Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

A computer cannot identify the network when the computer is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2, and is a member of a child domain

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 980873 - Last Review: March 22, 2010 - Revision: 2.0

A computer cannot identify the network when the computer is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2, and is a member of a child domain

View products that this article applies to.

On This Page

SYMPTOMS

You have a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2. When this computer is a member of a child domain, the computer cannot identify the network. This may cause the firewall on the computer to be set to the public profile.

Additionally, events that resemble the following are logged in the Applications event logs:

Source: Microsoft-Windows-NetworkProfile
Event ID: 4001
Task Category: Wait for Identification
Level: Information Keywords: (35184372088832)
User: LOCAL SERVICE
Computer: Computer name
Description:
Entered State: Identifying Network Interface Guid: {61287808-a4a5-4da5-8189-0e2a8de5d075}

Source: Microsoft-Windows-NetworkProfile
Event ID: 10000
Task Category: None
Level: Information
Keywords: (35184372088832)
User: LOCAL SERVICE
Computer: Computer name
Description: Network Connected
Name: Identifying...
Desc: Identifying...
Type: Unmanaged
State: Connected
Category: Public


Source: Microsoft-Windows-NlaSvc
Event ID: 4333
Task Category: DsGetDcName(RootDomainGuid)
Level: Error
Keywords: (4),(2)
User: NETWORK SERVICE
Computer: Computer name
Description:
DsGetDcName(DS_IS_DNS_NAME) for root domain GUID failed with error 0x54B


Note Error 0x54B indicates that the specified domain either does not exist or could not be contacted.
Back to the top

CAUSE

This issue occurs because the computer cannot connect to the primary domain controller (PDC) in the forest domain after the computer is joined to the child domain. The Network Location Awareness (NLA) service expects to be able to enumerate the domain’s forest name to choose the right network profile for the connection. The service does this by calling DsGetDcName on the forest root name and issuing an LDAP query on UDP port 389 to a root Domain Controller. The service expects to be able to connect to the PDC in the forest domain to populate the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\IntranetForests
If something hinders the DNS name resolution or the connection attempt to the DC, NLA is not able to set the appropriate network profile on the connection.

A similar issue is discussed in the Microsoft Knowledge Base article below:
971198  (http://kbalertz.com/Feedback.aspx?kbNumber=971198/ ) Logoff from Windows Vista computer takes 5-10 minutes if there is no LDAP connectivity to forest root domain
Back to the top

RESOLUTION

To resolve this issue, use one of the following methods.
Back to the top

Method 1

Configure the firewall devices not to block communications on UDP/TCP port 389. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
832017  (http://kbalertz.com/Feedback.aspx?kbNumber=832017/ ) Service overview and network port requirements for the Windows Server system
Back to the top

Method 2

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
  1. Configure one computer in the child domain to connect to the PDC from the root domain.
  2. Restart the computer. The computer should now be able to identify the network. Also, the profile on the firewall will be set to the domain profile.
  3. Export the following registry subkey as a file to a shared location in the domain:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\IntranetForests
  4. Import the registry subkey that you exported in step 3 to the other computers that cannot connect to the PDC from the domain forest.
  5. Restart the computer. The computer should now be able to identify the network and the profile on the firewall will be set to the domain profile.
Back to the top

Method 3

If it is sufficient to identify the network profile based on the child domain name, then mitigating the time taken by NLA during its aggressive retries might be the right approach.

To deploy a registry setting that changes the retry count used by NLA, follow these steps:
  1. Create a new registry key that matches the forest root domain under the path:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\
  2. In the newly created registry key for the name of the forest root domain, add the two registry values below:
    • Failures REG_DWORD with a value of 1
    • Successes REG_DWORD with a value of 0
    This will cause NLA to go to its lowest retry count and should result in identification lasting for just a couple of minutes.
Back to the top
APPLIES TO
  • Windows 7 Enterprise
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Ultimate
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
Back to the top
Keywords: 
kbtshoot kbexpertiseinter kbsurveynew kbprb KB980873
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting