NIC connectivity after being added to Network Load Balance

Hello everyone, I am hoping someone might be able to help with an odd NLB issue we seem to be experiencing on our ADFS farm setup. This environment has been setup for at least a year and this issue could have been going on for a while without being noticed. Both servers are Hyper-V guests with two network cards attached and MAC Spoofing enabled on the second NIC (Cluster Operation Mode Unicast). The issue that we are having is that we are able to add ADFS-1 to the cluster with no issues, however when we add AFDS-2 into the cluster the Network Location Awareness (NLA) changes from Domain Network to Public Network (Images below). No errors are displayed as it joins the cluster, but the NLB NIC is no longer reachable on the network.

ADFS-1
Host NIC: x.x.x.33
NLB NIC: x.x.x.151
NLB VIP: x.x.x.150

ADFS-2
Host NIC: x.x.x.10
NLB NIC: x.x.x.152 (Unreachable after Joining to cluster)
NLB VIP: x.x.x.150

Before NLB Join
After NLB Join
I have already verified the IP configurations before and after the addition to the cluster and restarted NLA, and nothing has changed. When you drop the NIC from the cluster it returns to its normal state of Domain Network. I have also deleted the cluster completely and rejoin the servers in a different order but the same server/same NIC does the exact same thing. Anybody Expert ideas on where to go next?
rutalietAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SteveCommented:
It's likely to be down to the incorrect assignment of the cluster network to public, as I'm betting that is activating and/or restricting the Windows Firewall on server 2. Check your firewall settings to confirm if it is blocking traffic when on a 'public' network.

As for why it is deemed a public network in the first place, there can be a number of reasons. may not be worth worrying about it, just amend it :-)

try this:
http://www.1337admin.org/windows-server/windows-server-2012-r2/change-network-location-using-powershell-in-windows/
rutalietAuthor Commented:
Thank you for your comment Steve! Unfortunately this does not resolve the issue at hand and I had previously attempted the same procedure. The interface is still not accepting traffic after becoming part of the NLB Cluster. The only additional thing that could be of note would be the IPv4Connectivity in the Get-NetConnectionProfile (Seen Below)

Get-NetConnectionProfile
SteveCommented:
can you send traffic out? have you checked if the firewall is on and can you turn it off to confirm if it is relevant or not?
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

rutalietAuthor Commented:
I disabled the host NIC and the windows firewall service, I am unable to send traffic in or out of the NLB NIC while it is part of the cluster. While the host NIC was disable I also pulled the routing table to see if anything seemed to be amiss as well.

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask               Gateway       Interface  Metric
0.0.0.0                                 0.0.0.0                    x.x.x.1          x.x.x.152    261
x.x.x.0                                 255.255.0.0            On-link        x.x.x.152    261
x.x.x.150                            255.255.255.255    On-link        x.x.x.152    261
x.x.x.152                            255.255.255.255    On-link        x.x.x.152    261
x.x.255.255                       255.255.255.255    On-link        x.x.x.152    261
127.0.0.0                           255.0.0.0                 On-link        127.0.0.1    306
127.0.0.1                           255.255.255.255    On-link        127.0.0.1    306
127.255.255.255              255.255.255.255    On-link        127.0.0.1    306
224.0.0.0                           240.0.0.0                 On-link         127.0.0.1    306
224.0.0.0                           240.0.0.0                 On-link         x.x.x.152    261
255.255.255.255             255.255.255.255     On-link        127.0.0.1    306
255.255.255.255             255.255.255.255     On-link        x.x.x.152    261
===========================================================================
Persistent Routes:
Network Address          Netmask  Gateway Address  Metric
0.0.0.0          0.0.0.0        x.x.x.1  Default
0.0.0.0          0.0.0.0        x.x.x.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
1    306 ::1/128                  On-link
15    261 fe80::/64                On-link
15    261 fe80::59c9:cee:5a9a:d4af/128
                                    On-link
1    306 ff00::/8                 On-link
15    261 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None


ADFS-2 is our primary ADFS server and cannot be offline for extended periods so I created a brand new VM from scratch on a completely different host with the same hardware configuration. The same issue is happening on the new VM as well.

Thank you again for taking the time!
rutalietAuthor Commented:
I think that I may have found my own solution and will followup with the results for anyone else in the future after testing.
SteveCommented:
cool. what did you find?
rutalietAuthor Commented:
Sorry for the delay on getting the information posted. The cause of the issue was the MAC spoofing not working even through it was configured in hyper-v. The resolution to the issues was remove the node from NLB and shutdown the host. Then disable the MAC Spoofing and statically set the address in Hyper-V. I then had to boot the machine (without spoofing disabled) and shut it down again so Server 2012 would get the correct MAC. Once that was done I re-enabled MAC spoofing, boot and re-add the node back into the NLB cluster and it was recognized properly to the correct network.

while I did verify the IP configuration on all adapters, I didn't even think to suspect the MAC address causing the Network Location Awareness issues.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
network load balance

From novice to tech pro — start learning today.