NIC connectivity after being added to Network Load Balance

Hello everyone, I am hoping someone might be able to help with an odd NLB issue we seem to be experiencing on our ADFS farm setup. This environment has been setup for at least a year and this issue could have been going on for a while without being noticed. Both servers are Hyper-V guests with two network cards attached and MAC Spoofing enabled on the second NIC (Cluster Operation Mode Unicast). The issue that we are having is that we are able to add ADFS-1 to the cluster with no issues, however when we add AFDS-2 into the cluster the Network Location Awareness (NLA) changes from Domain Network to Public Network (Images below). No errors are displayed as it joins the cluster, but the NLB NIC is no longer reachable on the network.

Host NIC: x.x.x.33
NLB NIC: x.x.x.151
NLB VIP: x.x.x.150

Host NIC: x.x.x.10
NLB NIC: x.x.x.152 (Unreachable after Joining to cluster)
NLB VIP: x.x.x.150

Before NLB Join
After NLB Join
I have already verified the IP configurations before and after the addition to the cluster and restarted NLA, and nothing has changed. When you drop the NIC from the cluster it returns to its normal state of Domain Network. I have also deleted the cluster completely and rejoin the servers in a different order but the same server/same NIC does the exact same thing. Anybody Expert ideas on where to go next?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It's likely to be down to the incorrect assignment of the cluster network to public, as I'm betting that is activating and/or restricting the Windows Firewall on server 2. Check your firewall settings to confirm if it is blocking traffic when on a 'public' network.

As for why it is deemed a public network in the first place, there can be a number of reasons. may not be worth worrying about it, just amend it :-)

try this:
rutalietAuthor Commented:
Thank you for your comment Steve! Unfortunately this does not resolve the issue at hand and I had previously attempted the same procedure. The interface is still not accepting traffic after becoming part of the NLB Cluster. The only additional thing that could be of note would be the IPv4Connectivity in the Get-NetConnectionProfile (Seen Below)

can you send traffic out? have you checked if the firewall is on and can you turn it off to confirm if it is relevant or not?
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

rutalietAuthor Commented:
I disabled the host NIC and the windows firewall service, I am unable to send traffic in or out of the NLB NIC while it is part of the cluster. While the host NIC was disable I also pulled the routing table to see if anything seemed to be amiss as well.

IPv4 Route Table
Active Routes:
Network Destination        Netmask               Gateway       Interface  Metric                                           x.x.x.1          x.x.x.152    261
x.x.x.0                                   On-link        x.x.x.152    261
x.x.x.150                      On-link        x.x.x.152    261
x.x.x.152                      On-link        x.x.x.152    261
x.x.255.255                 On-link        x.x.x.152    261                                  On-link    306                     On-link    306        On-link    306                                  On-link    306                                  On-link         x.x.x.152    261        On-link    306        On-link        x.x.x.152    261
Persistent Routes:
Network Address          Netmask  Gateway Address  Metric        x.x.x.1  Default        x.x.x.1  Default

IPv6 Route Table
Active Routes:
If Metric Network Destination      Gateway
1    306 ::1/128                  On-link
15    261 fe80::/64                On-link
15    261 fe80::59c9:cee:5a9a:d4af/128
1    306 ff00::/8                 On-link
15    261 ff00::/8                 On-link
Persistent Routes:

ADFS-2 is our primary ADFS server and cannot be offline for extended periods so I created a brand new VM from scratch on a completely different host with the same hardware configuration. The same issue is happening on the new VM as well.

Thank you again for taking the time!
rutalietAuthor Commented:
I think that I may have found my own solution and will followup with the results for anyone else in the future after testing.
cool. what did you find?
rutalietAuthor Commented:
Sorry for the delay on getting the information posted. The cause of the issue was the MAC spoofing not working even through it was configured in hyper-v. The resolution to the issues was remove the node from NLB and shutdown the host. Then disable the MAC Spoofing and statically set the address in Hyper-V. I then had to boot the machine (without spoofing disabled) and shut it down again so Server 2012 would get the correct MAC. Once that was done I re-enabled MAC spoofing, boot and re-add the node back into the NLB cluster and it was recognized properly to the correct network.

while I did verify the IP configuration on all adapters, I didn't even think to suspect the MAC address causing the Network Location Awareness issues.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
network load balance

From novice to tech pro — start learning today.