none
Unable to change network profile from domain authenticated to public RRS feed

  • Question

  • Hi,

    I am using Windows Server 2012 R2. I am deploying Direct Access on it. I don't have any internal LAN and both the interface are public IP enabled. I want to change network profile to public, currently which is domain authenticated. I have tried to change it to public via power shell using this command

    set-NetConnectionProfile -InterfaceAlias external -NetworkCategory Public

    but no luck server is showing an error 

    set-NetConnectionProfile : Unable to set the NetworkCategory due to one of the following possible reasons: not running

    PowerShell elevated; the NetworkCategory cannot be changed from 'DomainAuthenticated'; user initiated changes to

    NetworkCategory are being prevented due to the Group Policy setting 'Network List Manager Policies'.

    At line:1 char:1

    + set-NetConnectionProfile -InterfaceAlias external -NetworkCategory Public

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : PermissionDenied: (MSFT_NetConnect...F150E6258CCC}"):root/StandardCi...nnectionProfile)

       [Set-NetConnectionProfile], CimException

        + FullyQualifiedErrorId : MI RESULT 2,Set-NetConnectionProfile



    As error showing I have also tried Network List Manager Policy from Group Policy but the problem remain same.

    Can someone please help me as I am unable to deploy direct access because of this.

     


    Thanks, Manoj

    Friday, May 2, 2014 3:16 AM

Answers

All replies

  • Hi,

    Please confirm you are using the administrator right and try the following command:

    PS> Set-NetConnectionProfile  -InterfaceIndex InterfaceIndex number  -NetworkCategory Public

    More information:

    Set-NetConnectionProfile

    http://technet.microsoft.com/en-us/library/jj899565.aspx

    The third party article:

    Set Network Location to Private in Windows 8.1/Server 2012 R2

    http://blogs.msmvps.com/russel/2013/12/29/set-network-location-to-private-in-windows-8-1server-2012-r2/

    Hope this helps.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

    Tuesday, May 6, 2014 2:26 AM
    Moderator
  • Hi Alex,

    I am running this command from Power shell (Run As Administrator). I have already checked the Microsoft Technet article but no luck. Raised a ticket in Microsoft Support. Let's see what happens?


    Thanks, Manoj

    Tuesday, May 6, 2014 3:43 AM
  • Hi,

    excuse me to use your topic, but i have the same problem.

    Did you have any progress?

    I googled and read a lot of articles, unfortunately  couldn't found  any decision or proposal. 

    Tuesday, September 2, 2014 6:41 AM
  • Same situation, same command, same error.  I am in an elevated powershell session.  I also tried with InterfaceIndex rather than alias, but the error is the same.

    It's really annoying when a moderator marks their own response as the answer when it clearly isn't the answer to the problem.

    The answer appears to be that this command can change the profile between public and private, but can't set it to or change it away from domain.

    I fixed this by adding an outbound firewall rule blocking the 'external' interface from contact the IPs for our domain controllers.

    Thursday, October 9, 2014 10:33 PM
  • Same issue, no solution, so any update would be really appreciated...

    Thursday, July 16, 2015 1:03 AM
  • Having the same issue, any solution?
    Saturday, August 15, 2015 7:42 PM
  • Please, check this out: http://windowsitpro.com/powershell/how-force-network-type-windows-using-powershell and then run PowerShell as "Run As Adminstartor" (even when using User Account with Administrator privileges). For me this did the trick.

    Thursday, January 28, 2016 12:15 PM
  • Same Problem here...

    Switching to Private or Public works fine - but i cant switch to DomainAuthenticated..

    The Machine is domain member and i run the command as admin.

    Any ideas?

    Saturday, March 26, 2016 11:59 AM
  • According to the Technet Article on https://technet.microsoft.com/en-us/library/jj899565.aspx

    -NetworkCategory<NetworkCategory>

    Specifies an array of category types of a network. You cannot set the DomainAuthenticated type by using this cmdlet. The server automatically sets the value of DomainAuthenticated when the network is authenticated to a domain controller. The acceptable values for this parameter are:

    -- Public
    -- Private

    The parameter NetworkCategory does not accept DomainAuthenticated Value, this value is dynamically set when a interface is authenticated on a Domain Controller. If you are experiencing this to a domain controller, and want to apply firewall permissions to the interface, I suggest that you set the interface to private and update your firewall rules to also apply to Private Ports.


    For God, and Country.

    Monday, October 3, 2016 12:56 AM
  • how does the "autodetect" logic for set NIC to Domain Auth work? By DNS? where would I find details to this?


    edit: here a good answer how Win does the NLA (network location awareness)  https://serverfault.com/a/647201/153084

    and here https://blogs.technet.microsoft.com/networking/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles/


    • Edited by TSO Wednesday, May 10, 2017 5:40 PM more links
    Wednesday, May 10, 2017 5:31 PM
  • Restart the "Network Location Awareness" service.  That switched the profile to "Domain" connected for me.
    • Proposed as answer by Gweeeep Wednesday, October 4, 2017 12:26 AM
    Wednesday, October 4, 2017 12:25 AM
  • That worked for me too - Thanks
    Tuesday, November 7, 2017 7:58 PM
  • This worked also for me

    Thanks

    Friday, January 26, 2018 12:12 PM
  • "Restart the "Network Location Awareness" service.  That switched the profile to "Domain" connected for me."

    Incredibly useful solution I've been looking for for months to get one of my Hyper-V Hosts to switch to DomainAuthenticated (instead of public / private) - many thanks! :-)

    • Edited by nibblesoft Wednesday, January 31, 2018 11:27 PM
    • Proposed as answer by jaywhitley93 Monday, October 15, 2018 8:44 AM
    Wednesday, January 31, 2018 11:26 PM
  • I have the same basic problem & have not been able to solve it on Server 2016.  My client has a dual homed server and I MUST be able to separate the adapters into a Private & Public, separated configuration.  Server 2016 has them grouped together a DomainAuthenticated and that does not work.  I need to clamp down the public facing adapter and I cannot do that with the 2 bundled together.

    If I clamp down on the actual public side, it also does the same on the private side.  Do the MS engineers not understand this concept?  I have read everything I can find on this board and nothing addresses the issue.  The server IS running as a domain controller and no command I run will allow me to control the interfaces in a manner which I must accomplish.

    The server is currently under a DOS attack and the moment I authenticate the adapter, the attack starts up again.  No commands I have issued using the Set-NetConnectionProfile under powershell work.  I am running PowerShell as the administrator but I always get the error that it is blocked by Group Policy.

    ===================================================================

    Set-NetConnectionProfile : Unable to set the NetworkCategory due to one of the following possible reasons: not running
    PowerShell elevated; the NetworkCategory cannot be changed from 'DomainAuthenticated'; user initiated changes to
    NetworkCategory are being prevented due to the Group Policy setting 'Network List Manager Policies'.
    At line:1 char:1
    + Set-NetConnectionProfile -InterfaceIndex 4 -NetworkCategory Private
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : PermissionDenied: (MSFT_NetConnect...3F026BA0B35B}"):root/StandardCi...nnectionProfile)
       [Set-NetConnectionProfile], CimException
        + FullyQualifiedErrorId : MI RESULT 2,Set-NetConnectionProfile

    =====================================================================

    At this point I truly think I would have been better off just putting Server 2008 R2 on this new box and be done with it.  2008 WORKS, So far 2016 does not.

    Any one have anything that will work?


    • Edited by tberwick Wednesday, August 14, 2019 5:50 PM
    Wednesday, August 14, 2019 5:50 PM