Windows Server 2012 R2 and Windows Server 2016 have a strange bug (or feature?) which identifies a network as “Public network” or “Private network” when it should be identified as a “Domain network”. In my case I had a server with a team of NICs for Management on a Corporate Network and another set of NICs on a private iSCSI network. After a reboot, the Network Location Awareness service would identify the network as Private causing policies to begin blocking services such as Remote Desktop. I found all sorts of potential solutions from delaying the start up of the NLA service, adding a Default Gateway to the iSCSI adapters, and editing Group Policy. The solution for me was editing the NetworkName and PolicyOverdue registry values under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History.
As indicated, there are a few different solutions to this problem and honestly, I’m not really sure which is the “correct” method. Feel free to comment below with additional information. Thanks!
Delaying the Startup of the Network Location Awareness service
This option didn’t work for me but many users suggest it resolves the issue. I believe in this case they may have configured a Default Gateway on all network interfaces. Simply change the Network Location Awareness service Startup type from Automatic to Automatic (Delayed Start). Reboot the machine to test.
Change the Network Location of an adapter using PowerShell
This method forces a network to identify as “Domain network”.
- Launch PowerShell as Administrator.
- Type the following command to list the Network Connection Profile and note the InterfaceIndex number.
- Run the following command replacing ? with the InterfaceIndex number to force the network to identify as “Domain network”.
Set-NetConnectionProfile -InterfaceIndex ? -NetworkCategory Domain
- Run the following command again to verify the change has been made.
Modify the NetworkName and PolicyOverdue settings in the Registry
This method appears to add a piece of missing information to the Registry. In my case the NetworkName value was empty. I set the NetworkName to the domain name, changed PolicyOverdue to 1, and then restarted the NLA service.
- Launch regedit.exe.
- Browse to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History.
- Set NetworkName REG_SZ to your domain name.
- Set PolicyOverdue REG_DWORD to “1”.
- Restart the Network Location Awareness service.