Network Location Awareness disconnecting Wi-Fi when VPN connected

Hi All,
We have VPN software which creates a virtual NIC. When it connects using the Wi-Fi bearer interface we often see that the Wi-Fi connection drops after exactly 60 seconds from the VPN establishing an IP address. We only get this problem when the VPN is used
on Windows 8. Windows 7 never has this issue. We have looked at NCSI, allowing packets through the Wi-Fi interface, and network profiles nut no success.
We found that when the "Network Location Awareness" service is disabled (which also stops the dependent services Network List, HomeGroup and Network Connected Devices Auto-Setup) then the Wi-Fi connection is reliable. This leads us to think that
NLA takes control of the Wireless interface to drop the connection. We cannot find any information on NLA changes in Windows 8, as we don't get the issue on Windows 7.
Any insight appreciated.
Alan

Hi,
Have you tried to establish a VPN connection with windows integrated VPN client? If it works, it means that the software VPN client affects the WIFI connection.
If it still doesn’t work, you may check this,
Try to connect to other Aps.
Install latest WIFI NIC driver.
It could be the security software issue. Try clean boot for a test.
Besides, is there any error or warning related to WIFI or VPN in the event viewer? It is helpful for further troubleshooting.
Hope this helps.
Steven Lee
TechNet Community Support

Similar Messages

  • Windows could not start the Network Location Awareness service on Local computer

    i have a dell inspiron 1501 laptop running windows vista home premium media center edition. i have recently been getting an error when trying to view networked computer saying  "connection status: unknown" and "the dependency service or group failed to start". i started by disabling and re-enabling the driver and that did not help. i then brought up the services.msc thing and started looking at the networking services. i noticed that the Network Location Awareness service was not started so i tried to start it. i got a popup message saying "Windows could not start the Netwrok Location Awareness service on Local Computer. Error 0xc000096: 0xc0000096".
    i also get an error popup when i try to start the Network List service saying "Windows could not start the Network List Service service on Local Computer. Error 1068: The dependency service or group failed to start".
    what might i have done to make this happen and what can i do to try to fix it?
    haus

    Hi,
    Thank you for the post.
    I fully understand the inconvenience the issue has been caused and the current situation can be frustrating. Please try the following steps for troubleshooting.
    1.    Please start the computer in Safe Mode with Network and check the result. If the issue disappears, please perform a clean boot.
    For the detailed steps, please refer to the step 1 and 2 in the KB article 936214 (http://support.microsoft.com/kb/936214).
    2.    If the issue persists, please check the system file by using the command SFC /scannow.
    For more information, please refer to the KB article 929833 (http://support.microsoft.com/kb/929833).
    If the above suggestions do not resolve the issue that service fails to start up, please understand that debug and dump analysis may be required for further troubleshooting. Also, in most cases, it is necessary to check the source codes. However, debugging is out of our forum’s support boundary. A support call to our product service team is needed for the debugging service. In this case, I’d like to suggest contacting Microsoft Customer Support Service (CSS) for assistance so that this issue can be resolved efficiently.
    To obtain the phone numbers for specific technology request, please check the website listed below:
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
    Thank you for your understanding.
    Sincerely,
    Joson Zhou
    Microsoft Online Community Support

  • Network location awareness + Registry permissions..

    Hello
    I am currently in the pilot phase of a Windows 8.1 deployment for a mid size client
    We have come across a strange issue. We have been using SCCM 2012 R2 for the deployment - a fairly vanilla deployment. Randomly, a PC will deploy and function correctly, with IE working and networks connecting as you would expect. However, when you open
    Network and Sharing Center, windows says "You are not connected to any networks"
    This prevents also Outlook 2013 from starting up and finding the users mailbox.
    A fix has been found to this:
    Edit the permissions on this registry key and all sub-keys:
    - HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Network List 
    to allow NetworkService and LocalSystem full access, and restarting the Network Location Awareness service.
    This fix can be scripted and implemented during the OSD Task Sequence.
    Why is this issue happening across the same PC hardware, networks, build process etc etc. Is this a bug with Windows 8.1? 
    I'd certainly like an explanation here.
    Cheers
    Adrian.

    Hi Adrian,
    For the issue, I think the issue is related to your image.
    As you know, the system can change the access permission for Network List.
    But I cannot understand why it occurred randomly.
    I suggest you use a new image to narrow down the issue.
    Regards,
    Kelvin hsu
    TechNet Community Support

  • Network location awareness

    I'm currently using Anyconnect 3.0.  I noticed that the network location awareness only works some of the time in finding our domain.  Does anyone know of any tweaks or settings that could make this more reliable?  We get folks that can connect to the ASA with valid IP but the network connection within Windows 7 says Unidentified network or Unauthenticated network.
    Thanks in advance.                  

    Hi dom8925,
    Are you using 2008R2 or Win7, there have a similar known issue on that platform:
    The network location profile changes from "Domain" to "Public" in Windows 7 or in Windows Server 2008 R2
    http://support.microsoft.com/kb/2524478
    I’m glad to be of help to you!
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Network location awareness stopped abruptly

    i have a server 2008 host running in a 2008 DC environment. All working fine for over a year into production.
    One day the NLA service just went down, and server stopped servicing clients.
    I managed to start it back by 
    Run the commands 
    net localgroup administrators localservice /add
    net localgroup administrators networkservice /add
    But I would like to know why the service went down just like that. No
    changes to the system permission wise, was made. Or am i missing something here?
    I can see just this event in log "The Network Location Awareness service terminated with service-specific error %%-1073741288.
    Thanks

    Hi,
    Please provide full context of this event. These information is valuable for troubleshooting.
    Thank you.

  • Windows 7 hangs on bootup - Culprit appears to be Network Location Awareness

    We just finished our deployment of Windows 7 a few weeks ago. Everything ran great for a while. This week an issue started popping
    up. Random computers will hang on "Please Wait" during bootup. We can leave them for days and they will stay there. If we disable the Network Location Awareness service, they bootup just fine. Then we re-enable it and everything runs smooth (most
    of the time). A couple of machines experience the issue again on their next reboot. Other machines have had the issue once and then seemed fine after. All machines are the same Dell models (7010) and were imaged with the same image. So far, the only solution
    I've found online is to disable that service and then re-enable it. That works as a band-aid, but does anybody have a permanent solution for this?
    Dave

    Hi,
    We can install windows performance toolkit and then capture a boot trace to look at what happens during boot process:
    http://blogs.technet.com/b/mniehaus/archive/2012/09/13/using-the-windows-performance-toolkit.aspx
    On the other hand, disable the following policy to check if it makes any difference:
    Computer Configuration\Administrative Templates\System\Logon\ Always wait for the network at computer startup and logon
    Also, apply any updated network driver if there is.
    Alex Zhao
    TechNet Community Support

  • New Server 2012 -- Network Location Awareness & Power Failure

    Could you try setting up a dependency or delay on the boot? This would be more of a temporary solution, but should help you confirm that the only issue was with communication with the DC.

    Hello everyone,This is kind of a mixed question of AD/Domain/GPO, Server 2012 R2 Standard, Windows 7 clients, and File Sharing.. please bare with me.We had an interesting event this morning..We have a 2012 R2 STD member file server on the domain. We had a total power failure, and I believe the file server came up faster than any domain controller. Anyhow, we couldn't access the shares on the server. Upon further investigation, I saw that the network location on the file server was 'unknown' and decided to restart the server. After that, it went back to its domain profile.Are there any known solutions to this scenario? Can I force the server to use the domain profile at all times? I've briefly read about the local GP edit trick, but haven't tried it out yet. Apparently, you can allow changes to adapter profiles, and then manually set...
    This topic first appeared in the Spiceworks Community

  • Cisco UC560 Not Clearing Static Routes When VPN Connections Drop

    We have a Cisco UC560 (UC560-FXO-K9) running "Cisco IOS Software, UC500 Software (UC500-ADVIPSERVICESK9-M),
    Version 15.1(2)T2, RELEASE SOFTWARE (fc1)"  The issue is when we have end users connecting with the Cisco VPN Client to this device sometimes we are unable to connect to any devices on our LAN or sometimes we can't connect to the LAN on the other end of our site-to-site VPN.  The one symptom I've observed when this happens is that old VPN sessions that have disconnected appear to leave static routes from the user's outside IP at their home to an IP on our LAN to a Virtual-Access interface.  When this starts to happen, I restart the firewall to clear out the stale static routes and the problem is fixed, for a while at least.  Below is the current state where we have the site-to-site VPN connected to our branch office and 2 user's connected with Cisco VPN clients.  Below that is the static route table which has 5 total Virtual-Access interface routes (one is an extra route for a user currently connected so that their outside IP is in the static route table with 2 inside IP's associated.)  Is there a way to fix the cleanup of VPN connections when they terminate?
    #sh crypto isakmp peers
    Peer: <branch office outside IP> Port: 500 Local: <firewall's outside IP>
    Phase1 id: <branch office outside IP>
    Peer: <users's outside IP #1> Port: 50420 Local: <firewall's outside IP>
    Phase1 id: EZVPN_GRP_437
    Peer: <user's outside IP #2> Port: 49345 Local: <firewall's outside IP>
    Phase1 id: EZVPN_GRP_437
    Bugsy#sh ip ro st
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
           + - replicated route, % - next hop override
    Gateway of last resort is <next hop of ISP for firewall> to network 0.0.0.0
    S*    0.0.0.0/0 [1/0] via <next hop of ISP for firewall>
          10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
    S        10.0.0.153/32 [1/0] via <non-connected IP of VPN user>, Virtual-Access2
    S        10.0.0.155/32 [1/0] via <non-connected IP of VPN user>, Virtual-Access2
    S        10.0.0.156/32 [1/0] via <user's outside IP #2>, Virtual-Access3
    S        10.0.0.158/32 [1/0] via <user's outside IP #1>, Virtual-Access3
    S        10.0.0.159/32 [1/0] via <user's outside IP #2 again>, Virtual-Access2
    S        10.1.10.1/32 is directly connected, Vlan90

    Hi Brian,
    This sounds like you are running into the following known issue:
      CSCtl03682 - EzVPN client: Several RRI routes  pointing to same virtual interface
    which is Dup'd to:
      CSCtf39056 - RRI routes not deleted
    This is fixed since 15.1(2)T4, so I would recommend upgrading to SWP 8.2 or higher.  The only other way to clean up the stuck routes is to reload the router.
    Thanks,
    Brandon

  • Will USB devices work when VPN connected?

    My university internet connection requires an authenticated PPPoE connection followed by a VPN. When I used to use my AirPort Express, I left it on automatic and made both connections from my Mac quite successfully. BUT ... when the VPN connection was made, I lost access to the USB connected printer and the AirTunes connection. I'd like to know if I'm going to run the same risk with an AirPort Extreme. I'd like to connect up a hub with two hard drives and a printer, but if I'm not going to be able to access them when I'm connected to the uni network, I won't bother spending the money.
    Thanks in advance for any insight!

    I would guess that the same thing will happen. You will lose access to local devices when your Mac is connected through the VPN.

  • How do you change network location type on Server 2012?

    Within Network & Sharing Center there appears to be no options available to change a network type as you could do in Server 2012?
    Within Network List Manager policies everything is set to "not configured" so this should not be disabling any functionality.
    Thanks.

    Hi,
    Firstly, if the server is domain joined, when it starts to detect the network location, the machine will contact a DC via port 389. If this detection successful, it will get the domain profile. And we cannot change it.
    However, if the server is not domain joined, the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public.
    We can do this by referring to
    Turn sharing on or off or
    How to change network location type in Windows 8.
    Also we can refer to
    Network Location Awareness (NLA) and how it relates to Windows Firewall Profiles.
    All the above articles can apply to Windows Server 2012.
    Hope this helps.
    Jeremy Wu
    TechNet Community Support

  • Invalid Credentials: The Network location cannot be reached

    I am working with MDT 2010, and I am getting the error, "Invalid Credentials:  The Network location cannot be reached." When I run the LiteTouch 64 bit, I don't think the network is working.  It's like there is not driver for the network card in
    the LiteTouch 64 bit to make the network connection.  When I hit F8 key, it brings a DOS box up for testing, and I found out these things.
     - I can ping the loop back address 127.0.0.1.
     - Cannot use the net use command to connect to the server share \\server01\DeploymentSahre$.
     - I can not ping by name or IP address the server that is holding my Deployment Share.
    This is the first time I am working with this technology, and I was following a guide off the Technet library.  It almost like I am missing the driver for the network card.  I have Windows Deployment installed on server01, the server will answer,
    and I am able to put in my user name and password,  it accepts and starts loading. 
    I did figure out how to inject the network drivers into Windows Deployment for the Motherboard I was using, do I have to do the same thing here again? MDT is using the Windows Deployment Images on the server01; MDT is setup on server01.   I would have
    thought that since the driver was already injected into the Image MDT would use that as well.  So, do I need to put a driver into the LiteTouch 64bit image and if I do how do I do that?
    thanks very much for your help,
    Rick Arnold
    ArnoldConsult
    Rick Arnold Arnoldconsult, MCP

    If you haven't updated the deployment share after adding the proper drivers to OOBD then your LiteTouch boot images will not have them included.  Just right click the deployment share and click on Update Deployment Share, it will take a while but it
    will rebuild the boot images with the drivers you've included in OOBD.  Then it's just a matter of either recreating the flash drives or loading the updated image into WDS.  
    Another thought:
    We had an issue with some HP's that had Main Boards replaced.  the BIOS time was WAY off and the UUID wasn't setting itself because the network was denying it access to our servers (because of the horribly wrong time).  Once we corrected the time
    in the BIOS everything ran fine.  The error we got while trying to do the deployment was the same as what you describe and we could still ping various machines on the network too.  

  • Network Location not showing domain name in Server 2012 R2 after demoting 2003 PDC

    The single active NIC in my new Server 2012 R2 no longer shows the Network Location of "DOMAIN.LOCAL" like it did before I demoted the only Server 2003 domain controller. The NIC now shows "NETWORK" as the Network Location.
    The registry still shows a Profile with the correct PROFILENAME in
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
    but that name does not show up in the Network List Manager Policies inside Local Security Policy.
    The 2012 R2 Srv has all of the FSMO roles, Client PC's can connect to the domain but will not get new map drives from a script, they must be created manually. My Quickbooks Enterprise clients cannot see the QB Server Manager on this server and I think it
    is related to this issue because of firewall restrictions.
    The Windows Firewall pointed me in this direction because the "Private Networks" is connected to my NIC named "Network" but the Firewall "Domain Networks" is reported as "Not connected."
    Any Help is appreciated,
    CrazyDog

    Hi,
    Based on my research,
    Network Location Awareness (NLA) service expects to be able to enumerate the
    domain’s forest name to choose the right network profile for the connection. The service does this by calling
    DsGetDcName on the forest root name and issuing an LDAP query on UDP port 389 to a root Domain Controller.
    If something hinders the DNS name resolution or the connection attempt to the DC, NLA is not able to set the appropriate network profile on the connection.
    Therefore, I suggest you check the DNS settings on DCs and other domain-joined machines, which should point to the existing DC as preferred DNS server, and secondary DC as alternate DNS server, IP address of demoted DC should be
    removed. In addition, please do not use loopback IP address.
    Here are some articles below I suggest you refer to:
    Network Location Awareness (NLA) and how it relates to Windows Firewall Profiles
    http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx
    Network Location Awareness
    http://technet.microsoft.com/en-us/library/cc753545(v=WS.10).aspx
    Complete Step by Step to Remove an Orphaned Domain controller
    http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx
    Best Regards.
    Amy

  • Multiple network location servers possible?

    As we all know the network location server is an important part of any Direct Access deployment to ensure that DA clients can know whether they are connected directly to the internal LAN or connecting from external via DA.
    I have seen discussion about deploying the network location server (simple blank IIS/Apache web site) in an NLB  configuration but is there any way to have multiple network location servers for high availability reasons? During the DA configuration
    process you can only input a single dns record for the NLS so it does not appear possible. Has anyone found a way to do this?

    Hi,
    Yes it's a good practice to have NLB in high-availability. So a single FQDN with NLB or HLB as high-availability solution. Major problem is when DirectAccess clients connected on LAN cannot join the Network Location server. They consider they are connected
    on Internet not on LAN and try to activate DirectAccess. In such situation, If users can disable DirectAccess (so no force tunneling) they can solve the problem. Once NLS is back online, computer automatically change the firewall profile to domain.
    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

  • Network location

    is it possible to run a script based on a network location change.
    i have a macbook, when i am working at my desk i have it configured to use a wired network, when i move from my desk i change my network location so it starts the airport and connects to my wireless network, this all works without problem.  however what i would like to do is disable time machine so that it will not attempt to backup over a wireless
    thanks in advance,
    steve

    The only other thing that I could recommend is write an applescript. You might get lucky and find a  script already written. I have not written scripts for many years so I can't help you out there. When finished, you can place it in your dock and use it to switch back and forth.

  • IPad2, Verizon 3G, VPN Connectivity Issues

    Greetings all. I am the systems administrator for my corporation and have seen an issue that I wish to present to the community for discussion.
    For those enterprise users that have an iPad2 with Verizons 3G, are you experiencing connectivity issues while trying to connect to your VPNs from the 3G network? If so, have you found any work around to allow connectivity or does it work fine for you?
    Here's a summary of my issues:
    We have a VPN server built on Debian Linux that has been in operation for over four years. It handles remote VPN connections from Windows, Linux,  Android, OS X, iOS, and from many different devices including multiple flavors of Apple products (iMacs, Minis, MacBooks, iPads, etc.). To date, it has performed flawlessly with assorted devices connecting to it through broadband and assorted 3G networks.
    Recently I purchased an iPad2 with Verizon 3G. I was able to set up the VPN connection using PPTP and connect using a Wi-Fi connection. When I turned off the Wi-Fi and attempted the same connection via Verizon 3G, it fails. I then took an associates iPad1 using AT&T 3G, set up the same connection, and was able to connect. I don't have access to an iPad2 on AT&T 3G so, I can't speak for that.
    Here's the logs from the VPN server while connecting from my iPad2:
    Wi-Fi
    Jul 27 05:20:43 localhost pppd[31694]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
    Jul 27 05:20:43 localhost pppd[31694]: pptpd-logwtmp: $Version$
    Jul 27 05:20:43 localhost pppd[31694]: pppd 2.4.4 started by root, uid 0
    Jul 27 05:20:43 localhost pppd[31694]: Using interface ppp2
    Jul 27 05:20:43 localhost pppd[31694]: Connect: ppp2 <--> /dev/pts/4
    Jul 27 05:20:46 localhost pppd[31694]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
    Jul 27 05:20:46 localhost pppd[31694]: found interface eth1 for proxy arp
    Jul 27 05:20:46 localhost pppd[31694]: local  IP address 192.168.1.69
    Jul 27 05:20:46 localhost pppd[31694]: remote IP address 192.168.1.82
    Jul 27 05:20:46 localhost pppd[31694]: pptpd-logwtmp.so ip-up ppp2 scott XXX.XXX.XXX.XXX (removed external IP for security reasons)
    Quick connect, able to utilize VPN connection normally. No issues.
    Verizon 3G
    Jul 27 05:20:29 localhost pppd[31682]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
    Jul 27 05:20:29 localhost pppd[31682]: pptpd-logwtmp: $Version$
    Jul 27 05:20:29 localhost pppd[31682]: pppd 2.4.4 started by root, uid 0
    Jul 27 05:20:29 localhost pppd[31682]: Using interface ppp2
    Jul 27 05:20:29 localhost pppd[31682]: Connect: ppp2 <--> /dev/pts/4
    Jul 27 05:20:32 localhost pppd[31682]: peer refused to authenticate: terminating link
    Jul 27 05:20:33 localhost pppd[31682]: Connection terminated.
    Jul 27 05:20:33 localhost pppd[31682]: Exit.
    As you can see, the peer refuses to authenticate causing the link to be terminated while attempting to connect using Verizons network. This is with the same VPN connection settings on the iPad2 that just worked with WiFi connection from the same device.
    Here's what I can verify with regards to 3G networks:
    Older (<4) iPhones and iPad1 using AT&T can connect
    Windows and OS X based laptops using Sprint 3G can connect
    Android based smart phones using Sprint 3G can connect
    I have not called Verizon or Apple Support yet but, that's next when I have the time. My initial conclusion is that there is something with Verizons 3G services that is causing the issue. It may be that Verizon is using some sort of data compression process that is problematic with VPN transmission. While the log shows an unsupported IPv6 protocol when connecting via Wi-Fi, it still negotiates a successful connection and I don't think that's the root cause for the disconnect. Thoughts?

    Hi Alexander,
    I am running in to the exact same issue (although not with Linux).  Did you ever find a fix for this?  I have some support tickets open with my VAR's, but found your post and thought I would check.  If I find anything I will post.
    Thanks
    Stu

Maybe you are looking for