Forum Discussion

DarienHawkins's avatar
DarienHawkins
Brass Contributor
Apr 27, 2024

Server 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"

OS: Windows Server 20225 Standard Core (no GUI), build 26085.1 Role: ADDS, DNS ForestMode: Windows2025Forest DomainMode: Windows2025Domain Platform: Hyper-V guest   When standing up a clean Win...
adds
Network Location Awareness
Server
Server Issues
Windows Server 2025
Doktor_Notor's avatar
Doktor_Notor
Copper Contributor
Feb 09, 2025

Do not expect any fix. This problem has been known for ages, and all they did was making it worse. Read e.g. these 2021 threads:

https://www.reddit.com/r/sysadmin/comments/p86mjb/has_anyone_else_had_problems_with_nla_on_server/

https://learn.microsoft.com/en-us/answers/questions/400385/network-location-awareness-not-detecting-domain-ne

Wes808's avatar
Wes808
Brass Contributor
Feb 09, 2025

Different issue, unrelated to NLA (which is not used in the same way in 2025 and isn't even started/automatic), but you're spot on about the "do not expect any fix" part.  Typical post-covid Microsheet.

  • Doktor_Notor's avatar
    Doktor_Notor
    Copper Contributor
    Feb 09, 2025

    We've been fighting this for years. I can tell you it absolutely is related to NLA and the bad workflow regarding how Windows determines network profiles and never bothers to re-check until you pull the network plug. I'm just testing 2025 so I accidentally hit this thread, years after we've experienced the problem.

     

    I frankly wouldn't give a heck about whether the network location is detected as domain, public, private, uknown or Deep Space 9, except that it breaks things heavily due to incorrect firewall profile being applied. 

    • Wes808's avatar
      Wes808
      Brass Contributor
      Feb 09, 2025

      I know your issue well, friend - for years and years as well.  This is a different problem that ultimately presents similarly (wrong fw profile), but only on DCs.  And again, NLA is not used the same way in 2025 and so this issue cannot be cured/worked around the same way as the older issue (restarting NLA).  The only workaround until Microsheet gets around to solving it (not holding my breath) is to script a disabling/re-enabling of the NIC.

      • Doktor_Notor's avatar
        Doktor_Notor
        Copper Contributor
        Feb 09, 2025

        Well, they made restarting the service broken even in 2022. Disabling/re-enabling of the NICs - not doable remotely, at least I do not trust any scripting here because once things fail (nothing unusual with MS) you need a BMC console to fix things - or call someone on site to go babysit the affected machines. For physical machines, much easier and less error prone to cycle the relevant managed switch ports. 

        As for DCs - I never understood why those are not always forced to domain profile. I mean, what on earth is the logic doing here really? 🤯

        Sigh. 

Resources