DHCP helpers are used to allow a machine in subnet A to get a DHCP lease from a DHCP server in subnet B. Because DHCP requests are sent as a broadcast, and broadcasts aren't allowed out of their original subnet they require the DHCP helper to pass on their DHCP request to a different subnet. The reply to this broadcast comes from the DHCP server, back to the client in either one of two ways - unicast, or broadcast - which of the two is used is determined by the client in it's DHCP request.
By default Windows 7 requests the reply to be sent as a unicast response, however during startup Windows Firewall rejects unicast packets from outside it's own subnet, this results in the response being dropped. DHCP may timeout, and/or re-send the request, this time asking for a response to be sent as a broadcast packet, which will result in DHCP assignment succeeding, albeit too slowly. This can manifest itself by producing NETLOGON 5719 errors during startup in the system log and/or assorted group policy errors during startup.
Workaround
Microsoft have identified the problem, but at the time of writing no hotfix is available, nor does one appear to be included in SP1 for Windows 7. A number of workarounds have been suggested, but in testing only one works consistently. This involves telling Windows 7 to request a response from the DHCP server be sent as a broadcast
This is achieved by setting two registry entries, as follows:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUID}\DhcpConnForceBroadcastFlagShould be set to 1 (0 for unicast, 1 for broadcast).
and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUID}\DhcpConnEnableBcastFlagToggleCreate a 32bit DWORD value, and set it to 0, this prevents Windows from changing the DhcpConnForceBroadcastFlag back to 0 (the default).
Both registry values may need to be set/created for every adapter on the machine if multiple adapters are in use (wired, and wireless for example), DhcpConnForceBroadcastFlag can be set globally, however given you cannot do this for DhcpConnEnableBcastFlagToggle there is little point in doing this.
Locating the Network Adapter GUID
In the above registry entry, "{GUID}" is the "Globally Unique Identifier" for a given network interface. Each wired and wireless NIC will have one of these assigned to it, as will virtual adapters. To locate the GUID for a given adapter navigate to the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\NetworkCards\(adapter #)
The adapters are named by the Description value in the adapter # registry key.
Additional References
- MS Technet Blog on the issue
- My post in Technet Forums on the resulting Group Policy Problems.
- How to find NIC GUID
No comments:
Post a Comment