Announcement

Collapse
No announcement yet.

Windows 7 Firewall Profile does not stay connected to the domain.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 7 Firewall Profile does not stay connected to the domain.

    Good Morning All,

    I have a Windows 7 machine that is joined to the domain. I was troubleshooting a problem about email access initially because Outlook would not connect to our Exchange server.
    After checking the users machine I noticed that the Network and Sharing Center showed an exclamation and showed is was joined to domain.com 2 (unauthenticated).

    After some googling and reading I have done the following
    I rebooted the machine with no change.
    I did an ipconfig /release and renew to update the DNS records with no change.
    I removed the machine from the domain and then rejoined the machine to the domain with no change.
    I shut off the firewall for the domain profile and rebooted with no change.
    I removed all listed networks except the correct one and the domain in use with no change.
    I removed the machine from the domain again and then when I tried to add the machine to the domain, I kept getting an error that the machine would not find the domain. Then I specifically added the DNS records and I was able to join the machine to the domain that way. After checking Active Directory for the account I was not able to find the machine account any where even though the machine showed it was joined to the domain. I disjoined the machine from the domain which was successful even though there was no AD account.

    At this point I wiped and reloaded the machine.
    I joined the machine to the domain this time with no problems. I verified the machine account in AD.
    Initially the machine was showing the correct domain profile but after a reboot the machine went right back to domain.com 2 (unauthenticated) and I added the DNS suffix to LAN connection and then restarted the Network Location Awareness service which then showed the right domain. After I rebooted the machine for some updates it went right back to domain.com 2 (unauthenticated).
    I restarted the NLA service again and the machine went back to the correct profile.
    I put the machine back in place at the users desk and logged on as the user but the domain profile went to
    domain.com 3 (unauthenticated).
    I restarted the NLA service and the machine went back to the correct profile. I am still seeing the exclamation point and the profile shows no internet access even though I can browse the internet. I opened web pages the user would open so I know it is working.

    Has anyone else ever had a problem like this? I had 2 other machines with similar problems but restarting the NLA service worked with out a problem.

    Ed

  • #2
    What is this machine using for DNS?

    Comment


    • #3
      When I do an ipconfig /all the machine displays the correct internal primary and secondary DNS servers.

      Comment


      • #4
        Are you using Windows servers for DNS - is it AD integrated? How about DHCP?
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Yes I am using Windows Servers and they are Active Directory integrated DNS servers. We also use Windows Servers for DHCP. I was able to ping both Primary and Secondary Domain Controllers by IP address and by name and by FQDN from the machine.
          As of right now the domain that is showing is correct. I asked the end user to follow her normal routine and I will check with her in the morning. She typically shuts the machine down when leaving so if there are any issues she will let me know in the morning.
          One very weird issue that I am still seeing is the exclamation mark is still there and I get a message that says No Internet Access but when I get on the machine I can browse to all kinds of IT Websites that the end users would not even know about.

          A big Thank You for your help.

          Comment


          • #6
            It might be useful for you to compare ipconfig /all from the client and the DNS servers both when the domain is correct and when the domain name is flagged as unauthenticated.

            You might also want to check your switches - try moving the cable from the client to a different switch port, or, even better if it is within reach of a different switch try that. Were the other clients you had this issue with using the same switch?
            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment


            • #7
              I have not compared the configs but I certainly will. There were 3 users that are all in the same office and one end user at another building. That was why I didn't suspect a switch but I will check it.
              The end user did not reboot last night so I am going to reboot the machine tonight and see where it is at now.

              Comment


              • #8
                Are you using redirected or roaming profiles? When you wiped/rebuilt the machine, did you restore the existing user's settings?
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment

                Working...
                X