Kip Lost
asked on
DC boots with Public Network profile active
Hello,
I really need some input on this frustrating issue which began when trying to uninstall an obsolete version of ESET File Security from our only server which is a SBS 2011 Standard server and is our domain controller, DHCP and DNS server. This server has 1 NIC.
When uninstalling this old 4.* version of this virusscanner it hung at "Uninstalling Drivers" and I decided to reboot the server at this point, because the installation wizard couldn't be canceled/closed. After booting it was clear that ESET File security wasn't fully removed, because the wizard didn't finish and portions of the scanner were still loaded.
According to this http://support.eset.com/kb2289/#Win_7 ESET KB article I had to use their Uninstaller tool to completely remove everything. I didn't use the /reinst switch. After running this and rebooting the server I started noticing issues with several services which didn't want to start anymore and ended in a time-out. (like SQL, Sharepoint etc.) So after waiting a long time for the "Applying computer settings" to finish I am able to logon. After logging on "Please wait for the User Profile Service" is taking a minute or more which normally never was the case.
I then found out that this waiting for the User Profile Service is happening because Network and Sharing Center states that the server is in a public network instead of being in a domain network. So at this point when I logoff and logon again it takes a long time. When I then disable en then re-enable the NIC then it correctly identifies itself of being in a domain network. Logging of and on again goes quickly then and everything works normal.
After every reboot the server sees itself in a Public Network again, so I have to tackle this issue..
I think I know where to start looking, because in the DNS logs I see the following occur after every boot since all this happened:
- Event ID 4000: the DNS server can't open de Active Directory
- Event ID 4007: the DNS server was unable to open zone [NAME] in the Active Directory from the application directory partition [NAME]
>> So when I disable the NIC and re-enable it everything works fine and if I then restart the DNS service I get in DNS log Event ID 4: The DNS server has finished the background loading of zones. All zones are now available for DNS updates and zone transfers, as allowed by their individual zone configuration.
I tried removing the NIC from device manager and then re-install it to no avail with same network settings on NIC as they always were (DNS address is own IP).
How to make this server startup with DOMAIN network instead of PUBLIC network activated? Probably have to find out first why AD DS takes a long time to start in the first place I guess, because DNS server can't access it and without DNS it can't be detected as a DOMAIN machine. Does anyone have advice on how I can best do this?
I really need some input on this frustrating issue which began when trying to uninstall an obsolete version of ESET File Security from our only server which is a SBS 2011 Standard server and is our domain controller, DHCP and DNS server. This server has 1 NIC.
When uninstalling this old 4.* version of this virusscanner it hung at "Uninstalling Drivers" and I decided to reboot the server at this point, because the installation wizard couldn't be canceled/closed. After booting it was clear that ESET File security wasn't fully removed, because the wizard didn't finish and portions of the scanner were still loaded.
According to this http://support.eset.com/kb2289/#Win_7 ESET KB article I had to use their Uninstaller tool to completely remove everything. I didn't use the /reinst switch. After running this and rebooting the server I started noticing issues with several services which didn't want to start anymore and ended in a time-out. (like SQL, Sharepoint etc.) So after waiting a long time for the "Applying computer settings" to finish I am able to logon. After logging on "Please wait for the User Profile Service" is taking a minute or more which normally never was the case.
I then found out that this waiting for the User Profile Service is happening because Network and Sharing Center states that the server is in a public network instead of being in a domain network. So at this point when I logoff and logon again it takes a long time. When I then disable en then re-enable the NIC then it correctly identifies itself of being in a domain network. Logging of and on again goes quickly then and everything works normal.
After every reboot the server sees itself in a Public Network again, so I have to tackle this issue..
I think I know where to start looking, because in the DNS logs I see the following occur after every boot since all this happened:
- Event ID 4000: the DNS server can't open de Active Directory
- Event ID 4007: the DNS server was unable to open zone [NAME] in the Active Directory from the application directory partition [NAME]
>> So when I disable the NIC and re-enable it everything works fine and if I then restart the DNS service I get in DNS log Event ID 4: The DNS server has finished the background loading of zones. All zones are now available for DNS updates and zone transfers, as allowed by their individual zone configuration.
I tried removing the NIC from device manager and then re-install it to no avail with same network settings on NIC as they always were (DNS address is own IP).
How to make this server startup with DOMAIN network instead of PUBLIC network activated? Probably have to find out first why AD DS takes a long time to start in the first place I guess, because DNS server can't access it and without DNS it can't be detected as a DOMAIN machine. Does anyone have advice on how I can best do this?
masnrock
Did you follow the instructions involving the NIC configuration? You could also try rebooting or clearing out Winsock and TCP/IP stack, then setting up the config again.
ASKER
I did follow these instructions:
1. I exported settings before running the tool >> netsh -c interface dump > c:\NetworkSettings.txt
2. After I noticed issues I re-installed NIC and used >> netsh -f C:\NetworkSettings.txt
I tried rebooting numerous times to no avail (every boot same thing happens; see my first post)
So I should try following commands, then reboot and set correct IP, subnetmask, gateway and DNS addresses in NIC again? Is this safe? Or is there more to it?
- netsh winsock reset catalog
- netsh int ip reset reset.log
1. I exported settings before running the tool >> netsh -c interface dump > c:\NetworkSettings.txt
2. After I noticed issues I re-installed NIC and used >> netsh -f C:\NetworkSettings.txt
I tried rebooting numerous times to no avail (every boot same thing happens; see my first post)
So I should try following commands, then reboot and set correct IP, subnetmask, gateway and DNS addresses in NIC again? Is this safe? Or is there more to it?
- netsh winsock reset catalog
- netsh int ip reset reset.log
No, that's it. There shouldn't be any issues.
ASKER
Just one more question about this; from what I read on the internet >> can't I get in trouble with installed LSP's?
The probability is actually pretty low. On rare occasion, you might have to do a repair on software that was already installed.
ASKER
Thank you, I will try this tomorrow.
I also noticed that the NetworkName value at the following location is empty:
HKEY_LOCAL_MACHINE\SOFTWAR
Can that have something to do with it?
I also noticed that the NetworkName value at the following location is empty:
HKEY_LOCAL_MACHINE\SOFTWAR
Can that have something to do with it?
You can also look at the Network Location Awareness service, and try setting it to Automatic. That might help.
ASKER
This service is set to 'Automatic' and it doesn't help if I change it to 'Delayed Start'.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's strange, but at least it's fixed. The newer versions of ESET are far better for servers. The old versions caused a number of headaches at uninstall, but I hadn't seen something like that happen before.
ASKER
Deleting this registry entry solved my issue
ASKER
Now this is solved I try to deal with the following issue which arose after all this...
After every boot the following happens: see screenshot below (DNS log): the DNS server waits for AD DS, but it takes to long and errors are logged. Eventually after a minute or so DNS is started automatically. This causes issues with other services failing to start and never happened before..
After every boot the following happens: see screenshot below (DNS log): the DNS server waits for AD DS, but it takes to long and errors are logged. Eventually after a minute or so DNS is started automatically. This causes issues with other services failing to start and never happened before..
ASKER
No one have a clue? Thanks (8
ASKER
In the meantime I have done the following: took a full Acronis image of this server and deployed this on a different physical test-machine. Guess what: with every boot no errors regarding DNS anymore! Specs of this machine: 20GB RAM / Intel i5-6500: 2 vCPU's in VM / single traditional desktop SATA harddisk / motherboard: Gigabyte GA-B150M-D3H.
Ofcourse with same network settings. I also took a full Terminal Server Acronis image from the environment and deployed that on the same XenServer pool to test wether everything is loading and functioning and it does. Like AD, DNS, SQL, printing, ERA, network shares, etc. is working properly...
Maybe this info gives a better idea of where to look..
Ofcourse with same network settings. I also took a full Terminal Server Acronis image from the environment and deployed that on the same XenServer pool to test wether everything is loading and functioning and it does. Like AD, DNS, SQL, printing, ERA, network shares, etc. is working properly...
Maybe this info gives a better idea of where to look..
ASKER
No one have a clue after all my testing?
ASKER
Can I try changing the server VM (SBS2011) MAC address without running in issues?
ASKER
Does anyone know above...?