locked
NLA doesn't recognize domain on my local interface RRS feed

  • Question

  • HI all,

    I have DC1 ( holds fsmo role ) and DC2. ( 2008 r2)  - win 2003 functional level

    If I shutdown DC1, then restart DC2, then local area connection of DC2 goes to unidentified network.

    I added the domain name to "DNS suffix for this connection" in the local area connection. After disable/enable the local area connection, it recognized the domain. After reboot of DC2, again same issue and can't get it back to the domain.

    Is it expected behavior ? Or how to change NLA behavior ?

    thanks

    Tuesday, January 6, 2015 2:33 PM

All replies

  • I tried to disable NLA service, but it restarts still automatically because of dependencies with other services.

    I set local security policy / network list managemer policies / unidentified network properties / location type to private, but it is in public network after restart.

    Tuesday, January 6, 2015 3:37 PM
  • Hi,

    According to your description, my understanding is that DC2 displays unidentified network after rebooting when DC1 is shutdown.

    Network Location Awareness service chooses network profile for the connection according to the domain’s forest name. Calls DsGetDcName on the forest root name and issues an LDAP query on UDP port 389 to a root Domain Controller.

    If the connection should be identified as a Domain network and is not, then the likely causes are failure to contact DNS servers on that interface. Make sure that these resources are available. Set primary DNS in the domain as the preferred DNS server, and other usable DNS server as alternate DNS server in TCP/IP properties.
     
    And if something hinders the DNS name resolution or the connection attempt to the DC, NLA is not able to set the appropriate network profile on the connection. Disable third party firewall or protect software temporarily.

    here are related information, and just for your reference.
    Why is my network detected as “unknown” by Windows Vista or Windows Server 2008:
    http://blogs.technet.com/b/networking/archive/2009/02/20/why-is-my-network-detected-as-unknown-by-windows-vista-or-windows-server-2008.aspx
    Network Location Awareness:
    http://technet.microsoft.com/en-us/library/cc753545(v=WS.10).aspx

    Best Regards,
    Eve Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, January 7, 2015 6:12 AM
  • Thank you Eve,

     

    I will rephrase the question,

     

    So basically when my DC2 is restarted without my DC1 ( holds the fsmo roles ), then DC2 has no services available anymore.

     

    • AD domain service ( naming information cannot be located because: the specified domain either does not exist or could not be contacted )
    •  DNS ( the server DC2 could not be contacted.  The error was: the server is unavailable. )
    • DFS not available

     

    - network is in unidentified network & Public network. ( but firewall allows AD, DNS, DFS )

     

    => is that expected behavior when an additional DC doesn’t find the DC that holds fsmo roles ? Or should I still have my services including dns available ?

     

     

    "Network Location Awareness service chooses network profile for the connection according to the domain’s forest name. Calls DsGetDcName on the forest root name and issues an LDAP query on UDP port 389 to a root Domain Controller."

     

    What do you call a root domain controller ? Is it a DC that holds fmso roles ?

    so NLA is just a side effect that my services are not available.

     

    Is the only way to resolve this is to seize all roles on the DC2 ?


    Tuesday, January 27, 2015 11:45 AM
  • is it possible to move this thread to Windows Server Directory Services  ?
    Tuesday, January 27, 2015 11:48 AM