Automatically Restart NLA

This document will explain how to use a PowerShell script to check the network connection status (Domain, Private, Public) on a server and restart NLA (Network Location Awareness) if the status is NOT Domain. This script will be set as a scheduled task and repeated every hour.

A few caveats:

• This script is written for VMs and assumes only one network connection.

• If you have multiple network connections, the script will need to be modified to specify which network connection to check.

Reasoning:

I work in a small environment where we essentially have a single Hyper-V host and our Domain Controller is a guest on this server. The DC is also our DNS server and DHCP server.

When the host is restarted and the Domain Controller comes back online, often times NLA sets the network category as Public or Private rather than DomainAuthenticated. And while the host uses timing to start up the rest of the virtual machines after the DC comes back online, this doesn’t always happen exactly as expected and the other VMs have their network categories set as something other than DomainAuthenticated.

So I’ve written this script to check the NLA status and restart the NLA service if the Network Category is anything other than DomainAuthenticated. The script can be run manually but I like to run it as a Scheduled Task since often times if the network category is anything other than DomainAuthenticated or Private the firewall blocks RDP sessions. Of course this could be changed in the firewall settings but I never like messing with Windows Firewall manually unless I really have to.

This script could be run from a single computer and check the status of any machines you wish but this requires dealing with Remote Sessions and in the end it was just easier to write a simple script and have it run automatically.

The Script:

$checkConnectionType = Get-NetConnectionProfile

if ($checkConnectionType.NetworkCategory -ne "DomainAuthenticated") { 
   Get-Service | Where-Object -Property DisplayName -Like "Network Location Awareness" | Restart-Service -Force 
} 

As you can see, the script simply checks the network connection and if it’s not equal to “DomainAuthenticated” it will restart the NLA service. I don’t have it in this script because my environment is simple enough but you may want to use “-InterfaceAlias” or “-InterfaceIndex” on Get-NetConnectionProfile to ensure you are getting the status of the correct card.

I save this script to wherever you wish (in this case it will be saved to C:\Scripts).

Scheduled Task:

As mentioned before, you could get away with just running this script manually but I like to have it scheduled, especially for cases of unexpected restarts (like a power outage that outlasts the UPS batteries). The more stuff that comes up on its own the less there is to fix later or to get in the way of things.

First open Task Scheduler. Under the Actions pane, select Create Task.

Give your task a Name and Description and click Triggers.

If you want to run the script with a different account click Change User or Group… and select the user you want to use. Click the radial button to select Run whether user is logged on or not

Select the Triggers tab.

Click on New to create a new trigger.

Select Daily and set your desired start date and time. And Recur every 1 day.

Under Advanced Settings, check the box next to Repeat task every and set it to 1 hour and a duration of 1 day.

This will allow the script to re-try every hour until the next day when the whole process will start over again.

Select the Actions tab.

Click New to create a new action.

For Action select Start a program from the drop-down menu.

Under Program/script enter powershell

Under Add arguments (optional enter:

-ExecutionPolicy Bypass -File C:\scripts\Restart-NLA.ps1

(replace C:\scripts\Restart-NLA.ps1 with the name and path of your script)

Select the Settings tab.

(Optional) Check If the task fails, restart every and set it to 10 minutes

Check Stop the task if it runs longer than and set it to 1 hour

When you are done, click OK. And you will be asked to confirm the credentials of the user you selected the task to run as.

)

When you are finished you can run the task manually to ensure it ran successfully.

)