Network Connection on Domain changes to Public and adds a 2 at the end (exampledomain.local 2)
Hello. We have been having this problem for about 3 weeks now on about 20 machines. Random Windows 7 machines when
on the domain, change their active network to a "Public Network" and for the name, adds a 2 at the end. When this happens, they cant get to any internal network resources obviously. The only way we can fix it is be removing the machine
from the domain and readding it a different names. We found patch KB2524478 http://support.microsoft.com/kb/2524478 but still have the same issue. Internet access does work and pinging
internal resources by IP does work. All DHCP information it gets is correct. This is happening in multiple sites. I have done the following:
Ran all MS updatesHard set IPUpdated all driversReset TCP/IP: netsh int ip reset c:\resetlog.txtReset WINSOCK entries to installation defaults: netsh winsock reset catalogReset IPv4 TCP/IP stack to installation defaults: netsh int ipv4 reset reset.logReset IPv6 TCP/IP stack to installation defaults: netsh int ipv6 reset reset.logReboot the machine
Does anyone have any ideas?
Example machine: *Windows 7 X64 with SP1 and all updates applied
March 21st, 2012 1:43pm
Hi,
The issue seems to be a Secure Channel Broken when the client fails to connect to the Domain to perform some pivotal transactions such as the machine password change. After that the previous exampledomain.local is regarded as a non-existing domain and the
the network becomes a "Public" non-domain connection with the Internet access. Per my knowledge, whether the network is "Domain" or not is controlled via the "Network Location Awareness" Service and it is not able to manually force it to be "Domain".
What error message is displayed when accessing the internal resources? Cannot find the host, an user credential prompt or it just hangs?
On the other hand, if the Secure Channel is not the cause, I would like to provide you with a troubleshooting test that we set the Windows Firewall off since the rules of the Public profile is somewhat stricter than that of the Domain profile. To disable
the Windows Firewall rules of all the profiles, use the command "netsh advfirewall set allprofiles state off".
Best regards,
Steven Xiao
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2012 4:49am
Hi,
Does my suggestion make sense to the issue in your environment? Please feel free to let me know if there is any update regarding the problem.
Best regards,
Steven XiaoPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
March 26th, 2012 11:30am
Hi,
if it is possible i would like to participate in this case, since we have the same problem on some very small amount of machines.
So at the moment i have no machine to test with, but the next one i discover i could provide for
@Steven: Maybe you could provide testings steps now so we can test by ourselfs, the next time this happens.
greetings from germany
Paddy
Free Windows Admin Tool Kit Click here and download it now
March 27th, 2012 10:32am
Hi Paddy,
Once the same issue recurs, you can gather an MPS Report which generate basic system information on the problematic machine, and then have a look at the netdiag.txt to see if there is any "Secure Channel Test" related error reported.
To do this:
a. Download the MPS report tool from the link below.
http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0
b. Run it as administrator and select the options below:
General
Internet and networking
Business networks
Server components
c. Check the servernam_netdiag.txt under the results\Internet and Networking subfolder.
The MPS Reporting Tool is utilized to gather detailed information regarding a systems current configuration. The reporting tool DOES NOT make any registry changes or modifications to the operating system.
System Requirements
Supported Operating Systems: Windows 7; Windows Server 2003; Windows Server 2003 x64 editions; Windows Server 2008; Windows Server 2008 R2; Windows Vista; Windows XP; Windows XP 64-bit
Requires Microsoft .NET Framework 2.0 or higher
Requires Microsoft Core XML Services (MSXML) 6.0
Requires Windows Installer 3.1
Microsoft Product Support Reports requires Windows Powershell 1.0 or higher
Best regards,
Steven Xiao
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
March 28th, 2012 3:16am
Oddly, this hasnt reoccurred again since this post. This was mostly happening during a windows 7 rollout/laptop refresh. I do know that all the sites that we saw
this problem at so far have had windows 2008 R2 DC/DNS/DHCP servers. The rollouts to sites with 2003 DC/DNS/DHCP servers appear to not have had the problem. That being said, as I stated, it hasnt re-occurred but if/when it does, I will post
back the information requested. Thanks
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2012 11:36am
Hi Steven,
i just got one machine which had the same error and executet the MPS Tools.
In the NetDiag logfile i found this section
Trust relationship test. . . . . . : Failed
Test to ensure DomainSid of domain 'DomainName' is correct.
[FATAL] Secure channel to domain 'DomainName' is broken. [ERROR_ACCESS_DENIED]
Is this the issue you thought off?
How can i go on in investigating?
thx for your reply
c ya
Paddy
April 30th, 2012 10:27am