From e45f9329da18d6abfe06fb1ab00cb0321ea8b106 Mon Sep 17 00:00:00 2001 From: Damien Coles Date: Thu, 12 Feb 2026 15:54:10 -0800 Subject: [PATCH] =?UTF-8?q?remove=20ExpectedDialupDelay=20=E2=80=94=20nlte?= =?UTF-8?q?st=20force=20makes=20it=20unnecessary?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 2 +- README.md | 1 - install-nebula.ps1 | 10 ---------- 3 files changed, 1 insertion(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b53039b..8f9871c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,8 +7,8 @@ DNS persistence and domain authentication at the login screen. - `install-nebula.ps1` now requires `-DnsServer` and `-Domain` parameters - Nebula service changed from `delayed-auto` to `auto` start — NlaSvc dependency already ensures the physical network is up - Creates a `NebulaDNS` scheduled task that runs at startup to re-apply DNS on the `nebula1` adapter after Nebula recreates it, wait for the DC to become reachable, and force Netlogon DC rediscovery via `nltest` -- Sets `ExpectedDialupDelay` (60 seconds) in the Netlogon registry to give the tunnel time to establish before Netlogon gives up - Idempotency check now also verifies the scheduled task and startup script exist +- Removed `ExpectedDialupDelay` — the active `nltest /dsgetdc /force` in the scheduled task makes it unnecessary ## 1.0.0 diff --git a/README.md b/README.md index 4653a76..a06dfa0 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,6 @@ All scripts are safe to re-run: - **Nebula** provides the encrypted mesh network. It runs as a `LocalSystem` service with `auto` start, depending on `Tcpip` and `NlaSvc` (Network Location Awareness). This ensures the physical network is connected before Nebula attempts handshakes. - **DNS** is configured only on the `nebula1` adapter. Physical adapters (Wi-Fi, Ethernet) keep their DHCP-assigned DNS so they can reach the internet and Nebula lighthouses independently. - **DNS persistence** — Nebula recreates the `nebula1` TUN adapter on every start, which wipes DNS settings. A `NebulaDNS` scheduled task runs at startup to re-apply DNS on the adapter, wait for the domain controller to become reachable, then force Netlogon to rediscover the DC via `nltest`. This ensures domain authentication works at the Windows login screen before any user logs in. -- **Netlogon tuning** — `ExpectedDialupDelay` (60 seconds) is set in the registry to give Netlogon additional time to locate the DC over the Nebula tunnel, which may involve relay handshakes. - **Domain trust** flows through the Nebula tunnel. The domain controller is reachable at its Nebula IP, so machines do not need a VPN or physical proximity to the DC. ## Troubleshooting diff --git a/install-nebula.ps1 b/install-nebula.ps1 index 3973d4f..2558847 100644 --- a/install-nebula.ps1 +++ b/install-nebula.ps1 @@ -285,13 +285,3 @@ $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoi Register-ScheduledTask -TaskName "NebulaDNS" -Action $action -Trigger $trigger -Principal $principal -Settings $settings -Description "Sets DNS on the Nebula adapter and forces Netlogon DC rediscovery" | Out-Null Write-Host "NebulaDNS scheduled task registered." - -# --- Configure Netlogon to wait for slow network links --- -# -# ExpectedDialupDelay tells Netlogon to keep retrying DC discovery for the -# specified number of seconds. This covers the window between Windows boot -# and the Nebula tunnel becoming fully operational. - -$netlogonKey = "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -Set-ItemProperty -Path $netlogonKey -Name "ExpectedDialupDelay" -Value 60 -Type DWord -Write-Host "Netlogon ExpectedDialupDelay set to 60 seconds."