question

alessandrobelli-3238 avatar image
0 Votes"
alessandrobelli-3238 asked GloriaGu-MSFT commented

unidentify network after remove smbv1 (win 8 and 7) with static ip

I remote smbv1 server from window 8 workstation (from add remove windows feature)
After reboot network is set as public network and domain in not detected.
If I set ipv4 network option to DHCP instead of static ip the domain network is regulary detected.

Of corse dns server address is right on static ip configuration
It also happen on windows 7
Any idea?

windows-8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GloriaGu-MSFT avatar image
0 Votes"
GloriaGu-MSFT answered GloriaGu-MSFT edited

@alessandrobelli-3238 Hi,

Thank you for posting in Q&A!

Firstly I would suggest you to restart Network Location Awareness services. When NLA starts to detect the network location, the machine will contact the domain controller via port 389.

57044-10.png


According to a user with the similar issue, he unchecked SMB1 / CIFS support in "Turn Windows features on or off" and lead to domain authentication problem. Dependency on SMB1 by Workstation service is what was causing the errors.

I would suggest you to try just disabling smbv1 and not actually removing the windows feature. It can be achieved by GPO or command. For more details, please refer to:
https://community.spiceworks.com/topic/1995592-disabling-smb1-stops-domain-authentication
https://docs.microsoft.com/en-us/archive/blogs/staysafe/disable-smb-v1-in-managed-environments-with-ad-group-policy



Hope you have a nice day : )
Gloria
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://docs.microsoft.com/en-us/answers/articles/67444/email-notifications.html



10.png (13.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

alessandrobelli-3238 avatar image
0 Votes"
alessandrobelli-3238 answered

My situation is a bit different.
User Logon to domain works and also the shared folder from the windows server (2012R2) are rechable so the SMB protocol seems to work.
But under network instead of the domain name i see "undetected network"
I've re-enabled smbv1 on add remove windows feature but nothign change
I've re-enabled server and client SMBv1

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto
and
SERVER SMB1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB1
REG_DWORD: 1 = Enabled
Registry entry: SMB2
REG_DWORD: 1 = Enabled


No EFFECT



I've run netsh int ip reset. the domAin network was detected but after an other reboot is stop working again
If I set IP to DHCP (instead of static ip) it work

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

alessandrobelli-3238 avatar image
0 Votes"
alessandrobelli-3238 answered

After some test I discovered that is related to switch spanning tree that introduce a lag of connectivity when pc start. It seems that the NLA service once started and not suddently detect any network it does not check anymore. If you restart the service the network is detected. Reboot the pc still not detected.
If I use the DHCP it works because ip stack will start as the pc connect to the DHCP server and this happen after the spanning tree check.

After disable spanning tree on the switch the network is detected even with static ip address.
Any idea?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GloriaGu-MSFT avatar image
0 Votes"
GloriaGu-MSFT answered

Hi,

Sorry for the late reply!

The time Spanning Tree Protocol (STP) takes to transition ports over to the Forwarding state can cause problems. PortFast is a Cisco network function which can be configured to resolve this problem. So far, I haven't found any windows solution to solve this poblem.

Please try to change the NLA startup type to Automatic (Delayed Start). This will still allow the service to run at startup but allow a little more time for the domain to authenticate before the service checks for the network location.


62372-17.png


Hope you have a nice day : )
Gloria
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://docs.microsoft.com/en-us/answers/articles/67444/email-notifications.html




17.png (18.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

alessandrobelli-3238 avatar image
0 Votes"
alessandrobelli-3238 answered GloriaGu-MSFT commented

I've already tryed but the delay introduced by spanning tree is bigger then the delay of the service start.
But I belice can be useful to try disabling the fast logon. If I am right there should be a policy introduced by windows XP that impose all services related to network to wait for the network interface to be active... I dont' rememeber with policy

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Please understand that windows XP,7,8 is out of microsoft support since 2020. So far, I haven't found any artical referring this policy.

I found a thread discussing the Spanning Tree Protocol, which said "spanning tree protocol is used to prevent loops in when you have multiple fault tolerant paths in a core-edge switch layout. You can safely turn it off if you don't provide those redudant paths."
Please refer to:
is-spanning-tree-protocol-a-problem



0 Votes 0 ·