A
Aamir Qureshi
I have a two node Windows 2012 R2 cluster hosting Hyper-V guests. All server assets are virtualized including DNS, AD and DHCP and running as guest VMs. AD is hosted on Windows 2012 that has been recently upgraded to Windows 2012 R2. All computers are fully patched and updated.
Its a single subnet private class C network with a dual NIC TMG host providing connectivity to internet. This TMG host is default gateway for all internal assets.
Recently (after upgrading AD host from Windows 2012 to Windows 2012/R2, but not sure if it related) servers are getting stuck on networking and network getting stuck on Identifying . . . and network access (RDP) is denied. Behavior make sense that access is denied while server is evaluating the network. What makes it frustrating it cannot identify the network and stays in "Identifying" mode. One workaround I found is to use Hyper-V console logon to the machine, disable and re-enable the NIC - and this is a manual intervention not a solution.
I tried bunch of different things but none sticking (temporarily feels like it problem is fixed but then it comes back in hours or days). I have not experience this issue on desktops connecting to the same network over wired or WiFi connection.
Things that I tried include:
This behavior is more prevalent on Windows 2012/R2 machines than on Windows 2008 hosts.
There is something obvious that I am missing or its a new feature/bug? Temporarily I changed the definition of Identifying network from "public" to "private" but that's not how I want to keep it (security!!).
Any suggestions? How do I make NIC identify the network and get out of this Identifying . . . state?
Aamir M Qureshi http://www.agileconcepts.com/blogs/aq http://www.linkedin.com/in/aamirq
Update:
I build a new clean windows 2012 R2 from RTM and applied all updates and patches. All along machine was able to see the network without any problem.
Next I domain joined the machine and boom!! it broke network to Identifying . . .
So obviously there is something on AD/GPO that is effecting the machine behavior. Not so much of a AD/GPO expert but I tried and exhausted what I can think of.
Next to eliminate further, I created a new OU, moved the machine into newly created OU and in GPO Editor Blocked Inheritance. Gave it sometime. few GPUPDATE /FORCE and reboots. Now I am getting clean network and not Identifying anymore.
I will be moving few other 2012/R2 VMs into newly created GPO-blocked OU and hoping to see the Identifying to go away for the moved machines. I will report update later in the forum.
Until then would be great if some can point me to how to fix/correct the Network Location setting in GPO.
----------------------- Oct 19, 2014 Update----------------
Having the machines out in newly created OU worked as long as GPO inheritance is blocked. This seems to be effecting Windows 2012 (R2) machines.
So the question is how to "educate" Network Location Identifying process that it is connected to right network? It gets pretty painful when a machine like DC or TMG is restarted and its waiting on Identifying requiring a manual intervention (not through RDP but using Hyper-V console to recycle the Network Adapter (disable/enable) to find itself.
This troubleshooting took away my weekend, I have a solution but solution is not making me feel good or feeling I learned something new. :-(
Continue reading...
Its a single subnet private class C network with a dual NIC TMG host providing connectivity to internet. This TMG host is default gateway for all internal assets.
Recently (after upgrading AD host from Windows 2012 to Windows 2012/R2, but not sure if it related) servers are getting stuck on networking and network getting stuck on Identifying . . . and network access (RDP) is denied. Behavior make sense that access is denied while server is evaluating the network. What makes it frustrating it cannot identify the network and stays in "Identifying" mode. One workaround I found is to use Hyper-V console logon to the machine, disable and re-enable the NIC - and this is a manual intervention not a solution.
I tried bunch of different things but none sticking (temporarily feels like it problem is fixed but then it comes back in hours or days). I have not experience this issue on desktops connecting to the same network over wired or WiFi connection.
Things that I tried include:
- Rebooting (yep!)
- Removing the vNIC and adding back in again
- disabling VMQ (Virtual Machine Queue) and twiddling NIC settings (physical network is attached to a 1 GB Dell Layer 3 Switch)
- Removing virtual switch, re-creating and attaching the NICs to new virtual switch
- Removing all VLANs - no VLANs physical or virtual
- Changing the GPO (GPO -> Windows Settings -> Security Settings -> Network List Manager Policies )
- Cleaning up (uninstalling) dead (old) NICs hidden in host device manager on VMs
- Stopping windows firewall on servers.
- Tried different suggestions that I found on internet (but they are mostly related to time prior to Windows 2012)
- Re-validated Windows 2012 R2 based cluster configuration
This behavior is more prevalent on Windows 2012/R2 machines than on Windows 2008 hosts.
There is something obvious that I am missing or its a new feature/bug? Temporarily I changed the definition of Identifying network from "public" to "private" but that's not how I want to keep it (security!!).
Any suggestions? How do I make NIC identify the network and get out of this Identifying . . . state?
Aamir M Qureshi http://www.agileconcepts.com/blogs/aq http://www.linkedin.com/in/aamirq
Update:
I build a new clean windows 2012 R2 from RTM and applied all updates and patches. All along machine was able to see the network without any problem.
Next I domain joined the machine and boom!! it broke network to Identifying . . .
So obviously there is something on AD/GPO that is effecting the machine behavior. Not so much of a AD/GPO expert but I tried and exhausted what I can think of.
Next to eliminate further, I created a new OU, moved the machine into newly created OU and in GPO Editor Blocked Inheritance. Gave it sometime. few GPUPDATE /FORCE and reboots. Now I am getting clean network and not Identifying anymore.
I will be moving few other 2012/R2 VMs into newly created GPO-blocked OU and hoping to see the Identifying to go away for the moved machines. I will report update later in the forum.
Until then would be great if some can point me to how to fix/correct the Network Location setting in GPO.
----------------------- Oct 19, 2014 Update----------------
Having the machines out in newly created OU worked as long as GPO inheritance is blocked. This seems to be effecting Windows 2012 (R2) machines.
So the question is how to "educate" Network Location Identifying process that it is connected to right network? It gets pretty painful when a machine like DC or TMG is restarted and its waiting on Identifying requiring a manual intervention (not through RDP but using Hyper-V console to recycle the Network Adapter (disable/enable) to find itself.
This troubleshooting took away my weekend, I have a solution but solution is not making me feel good or feeling I learned something new. :-(
Continue reading...