Windows NLA service on 2016/2019 DCs



  • Hi guys,

    I'm sure lots of you are pretty aware of the issue where you reboot a 2012/2016/2019 DC and the network profile gets set to private instead of domain. I've read lots of ways to combat this - delayed start of NLA service and scripts that restart the service but I wanted to see how you guys resolved this. I've tried delayed start on some DCs with mixed results. At this point I'm leaning towards a script that executes after a certain amount of time, but I wanted to see how you're solving the issue.



  • @frodooftheshire said in Windows NLA service on 2016/2019 DCs:

    Hi guys,

    I'm sure lots of you are pretty aware of the issue where you reboot a 2012/2016/2019 DC and the network profile gets set to private instead of domain. I've read lots of ways to combat this - delayed start of NLA service and scripts that restart the service but I wanted to see how you guys resolved this. I've tried delayed start on some DCs with mixed results. At this point I'm leaning towards a script that executes after a certain amount of time, but I wanted to see how you're solving the issue.

    Have not seen this on the server level without changing/adding a NIC.



  • @frodooftheshire said in Windows NLA service on 2016/2019 DCs:

    Hi guys,

    I'm sure lots of you are pretty aware of the issue where you reboot a 2012/2016/2019 DC and the network profile gets set to private instead of domain. I've read lots of ways to combat this - delayed start of NLA service and scripts that restart the service but I wanted to see how you guys resolved this. I've tried delayed start on some DCs with mixed results. At this point I'm leaning towards a script that executes after a certain amount of time, but I wanted to see how you're solving the issue.

    I've mainly had issues with the firewall when it does this. I have just mirrored the domain firewall settings to the private settings as a work around. I'd love to see a fix.



  • Interesting. I have had one 2012R2 and two 2019 DC's for a year now and have not had this issue at all. Will definitely keep an eye out for it now.

    Since others here have seen it, what immediate resolution have others used to temporarily fix it?



  • @pmoncho said in Windows NLA service on 2016/2019 DCs:

    Interesting. I have had one 2012R2 and two 2019 DC's for a year now and have not had this issue at all. Will definitely keep an eye out for it now.

    Since others here have seen it, what immediate resolution have others used to temporarily fix it?

    Restart the network location awareness service. Set firewall rules to include private for apps that need exceptions (so that if it doesn't connect to the domain profile your apps still work.)



  • @CCWTech Exactly - it's mainly about firewall rules. Like you said I guess I could go into all the firewall rules and make sure its ticked for private as well as domain. It's just annoying because this shouldn't be an issue.



  • @frodooftheshire said in Windows NLA service on 2016/2019 DCs:

    @CCWTech Exactly - it's mainly about firewall rules. Like you said I guess I could go into all the firewall rules and make sure its ticked for private as well as domain. It's just annoying because this shouldn't be an issue.

    I can see a member server getting confused if the DC isn't booted up and it boots up, but for a DC not to know it's in a domain is just a bit crazy.


Log in to reply