Network Location Awareness (NLA) issues on Windows Server 2019

By Andrei Ungureanu - Last updated: Wednesday, March 16, 2022 - Save & Share - One Comment

Lately I have encountered an issue where NLA wrongly identifies the network location as Public instead of Domain. This triggers the Windows Firewall to use the Public profile and from here an avalanche of issues.

What I have observed was that this happened on computers with a teamed network adapter that was also used to connect to the domain network. I think that maybe because of the delay added of the initialization of the network team, the NLA fails to contact a domain controller at the service start. When this happens the network location is set to Public. Restarting the NlaSvs service restores normal operation and the network location changes to Domain.

The only fix I have found to work was this registry key posted on the internet by a MS employee:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters

Add a DWORD parameter :AlwaysExpectDomainController

Set value to:1

Note: This registry key alters the behavior when NLA retries domain detection.

It seems that this tells NLA to retry the domain controller detection. And it seems to work. The other workarounds posted on the internet like delay start of NLA service or creating service dependencies were not reliable fixes.

The strange thing is that this registry setting doesn’t appear in any of the official MS documentation.

Posted in Uncategorized • Tags: Top Of Page

One Response to “Network Location Awareness (NLA) issues on Windows Server 2019”

Pingback from More about on how Network Location Awareness Works » RO Windows Administrators Weblog
Time March 20, 2022 at 8:59 pm

[…] Network Location Awareness (NLA) issues on Windows Server 2019 […]

Write a comment