Re: Windows firewall spontaneously changes profiles

From: David Carlin (dcarlin3_at_yahoo.com)
Date: 06/28/05 

Date: Mon, 27 Jun 2005 23:37:19 -0400

Steven,

Thanks for the reply. All of my machines also show this DNS warning
periodically, but not at the same time as the firewall profile change.
I assumed I couldn't register with DNS because the DNS servers on campus
are all unix machines running BIND. The DNS servers trying to be
updated are simply what DHCP hands out..

I'll have to ask the active directory admins about this.

Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11167
User: N/A
Computer: COMPUTER
Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:

    Adapter Name : {12889760-55AA-414A-BF8D-5BFCC475E78B}
    Host Name : computer
    Primary Domain Suffix : domain.edu
    DNS server list :
              X.X.X.X, X.X.X.X, X.X.X.X
    Sent update to server : X.X.X.X
    IP Address(es) :
      X.X.X.X

  The reason the system could not register these RRs during the update
request was because of a system problem. You can manually retry DNS
registration of the network adapter and its settings by typing "ipconfig
/registerdns" at the command prompt. If problems still persist, contact
your DNS server or network systems administrator. For specific error
code, see the record data displayed below.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 29 23 00 00 )#..

Steven L Umbach wrote:
> My guess is that this happens when a domain controller is not detected by
> the computer and the user may be logging on with cached credentials - at
> least initially. Check and see if the Event ID 860 is being recorded at or
> close to the time of computer startup. You can also use the support tool
> gpresult on a computer to see the last time that a computer had Group Policy
> applied. It should show that Group Policy was applied at the time of
> startup. The support tool netdiag can be used to check for network
> connectivity, dns name resolution, dc discovery, and trust/secure channel. I
> would run netdiag on your domain controllers and domain computers. Dns
> problems can often cause inconsistent application of Group Policy. ---
> Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 ---
> Active Directory dns FAQ.
>
>
> "David Carlin" <dcarlin3@yahoo.com> wrote in message
> news:ucBYhn0eFHA.2740@TK2MSFTNGP10.phx.gbl...
>
>>I'm having a problem where both XP SP2 and Server 2003 SP1 machines
>>spontaneously change firewall profiles every couple weeks. The event log
>>entry is this:
>>
>>Event Type: Success Audit
>>Event Source: Security
>>Event Category: Policy Change
>>Event ID: 860
>>User: NT AUTHORITY\SYSTEM
>>Computer: COMPUTERNAME
>>Description:
>>The Windows Firewall has switched the active policy profile.
>>Active profile: Standard
>>
>>The issue being, the standard profile is stock. None of my exceptions are
>>listed and file sharing, network backups, antivirus updates, etc.. are
>>disrupted.
>>
>>Why is windows switching profiles? What criteria does it use to suddenly
>>decide not to use the domain profile? I'd hate to think a momentary
>>network blip could cause something unpredictable like this.
>>
>>Ideally, is there a way I can can have the domain profile always in use?
>>Do I have to maintain both a Standard and Domain profile with identical
>>settings?
>>
>>Thank You,
>>
>> -David Carlin
>
>
>

Relevant Pages

  • Re: Windows cannot find the network path error message in GPMC
    ... Preferred DNS server. ... bar of the Network Connections window, ... sure you have Forwarders to your ISP DNS servers Enabled. ... preventing access to this computer from the Internet" is Not checked on this ...
    (microsoft.public.windows.group_policy)
  • Re: User GPO doesnt replicate on one of my workstations
    ... client computers* ... all computers on the network must use the DNS servers for the ... sure that the IP addresses for the preferred and alternate DNS servers are ...
    (microsoft.public.windows.group_policy)
  • Re: DNS poisoning or ??
    ... Knowing that the suspected IP address is on the Internap network, if you issue an nslookup against one of the Internap DNS servers for information regarding your domain, you will notice that the Internap DNS server is handing out false/misleading information for mail.greenborder.com when #1) they don't own the domain in question, and #2) such DNS record does not exist for the domain in question. ... Interestingly enough, if you lookup the same record against the primary DNS servers listed when you issue a $ whois 216.52.7.214, the DNS ... So the issue at hand is being propagated by the other DNS servers listed above NS-A through NS-D.PNAP.NET (on the 64.95.x.x network). ...
    (Security-Basics)
  • Re: FQDN
    ... These servers would be on the network and not accessible until the network is up and running. ... It may also be useful for naming systems on a small local network (I have 3 systems on my local lan, too few to warrant the overhead and knowledge requirement to set up a local DNS server), and to provide basic name services for times with the DNS servers are not available, due to network issues or system crashes. ... You tell your system how you want it to use the various name service providers (hosts file, DNS, others) using the /etc/nsswitch.conf file. ...
    (Debian-User)
  • Re: DNS performance
    ... >response time from my DNS servers typically 5000 ms against a threshold of ... >I know the built in performance momnitor has many counters relating to DNS ... Your starting point is to look at the fab-4: CPU utilisation, ... Memory usage and network I/O. ...
    (microsoft.public.windows.server.dns)