Forum Discussion

ViolentCrow's avatar
ViolentCrow
Copper Contributor
Oct 08, 2023

Domain Controller showing network connection as Public

Notice for quite awhile now with the vnext server builds that when you promote it to domain controller it shows the network connections as public or private instead of DomainAuthenticated.

 

Is there a networking piece that I am missing that needs to be configured 

  • sergiuoleinic's avatar
    sergiuoleinic
    Copper Contributor
    In my virtual lab ALL joined servers have this Public/Domain back and forth.
    Quickest fix for me is to dissable and the re-enable the Network Interface Card via the Local Sever Manager > Ethernet0

    A more bizare solution is to run a powershell script in scheduler every X hours, one line:
    GET-NETADAPTER | RESTART-NETADAPTER
    • Joachim_Otahal's avatar
      Joachim_Otahal
      Iron Contributor
      Before doing that brutal Restart-NetAdapter you should check with Get-NetConnectionProfile which .NetworkCategory is active.
  • rpaz61's avatar
    rpaz61
    Copper Contributor
    This happened to a client that has two DCs. I found a solution that dates back to Nov 2014:

    1. Set the Network Location Awareness service to 'Automatic (delayed start)'.
    2. Double-check Network Location Awareness service existing dependencies by running: "sc qc nlasvc" from an elevated command prompt.
    3. Add the following dependencies to the Network Location Awareness service: DNS and NTDS. To do so from elevated command prompt:

    sc config nlasvc depend=NSI/RpcSs/TcpIp/Dhcp/Eventlog/DNS/NTDS

    4. Reboot the domain controller. Once the domain controller is up and running, verify that the Windows Firewall is connected to "Domain networks".
  • This is not new, not limited to Server vnext rather "normal" since Server 2008 (without R2 - yes vista level!).
    Three and a half solutions.
    Half: Just wait, after a few minutes it usually detects it.
    1. Quick: Restart "Network Location Awareness" aka "NlaSvc".
    2. Correct: Set fixed IPV4 config (duh!), and then Policy -> Computer Policy -> Windows Settings -> Security Settings -> Network List Manager Settings -> set how to treat unknown and "detecting" networks. Your Windows Firewall should be set up correct too of course. IPV6 is a different beast.
    3. Wrong: Disable Windows Firewall, neither GUI nor the services. Just don't. Windows often switches back to "total paranoia" mode randomly if you do that, and then you have to get to the local console.
    Better use "Correct". Since the network location awareness starts before the DC services are fully available it cannot detect on which network you are. Same happens if, for some reason, default gateways answer on second of third ping after restart (complex switch environment etc).
    I use the "Correct" method whenever possible, including networks of customers I see for the first time. Solves a lot of weirdness in many cases.
  • ViolentCrow's avatar
    ViolentCrow
    Copper Contributor
    Noticed if I disable the NIC and re-enable it the issue is resolved. But you need to do this every time the server is rebooted as when you reboot the server it will go back to public/private (unauthenticated).

Resources