NLA Profile + iSCSI Weirdness

Discussion in 'Windows Server, Hyper-V Virtualization' started by coolrunnings82, Oct 15, 2017.

  1. coolrunnings82

    coolrunnings82 Active Member

    Joined:
    Mar 26, 2012
    Messages:
    395
    Likes Received:
    85
    I have a hyper-v server that connects to an OmniOS SAN using MPIO. Whenever a storage network card changes configuration or is disconnected, Windows Firewall gets confused and acts like the primary network is Public instead of Domain and the machine becomes unavailable via RDP. A reboot fixes this but next time a storage connection goes down, it gets freaked and the same thing happens.

    Some notes about my configuration:

    • The hyper-v server has 4x 10G network ports from 2 separate cards.
    • 1 card has 1x port dedicated to a hyper-v switch and not shared with the host OS. The other port serves the OS and connects it to the LAN. The LAN port has a local static IP set on it.
    • The 2nd card has both ports dedicated to iSCSI. The only protocols running on the card are IPv4 and QOS. Client for MS Networks etc. are unchecked.
    • Binding order is set so all the iSCSI ports are at the bottom of the list.
    • Power management is configured to not allow the OS to turn off the NICs.
    • The domain controller is virtual and runs on this same hyper-v server.
    I've set NLA to delayed start but to no avail. I've also restarted the NLA service but this doesn't fix the problem. The only thing that resolves it is a reboot. I'm at a loss of what else to try. Ideas?
     
    #1
  2. optimans

    optimans Member

    Joined:
    Feb 20, 2015
    Messages:
    33
    Likes Received:
    27
    Are you running Hyper-V Server 2016?

    I have 2016 DC with similar problem. You might have to create a scheduled task to restart NLA running at startup with a delay of how ever many minutes it takes for the DC VM to be operational.

    Run as NT Authority\SYSTEM
    Run as hidden
    Don't select run with highest privileges
    Trigger: at startup and delay for x minutes
    Action: start a program: net stop nlasvc /y
    Action: start a program: net start nlasvc
    (Use net as the program, and the rest as the arguments)

    Just search for system user and it will automatically change it to NT Authority for you.

    Try that and see how ya go. Hopefully it helps.
     
    #2
    coolrunnings82 likes this.
  3. coolrunnings82

    coolrunnings82 Active Member

    Joined:
    Mar 26, 2012
    Messages:
    395
    Likes Received:
    85
    I'm running Server 2012 R2 with the Hyper-V role installed. I tried restarting the NLA service manually and it didn't change anything. Also the NIC used for the Hyper-V switch continues to work fine. This is when I disconnect a cable on one (either one) of the two links used for iSCSI. I can try delaying the startup per the instructions above but I'm not sure it would have much effect given that this isn't happening at startup but only when a network link gets disconnected and reconnected...
     
    #3
  4. optimans

    optimans Member

    Joined:
    Feb 20, 2015
    Messages:
    33
    Likes Received:
    27
    What models are the network cards? Wondering if it is driver related issue?

    A workaround for remote access might help for now.

    Have you set the network list manager policy to force unknown networks to private in GPO?

    Computer Configuration\Policies\Windows Settings\Security Settings\Network List Manager Policies\Unidentified Networks
    Location type: Private
    Computer Configuration\Policies\Windows Settings\Security Settings\Network List Manager Policies\Identifying Networks
    Location type: Private

    Then create firewall rules for both domain and private networks for Echo Request, Windows Remote Management, Remote Desktop, etc so that when it loses its network profile you can still get access to the server.
     
    #4
  5. coolrunnings82

    coolrunnings82 Active Member

    Joined:
    Mar 26, 2012
    Messages:
    395
    Likes Received:
    85
    Network cards are Intel X540-T2. This happens both with onboard cards or add-in cards which are also that particular model. Haven't set the GPO yet. Mostly trying to figure out why it happens.
     
    #5
  6. optimans

    optimans Member

    Joined:
    Feb 20, 2015
    Messages:
    33
    Likes Received:
    27
    How did you go setting up the GPO?

    Did have another idea; Do you have RegisterThisConnectionsAddress enabled for all interfaces?

    Powershell> Get-DnsClient
     
    #6
Similar Threads: Profile iSCSI
Forum Title Date
Windows Server, Hyper-V Virtualization Windows Server iSCSI target cyclical shutdown Apr 23, 2019
Windows Server, Hyper-V Virtualization Make Windows 10 think an iSCSI Disk is a standard hard drive Jun 18, 2018
Windows Server, Hyper-V Virtualization Server 2016 Hyper-V Host with Linux iSCSI Target Mar 22, 2018
Windows Server, Hyper-V Virtualization Urgent Windows Help Needed! iSCSI migration Apr 9, 2017
Windows Server, Hyper-V Virtualization Server 2016 vs FreeNAS ZFS for iSCSI Storage Sep 15, 2016

Share This Page