reading all sorts that was the answer also the in the most rarest of cases the "netsh Winsock reset" worked by resetting the network card to default. Personally i think the problem was caused by a driver option sat in a "F12" build the builds have since been redone and the issue only once or twice in every 200 - 300 issues is it ever a problem.
The only thing I can thing I can think of is the domain on that network segment is not configured correctly or the active directory server is not set on the domain I kind of ruled that out though as it sounds like for the most part your stuff all works.
What are you using to distribute your DHCP scopes?
Sorry a light bulb just went off... is your ARPA set up for that range correctly?
Depending on what you are using for DNS you would possibly need to check your IP reverse tables (PTR/ARPA).
So anything looking to talk to your machine(s) via IP is able to do a reverse look up
Example
Machine-1.local.domain - 25.12.168.192.in-addr.arpa - 192.168.12.25
anywho i'm glad you got it sorted
Zacharia Kurian
Glad to hear you got it resolved!
mcivorf
ASKER
the other comments were defiantely helpfull but in this case actual problem was down to missconfiguration of a grouppolicy setting which I ofund and place in my comment for others to see
https://support.microsoft.com/en-us/kb/2524478/
Zac.