Network Location Awareness (NLA) issues on Windows Server 2019
Lately I have encountered an issue where NLA wrongly identifies the network location as Public instead of Domain. This triggers the Windows Firewall to use the Public profile and from here an avalanche of issues.
What I have observed was that this happened on computers with a teamed network adapter that was also used to connect to the domain network. I think that maybe because of the delay added of the initialization of the network team, the NLA fails to contact a domain controller at the service start. When this happens the network location is set to Public. Restarting the NlaSvs service restores normal operation and the network location changes to Domain.
The only fix I have found to work was this registry key posted on the internet by a MS employee:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters
Add a DWORD parameter :AlwaysExpectDomainController
Set value to:1
Note: This registry key alters the behavior when NLA retries domain detection.
It seems that this tells NLA to retry the domain controller detection. And it seems to work. The other workarounds posted on the internet like delay start of NLA service or creating service dependencies were not reliable fixes.
The strange thing is that this registry setting doesn’t appear in any of the official MS documentation.
Pingback from More about on how Network Location Awareness Works » RO Windows Administrators Weblog
Time March 20, 2022 at 8:59 pm
[…] Network Location Awareness (NLA) issues on Windows Server 2019 […]