none
Network Connection on Domain changes to Public and adds a 2 at the end (exampledomain.local 2)

    Question

  • Hello.  We have been having this problem for about 3 weeks now on about 20 machines.  Random Windows 7 machines when on the domain, change their active network to a "Public Network" and for the name, adds a 2 at the end.  When this happens, they cant get to any internal network resources obviously.  The only way we can fix it is be removing the machine from the domain and readding it a different names. We found patch KB2524478 http://support.microsoft.com/kb/2524478 but still have the same issue.  Internet access does work and pinging internal resources by IP does work.  All DHCP information it gets is correct.  This is happening in multiple sites.  I have done the following:

    • Ran all MS updates
    • Hard set IP
    • Updated all drivers
    • Reset TCP/IP: netsh int ip reset c:\resetlog.txt
    • Reset WINSOCK entries to installation defaults: netsh winsock reset catalog
    • Reset IPv4 TCP/IP stack to installation defaults: netsh int ipv4 reset reset.log
    • Reset IPv6 TCP/IP stack to installation defaults: netsh int ipv6 reset reset.log
    • Reboot the machine

    Does anyone have any ideas?  

    Example machine:  *Windows 7 X64 with SP1 and all updates applied

    


    • Edited by w00tm3 Wednesday, March 21, 2012 5:44 PM Formatting
    Wednesday, March 21, 2012 5:43 PM

Answers

  •  

    Oddly, this hasn’t reoccurred again since this post.  This was mostly happening during a windows 7 rollout/laptop refresh.  I do know that all the sites that we saw this problem at so far have had windows 2008 R2 DC/DNS/DHCP servers.  The rollouts to sites with 2003 DC/DNS/DHCP servers appear to not have had the problem.  That being said, as I stated, it hasn’t re-occurred but if/when it does, I will post back the information requested.  Thanks


    • Edited by w00tm3 Wednesday, March 28, 2012 4:38 PM clarification
    • Marked as answer by Niki HanModerator Wednesday, April 04, 2012 2:37 AM
    Wednesday, March 28, 2012 3:36 PM

All replies

  • Hi,

    The issue seems to be a Secure Channel Broken when the client fails to connect to the Domain to perform some pivotal transactions such as the machine password change. After that the previous exampledomain.local is regarded as a non-existing domain and the the network becomes a "Public" non-domain connection with the Internet access. Per my knowledge, whether the network is "Domain" or not is controlled via the "Network Location Awareness" Service and it is not able to manually force it to be "Domain".

    What error message is displayed when accessing the internal resources? Cannot find the host, an user credential prompt or it just hangs? 

    On the other hand, if the Secure Channel is not the cause, I would like to provide you with a troubleshooting test that we set the Windows Firewall off since the rules of the Public profile is somewhat stricter than that of the Domain profile. To disable the Windows Firewall rules of all the profiles, use the  command "netsh advfirewall set allprofiles state off".

    Best regards,

    Steven Xiao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, March 23, 2012 8:49 AM
  • Hi,

    Does my suggestion make sense to the issue in your environment? Please feel free to let me know if there is any update regarding the problem.

    Best regards,

    Steven Xiao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, March 26, 2012 3:30 PM
  • Hi,

    if it is possible i would like to participate in this case, since we have the same problem on some very small amount of machines.

    So at the moment i have no machine to test with, but the next one i discover i could provide for

    @Steven: Maybe you could provide testings steps now so we can test by ourselfs, the next time this happens.

     

    greetings from germany

    Paddy

    Tuesday, March 27, 2012 2:32 PM
  • Hi Paddy,

    Once the same issue recurs, you can gather an MPS Report which generate basic system information on the problematic machine, and then have a look at the netdiag.txt to see if there is any "Secure Channel Test" related error reported.
    To do this:
    a. Download the MPS report tool from the link below.
    http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0
    b. Run it as administrator and select the options below:   
     • General
     • Internet and networking
     • Business networks
     • Server components
    c. Check the servernam_netdiag.txt under the results\Internet and Networking subfolder.

    The MPS Reporting Tool is utilized to gather detailed information regarding a systems current configuration. The reporting tool DOES NOT make any registry changes or modifications to the operating system.

    System Requirements
    • Supported Operating Systems: Windows 7; Windows Server 2003; Windows Server 2003 x64 editions; Windows Server 2008; Windows Server 2008 R2; Windows Vista; Windows XP; Windows XP 64-bit
    • Requires Microsoft .NET Framework 2.0 or higher
    • Requires Microsoft Core XML Services (MSXML) 6.0
    • Requires Windows Installer 3.1
    • Microsoft Product Support Reports requires Windows Powershell 1.0 or higher

    Best regards,
    Steven Xiao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, March 28, 2012 7:16 AM
  •  

    Oddly, this hasn’t reoccurred again since this post.  This was mostly happening during a windows 7 rollout/laptop refresh.  I do know that all the sites that we saw this problem at so far have had windows 2008 R2 DC/DNS/DHCP servers.  The rollouts to sites with 2003 DC/DNS/DHCP servers appear to not have had the problem.  That being said, as I stated, it hasn’t re-occurred but if/when it does, I will post back the information requested.  Thanks


    • Edited by w00tm3 Wednesday, March 28, 2012 4:38 PM clarification
    • Marked as answer by Niki HanModerator Wednesday, April 04, 2012 2:37 AM
    Wednesday, March 28, 2012 3:36 PM
  • Hi Steven,

    i just got one machine which had the same error and executet the MPS Tools.

    In the NetDiag logfile i found this section

    Trust relationship test. . . . . . : Failed
        Test to ensure DomainSid of domain 'DomainName' is correct.
        [FATAL] Secure channel to domain 'DomainName' is broken. [ERROR_ACCESS_DENIED]

    Is this the issue you thought off?

    How can i go on in investigating?

    thx for your reply

    c ya

    Paddy

    Monday, April 30, 2012 2:27 PM