Table of Contents
Network Profile is Showing as Private
The issue occurred after we started migrating our offsite workstations to Win 10. After joining computers to domain, computers show unidentified network connection instead of domain network connection. Computer is located at offsite location and was migrating to Windows 10. NLA is working normally when it was still Windows 7 workstations.
This is happened to me on all domain controllers as well.
You got this because after machine reboots, before NIC adapter initializes, NLASVC (Network Location Awareness) would attempt detection of domain. If the detection was failed, then this information will be cached and even though NIC gets initialized, the machine still applies the cached information and hence machine detects unidentified network.
When we check the network category on our domain controller servers, it shows Private instead of DomainAuthenticated.
PS C:\Users\Administrator> whoami
duybao\administrator
PS C:\Users\Administrator> hostname
DC01
PS C:\Users\Administrator> Get-NetConnectionProfile
Name : Network
InterfaceAlias : Ethernet0
InterfaceIndex : 6
NetworkCategory : Private
IPv4Connectivity : Internet
IPv6Connectivity : NoTrafficMethod 1: Add dependency service for NLA service
Please try to modify the following registry keys to see if the issue can be resolved:
The first try, you can Add the NetLogon service as a dependency service of Network Location Awareness.
sc config nlasvc depend= NSI/RpcSs/TcpIp/Dhcp/Eventlog/Dnscache/Netlogonsc config nlasvc depend= NSI/RpcSs/TcpIp/Dhcp/Eventlog/DNS/NTDSOnce done, restart your machine to verify it works.
Method 2: Using the Registry Editor
If the first method doesn’t work, you can try the second one with registry solution.
1️⃣ Open Registry Editor.
2️⃣ Navigate to the following location then create a new DWORD value.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters
Name: AlwaysExpectDomainController
Type: REG_DWORD
Value Data: 1
Note: This registry key alters the behavior when NLA retries domain detection.
3️⃣ Restart your server to check if everything working now.
Additionally, if the fist registry value doesn’t help. You can consider add two more value as follows:
Disable Domain Discovery negative cache by adding the NegativeCachePeriod registry key to following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Name: NegativeCachePeriod
Type: REG_DWORD
Value Data: 0 (default value: 45 seconds; set to 0 to disable caching)If issue doesn’t resolve, furtherly disable DNS negative cache by adding the MaxNegativeCacheTtl registry key to the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
Name: MaxNegativeCacheTtl
Type: REG_DWORD
Value Data: 0 (default value: 5 seconds; set to 0 to disable caching)When NLA starts to detect the network location, the machine will contact a domain controller via port 389. If this detection is successful, it will get the domain firewall profile (allowing for correct ports) and we cannot change the network location profile. If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public.
Not a reader? Watch this related video tutorial:
