Re: Windows firewall spontaneously changes profiles
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/28/05
- Previous message: David Beder [MSFT]: "Re: Windows firewall spontaneously changes profiles"
- In reply to: David Carlin: "Re: Windows firewall spontaneously changes profiles"
- Next in thread: David Beder [MSFT]: "Re: Windows firewall spontaneously changes profiles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jun 2005 02:20:07 -0500
If you want to get your Active Directory and Group Policy to work correctly
and consistently you will have to get dns configured correctly for the
domain. If you run netdiag on the domain computers and netdiag and dcdiag on
the domain controllers I bet you will find problems. Your best bet would be
to have your domain controllers be dns servers for your Active Directory
domain. If that is not possible because of business or political reasons
there are ways to use versions of BIND with Active Directory that will
accomadate dynamic dns registration and service dns records though I have
never done such myself. In the mean time you could configure your standard
and domain profiles for Windows Firewall to be the same assuming that does
not cause some sort of problem worse than what you have right now. The
links below may help as they describe using AD and BIND. --- Steve
http://www.avidware.net/Linux/Windows-2003-linux-dns-server.asp
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/0fe0c60c-ab2a-415d-acc1-09c38860b018.mspx
http://support.microsoft.com/servicedesks/webcasts/en/wc022602/wct022602.asp
"David Carlin" <dcarlin3@yahoo.com> wrote in message
news:%232yqwK5eFHA.2844@TK2MSFTNGP14.phx.gbl...
> Steven,
>
> Thanks for the reply. All of my machines also show this DNS warning
> periodically, but not at the same time as the firewall profile change. I
> assumed I couldn't register with DNS because the DNS servers on campus are
> all unix machines running BIND. The DNS servers trying to be updated are
> simply what DHCP hands out..
>
> I'll have to ask the active directory admins about this.
>
> Event Type: Warning
> Event Source: DnsApi
> Event Category: None
> Event ID: 11167
> User: N/A
> Computer: COMPUTER
> Description:
> The system failed to register host (A) resource records (RRs) for network
> adapter
> with settings:
>
> Adapter Name : {12889760-55AA-414A-BF8D-5BFCC475E78B}
> Host Name : computer
> Primary Domain Suffix : domain.edu
> DNS server list :
> X.X.X.X, X.X.X.X, X.X.X.X
> Sent update to server : X.X.X.X
> IP Address(es) :
> X.X.X.X
>
> The reason the system could not register these RRs during the update
> request was because of a system problem. You can manually retry DNS
> registration of the network adapter and its settings by typing "ipconfig
> /registerdns" at the command prompt. If problems still persist, contact
> your DNS server or network systems administrator. For specific error code,
> see the record data displayed below.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 29 23 00 00 )#..
>
>
> Steven L Umbach wrote:
>> My guess is that this happens when a domain controller is not detected by
>> the computer and the user may be logging on with cached credentials - at
>> least initially. Check and see if the Event ID 860 is being recorded at
>> or close to the time of computer startup. You can also use the support
>> tool gpresult on a computer to see the last time that a computer had
>> Group Policy applied. It should show that Group Policy was applied at the
>> time of startup. The support tool netdiag can be used to check for
>> network connectivity, dns name resolution, dc discovery, and trust/secure
>> channel. I would run netdiag on your domain controllers and domain
>> computers. Dns problems can often cause inconsistent application of Group
>> Policy. --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 ---
>> Active Directory dns FAQ.
>>
>>
>> "David Carlin" <dcarlin3@yahoo.com> wrote in message
>> news:ucBYhn0eFHA.2740@TK2MSFTNGP10.phx.gbl...
>>
>>>I'm having a problem where both XP SP2 and Server 2003 SP1 machines
>>>spontaneously change firewall profiles every couple weeks. The event log
>>>entry is this:
>>>
>>>Event Type: Success Audit
>>>Event Source: Security
>>>Event Category: Policy Change
>>>Event ID: 860
>>>User: NT AUTHORITY\SYSTEM
>>>Computer: COMPUTERNAME
>>>Description:
>>>The Windows Firewall has switched the active policy profile.
>>>Active profile: Standard
>>>
>>>The issue being, the standard profile is stock. None of my exceptions
>>>are listed and file sharing, network backups, antivirus updates, etc..
>>>are disrupted.
>>>
>>>Why is windows switching profiles? What criteria does it use to suddenly
>>>decide not to use the domain profile? I'd hate to think a momentary
>>>network blip could cause something unpredictable like this.
>>>
>>>Ideally, is there a way I can can have the domain profile always in use?
>>>Do I have to maintain both a Standard and Domain profile with identical
>>>settings?
>>>
>>>Thank You,
>>>
>>> -David Carlin
>>
>>
- Previous message: David Beder [MSFT]: "Re: Windows firewall spontaneously changes profiles"
- In reply to: David Carlin: "Re: Windows firewall spontaneously changes profiles"
- Next in thread: David Beder [MSFT]: "Re: Windows firewall spontaneously changes profiles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
