One of the wondrous features of Windows from Vista onwards is Network Location Awareness (NLA). It means that, while the whole family can view your photo collection at home, when you pick up your laptop and wander out for coffee everyone else in Starbucks can't see the holiday pictures of you in embarrassing shorts. Or read the rather sad list of unadventurous things you planned to do before you were thirty (and didn't).
The idea is simple enough. NLA automatically adjusts the behavior of potentially risky settings and options based on the type of network to which the computer is attached. Typically this means turning on network discovery and file and printer sharing for home or private networks, turning them off for public networks, and doing something in between for domain-joined computers. It works by examining a range of settings for each network interface and making a decision on what type of network it actually is connected to. All very clever.
In Vista, you can usually change the setting yourself by clicking the Customize link in the Network and Sharing Center page. However, in domain-joined Windows Server 2008 R2 machines there is no Customize link, as I discovered last week. I'd just finished installing the latest round of updates and everything seemed to be running fine until I noticed that the icon in the taskbar was showing connection to "an unidentified Public network". With a nice picture of a park bench just in case I didn't grasp what "Public" means.
Note to the Microsoft Server team: how about including a tree in the picture so it's more obvious that the computer is now outside? You never know what some people might consider as appropriate lounge furniture.
Yet everything else seemed to be OK. So I did what all amateur administrators do: wandered off to TechNet and asked the question; only to find that lots of people seem to be confounded by the wrong type of network setting in Windows 7 and Windows Server 2008. There's loads of stuff about editing Registry settings and things, but I decided I'd just start out by disabling and re-enabling the network connection. Obviously it would sort itself out automatically. It did - the icon changed to the Domain setting with a pretty picture of an office building and correctly identified the name of the domain network.
What I wasn't prepared for was the welter of Event Log errors. All of a sudden the machine (a domain controller) couldn't find any other machines, couldn't apply group policy updates, couldn't access Active Directory, and couldn't find any DNS servers (even though I have three). After perusing a few more articles, I checked the interface settings (they were all correct) and then restarted the DNS service. And was rewarded with a dozen new DNS errors saying that the interfaces are unavailable.
Now, every five minutes, Group Policy dumps another error in the Event Log. So I open a command window and run gpupdate. It reports success, and confirms it with Event Log messages, but still Group Policy errors appear every five minutes. Together with one saying a certificate cannot be renewed and several saying that DNS can't find its own domain. It's after midnight and I feel like I've been hit by a train. And, of course, I can't just switch NLA back to Public mode again...
So I run netdiag and it reports no errors. Neither does dcdiag. And using the Active Directory console to force replication seems to work fine. Even ntdsutil can't find anything wrong with the roles or topology. So, in the end, I cave in and reboot the machine. Yep, it just came back up without reporting any errors. And it's still running clean and properly (with the correct NLA type) the next day. Why didn't I just do that first...? And how come something as simple as changing the NLA type can have such a stupendous effect on the system?
Perhaps instead of "Keep Calm and Carry On" it should be "Keep Calm and Reboot". Maybe I can have T-shirts made. Though I did like the sign in a tiny teashop in Whitby we called in at during a recent trip to the seaside: "Keep Calm and Eat Cake"...