Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, May 2, 2014 3:16 AM
Hi,
I am using Windows Server 2012 R2. I am deploying Direct Access on it. I don't have any internal LAN and both the interface are public IP enabled. I want to change network profile to public, currently which is domain authenticated. I have tried to change it to public via power shell using this command
set-NetConnectionProfile -InterfaceAlias external -NetworkCategory Public
but no luck server is showing an error
set-NetConnectionProfile : Unable to set the NetworkCategory due to one of the following possible reasons: not running
PowerShell elevated; the NetworkCategory cannot be changed from 'DomainAuthenticated'; user initiated changes to
NetworkCategory are being prevented due to the Group Policy setting 'Network List Manager Policies'.
At line:1 char:1
+ set-NetConnectionProfile -InterfaceAlias external -NetworkCategory Public
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (MSFT_NetConnect...F150E6258CCC}"):root/StandardCi...nnectionProfile)
[Set-NetConnectionProfile], CimException
+ FullyQualifiedErrorId : MI RESULT 2,Set-NetConnectionProfile
As error showing I have also tried Network List Manager Policy from Group Policy but the problem remain same.
Can someone please help me as I am unable to deploy direct access because of this.
Thanks, Manoj
All replies (15)
Tuesday, May 6, 2014 2:26 AM ✅Answered
Hi,
Please confirm you are using the administrator right and try the following command:
PS> Set-NetConnectionProfile -InterfaceIndex InterfaceIndex number -NetworkCategory Public
More information:
Set-NetConnectionProfile
http://technet.microsoft.com/en-us/library/jj899565.aspx
The third party article:
Set Network Location to Private in Windows 8.1/Server 2012 R2
Hope this helps.
Tuesday, May 6, 2014 3:43 AM
Hi Alex,
I am running this command from Power shell (Run As Administrator). I have already checked the Microsoft Technet article but no luck. Raised a ticket in Microsoft Support. Let's see what happens?
Thanks, Manoj
Tuesday, September 2, 2014 6:41 AM | 1 vote
Hi,
excuse me to use your topic, but i have the same problem.
Did you have any progress?
I googled and read a lot of articles, unfortunately couldn't found any decision or proposal.
Thursday, October 9, 2014 10:33 PM | 10 votes
Same situation, same command, same error. I am in an elevated powershell session. I also tried with InterfaceIndex rather than alias, but the error is the same.
It's really annoying when a moderator marks their own response as the answer when it clearly isn't the answer to the problem.
The answer appears to be that this command can change the profile between public and private, but can't set it to or change it away from domain.
I fixed this by adding an outbound firewall rule blocking the 'external' interface from contact the IPs for our domain controllers.
Thursday, July 16, 2015 1:03 AM | 1 vote
Same issue, no solution, so any update would be really appreciated...
Saturday, August 15, 2015 7:42 PM | 1 vote
Having the same issue, any solution?
Thursday, January 28, 2016 12:15 PM | 1 vote
Please, check this out: http://windowsitpro.com/powershell/how-force-network-type-windows-using-powershell and then run PowerShell as "Run As Adminstartor" (even when using User Account with Administrator privileges). For me this did the trick.
Saturday, March 26, 2016 11:59 AM
Same Problem here...
Switching to Private or Public works fine - but i cant switch to DomainAuthenticated..
The Machine is domain member and i run the command as admin.
Any ideas?
Monday, October 3, 2016 12:56 AM | 1 vote
According to the Technet Article on https://technet.microsoft.com/en-us/library/jj899565.aspx
-NetworkCategory<NetworkCategory>
Specifies an array of category types of a network. You cannot set the DomainAuthenticated type by using this cmdlet. The server automatically sets the value of DomainAuthenticated when the network is authenticated to a domain controller. The acceptable values for this parameter are:
-- Public
-- Private
The parameter NetworkCategory does not accept DomainAuthenticated Value, this value is dynamically set when a interface is authenticated on a Domain Controller. If you are experiencing this to a domain controller, and want to apply firewall permissions to the interface, I suggest that you set the interface to private and update your firewall rules to also apply to Private Ports.
For God, and Country.
Wednesday, May 10, 2017 5:31 PM
how does the "autodetect" logic for set NIC to Domain Auth work? By DNS? where would I find details to this?
edit: here a good answer how Win does the NLA (network location awareness) https://serverfault.com/a/647201/153084
and here https://blogs.technet.microsoft.com/networking/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles/
Wednesday, October 4, 2017 12:25 AM | 7 votes
Restart the "Network Location Awareness" service. That switched the profile to "Domain" connected for me.
Tuesday, November 7, 2017 7:58 PM
That worked for me too - Thanks
Friday, January 26, 2018 12:12 PM
This worked also for me
Thanks
Wednesday, January 31, 2018 11:26 PM | 1 vote
"Restart the "Network Location Awareness" service. That switched the profile to "Domain" connected for me."
Incredibly useful solution I've been looking for for months to get one of my Hyper-V Hosts to switch to DomainAuthenticated (instead of public / private) - many thanks! :-)
Wednesday, August 14, 2019 5:50 PM
I have the same basic problem & have not been able to solve it on Server 2016. My client has a dual homed server and I MUST be able to separate the adapters into a Private & Public, separated configuration. Server 2016 has them grouped together a DomainAuthenticated and that does not work. I need to clamp down the public facing adapter and I cannot do that with the 2 bundled together.
If I clamp down on the actual public side, it also does the same on the private side. Do the MS engineers not understand this concept? I have read everything I can find on this board and nothing addresses the issue. The server IS running as a domain controller and no command I run will allow me to control the interfaces in a manner which I must accomplish.
The server is currently under a DOS attack and the moment I authenticate the adapter, the attack starts up again. No commands I have issued using the Set-NetConnectionProfile under powershell work. I am running PowerShell as the administrator but I always get the error that it is blocked by Group Policy.
===================================================================
Set-NetConnectionProfile : Unable to set the NetworkCategory due to one of the following possible reasons: not running
PowerShell elevated; the NetworkCategory cannot be changed from 'DomainAuthenticated'; user initiated changes to
NetworkCategory are being prevented due to the Group Policy setting 'Network List Manager Policies'.
At line:1 char:1
- Set-NetConnectionProfile -InterfaceIndex 4 -NetworkCategory Private
-
+ CategoryInfo : PermissionDenied: (MSFT_NetConnect...3F026BA0B35B}"):root/StandardCi...nnectionProfile)
[Set-NetConnectionProfile], CimException
+ FullyQualifiedErrorId : MI RESULT 2,Set-NetConnectionProfile
=====================================================================
At this point I truly think I would have been better off just putting Server 2008 R2 on this new box and be done with it. 2008 WORKS, So far 2016 does not.
Any one have anything that will work?