Network Identification on Server 2012 Standard

I have a domain network that has 3 VMs running on Hyper-V 2012. 2 Servers are 2003--one of which is a AD, DHCP, File server and the other 2003 server runs SQL. The 2012 will eventually replace the first 2003, and it too has AD, DHCP, DNS, and the admin interface for our network anti-virus. All 3 servers have been running OK without any issues for about 3 months now. This past long weekend all systems were turned off and then turned back on this morning. Now the 2012 server is having network identification issues. Initially it started up and connected itself as a PUBLIC network--that caused all kinds of problems since the windows firewall settings for public would not allow most client connections to it. So I went into gpedit on that server and changed the network ID from public to private (see attached word document). That solved some but not all of the problems since the Windows firewall still sees it as a PRIVATE network and not a DOMAIN network which still is causing issues with some programs and client connections which still are not been allowed. So how and where do I change what to get the server to see itself on domain network like it was before this weekend?
EE-Server2012-Network-ID-Issues.doc
LVL 26
Lionel MMSmall Business IT ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Muhammad MullaSystems AdministratorCommented:
Check to see that the DNS is pointing to the AD DNS server.
Lionel MMSmall Business IT ConsultantAuthor Commented:
These did not change when the 2012 server was turned off. The network settings for it has remained unchanged--it is still pointing to the original DNS, the existing 2003 server, as the primary. I even run /flushdns and /registerdns to clear out any possible confusion and that has no effect on the network ID
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
Hello lionelmm,

Please try to set the "Network Location Awareness" service startup mode to "Automatic (Delayed Start)" and reboot to see if it helps.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Lionel MMSmall Business IT ConsultantAuthor Commented:
That did it. Do you know why this happening? Is there some issue with my server that can be causing this?
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
Well I can't disclose my sources :-) But I can tell you why is this happening.
It is a common timing issue between the Network Location Service and the bringing-up of the AD Domain Services on Virtualized Domain Controllers, you will not encounter this on physical DCs.

As a best practice you should disable the time-sync integration of Virtual DCs and set your DC that holds the PDC role as an authoritative time server that syncs its time with an/some external source(s), you may follow this KB if you don't already do that:
How to configure an authoritative time server in Windows Server.

I'm glad that I helped you to resolve this issue!
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
Oh and a final advice, please try to keep your DCs as clean as possible, I mean that you should refrain from installing additional services on them, DNS and DHCP is OK but the management of your Antivirus is not a good idea.
Lionel MMSmall Business IT ConsultantAuthor Commented:
This is a small company with only 10 employees and just like them these employers these servers must preform many roles. I was hard enough getting them to agree to 2 servers; they used to have one with SQL, Exchange, and all the other roles on it but thanks for the thought
Lionel MMSmall Business IT ConsultantAuthor Commented:
Back to the issue and solution; so are you saying that 1) the problem is because of time sync integration services and 2) because it is a VM that is also a DC? If so, then why has it worked for 3 or months w/o any problems before? Something happened this weekend when we turned all the systems off for the long weekend and if possible I would like to know what caused the problem. This server has been turned on and off and rebooted numerous times over the last 3 months so something is different and I would like to know what if possible.
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
No the second recommendation from my answer (1 in your comment) regarding the time sync is a best practice and you shouldn't time sync a DC with it's Virtual Host (you will eventually end up with issues after some time).

The real problem is the timing issue of the NLA Service and the time the AD Domain Services are brought-up, the NLA starts way before the AD DS gets completely functional and doesn't realize the correct profile of the NIC.

I can't be sure what happened in-between and it started behaving like this, any updates lately?
As I said above this is something common in VM DCs....
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
Also have you checked that you have correct replication between the two DCs? Check your event log for issues and run a replication check please.
Lionel MMSmall Business IT ConsultantAuthor Commented:
I am having additional issues with this server so it looks like the domain ID problem is one of many symptoms. Trying to find out more info so I can post here or in a new question. Patience please--thanks
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
OK, but your initial issue has been already solved....
Lionel MMSmall Business IT ConsultantAuthor Commented:
Actually it is not. Even with the delayed start the last time I rebooted this server on Monday AM it mis IDed the network. So you provided a temporary workaround. I had to manually stop the Network Location Awareness and then restart it for it to properly ID itself as being on a domain network.
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
Hmm strange, usually it works OK. Have installed any patches on the VM? Maybe they will resolve your issue.
Lionel MMSmall Business IT ConsultantAuthor Commented:
Not since the last batch of Windows updates. I will tell you that I am encountering all kinds of errors trying to transfer domain roles (schema, PDC, catalog, etc.) from the 2003 server to this 2008 server. This is also a server that I could not get to join to the domain using dcpromo without first joining it to the domain as a add-on server and then adding domain roles. From the start there have been issues with it. I had several other questions on EE to help me get past that but I think all those workarounds just hide some yer un IDed underlying issue.
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
You mention 2008 Server but in the initial question you've mentioned Windows 2012 Server and a Windows 2003. Could you lay-out the situation more clearly please?
Lionel MMSmall Business IT ConsultantAuthor Commented:
my mistake -- this is a 2012 server -- all other comments are correct. My apologies
Lionel MMSmall Business IT ConsultantAuthor Commented:
I am going to close this question and start another because there are so many other things going wrong on the server that it would be better to list them all from the start rather to keep adding to this question more and more errors.
Lionel MMSmall Business IT ConsultantAuthor Commented:
The mis-identification of what network type this server finds itself on was remedied by the workaround provided by George in his comment above. However this was only a temporary solution as the next time I rebooted the Network Location Awareness Service, although set to have a delayed start, had to be manually stopped and restarted to get the server to self identify as being on a domain network. This symptom is actually an indication of other more serious issues on my server and I will try to solve those in another question here on EE. Regardless this solution/workaround did provide a solution that allowed the server to at least remain functional so thank for that.
George SimosIT Pro Consultant - IT Systems AdministratorCommented:
Ping me when you post the new question lionmm :) I get lots of mails and I wouldn't like to miss it!
Lionel MMSmall Business IT ConsultantAuthor Commented:
Proved in my last comment
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.