Preventing Windows guests from creating network profiles in Proxmox

Many of my servers run under the Proxmox virtual environment. For servers that doesn’t have a dedicated IP available for its guests I use iptables based NAT network to forward packets as described in my previous article: https://manatails.net/blog/2018/04/running-proxmox-with-nat/

But I came across a problem where Windows guests detect the network as ‘Unknown’ and try to create a new network profile every reboot.

2018-10-08 19_13_51-pve - Proxmox Virtual Environment

Not only it looked bad to have random names ‘Network 18’, but also the network type defaults to public network so any rules in private network get ignored until I manually set the network type to private.

I looked a bit in depth and found that the feature is called ‘Network Location Awareness’ per the original article https://msdn.microsoft.com/en-us/library/aa480195.aspx

From the page:

Digital Subscriber Line (DSL) and cable modems typically act as network address translators (NATs). As a result, their MAC addresses can be used to uniquely qualify the user’s network. NLA uses the MAC address of the user’s DSL or cable modem as the link ID.

Practically, Windows was using the MAC address of the default gateway to diffrentiate the network.

So I had to give the NAT interface a unique MAC address in order to be recognized.

2018-10-08 19_03_50-192.168.27.61 - PuTTY

Add ‘hwaddress ether’ to the interface config and give a random mac address, then windows will consistently identify the network.

2018-10-08 19_16_12-monica.mananet.net_444 - Remote Desktop Connection

Finally open regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList then delete all entries in Profiles and Signatures to get rid of previously detected networks and reset the counter.

 

One thought on “Preventing Windows guests from creating network profiles in Proxmox”

  1. Hmm, That might be ok in a single Proxmox Host environment, but if you’re running a cluster, you might have a problem.

    The better solution would be to just completely disable windows “network location profiles” because it’s not like you’ll be taking your server to the coffee shop. ๐Ÿ˜‰

Leave a Reply

Your email address will not be published. Required fields are marked *