"private" network profile on domain controller?
We've got this freshly installed domain controller on Windows Server 2019 (a Hyper-V guest) which is behaving oddly. The network is seen as "private" rather than "domain", and the warning sign over the tray icon claims there's no internet connection. (There is!)
We've tried delaying the NLA service, but that was no cure.
Other domain members as well as the Hyper-V host (a Windows Server 2019 itself) are perfectly fine.
What can we do?
We've tried delaying the NLA service, but that was no cure.
Other domain members as well as the Hyper-V host (a Windows Server 2019 itself) are perfectly fine.
What can we do?
If you restart the NLA service does it connect correctly? We have the same issue here from time to time and we find that restarting the service fixes things, without needing to reboot the server. We did set it to delayed start as well, but it still happens from time to time. The virtual NIC comes to life too quick. We haven't found a way to prevent it and it happens to a least one server when we perform weekly reboots.
It might be worth a shot to take a look at the following registry and locate the network profile that is your domain profile. The category type will tell you whether the profile is Private, Public or Domain, and you should be able to set it from there as well if I am not mistaken.
Hope that helps.
Hope that helps.
ASKER
@Brian M
Thanks, but restarting the service won't make a difference.
I'll try different NIC drivers now ...
@Lansing Nye-Madden
"... following registry"? Did you forget to attach anything? ;-)
Your comments were all about the NLA. Does the "no internet connection" derive from NLA, or is it a different mechanism?
Thanks, but restarting the service won't make a difference.
I'll try different NIC drivers now ...
@Lansing Nye-Madden
"... following registry"? Did you forget to attach anything? ;-)
Your comments were all about the NLA. Does the "no internet connection" derive from NLA, or is it a different mechanism?
ASKER
I managed to put the server from "Private" back into "Domain" by simply running "netcfg -d" – something I *hate* to do on a domain controller.
If it weren't for the erroneous " no internet connection" (which persists), all would be fine. Do I need to worry about other parts of Windows relying on this wrong information, or is it merely a user interface thing?
If it weren't for the erroneous " no internet connection" (which persists), all would be fine. Do I need to worry about other parts of Windows relying on this wrong information, or is it merely a user interface thing?
I think it is an interface thing and it may have been a temporary thing. If the change sticks, you should be fine.
I think the parts of Windows Networking and Windows Firewall that rely on this change should be fine as well.
I think the parts of Windows Networking and Windows Firewall that rely on this change should be fine as well.
ASKER
Pants ... it fell back to "Private" again overnight. No reboot, no tampering of any sort.
So I though I'd mount the pressure by hard-wiring it using PowerShell:
Help!
So I though I'd mount the pressure by hard-wiring it using PowerShell:
PS C:\Users\Administrator> Get-NetConnectionProfile
Name : Netzwerk
InterfaceAlias : Ethernet
InterfaceIndex : 3
NetworkCategory : Private
IPv4Connectivity : LocalNetwork
IPv6Connectivity : NoTraffic
PS C:\Users\Administrator> Set-NetConnectionProfile -InterfaceIndex 3 -NetworkCategory DomainAuthenticated
Set-NetConnectionProfile : Unable to set NetworkCategory to 'DomainAuthenticated'. This NetworkCategory type will be set automatically when authenticated to a domain network.
In Zeile:1 Zeichen:1
+ Set-NetConnectionProfile -InterfaceIndex 3 -NetworkCategory DomainAut ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (MSFT_NetConnect...D8E355F9151A}"):root/StandardCi...nnectionProfile) [Set-NetConnectionProfile], CimException
+ FullyQualifiedErrorId : MI RESULT 4,Set-NetConnectionProfile
PS C:\Users\Administrator>Help!
It should not do that. Open cmd.exe with Run as Administrator and run:
1. SFC /SCANNOW and allow it to complete. Then
2. dism.exe /online /cleanup-image /restorehealth and allow this to complete.
Restart the server at a convenient moment and test.
1. SFC /SCANNOW and allow it to complete. Then
2. dism.exe /online /cleanup-image /restorehealth and allow this to complete.
Restart the server at a convenient moment and test.
ASKER
@John
Thanks for your suggestions, but I really don't think that's going to kick. The domain controller is so fresh the paint hasn't dried. What's the point checking the consistency of the image? In fact, I've seen DCs being torn to tatters by DISM.EXE before. Trying to pull this on an otherwise functional DC scares the **** out of me ...
Thanks for your suggestions, but I really don't think that's going to kick. The domain controller is so fresh the paint hasn't dried. What's the point checking the consistency of the image? In fact, I've seen DCs being torn to tatters by DISM.EXE before. Trying to pull this on an otherwise functional DC scares the **** out of me ...
Zolcer,
When I see "No Internet Connection", it usually derives from one main thing and that is the machine's ability to access the first "HOP" on the network, that is, to communicate with a router. I would check the "Default Gateway" settings, and verify using ping that your DC can contact the gateway.
Sorry, I didn't realize I forgot to attach something... I usually only do that in outlook. Here is the registry key:
Computer\HKEY_LOCAL_MACHIN
This may help you to identify the problem.
What roles and features does your domain controller serve to the network, such as DHCP, DNS, etc?
Edit:
How many domain controllers do you have, and what is the structure of the domain if you have other domains in the Global Catalog?
Can you also check the windows event logs? I believe auditing should be in place by default for when a machine fails to authenticate with the domain.
Your comments were all about the NLA. Does the "no internet connection" derive from NLA, or is it a different mechanism?
When I see "No Internet Connection", it usually derives from one main thing and that is the machine's ability to access the first "HOP" on the network, that is, to communicate with a router. I would check the "Default Gateway" settings, and verify using ping that your DC can contact the gateway.
Sorry, I didn't realize I forgot to attach something... I usually only do that in outlook. Here is the registry key:
Computer\HKEY_LOCAL_MACHIN
This may help you to identify the problem.
What roles and features does your domain controller serve to the network, such as DHCP, DNS, etc?
Edit:
How many domain controllers do you have, and what is the structure of the domain if you have other domains in the Global Catalog?
Can you also check the windows event logs? I believe auditing should be in place by default for when a machine fails to authenticate with the domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also there, you can run the network troubleshooter to see if it spots issues.