RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
When you logon or logoff from your domain with a newly built Windows Vista SP1 computer, you experience delays of about 5-10 minutes. This problem appears after you have joined the computer to an Active Directory domain.
This behavior occurs in, but is not limited to, the following scenario:
The newly built clients are being denied access to the forest root domain controllers by blocking port 389 (LDAP) on the firewall which prevents the Windows Vista computer to contact the root domain controller in order to set the following registry key to include a reference to your forest root domain (i.e. corp.contoso.com):
To resolve this issue use one of the following methods:
Open port 389 (LDAP) on the firewall(s) between the Windows Vista client and the forest root.
Set the registry key manually. Export the IntranetForests key on a machine which could successfully do network discovery and import the key on the failing computer.
If you have deployed the installation of the client using SMS, set the registry key in the deployment image accordingly.
A newly built client machine will try to contact the forest root once in its lifetime in order to populate the following key with the DNS domain name of your forest root domain:
Once you export the entire contents of
from a machine that had successfully contacted the forest root via LDAP, and apply this to a failing rebuilt machine, then the PC should be able to consistently identify the network from that point onwards.
For more information please review the following Technet article which describes the group policy settings that use network determination:
Network Determination Behavior for Network-Related Group Policy Settingshttp://technet.microsoft.com/en-us/library/bb878049.aspx
Section ' Group Policy Settings That Use Network Determination ' describes the following Computer Configuration Group Policy settings:
· Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Sharing on your DNS domain network
· Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network
· Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit installation and configuration of NetworkBridge on your DNS domain network
· Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\ Windows Firewall settings for Windows XP Service Pack 2 (SP2)
These settings use network determination to specify the behavior and configuration of network services.
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.