Thursday, October 10, 2013

Unidentified network problems

One of the most annoying thing is sitting with a problem you know that you have solved before but you do not remember the solution too anymore. That is just what I now have spent the last 2 hours doing.

I am sitting and testing out Windows Server 2012 R2 and DirectAccess feature, and suddenly my domain controller are not reachable from any other computers on the network. I only have one domain controller since I am using Microsoft Lab guide setup, so this means nothing works. All other server and computer can communicate. Some testing shows me that I can ping the server name but with IPv6 address only, no response on IPv4. Checking out the network settings shows that the «Network Location Awareness» service reports the network on the domain controller as an «unidentified network» and automatically sets it up with a «Public network» profile.


Well a domain controller cannot do much when it is on a public network profile. Therefore, I needed to fix this. Disabling and enabling the network card actually got the profile on the network card set to the “Domain Network” and the right domain name.


Problem solved?, nope. Rebooting my client computer, I still get the “Public network” profile. I restart the domain controller in case that there is something not started when domain profile are activated late in the process. However, the reboot sets it back to “Public network” profile, disabling and enabling fix it, but same problem on client computer (and all my servers).

It’s time to use the secret weapon, searching the internet. After a while of googling on Bing ;-), I find a nice article that talks about the problem here:

Sounds great and this actually solved the profile selection problem on the domain controller. However, this was actually just a symptom of the problem and not the problem itself. Still no communication with domain controller from the other computers.

Now it was time to fight dirty, turning of the firewall to see if that helps, no. Disabling IPv6, no. Then everything are pointing on IPv4 problem, and my tired old brain starts to remember when I last had this problem on a Windows server 2008 R2 domain controller. I need to reset the IPv4 protocol.

Before doing this, you should document your IP settings, so you can set it to the same after the reset.

We need to do this from a command prompt started with admin privileges, and a reboot.

netsh int ip reset

I had to set the right IP address after the reboot and now everything works fine again.

You might need a second command used after restarting but test it out first, I did not need it:
netsh reset winsock c:\mylogfiles\netshlog.txt

This problem might occur on other computers than the domain controller, seen it on both servers and clients, and the solution will be just about the same.

Windows Defender Advanced Threath Protection - Isolation and Investigaton packages

I have been playing around with the Windows Defender ATP and recorded a quick video showing the investigation package collection and isol...