Missing Network Map under Network and Sharing Center in Windows Vista or Windows Server 2008

Missing Network Map under Network and Sharing Center in Windows Vista or Windows Server 2008

  • Comments 4
  • Likes

Windows Vista and Windows Server 2008 introduced many new and exciting enhancements for improving and changing Personal and Enterprise computing. The introduction of the Network and Sharing Center, improvements in the Security Center and the Network Map of neighboring devices using Link Layer Topology Discovery are some of the highlights.

Network and Sharing Center displays all the information related to network connectivity and sharing capabilities of a Windows Vista or Windows Server 2008 machine. It also introduces a Network Map under Network and Sharing Center which determines the connectivity of the machine with the Internet.

image

The protocol involved behind creating a Network Map on Windows Vista and Windows Server 2008 is Link Layer Topology Discovery (LLTD).

Sometimes the Network Map which is present under the Network and Sharing Center of Windows Server 2008 or Windows Vista does not display the exact network topology via which the machine is connected to the Internet. In this article, we will discuss various possibilities of troubleshooting this situation.

image

image

QUESTION: How do you troubleshoot a situation where the Network and Sharing Center on Windows Vista or Windows Server 2008 shows "You are currently not connected to any networks."?

We will be taking a typical example where we are unable to view the Network Map on a Windows Server 2008 machine. In our scenario, we also take into account that the machine is joined to a domain. The issue is seen with all the domain user accounts that can logon to the machine.

Network and Sharing Center displays as "You are currently not connected to any networks" and also a Red-X appears on the Network Map. However, there are no connectivity issues on the server, neither incoming nor outgoing. The machine can traverse through all the LAN subnets and the Internet (if directly connected to it).

ANSWER:
We start the troubleshooting with the basic steps:

1) Network List Service and Network Location Awareness Service
Check for the status of these services and their dependencies; they should be started. They are required for a machine to populate the Network Map of Network and Sharing Center.

  • Network Location Awareness Service Dependencies
    http://msdn.microsoft.com/en-us/library/ms739931(VS.85).aspx
        Network Store Interface Service
            NSI proxy service
        Remote Procedure Call (RPC)
            DCOM server Process Launcher
        TCP/IP Protocol Driver
  • Network List Service Dependencies
        Network location Awareness Service
        Remote Procedure Call (RPC)
            DCOM server Process Launcher

2) Link Layer Topology Discovery Mapper I/O Driver.
This component is required for creating a full Network Map for the machine by discovering the devices connected to the network. It is not responsible for creating the Network Map under the Network and Sharing Center, but its core job is to detect the devices which are connected around your machine. Please refer to the KB article below for further explanation on Link Layer Topology Discovery Mapper I/O Driver. Please make sure that it is checked on the Network Connection under “This connection uses the following items:”

image

Link Layer Topology Discovery (LLTD) Protocol Specification
http://msdn.microsoft.com/en-us/library/cc233983(PROT.10).aspx

3) Checking permissions of the components involved with the Network List Service.

DLLs:
    - Files: netprofm.dll and netprof.dll
    - Location: %SystemRoot%\System32\

Registry:
    - Service Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netprofm

The Network List Service runs as the LocalService account. Please make sure that there are read permissions on the above locations for LocalService.

4) If the issue still persists
If you have verified that steps 1 – 3 gave a positive result for your machine and the Network Map is still not shown under Network and Sharing Center, check to see if the Network Map appears when logging onto the machine using one of the Local machine’s user accounts (non-domain account); preferably Administrator. If the map is still not seen, this means that there is a permission issue for the domain user accounts on this machine.
A workaround to test for the above symptom is adding LocalService to the Adminstrators group under the Local Users and Groups console (NOTE: This is not a recommended solution and the change must be undone after confirmation that it works.)

If the above test was successful, this proves that after providing the LocalService account elevated privileges or administrative rights, the issue disappears. So what is making the Local Service incapable of displaying the Network Map for Network and Sharing Center?
We troubleshoot this using a utility known as Process Monitor, which is available for download at: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

1.    Download the Zip file containing Process Monitor and extract ProcMon.exe from it to a location on the Windows Server 2008 machine.
2.    Since the Network List service runs under shared mode with Svchost.exe, we need to separate its shared mode for tracking the PID (Process ID) of the service in ProcMon.exe.
3.    Start a Command Prompt.
4.    Check for the svchost.exe status:
        C:\> tasklist /svc

image

5.    In the example above, the Network List Service (netprofm) is running in shared mode with EventSystem, LanmanWorkstation, Nsi etc. with a common PID of 1496.
6.    Configure the Network List Service to run in its own instance of SvcHost.exe by executing the following:
        C:\> sc config netprofm type=own
7.    Now restart the Network List service by executing the following:
        Net stop netprofm
        Net start netprofm

image

8.    Again run <tasklist /svc /fi "imagename eq svchost.exe"> to compare the results.

image

9.    Please note that in the above example, the Network List Service (netprofm) is now running in its own instance of svchost.exe with a PID of 4860 (PID’s are randomly assigned on every machine). Make a note of the PID assigned in your case for later use.

10.    Launch ProcMon.exe and then open Network and Sharing Center.

11.    Once the Network and Sharing Center window displays the incomplete Network Map, stop the ProcMon log by unchecking Capture Events (Ctrl+E) option under the File Menu of Procmon.exe.

12.    Now we need to filter this result with the PID of the Network List Service (netprofm). Press the Filter button (Ctrl+L) under Filter menu of Procmon.exe.

13.    In the Process Monitor Filter dialog as shown below, select PID – IS – 4860 (enter the PID noted down in Step 9), click ‘Add’, and then ‘OK’.

image

14.    You should see a “ACCESS DENIED” message for that PID on a registry location.

15.    If you double click on this event, you will see a result similar to the following:

Date & Time    :    28-01-09 10:32:31 PM
Event Class    :    Registry
Operation    :    RegOpenKey
Result        :    ACCESS DENIED
Path        :    HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{A82736A5-7B12-4C33-94D6-8FF78B91750A}
TID        :    3608
Duration    :    0.0000704
Desired Access:    Read/Write

Description    :    Host Process for Windows Services
Company    :    Microsoft Corporation
Name        :    svchost.exe
Version    :    6.00.6001.18000
Path        :    C:\Windows\System32\svchost.exe
Command Line:    C:\Windows\System32\svchost.exe -k LocalService
PID        :    380
Parent PID    :    564
Session ID    :    0
User        :    NT AUTHORITY\LOCAL SERVICE
Auth ID    :    00000000:000003e5
Architecture    :    64-bit
Virtualized    :    False
Integrity    :    System
Started    :    28-01-09 10:30:48 PM
Ended        :    (Running)

Interpreting the results of the ProcMon analysis

While accessing the registry location of : HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkList\Profiles\{A82736A5-7B12-4C33-94D6-8FF78B91750A}

Network List Service received an Access is Denied error message. It does not have the authority to access this location in the registry. Since the Network List service runs under the privileges of Local Service, it works when we add the Local Service account to the local BuiltIn\Administrators group of the machine.

We need to check the permissions at the following registry location: HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkList\. Administrators and Netprofm should be present there, as below:

image

If netprofm is not present under the Permissions tab, we need to add it there for making the Network Map appear under the Network and Sharing Center. However, the account we are planning to add to the registry key is a Service SID which is new security feature introduced in Windows Server 2008.

Windows Service Hardening restricts critical Windows services from performing abnormal activities in the file system, registry, network, or other areas that could be used by malware. For example, the Remote Procedure Call (RPC) service can be restricted from replacing system files or modifying the registry.

In our case, the service in question is netprofm which is the Network List Service on Windows Server 2008. The service SID for this can be checked using the below commands:

C:\> sc qsidtype netprofm

[SC] QueryServiceConfig2 SUCCESS

SERVICE_NAME: netprofm

SERVICE_SID_TYPE:  UNRESTRICTED

Checking the SID for the service is possible, using the following command:

C:\> sc showsid netprofm

NAME: netprofm

SERVICE SID: S-1-5-80-3635958274-2059881490-2225992882-984577281-633327304

To add a Service SID to a resource:

1.    Right Click over the registry location: HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkList\ and then choose Permissions...
2.    Click Add...
3.    Please choose your computer for “From this location:” instead of your Active Directory domain, by clicking on Locations...
4.    Under “Enter the object names to select” type NT SERVICE\netprofm and then click on Check Names.
5.    Press OK to confirm.

If we type only the service name of netprofm like any other Builtin Service or user account, it would not be searchable. Therefore, we have to use NT SERVICE\Netprofm to make it searchable.

Once we have netprofm in place, click on Advanced as we need to specify special permissions (as per the below figure) for netprofm.

image

After completing the registry changes, please reboot the machine for making the new changes to take effect. This time the Network Map under Network and Sharing Center should come up even with the Domain credentials.

- Manuj Bhatia

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Thanks for the informative article.  I was able to trace the problem using your steps to those registry keys under HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkList\Profiles.  However, I have two questions:

    1. Do you know why Windows seems to often install without this set up properly?

    2. Do you know how to get those registry keys to inherit permissions?  I was able to set the permissions the way you illustrated, but until I actually went and set them for each GUID key under profiles, it didn't actually take because even though I set them to inherit from the parent, they did NOT inherit.

    Cheers,

    Matt

  • I get access denied when trying step 6:

    C:\> sc config netprofm type=own

    Any suggestions?

  • Using Vista 64

    Adding LocalService to the administrators group did not clear up the issue

  • Great article. Thanks!   However, under Vista Home Premium 64 Bit, this didn't quite work. I then selected each of the {xxxx} GUID lines under "profiles" and added the same NT SERVICE\netprofm using same process of "check names" and "Advanced (clicking extra boxes)". Reboot. This worked.  Thanks to you and the other comment person that mentioned Vista 64. Apparently, V64 has one further quirk.