Network identified as public when multiple network adapters present

Any ideas why this is happening?

Yes. Windows Server has a service called Network Location Awareness (NLA) that determines what network that computer is connected to a very general sense, sets a Network Profile (Public, Private, Domain) which in turns actives a wide array of default settings.

When the SAN1-4 network cards are enabled, Windows identifies the LAN network as a public network and bang - firewall gets in the way.

This is odd. In Windows 7 / Windows Server 2008 R2 (and presumably Windows 8 / Windows Server 2012) you should be able to have per-interface Network Profiles assigned, thus your LAN interface can be using the Domain profile but your WAN interface using the Public profile. Consequently, I'm not sure why enabling your SAN NICs should change the Network Profile for your LAN NIC. One approach would be to see if you can figure out why you can't have multiple active profiles because as far as I remember you should be able to do this.

On the other hand, you probably just want your LAN NIC to be using the Domain Profile and your SAN NICs to be using the Public Profile (see @joequerty's comments) or even a custom Network Profile with corresponding firewall rules configured.

Here's what has to happen for the Domain Profile to be assigned to an interface:

If the Connection Specific DNS Name matches the “HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName” registry key then the machine will attempt to contact a Domain Controller via LDAP. NLASVC does this by calling DsGetDcName on the forest root name and issuing an LDAP query on UDP port 389 to a root Domain Controller. The service expects to be able to connect to the PDC in the forest domain to populate the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\IntranetForests. If both these steps succeed, you will get the Domain profile.

You can just force the default Network Profile assignment for unidentified networks with a GPO:

Computer Configuration->Windows Settings->Security Settings->Network List Manager Policies

See Disable Windows Server Network Locations? for more information.

I realize that this is an old thread but I figured I'd post a full solution that I just discovered by poking around with the above details. So I was having the same issue, all of my NICs were showing up under the Public Profile. I looked at the registry keys above and found that some data was missing at this location: “HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName”

The "MachineDomain" key was populated with the correct domain but the "NetworkName" key was blank. I added the domain to the "NetworkName" key, set the PolicyOverdue REG_DWORD to 1 and restarted the Network Location Awareness service.

Now the correct NIC is in the Domain Profile.

You can change this on each interface via PowerShell. Each NIC in the machine receives it's own Index number that you can manually change using PowerShell in which you can then specify the Type of Network.

See this tutorial on how to do this via powershell: http://www.1337admin.org/windows-server/windows-server-2012-r2/change-network-location-using-powershell-in-windows/

I recently experienced this issue where my network would show up as Public rather than Domain, and it was because of NLA kept trying to authenticate on the non-LAN network cards first.

I resolved it by going into my Windows Services and setting the Network Location Awareness service to Automatic (Delayed Start) from Automatic.

It can also be resolved by restarting the adapter after the machine boots, but that doesn't seem as efficient.

Hopefully this can resolve the issue for others who have multiple NICs, only some of which are used for a LAN connection.

On an Oracle Virtualbox host (maybe VM also): disable VirtualBox Host-only Network adapter if you don't need it.