locked
Domain Network turns to Public RRS feed

  • Question

  • Hello,
    every now and then some Win10 client pc in our Active Directory organisation, which are DHCP clients, do get a Public Network profile instead of Domain Network. From that moment on they cannot do any network trafic. Usually this happens after a new IP assignment, e.g. after by some reason the NIC was disabled/enabled again. Most of the times this issue is gone after a reboot, but sometimes it happens for several days. In that case we switch from the LAN nic to Wirele, wich then eventually works.

    Any idea why this network profile assignemnt goes wrong? I could not figure out any cause, as it happens maybe once per month at one pc, one of about 100.

    kind regards,
    Dieter Tontsch
    mobileX AG
    Thursday, February 9, 2017 6:52 AM

Answers

  • Dear Dieter,

    Microsoft uses Network Location Awareness (NLA) to determine if a network connection is on a public LAN, private LAN, or domain network. Sometimes, it gets it wrong. The issue with wrong placement is that the firewall rules that get used are based on the connection’s location.

    There are circumstances where the location can be corrected from within the "Network and Sharing Center". Often such changes do not survive a reboot or other network changes.

    In order to MOVE FROM PUBLIC TO DOMAIN, we can try this method: use a change to the network connection properties to give NLA the information it needs to properly place the location.

    1.Go to Network Connections (from the Network and Sharing Center, click on "Change adapter settings".)

    2.Go to the properties for IPv4. Click the "Advanced..." button, select the DNS tab.

    Enter your domain name into the text box for "DNS suffix for this connection:".

    Disable and then enable the connection to get NLA to re-identify the location.

    After enabling the connection, the Status should change to the domain name and Network Category to "Domain network". Depending on your setup, it is likely that you only need to "fix" one connection to get all the related connections to see the domain.

    Hope my clarification is clear.

    Best regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 10, 2017 1:17 AM
  • Besides, to my knowledge, there is a registry key controls network profile, as a reference method.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\

    Open the network profile that you have to change and modify the "Category" value:

    0 = public

    1 = private

    2 = domain

    Have a try please.

    Best regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 10, 2017 1:20 AM
  • Hi, i couldn't try your suggestion since th he issue did not occur anymore since then. But I marked it as answer, in case somebody else coms accorss this in order to give it a try. Also , what I did several times wich Server OS is to change ht enetwork locatoin manually like described here: http://blogs.msmvps.com/russel/2013/12/29/set-network-location-to-private-in-windows-8-1server-2012-r2/. I think that also works with Windows 10 OS.

    Get-NetConnectionProfile

    Set-NetConnectionProfile  -InterfaceIndex xx -NetworkCategory Private

    Dieter

    Monday, February 13, 2017 6:48 AM

All replies

  • Dear Dieter,

    Microsoft uses Network Location Awareness (NLA) to determine if a network connection is on a public LAN, private LAN, or domain network. Sometimes, it gets it wrong. The issue with wrong placement is that the firewall rules that get used are based on the connection’s location.

    There are circumstances where the location can be corrected from within the "Network and Sharing Center". Often such changes do not survive a reboot or other network changes.

    In order to MOVE FROM PUBLIC TO DOMAIN, we can try this method: use a change to the network connection properties to give NLA the information it needs to properly place the location.

    1.Go to Network Connections (from the Network and Sharing Center, click on "Change adapter settings".)

    2.Go to the properties for IPv4. Click the "Advanced..." button, select the DNS tab.

    Enter your domain name into the text box for "DNS suffix for this connection:".

    Disable and then enable the connection to get NLA to re-identify the location.

    After enabling the connection, the Status should change to the domain name and Network Category to "Domain network". Depending on your setup, it is likely that you only need to "fix" one connection to get all the related connections to see the domain.

    Hope my clarification is clear.

    Best regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 10, 2017 1:17 AM
  • Besides, to my knowledge, there is a registry key controls network profile, as a reference method.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\

    Open the network profile that you have to change and modify the "Category" value:

    0 = public

    1 = private

    2 = domain

    Have a try please.

    Best regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 10, 2017 1:20 AM
  • Hi, i couldn't try your suggestion since th he issue did not occur anymore since then. But I marked it as answer, in case somebody else coms accorss this in order to give it a try. Also , what I did several times wich Server OS is to change ht enetwork locatoin manually like described here: http://blogs.msmvps.com/russel/2013/12/29/set-network-location-to-private-in-windows-8-1server-2012-r2/. I think that also works with Windows 10 OS.

    Get-NetConnectionProfile

    Set-NetConnectionProfile  -InterfaceIndex xx -NetworkCategory Private

    Dieter

    Monday, February 13, 2017 6:48 AM