Table of Contents
Network Location Awareness not Detecting Domain Network
The issue occurred after we started migrating our offsite workstations to Win 10. After joining computers to domain, computers show unidentified network connection instead of domain network connection. Computer is located at offsite location and was migrating to Windows 10. NLA is working normally when it was still Windows 7 workstations.
This is happened to me on all domain controllers as well.
You got this because after machine reboots, before NIC adapter initializes, NLASVC (Network Location Awareness) would attempt detection of domain. If the detection was failed, then this information will be cached and even though NIC gets initialized, the machine still applies the cached information and hence machine detects unidentified network.
When we check the network category on our domain controller servers, it shows Private instead of DomainAuthenticated.
PS C:\Users\Administrator> whoami duybao\administrator PS C:\Users\Administrator> hostname DC01 PS C:\Users\Administrator> Get-NetConnectionProfile Name : Network InterfaceAlias : Ethernet0 InterfaceIndex : 6 NetworkCategory : Private IPv4Connectivity : Internet IPv6Connectivity : NoTraffic
Method 1: Add dependency service for NLA service
Please try to modify the following registry keys to see if the issue can be resolved:
The first try, you can Add the NetLogon service as a dependency service of Network Location Awareness.
sc config nlasvc depend= NSI/RpcSs/TcpIp/Dhcp/Eventlog/Dnscache/Netlogon
sc config nlasvc depend= NSI/RpcSs/TcpIp/Dhcp/Eventlog/DNS/NTDS
Once done, restart your machine to verify it works.
Method 2: Using the Registry Editor
If the first method doesn’t work, you can try the second one with registry solution.
1️⃣ Open Registry Editor.
2️⃣ Navigate to the following location then create a new DWORD value.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters Name: AlwaysExpectDomainController Type: REG_DWORD Value Data: 1 Note: This registry key alters the behavior when NLA retries domain detection.
3️⃣ Restart your server to check if everything working now.
Additionally, if the fist registry value doesn’t help. You can consider add two more value as follows:
Disable Domain Discovery negative cache by adding the NegativeCachePeriod registry key to following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters Name: NegativeCachePeriod Type: REG_DWORD Value Data: 0 (default value: 45 seconds; set to 0 to disable caching)
If issue doesn’t resolve, furtherly disable DNS negative cache by adding the MaxNegativeCacheTtl registry key to the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters Name: MaxNegativeCacheTtl Type: REG_DWORD Value Data: 0 (default value: 5 seconds; set to 0 to disable caching)
When NLA starts to detect the network location, the machine will contact a domain controller via port 389. If this detection is successful, it will get the domain firewall profile (allowing for correct ports) and we cannot change the network location profile. If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public.