Try to run GPResult on one of the ones that is not working.
From: Stephen Wimberly [mailto:[email protected]] Sent: March-19-09 7:50 AM To: Active Directory Admin Issues Subject: Re: Re: Windows Firewall is using your non-domain settings... On a Domain Controller??? I'm still trying to verify that the few policies we have as original 'default' policies were not altered. (verify _everything_) Where I don't believe the Default policies have been altered, I'm not "the only cook in the kitchen" and I'm having a hard time finding a document that spells out the original settings. I may have to set up a new domain on an old server and see what happens! ;) I've never applied policies to the domain controllers via GPO, we are really just starting to think about doing that. So the only GPO objects the domain controllers get are: Default Domain Policy (_shouldn't_ be altered from original install) Default Domain Controllers Policy (_shouldn't_ be altered from original install) Our WSUS policy which points them to our WSUS server and sets the WSUS group) That's it, fairly straightforward. We try to run a fairly standard MS shop in case we ever need their help on something. I don't see anything in these policies that would have any affect on the network location awareness. I should mention we are a single forest single domain environment. (Keep It Simple S...) Thanks again! -Stephen On Wed, Mar 18, 2009 at 12:57 PM, Terry Jezewski <[email protected]> wrote: Hmm mm.. I'd check the gpo on the sites and also the dc container first. Let me think further on this. Got to love campus networks Terry _____ From: riversidekid Sent: 03/18/2009 04:51 PM GMT To: Terry Jezewski Subject: Re: Re: Windows Firewall is using your non-domain settings... On a Domain Controller??? The sites are logically separated with firewalls, not physically separated by any great distance. All six domain controllers are located in two buildings only a few hundred yards from each other and connected via a robust network. All are behind corporate firewalls, BUT as an educational environment we have a great deal of non-desirable network traffic within the corporate firewall. We use the Windows Firewall to open ports to our systems in order to block the unknown traffic. The domain controllers sync over IPSEC. In our secure area the Windows Firewall is off, but in two other network segments the windows firewall has come in helpful at times, so I need to leave it on but I just don't get why it's listed as Non-Domain settings. On Mar 18, 2009 12:38pm, Terry Jezewski <[email protected]> wrote: > > One of our new clients had this issue and since their sites are behind Sonic WALL firewalls, we turned off the WFW. Are your sites connected via VPN or point to point? > > From: Stephen Wimberly [[email protected]] > Sent: 03/18/2009 12:00 PM AST > To: "Active Directory Admin Issues" [email protected]> > Subject: Windows Firewall is using your non-domain settings... On a Domain Controller??? > > > I have six domain controllers, two in each of three AD sites. Two are Windows Server 2008 and four are Windows Server 2003 R2. > > My 2003 DCs are all displaying "Windows Firewall is using your non-domain settings" and I would much rather they use the domain settings. My 2008 DCs show domain settings. > > > I've poured over the following articles: > Best practice for DNS Settings on Windows 2000 and 2003 Domain Controllers: http://support.microsoft.com/default.aspx/kb/825036 > > > Cable guy reports how it's decided upon: http://technet.microsoft.com/en-us/library/bb878049.aspx > > > I found that NLA Service must start up automatic to get going quick enough, so that's done. I've also found that sync errors could cause an issue with the NLA. > > Last resort was to demote a DC pull it from the domain and then add it back to the domain and dcpromo it back to a DC. Just after doing that, the DC showed domain settings, but after just one restart it went back to non-domain settings. > > > Has anyone seen this before, and better yet, know something that might kick it back into gear??? > > Thanks! > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ > ~ ~ > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ > ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
