projects/nebula-domain-join
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove ExpectedDialupDelay — nltest force makes it unnecessary

Browse Source
This commit is contained in:
Damien Coles 2026-02-12 15:54:10 -08:00
parent 57a53e1fde
commit e45f9329da
3 changed files with 1 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -7,8 +7,8 @@ DNS persistence and domain authentication at the login screen.
- `install-nebula.ps1` now requires `-DnsServer` and `-Domain` parameters
- Nebula service changed from `delayed-auto` to `auto` start — NlaSvc dependency already ensures the physical network is up
- Creates a `NebulaDNS` scheduled task that runs at startup to re-apply DNS on the `nebula1` adapter after Nebula recreates it, wait for the DC to become reachable, and force Netlogon DC rediscovery via `nltest`
- Sets `ExpectedDialupDelay` (60 seconds) in the Netlogon registry to give the tunnel time to establish before Netlogon gives up
- Idempotency check now also verifies the scheduled task and startup script exist
- Removed `ExpectedDialupDelay` — the active `nltest /dsgetdc /force` in the scheduled task makes it unnecessary
## 1.0.0

1
README.md
View File

@ -103,7 +103,6 @@ All scripts are safe to re-run:
- **Nebula** provides the encrypted mesh network. It runs as a `LocalSystem` service with `auto` start, depending on `Tcpip` and `NlaSvc` (Network Location Awareness). This ensures the physical network is connected before Nebula attempts handshakes.
- **DNS** is configured only on the `nebula1` adapter. Physical adapters (Wi-Fi, Ethernet) keep their DHCP-assigned DNS so they can reach the internet and Nebula lighthouses independently.
- **DNS persistence** — Nebula recreates the `nebula1` TUN adapter on every start, which wipes DNS settings. A `NebulaDNS` scheduled task runs at startup to re-apply DNS on the adapter, wait for the domain controller to become reachable, then force Netlogon to rediscover the DC via `nltest`. This ensures domain authentication works at the Windows login screen before any user logs in.
- **Netlogon tuning**`ExpectedDialupDelay` (60 seconds) is set in the registry to give Netlogon additional time to locate the DC over the Nebula tunnel, which may involve relay handshakes.
- **Domain trust** flows through the Nebula tunnel. The domain controller is reachable at its Nebula IP, so machines do not need a VPN or physical proximity to the DC.
## Troubleshooting

10
install-nebula.ps1
View File

@ -285,13 +285,3 @@ $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoi
Register-ScheduledTask -TaskName "NebulaDNS" -Action $action -Trigger $trigger -Principal $principal -Settings $settings -Description "Sets DNS on the Nebula adapter and forces Netlogon DC rediscovery" | Out-Null
Write-Host "NebulaDNS scheduled task registered."
# --- Configure Netlogon to wait for slow network links ---
#
# ExpectedDialupDelay tells Netlogon to keep retrying DC discovery for the
# specified number of seconds. This covers the window between Windows boot
# and the Nebula tunnel becoming fully operational.
$netlogonKey = "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters"
Set-ItemProperty -Path $netlogonKey -Name "ExpectedDialupDelay" -Value 60 -Type DWord
Write-Host "Netlogon ExpectedDialupDelay set to 60 seconds."