none
How to boot to domin network & Firewall by default everytime you boot up RRS feed

  • Question

  • Hello Everybody,

    Machine OS's: Server 2008R2 & 2012

    VMWare ESXI

    Veeam B&R

    The issue I'm facing is when I run Veeam SureBackup jobs I have VM's that will fail ping tests because they boot up to the public network thus using the public firewall and are unreachable unless you log in through the ESXI console and disable then re-enable the network adapter. After that they will pick up the domain network and firewall allowing communication.

    I would like to make these start up on the domain network & firewall automatically upon starting. Is this possible?

    I tried changing the NLA service to delayed start to see if that would solve the issue but it didn't.

    Any help will greatly appreciated

    Thanks Jeff

    Wednesday, October 9, 2019 8:50 PM

All replies

  • Hi,

    Thanks for your question.

    Please check the following thread which discussed this topic of domain and public network,

    https://social.technet.microsoft.com/Forums/en-US/1a948231-a6ef-4bd1-9676-2b565d572762/domain-network-turns-to-public?forum=win10itpronetworking

    Microsoft uses Network Location Awareness (NLA) to determine if a network connection is on a public LAN, private LAN, or domain network. Sometimes, it gets it wrong. The issue with wrong placement is that the firewall rules that get used are based on the connection’s location.

     

    There are circumstances where the location can be corrected from within the "Network and Sharing Center". Often such changes do not survive a reboot or other network changes.

     

    In order to MOVE FROM PUBLIC TO DOMAIN, we can try this method: use a change to the network connection properties to give NLA the information it needs to properly place the location.

     

    1.Go to Network Connections (from the Network and Sharing Center, click on "Change adapter settings".)

     

    2.Go to the properties for IPv4. Click the "Advanced..." button, select the DNS tab.

     

    Enter your domain name into the text box for "DNS suffix for this connection:".

     

    Disable and then enable the connection to get NLA to re-identify the location.

     

    After enabling the connection, the Status should change to the domain name and Network Category to "Domain network". Depending on your setup, it is likely that you only need to "fix" one connection to get all the related connections to see the domain.

    Hope this helps. 

    Highly appreciate your effort and time, if you have any question or concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, October 10, 2019 6:54 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

     

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, October 11, 2019 9:56 AM
  • Hi,
    Could the above reply be of help? If yes, you may mark it as answer, if not, feel free to feed back


    Best Regards,
    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, October 14, 2019 7:09 AM
  • Hi Michael,

    None of the solutions has worked for me. I have tried:

    1. Delayed start on the NLA service

    2. Hard code the DNS suffix as per above

    3. Changed the category in the reg key  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\ to 2 to use domain firewall on public profile. It worked the first time but then generates a new public profile every time it boots in Surebackup and doesn't use the previous one with the category set to 2

     I'm not sure if the only way to do this is to make the public firewall the same as the domain firewall. I'm open for any more suggestions.

    Thanks for the help!

    Jeff

    Friday, October 18, 2019 3:33 PM