Forum Discussion

DarienHawkins's avatar
DarienHawkins
Brass Contributor
Apr 27, 2024

Server 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"

OS: Windows Server 20225 Standard Core (no GUI), build 26085.1 Role: ADDS, DNS ForestMode: Windows2025Forest DomainMode: Windows2025Domain Platform: Hyper-V guest   When standing up a clean Win...
adds
Network Location Awareness
Server
Server Issues
Windows Server 2025
Doktor_Notor's avatar
Doktor_Notor
Copper Contributor
Feb 09, 2025

We've been fighting this for years. I can tell you it absolutely is related to NLA and the bad workflow regarding how Windows determines network profiles and never bothers to re-check until you pull the network plug. I'm just testing 2025 so I accidentally hit this thread, years after we've experienced the problem.

 

I frankly wouldn't give a heck about whether the network location is detected as domain, public, private, uknown or Deep Space 9, except that it breaks things heavily due to incorrect firewall profile being applied. 

Wes808's avatar
Wes808
Brass Contributor
Feb 09, 2025

I know your issue well, friend - for years and years as well.  This is a different problem that ultimately presents similarly (wrong fw profile), but only on DCs.  And again, NLA is not used the same way in 2025 and so this issue cannot be cured/worked around the same way as the older issue (restarting NLA).  The only workaround until Microsheet gets around to solving it (not holding my breath) is to script a disabling/re-enabling of the NIC.

  • Doktor_Notor's avatar
    Doktor_Notor
    Copper Contributor
    Feb 09, 2025

    Well, you know what - I know a bunch of shops that keep a rusty physical DC running, guess why - because their Hyper-V domain-joined boxes developed the very symptome discussed here. 😂

    I guess you are right, won't hold my breath about getting this ever fixed and will look at the network adapter cycling hacks.

    Which reminds me: oh yeah, the metadata staging failed bug still alive and kicking in 2025 https://www.bleepingcomputer.com/news/microsoft/microsoft-says-it-fixed-a-windows-metadata-server-issue-thats-still-broken/. Perhaps MS metadata servers also have wrong firewall profile applied. 🤪

  • Wes808's avatar
    Wes808
    Brass Contributor
    Feb 09, 2025

    No logic whatsoever.  That being said, there's no reason to have a physical DC in this day and age (we have none) so we're not concerned about the script concern.  It's been doing the job for months now, and will keep doing so forever I guess, assuming MS never gets a proper fix out lol

  • Doktor_Notor's avatar
    Doktor_Notor
    Copper Contributor
    Feb 09, 2025

    Well, they made restarting the service broken even in 2022. Disabling/re-enabling of the NICs - not doable remotely, at least I do not trust any scripting here because once things fail (nothing unusual with MS) you need a BMC console to fix things - or call someone on site to go babysit the affected machines. For physical machines, much easier and less error prone to cycle the relevant managed switch ports. 

    As for DCs - I never understood why those are not always forced to domain profile. I mean, what on earth is the logic doing here really? 🤯

    Sigh. 

Resources