locked
Network profile changes to None/Public/Identifying network randomly after GPO is applied RRS feed

  • Question

  • I'm having the most bizarre issue with like 9 machines in my network, all Windows 7 Ent x86. Basically, for some reason these 9 machines lose the Domain network profile once a day, randomly, and it's always after the GP is applied automatically.

    The thing is:

    • I got another couple of hundreds of machines under the same set of policies (confirmed with GPResult), and only 9 are affected, so a GP is not the issue.
    • 1 of the 9 affected machines is in another location with a different subnet, router, switch, ISP, different everything network-wise.
    • There are no local firewall rules (there was however a rule blocking inbound Explorer.exe connection for domain profiles only, but this can't cause any harm, the rule was deleted just in case though). 
    • Running GP update manually, or waiting for the automatic policy request does not reproduce the problem.
    • The issue can happen at any time and under any circumstance; whether the user is logged on or not, computer locked or not, etc.
    • When the issue happens, the network icon has a yellow exclamation sign and it is "Identifying network" until the next policy update.
    • On the Firewall service logs, I can see how the Network profile changes back and forth a few times, ending in Network Profile=None.
    • The computers are different models between HPs and Dells.
    • An IPConfig /renew or a computer restart fixes the issue, until next day when it happens again.

    I have set a scheduled task to renew the IP every morning, and provided a script for the user to manually kick of the task in case it happens anyway. But for the life of me I can't figure out what's causing this issue on 9 out of hundreds of computers, in different physical locations. I enabled GP debugging in the affected computers to look in detail what may be overlapping or triggering what should not be triggered (I lean towards a GP issue because the affected users are all part of the same group, user policy maybe? Not sure).

    Any ideas will be greatly appreciated, maybe I'm missing the obvious or you have experienced an issue like this, and want to share your experience :).

    Thanks ahead

     

    Miguel Angel Mojica IT Administrator Server Administrator MTA CCNA CCDA

    Saturday, February 20, 2016 5:14 AM

Answers

  • Hi,

     

    Based on your description, I found an article may relate to this problem, please refer to the link:

    A computer cannot identify the network when the computer is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2, and is a member of a child domain:

    https://support.microsoft.com/en-us/kb/980873

     

    Have you enabled the ”SSDP Discovery” service and set as Automatic? If not, please try it.

     

    The corrupted network driver may also cause the problem, please update the network driver and check the result.

     

    Best Regards,

    Tao


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by Tony_Tao Tuesday, August 2, 2016 7:02 AM
    Monday, February 22, 2016 11:33 AM
  • I found the issue. There are 2 GPOs that cause this issue where virtual adapters (from any hypervisor) are present. The GPOs are:

    • Turn on Mapper I/O (LLTDIO) driver: Disabled - Computer\Admin Templ\Network\Link-Layer Topology Discovery
    • Turn on Responder (RSPNDR) driver: Disabled - Computer\Admin Templ\Network\Link-Layer Topology Discovery

    After changing these settings back to "Not Configured" or to "Enabled for Domain networks only" the issue was gone. We determined that everyone who had a virtual NIC was affected in reality. Turns out that based on the network speed, the issue would be more or less noticeable. Users that were also affected, but are in fast/reliable networks just noticed slowness for a few seconds from time to time.

    What we are trying to determine now is what this setting does, and why it causes this issue. Based on the GPO's description, Not configured and Disabled should have the same behavior, but it clearly doesn't. We can't just ignore this setting, so we either need a workaround to make it work when Disabled, or a good explanation of why we can't do that.

    I'll post the final resolution as soon as I have it :)


    Miguel Angel Mojica IT Administrator Server Administrator MTA CCNA CCDA

    Friday, February 26, 2016 3:13 PM
  • To wrap up this thread: The MS ticket we opened was not helpful at all, a real shame. MS was not able to explain why would the network bounce with this set of settings, when the GP applies. Our solution was to "unbind" the LLTDIO and RSPNDR services from the virtual NICs of the computers that have VMWare or any other hypervisor installed; this resolved the bouncing issue and allow us to keep the GPO setting disabled to comply with our standards.

    There is a powershell cmdlet to do this, but it's only supported on Windows 8 and later. I was not able to script a method to do this on Windows 7 machines (tried everything, and the last reg key that could do this, is a LARGE hex value that I just can't mess with). We had to manually unbind the services.


    Miguel Angel Mojica IT Administrator Server Administrator MTA CCNA CCDA

    • Marked as answer by MiguelMojica Wednesday, March 16, 2016 2:08 PM
    Wednesday, March 16, 2016 2:07 PM

All replies

  • Hi,

     

    Based on your description, I found an article may relate to this problem, please refer to the link:

    A computer cannot identify the network when the computer is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2, and is a member of a child domain:

    https://support.microsoft.com/en-us/kb/980873

     

    Have you enabled the ”SSDP Discovery” service and set as Automatic? If not, please try it.

     

    The corrupted network driver may also cause the problem, please update the network driver and check the result.

     

    Best Regards,

    Tao


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by Tony_Tao Tuesday, August 2, 2016 7:02 AM
    Monday, February 22, 2016 11:33 AM
  • Thank you for your response Tao. The article you linked does not apply to my issue. SSDP Discovery is manual start, for our environment it can't be set to Automatic.

    Something to add to the case:

    These computers have VMware player installed. I RDP to a machine that was affected and disabled the virtual net adapters. The connection came right back up. Another machine got the virtual adapters disabled on Friday, and so far no issues have been logged. I believe this has to do with Group Policy hardening done last week, that may be messing with the NLA. In the meantime and to confirm the policy hardening is indeed causing issues, I moved a few computers to an OU with the old policy.

    I'll update as soon as I get a definitive answer. But any other ideas are greatly appreciated! :)


    Miguel Angel Mojica IT Administrator Server Administrator MTA CCNA CCDA

    Monday, February 22, 2016 7:35 PM
  • Also when these updates where applied where they done from each machine or from the admin console system wide

    maybe some of the machines didn't get updated when this happened DATA jams or DATA crashes

    its best to wait and update all machines when no one is at there stations

    you can also use a script for this as well where it does these tasks automatically

    Massive lans are still not prone to networked segmented data failures for what ever reasons

    check each station at there keyboards just to see if the updates where in fact applied  to all

    may time to replace cables



    • Edited by ErickySoft.Inc Monday, February 22, 2016 7:47 PM
    • Proposed as answer by Tony_Tao Friday, February 26, 2016 7:05 AM
    Monday, February 22, 2016 7:42 PM
  • Hi,

    We haven’t heard from you in a couple of days, have you solved the problem? We are looking forward to your good news.

    Best Regards,
    Tao


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, February 26, 2016 8:52 AM
  • I found the issue. There are 2 GPOs that cause this issue where virtual adapters (from any hypervisor) are present. The GPOs are:

    • Turn on Mapper I/O (LLTDIO) driver: Disabled - Computer\Admin Templ\Network\Link-Layer Topology Discovery
    • Turn on Responder (RSPNDR) driver: Disabled - Computer\Admin Templ\Network\Link-Layer Topology Discovery

    After changing these settings back to "Not Configured" or to "Enabled for Domain networks only" the issue was gone. We determined that everyone who had a virtual NIC was affected in reality. Turns out that based on the network speed, the issue would be more or less noticeable. Users that were also affected, but are in fast/reliable networks just noticed slowness for a few seconds from time to time.

    What we are trying to determine now is what this setting does, and why it causes this issue. Based on the GPO's description, Not configured and Disabled should have the same behavior, but it clearly doesn't. We can't just ignore this setting, so we either need a workaround to make it work when Disabled, or a good explanation of why we can't do that.

    I'll post the final resolution as soon as I have it :)


    Miguel Angel Mojica IT Administrator Server Administrator MTA CCNA CCDA

    Friday, February 26, 2016 3:13 PM
  • Thank you for sharing, we are looking forward to your good news.

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Sunday, February 28, 2016 7:11 AM
  • To wrap up this thread: The MS ticket we opened was not helpful at all, a real shame. MS was not able to explain why would the network bounce with this set of settings, when the GP applies. Our solution was to "unbind" the LLTDIO and RSPNDR services from the virtual NICs of the computers that have VMWare or any other hypervisor installed; this resolved the bouncing issue and allow us to keep the GPO setting disabled to comply with our standards.

    There is a powershell cmdlet to do this, but it's only supported on Windows 8 and later. I was not able to script a method to do this on Windows 7 machines (tried everything, and the last reg key that could do this, is a LARGE hex value that I just can't mess with). We had to manually unbind the services.


    Miguel Angel Mojica IT Administrator Server Administrator MTA CCNA CCDA

    • Marked as answer by MiguelMojica Wednesday, March 16, 2016 2:08 PM
    Wednesday, March 16, 2016 2:07 PM