Error message while trying to change Private network type to Domain Authenticated
When I attempt to change the "Unidentified network" from a "Private network" to a "Domain network" using the power shell command shown below (which has been run in an elevated PowerShell) I receive the error message shown below and in the second screenshot.
I receive this error message within Windows 10 which has Hyper-V installed.
What can I do to change the "Unidentified network" from a private network to a domain network?
Error message received:
PS C:\WINDOWS\system32> Get-NetConnectionProfile
Name : Unidentified network
InterfaceAlias : vEthernet (Default Switch)
InterfaceIndex : 14
NetworkCategory : Private
IPv4Connectivity : NoTraffic
IPv6Connectivity : NoTraffic
Name : domain.com
InterfaceAlias : Ethernet
InterfaceIndex : 18
NetworkCategory : DomainAuthenticated
IPv4Connectivity : Internet
IPv6Connectivity : NoTraffic
PS C:\WINDOWS\system32> Set-NetConnectionProfile -InterfaceIndex 14 -NetworkCategory DomainAuthenticated
Set-NetConnectionProfile : Unable to set NetworkCategory to 'DomainAuthenticated'. This NetworkCategory type will be
set automatically when authenticated to a domain network.
At line:1 char:1
+ Set-NetConnectionProfile -InterfaceIndex 14 -NetworkCategory DomainA ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (MSFT_NetConnect...86E0365
Set-NetConnectionProfile],
+ FullyQualifiedErrorId : MI RESULT 4,Set-NetConnectionProfile
PS C:\WINDOWS\system32>
Screenshot 1:
Screenshot 2:
I receive this error message within Windows 10 which has Hyper-V installed.
What can I do to change the "Unidentified network" from a private network to a domain network?
Set-NetConnectionProfile -InterfaceIndex 2 -NetworkCategory DomainAuthenticatedError message received:
PS C:\WINDOWS\system32> Get-NetConnectionProfile
Name : Unidentified network
InterfaceAlias : vEthernet (Default Switch)
InterfaceIndex : 14
NetworkCategory : Private
IPv4Connectivity : NoTraffic
IPv6Connectivity : NoTraffic
Name : domain.com
InterfaceAlias : Ethernet
InterfaceIndex : 18
NetworkCategory : DomainAuthenticated
IPv4Connectivity : Internet
IPv6Connectivity : NoTraffic
PS C:\WINDOWS\system32> Set-NetConnectionProfile -InterfaceIndex 14 -NetworkCategory DomainAuthenticated
Set-NetConnectionProfile : Unable to set NetworkCategory to 'DomainAuthenticated'. This NetworkCategory type will be
set automatically when authenticated to a domain network.
At line:1 char:1
+ Set-NetConnectionProfile -InterfaceIndex 14 -NetworkCategory DomainA ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (MSFT_NetConnect...86E0365
Set-NetConnectionProfile],
+ FullyQualifiedErrorId : MI RESULT 4,Set-NetConnectionProfile
PS C:\WINDOWS\system32>
Screenshot 1:
Screenshot 2:
Cliff Galiher
The error message is pretty self-explanatory. But to reiterate and/or clarify. You don't set a network connection to domain. You can choose public or private. But domain is selected by the OS when it authenticates to a domain controller. Which means it had to be domain joined, the DC has to be reachable, and the connection has to be secure. Should these fail then the connection falls back to public or private.
ASKER
OK I have network connections that identify themselves as "Public" or "Private" even when they should be "Domain Authenticated" since I am booting up the laptop from a proper Windows shutdown while they are connected to a docking station that is connected to an Ethernet cable and while these laptops are also connected to the company's Wi-Fi network.
That is why I am hoping to be able to change these network types from "Public" or "Private" to "Domain Authenticated." I also don't want to have to log out of, shutdown, or restart my laptops just so that they can re-authenticate to the domain controllers to become "Domain Authenticated."
Do you know any ways of being able to change the domain types to "Domain Authenticated" without having to log off of, restart, or shutdown Windows 10?
That is why I am hoping to be able to change these network types from "Public" or "Private" to "Domain Authenticated." I also don't want to have to log out of, shutdown, or restart my laptops just so that they can re-authenticate to the domain controllers to become "Domain Authenticated."
Do you know any ways of being able to change the domain types to "Domain Authenticated" without having to log off of, restart, or shutdown Windows 10?
In windows 10, the location is per connection. So a wired dock connection can be domain while a wifi is public, if both are being used simultaneously (not that I'd ever recommend such a configuration. Gateways and routing gets very tenuous and dual-homed machines.)
The profile is updated whenever it detects a network status change. So when you aren't docked, the wired NIC is effectively disabled. You dock...that's a network change for that hardwired NIC. The presence of a DC is checked, and if authentication to the DC is successful, that connection is put in the domain profile.
Wifi...if you connect to your phone as a hotspot, you'd be public or private. If you change (after being logged in) to a corporate WiFi network, and it can reach a DC, *that* connection will be changed to "domain."
So it is per connection and per network status change. That does not require a log off, restart, or shutdown. With caveats.
Contacting a DC does require proper DNS. Again, dual homed machines can get funky here. If you bounce from a home network on 192.168.0.0/24 and the corporate Wi-Fi is also 192.168.0.0/24, the system may not see a reason to renew a lease, and use your home DHCP settings. Which, if that happens to be ISP DNS servers and the de-facto standard of 192.168.0.1 for a default gateway...you magically still have internet access, but *don't* have the right settings to see the DC. Of course an ipconfig /release and ipconfig /renew would fix this, since the issue is just bad lease info...but it makes troubleshooting obnoxious because the problem isn't immediately apparent.
So it really boils down to Networking and TCP.IP basics. Gotta check those, and gotta make sure your domain-joined computers can actually connect to their DCs and are authenticating when you connect.
-Cliff
The profile is updated whenever it detects a network status change. So when you aren't docked, the wired NIC is effectively disabled. You dock...that's a network change for that hardwired NIC. The presence of a DC is checked, and if authentication to the DC is successful, that connection is put in the domain profile.
Wifi...if you connect to your phone as a hotspot, you'd be public or private. If you change (after being logged in) to a corporate WiFi network, and it can reach a DC, *that* connection will be changed to "domain."
So it is per connection and per network status change. That does not require a log off, restart, or shutdown. With caveats.
Contacting a DC does require proper DNS. Again, dual homed machines can get funky here. If you bounce from a home network on 192.168.0.0/24 and the corporate Wi-Fi is also 192.168.0.0/24, the system may not see a reason to renew a lease, and use your home DHCP settings. Which, if that happens to be ISP DNS servers and the de-facto standard of 192.168.0.1 for a default gateway...you magically still have internet access, but *don't* have the right settings to see the DC. Of course an ipconfig /release and ipconfig /renew would fix this, since the issue is just bad lease info...but it makes troubleshooting obnoxious because the problem isn't immediately apparent.
So it really boils down to Networking and TCP.IP basics. Gotta check those, and gotta make sure your domain-joined computers can actually connect to their DCs and are authenticating when you connect.
-Cliff
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.