VMware Communities
Hemendr
Contributor
Contributor

How to switch to Domain Network after Installing Active Directory and DNS on NAT switch

Hi, I am using VMWare Workstation Pro and  I installed Active directory and DNS on Windows Server 2019 using these IPv4 configuratin in ethernet properties. I have configured my VM on NAT switch VmNet8 on 192.168.163.0 . My AD domain is "mylab.local"

IP Address = 192.168.163.3
IPv4 Subnet Mask: 255.255.255.0
IPv4 Default Gateway: 192.168.163.2
IPv4 DNS Server: 192.168.163.3

Now I cannot switch my network profile to Domain mylab.local. On Taskbar it shows my network is connected to private network and I can't see domain network. 

Reply
0 Kudos
2 Replies
Hemendr
Contributor
Contributor

Hi, Actually this issue is with Windows Servwer 2019 where Domain profile switches back to private after reboot. 

https://community.spiceworks.com/topic/2205082-new-server-2019-dc-keeps-setting-network-location-to-...

Solution :

https://learn.microsoft.com/en-us/answers/questions/400385/network-location-awareness-not-detecting-...

Only one change required 

we need add:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters

Add a DWORD parameter :AlwaysExpectDomainController

Set value to:1

Note: This registry key alters the behavior when NLA retries domain detection.

Reply
0 Kudos
rachelgomez123
Contributor
Contributor

When NLA starts to detect the network location, the machine will contact a domain controller via port 389. If this detection is successful, it will get the domain firewall profile (allowing for correct ports) and we cannot change the network location profile.
If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public.

The Network Location Awareness (NLA) service expects to be able to enumerate the domain’s forest name to choose the right network profile for the connection. The service does this by calling DsGetDcName on the forest root name and issuing an LDAP query on UDP port 389 to a root Domain Controller. The service expects to be able to connect to the PDC in the forest domain to populate the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\IntranetForests
If something hinders the DNS name resolution or the connection attempt to the DC, NLA is not able to set the appropriate network profile on the connection.

Regards,

Rachel Gomez

Reply
0 Kudos