cancel
Showing results for 
Search instead for 
Did you mean: 
Andyl09
Level 7

Netlogon Issues HIPS 7.0.0

Hi All,

I am having an issue after installing HIPS on a laptop on my network.

After HIPS is installed I get problems with logging onto the network and applying GPO's to the laptop.

I get the following errors in Windows Event viewer each time I start up:

System Event Log

Netlogon Event 5719 error - no domain controller is available for domain "domain name" due to the following:
There are currently no logon servers available to service the logon request

W32Time Event 14 Warning - The time provider ntpclient was unable to find a domain controller to use as a time source.

W32Time Event 29 Error - The time provider ntpclient is configured to acquire time from one or more time sources. However none of the sources are currently available.

Application Event Log:

Userenv Event 1054 Error - Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted.) Group policy processing aborted.

As soon as I disable the firewall and reboot everything works OK and machine loges on with no errors and all policies and scripts etc run as normal.

Could someone please advise what I need to add into the firewall rules to stop this from happening? As far as I was aware I had aded my local LAN into trusted networks and allowed all UPD and TCP traffic from my local LAN subnet.

I am really stuck and this issue is preventing a large laptop rollout in my company.

Many Thanks

Andy
0 Kudos
9 Replies
Firewall-Joe
Level 9

RE: Netlogon Issues HIPS 7.0.0

Do you have the latest HIP 7 server? There is a new policy in there that has all the basic rules for a typical network. The policy is called typical corporate or something like that. I would start with that policy.

Joe
0 Kudos
Andyl09
Level 7

RE: Netlogon Issues HIPS 7.0.0

Hi Joe,

We use EPO do deploy the policies to the laptops. I can't see anything under "predefined policies" within firewall rules that sounds like what you described. I know it is the HIPS firewall that is affecting the machine beacuse if I turn the firewall off the errors stop and netlogon works as expected. I have added my local LAN subnets into trusted network and created a rule that allows anything UDP or TCP through from that subnet but this has made no difeerence.

Thanks

Andy
0 Kudos
Andyl09
Level 7

RE: Netlogon Issues HIPS 7.0.0

Can anyone else offer advice on these issues? This is causing major issues within the company I support.
0 Kudos
Firewall-Joe
Level 9

RE: Netlogon Issues HIPS 7.0.0

You must be using ePO 3.6.1.

This is a configuration problem. Put in an allow all rule at the top of your firewall policy.
If that resolves the issue, you'll need to create a firewall policy that doesn't block your PDC.

Joe
0 Kudos
Andyl09
Level 7

RE: Netlogon Issues HIPS 7.0.0

Hi Joe,

We have EPO 4.0.

There are several allow rules at the top of the firewall rules list allowing all UDP and TCP connections from our various LAN's

To me it looks like the machine is trying to authenticate to a DC before the HIPS serivce has started and is being blocked.

Any more advice would be greatly appreciated.
0 Kudos
Firewall-Joe
Level 9

RE: Netlogon Issues HIPS 7.0.0

I'm surprised. HIP loads quite early in the windows boot sequence and is running, usually, before anything else.

You got me.

Better call McAfee.

Joe
0 Kudos
Andyl09
Level 7

RE: Netlogon Issues HIPS 7.0.0

I have now tied this down to the Mcafee NDIS Intermidiate Filter option within the LAN connection settings. When this option is selected we get the problem. When it is de-selected everything works fine. Can anyone advise as to what this option does?
0 Kudos
SergeM
Level 9

RE: Netlogon Issues HIPS 7.0.0



Hi,

I'm having similar problems here with ePO 3.6 and HIPS 7 (Patch 4 - v:7.0.0.976). The problems didn't appear until I (recently) upgraded HIPS to P4...

I've been trying to locate this option about NDIS Intermediate Filter & LAN Connection settings but can't find it. Is it possible it's only available under ePO 4 ?

Thanks for any help.

Serge
0 Kudos
SergeM
Level 9

RE: Netlogon Issues HIPS 7.0.0

Any news on this Netlogon issue ?
We're still having problems with approx 20% of the systems where HIPS 7 P4 is installed...

Any help greatly appreciated as McAfee isn't moving really fast.

Serge
0 Kudos