Hello, since some time now I investigate a strange thing happening on our network. Windows Firewall, which is configured from GPO is not detecting that the computer is on the domain and therefore it uses the standard profile instead of domain profile. The problem in most cases occurs on machine startup and it goes away when the computer updates the GPO policy. It is interesting that at the time the error happens, the computer recieves and uses the correct connection-specific DNS suffix, but the registry key HKLM\SOFTWARE\Microsoft\Windows\Group Policy\Current Version\History\Network Name is empty!? What expains why the WF is using the standard profile, but it does not explain what leads to this behaviour, why is this empty???? The computers are allways connected to the domain, they are never disconnected from it or used on an other domain. The userenv.log yields following error: ProcessGPOs: GetNetworkName failed with 10013. I believe this is the real problem here, this error no. 10013. But what is causing it? I have googled a LOT, but didn't find out anything useful for my situation. I have written a small script, which connects to socket on our DC and tries to send a lot of DNS requests, I have benchmarked the DC server, analysed it's performance during critical times (at computer startups and shutdowns), but I didn't find nothing useful. I have also disabled built-in windows feature: raw security (Setting HKLM\SYSTEM\CurrentControlSet\Services\Afd\Parameters\DisableRawSecurity to 1). I also could not repeat the error by myself, it just occours on some computers on the network, when they are started. I also audited the mentioned registry key (Network Name) and found out that winlogon.exe changes it on user logon, which makes perfectly sense, but does not lead to any error resolution. Please help me to resolve this ...

Interesting thing I noticed. One of the users has coLinux installed on his machine. This application creates a virtual ethernet card. And this card is having its connection-specific DNS suffix blank .... Colud this be the problem for wrong network determination and subsequently wrong profile usage? How must be 2 ethernet cards configured in XP if you want them to use in parallel for Windows Firewall to work? Or expressed differently: how does 2 in parallel working ethernet cards influence the network determination algorithm of Windows Firewall?

On further research I have found out the user with the 10013 problem used a sandbox application. When we uninstalled it, the problem went away. But unfortunately the moment of victory did not last long. For the first time since I was investigating this the problem suddenly occured on many other machines?!

I have enabled "Always wait for the Network" in GPO and the situation was fine for a week or something. During this time I did not notice any 10013 errors on client computers. But now the error suddenly appeared again. What else could cause it? Any ideas?

Hi, did you ever figure this out? I'm seeing the same problem and would love to hear what you discovered!...Thanks!

Same problem, someone find how to have the right profile ?

Facing a similar problem with custom GINA. Does any body have any inputs ?

Setting the Network Location Awareness (NLA) service to Startup Type 'Automatic' (the default is Manual) has resolved the problem

Hi All, Please try the following steps and it may help you to fix the issue. 1. Please check the NLA Service and try restarting it to see if it makes any difference ( Whenever there’s a network change (say it receives a new IP address or sees a new default gateway or gets a new interface), a service called Network Location Awareness (NLA) detects the change. It builds a network profile—which includes information about existing interfaces, whether the computer authenticated to a domain controller, the gateway’s MAC address, and so on—and assigns it a GUID. NLA then notifies the firewall and the firewall applies the corresponding policy (there’s a policy defined for each of the three profiles ) 2. Can you also check the following services and try restarting them # Link-Layer Topology Discovery Mapper I/O Driver # Link-Layer Topology Discovery Responder 3. Make sure that Server is pointing to correct DNS/DC. Try pointing this machine to some other DC and then see if it can detect the Domain Profile 4. Check the 3rd party services running on the Server ( Anti Virus ) 5. Please make sure that you don't have multiple NICs enabled at the same time ( Incase of Windows Vista and Windows Server 2008 ) 6. Make sure that we don't have NIC Teaming 7. Also, please update the NIC drivers 8. Check the Ghost Adapter entries in Device Manager and remove unnecessary GUIDs entries from TCP registry. ( must take the backup first ) # set devmgr_show_ nonpresent_devices=1 9. Check the Firewall Profile Status to find which profile is active. # netsh advp show allp state 10. On a computer that is running Windows 7 or Windows Server 2008 R2, if a domain controller is detected on any network adapter, then the Domain network location type is assigned to that network adapter. On computers that are running Windows Vista or Windows Server 2008, then the Domain network location type is applied only when a domain controller can be detected on the networks attached to every network adapter. http://technet.microsoft.com/en-us/library/cc753545(WS.10).aspx Hope this helps :-) Thanks, Rahul Regards, Rahul Saxena | Technical Lead | Microsoft Platforms Team | Microsoft Enterprise Platforms Support |