Good morning. I wanted to share an issue I see on a regular basis. This has to do with the NLA (Network Location Awareness) service. For those that are not aware of this service it is responsible for determining the type and safety of the network(s) the computer is connected to. There are 3 network classifications that are used.
- Public – The NLA determines the computer is directly connected to the Internet or is on an unsafe network. This is also the default profile assigned to a network adapter until one of the other profiles can be determined.
- Private – The NLA determines the computer is isolated from the Internet by a NAT (Network Address Translation) device or router.
- Domain – The NLA determines that the computer is connected to a domain. It does this by attempting to contact a domain controller. More specifically it performs a DNS (Domain Name System) query for a SRV (Service) record. It will then make a connection to the domain controller. If this is all successful, the domain profile is set.
So what is the purpose of the NLA and setting a network profile? The primary purpose is for the Windows firewall. Other applications and services can also access this data though.
Now that the NLA service is sufficiently explained, on to the common issue with it. The NLA service by default is set to Automatic for its startup type. Normally this works fine and the NLA properly detects the network. There are some situations though where the service fails to set the profile correctly on startup. I typically see this on domain controllers in a domain with just one domain controller. This means that the network stack and DNS server service have to fully initialize and start before the NLA queries the network. If they do not then the NLA is not able to contact a domain controller and assumes the computer is connected to a private or public network.
Regardless of the reason why the NLA is failing at startup the solution is fairly simple. I have seen a 100% fix rate with simply setting the service startup type to Automatic (Delayed Start). Doing this forces the NLA service to wait until all Automatic services have started, giving DNS enough time to start. I have seen this little trick work with other services when they are having trouble at startup.
I hope you found this article informative. If I missed anything or you just want to comment, please feel free to do so below.
2 thoughts on “The Network Location Awareness service”
What is the main expertise of a person of your level?
My primary expertise is in Windows SBS (Small Business Server) and Exchange. As SBS has tapered off, I have picked up other areas to keep myself busy. Two of those being RDS (Remote Desktop Services) and AD (Active Directory). I support Windows Server though, so I have to know a little bit of everything.