Solved

Why domain-joined server was assigned with "guest or public network" profile?

Posted on 2016-08-23
7
20 Views
Last Modified: 2016-09-13
This is a newly-setup MS Windows 2012 R2 AD Domain. There are 2 DCs, both W2K12 R2. However, found that one of the DC and few other W2K12 R2 member servers (all are VMs) was assigned with "guest or public network" profile, instead of Domain network. On the network and connection center, it was shown with "unidentified network". Even logging on with a domain user (or admin), this seems like a local user account profile. for example, a domain user account logged on affected DC was given the user path of "c:\users\administrator folder. While the correct ones should be "c:\users\administrator.TS" folder (TS is the domain name). Btw, what's went wrong? What should I do to get them back to the right track?

I heard that may have to delay-start the NLA service? is that true?

Appreciate for your help, many thanks.
EE---DC01-firewall-shows-public-netw.jpg
EE---DC01---Network.jpg
EE---set-on-DC01.txt
EE---set-on-TSserver01.txt
0
Comment
Question by:MichaelBalack
7 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 41767165
Do you have a connection specific DNS suffix assigned to the NIC? You can check this under the DNS tab for the connection (Network connections - properties of your adapter - IPV4 - advanced - dns).

If you don't have a suffix, assign one.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 41767167
What are the two servers configured with for DNS? Both should be configured to look at the DC for DNS as the primary DNS server. If they have anything else, the firewall profile would reconfigure itself as being in an unknown network (because it isn't technically on the domain).
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 41767172
Hi Joseph,

Normally, none of the dns suffix is assigned. I shall assign it when on site 2 days to go.

Thanks for the prompted suggestion.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:MichaelBalack
ID: 41767183
Hi Adam,

Now I recall that there are 2 DCs, one located at site a, and another one at site b. Both sites are connected in WAN infra. The affected DC and few servers are located at site a, while the second DC located at site b.

All these servers and DCs are located behind a "local firewall", to a pair or routers, and then a "remote firewall" to the other site. On site a, there could be few updates on the local firewall that does not allow all the servers and DC access to site b.

Let's me confirm this and get back to you in 2 days' time.

thanks,
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 41767819
You've already often some good advice but as an aside, your profile folder names are not an indication or a proble,m.

Windows will always try to create a profile folder based on the username first, even for domain accounts. So "administrator" instead of "administrator.ts" is perfectly normal and NOT an indication of a problem.

It will append a dot-domain only if another folder with the same name already exists and has a mismatched ACL and isn't in the registry.  

And if a username.domain folder already exists, it'll start appending numbers.... such as username.000 and username.001

All in the name of preventing data loss. This is normal and expecfed.
0
 
LVL 1

Accepted Solution

by:
MichaelBalack earned 0 total points
ID: 41787124
Hi all,

I found an article on how to tackling the same issue. The solution is, restart the NLA (Network Location awareness) service, and the profile changes to be domain-based. In long run, changes this service to be "Delayed start", so as it will started after all other services started upon system startup.

By changing this way, the problem resolved.
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 41795673
By restarting the nla service, problem no more
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RSOP Red "X" 7 30
ssh setup on Cisco swith 11 44
2 Gateways (bandwidth) - One domain 7 54
Passsword complexity Windows Server 2012R2 2 19
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now