Richard Black

Why the network map sometimes looks wrong

There are a number of reasons why the network map might not quite look the way you expect.

  • The gateway is in the wrong place: The user interface people thought that for non technical users it was always best to show the internet gateway at the top right next to the user's computer, irrespective of where it really is in the network. That is their expert decision, but it would not have been my choice.
  • Simplest observationally equivalent: The map has some fundamental limitations in which it shows you the simplest observationally equivalent network to your network and not what your true network looks like. As one example, if you have a spur of network equipment which goes nowhere, then it will not appear on the map. Perhaps the other example you are likely to see is that if you have an Ethernet switch which is behaving as a very expensive piece of wire (it has exactly two connections with no computers attached, and each of the two connections connects only to another Ethernet switch) then it will dissapear from the network. There are several more obscure other cases.
  • The map shows extra devices: This tends to happen if you think you've got an Wireless Access Point, but the map shows a switch too: many Access Points have built-in switches which show up as extra devices on the map.
  • Bugs: Sadly there are a few known bugs in the Vista mapper algorithm which will hopefully get fixed in a service pack or the next release of Windows.
  • Incompletness in the algorithm: The Vista mapper doesnt deal with all known network equipment; there are a few cases we dont cover including Wireless half-bridges, HomePlug, mixtures of real and virtual computers, span-monitoring ports, and so on.

Enabling LLTD in a Domain, through the user interface

If you have Windows Vista you might like to know how to enable the Network Map on your machine. Due to the "off by default" philosophy of the Secure Windows Initiative you'll find that the Network Map is disabled by default on your machine when you are on a domain joined network. This is easy to control using a policy setting as follows.

First, open gpedit.msc from the start menu (this will prompt for elevation). Then open up Computer Configuration, then Administrative Templates, then Network, then Link-Layer Topology Discovery. It will look like this image:

Group Policy Object Editor

For the two settings on the right; for each right click and select the properties. You can then ensure that it is enabled and configure the options to Allow operation while in domain, (if you wish, on public networks) and ensure it is not disabled on private networks. See these images below. (Note that the text on the "Explain" tab is known to be incorrect but the options are self-explanatory.)

LLTDIO Properties RSPNDR Properties

Enabling LLTD in a Domain, by using the registry

If you want to automate the UI sequence found above then note that the controlling registry keys can be found in HKLM\Software\Policies\Microsoft\Windows\LLTD\ and should all be a DWORD with a value of 1 or 0 as below. If missing they all default to 0 except EnableLLTDio and EnableRspndr which default to 1.

  • AllowLLTDioOnDomain
  • AllowLLTDioOnPublicNet
  • ProhibitLLTDioOnPrivateNet
  • EnableLLTDio
  • AllowRspndrOnDomain
  • AllowRspndrOnPublicNet
  • ProhibitRspndrOnPrivateNet
  • EnableRspndr

Forcing LLTD policy setting changes to be noticed

These settings are supposed to change the behaviour immediately; but somtimes it seems that that it takes a while to notice. If you want to force this you can open an elevated cmd prompt and execute the following.

  • sc stop lltdsvc
  • sc stop lltdio
  • sc stop rspndr
  • sc start rspndr
  • sc start lltdio
  • sc start lltdsvc

Getting the LLTD responder for Windows XP

The responder which allows Windows XP computers to appear in the Vista Network Map is now finished and is available as KB article 922120 here. Note that for Windows XP there is no control user interface and the registry settings must be used as described above.

There is currently no official Topology Responder for Windows Server 2003. Microsoft internal users are suggested to use the original prototype responder if required.

Uninstalling a prototype responder

If you have an early Microsoft Research version of the LLTD responder installed on Windows XP then we now recommend that you uninstall it and replace it with the supported product responder. To uninstall first open a cmd window and execute the following:

  • sc stop topslave

Then open "Add or Remove Programs" and find the indicated Windows Driver Package and click "Remove". If it suggests to reboot your machine then decline; a reboot is unnecessary. Finally install the product responder as described above.

Add/Remove Programs



Richard Black, 11th December 2006, written for Windows Vista RTM. This page is not official policy of Microsoft Corporation and has no warrenties, express or implied.