Public interface issues.

Alexandru L 21 Reputation points
2020-08-24T11:01:00.25+00:00

Hello,

On one server I have 2 different network interfaces, one is using the Public profile with a public IP and the other one is using the Domain profile with a private IP.

When I was using Windows Server 2012 R2, just adding a firewall rule to drop outbound connections from the public IP to the Domain Controllers was enough to make sure that the public interface remained with the Public profile even after reboots.

In Windows Server 2019 this no longer works, in the sense that after a reboot, both interfaces use the Domain profile and I have to bounce the public interface in order for it to use the Public profile.

I have a few possible workarounds like:

  1. Setting Network Location Awareness to Automatic (Delayed Start). This seems to have an effect on some Domain Controllers that improperly set the network interface to Public instead of Domain.
  2. Bouncing the network interface with a startup script.

Is there any reliable way to make sure that the Public interface remains public?

Thank you!

Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
657 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sunny Qi 10,896 Reputation points Microsoft Vendor
    2020-08-25T04:37:35.133+00:00

    Hi,

    Thanks for posting in Q&A platform.

    Regarding of your issue keep Public interface remain public after rebooting, please refer to the following method.

    Based on my knowladge, there is a registry key controls network profile:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

    Expand Profiles and you can change and modify the "Category" value of corresponded NIC:

    0 = public

    1 = private

    2 = domain

    Details steps:

    1. Click Start and insert regedit.exe, then right-click and Run as administrator
    2. Navigate to the following location:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
      20018-image-1.jpg
    3. Expand the Profiles key and navigate through each GUID key below that, noticing the corresponding ProfileName on the right:
      20020-image-2.jpg
    4. When you find the ProfileName of the network you want to change to Public, double-click on the Category DWORD on the right-hand side:
      20092-image-3.jpg
    5. Change the ‘Value data’ to 0 (Public)
    6. Close the Registry Editor
    7. Reboot

    Hope my answer will help you!

    ---Please Accept as answer if the reply is helpful---

    Best Regards,
    Sunny

    0 comments
  2. Alexandru L 21 Reputation points
    2020-08-25T07:09:18.167+00:00

    Hello,

    Thank you for your reply but I tried that the first time, it only works if the other connection is Private, if it's Domain, it just sets both interfaces to Domain.

    Also for the Public connection, my registry entry is the same as in your screenshots Category and CategoryType are both set to 0x0.

    The thing is that Network Location Awareness tries to contact any DC through the specified DNS and any network interface that can see the DC will switch to Domain regardless of their setting.

  3. Alexandru L 21 Reputation points
    2020-08-30T10:26:27.157+00:00

    The solution was to set Network Location Awareness service to Automatic (Delayed Start). After the reboot all interfaces had the correct Network Profile.