DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 971198 - Last Review: May 11, 2009 - Revision: 1.0

Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

Symptom



When you logon or logoff from your domain with a newly built Windows Vista SP1 computer, you experience delays of about 5-10 minutes. This problem appears after you have joined the computer to an Active Directory domain.

Cause



This behavior occurs in, but is not limited to, the following scenario:



The newly built clients are being denied access to the forest root domain controllers by blocking port 389 (LDAP) on the firewall which prevents the Windows Vista computer to contact the root domain controller in order to set the following registry key to include a reference to your forest root domain (i.e. corp.contoso.com):



HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\NetworkList\Nla\Cache\IntranetForests

Resolution



To resolve this issue use one of the following methods:

 

Method 1

Open port 389 (LDAP) on the firewall(s) between the Windows Vista client and the forest root.

 

Method 2

Set the registry key manually. Export the IntranetForests key on a machine which could successfully do network discovery and import the key on the failing computer.

 

Method 3

If you have deployed the installation of the client using SMS, set the registry key in the deployment image accordingly.

More Information



A newly built client machine will try to contact the forest root once in its lifetime in order to populate the following key with the DNS domain name of your forest root domain:

HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\NetworkList\Nla\Cache\IntranetForests



Once you export the entire contents of

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla



from a machine that had successfully contacted the forest root via LDAP, and apply this to a failing rebuilt machine, then the PC should be able to consistently identify the network from that point onwards.



For more information please review the following Technet article which describes the group policy settings that use network determination:

Network Determination Behavior for Network-Related Group Policy Settings
http://technet.microsoft.com/en-us/library/bb878049.aspx (http://technet.microsoft.com/en-us/library/bb878049.aspx)



Section ' Group Policy Settings That Use Network Determination ' describes the following Computer Configuration Group Policy settings:



·          Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Sharing on your DNS domain network

·          Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network

·          Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit installation and configuration of NetworkBridge on your DNS domain network

·          Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\ Windows Firewall settings for Windows XP Service Pack 2 (SP2)



These settings use network determination to specify the behavior and configuration of network services.

DISCLAIMER

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.

APPLIES TO
  • Windows Vista Home Basic
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Ultimate
  • Microsoft Windows XP 64-Bit Edition Version 2003
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Service Pack 3
  • Microsoft Windows XP Tablet PC Edition 2005
  • Microsoft Windows XP Tablet PC Edition
Keywords: 
kbrapidpub kbnomt KB971198
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support