Good afternoon. I wanted to revisit the NLA (Network Location Awareness) service as I have seen several instances of the service not working as expected on a domain controller. I have another article that goes into NLA. It can be found here.
After a reboot of the server, the network profile shows the server is connected to a private network. This should not be the case on a domain controller. The most common cause for this is DNS not having the AD zones loaded before NLA queries for the SRV records. This usually occurs in a single domain controller environment. If NLA cannot query the SRV records it then assumes the server is in a private network. NLA is supposed to retry at a regular interval, but that appears to be broken on some servers.
The fix is quite simple
- Launch the registry editor
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters
- Add a DWORD value and name it AlwaysExpectDomainController
- Set the value to 1
- Reboot the server
The server should now go to domain profile in less than a minute after logon.
This fix was originally found in a forum post. It can be read in its entirety here.
Glennopedia 