Forum Discussion

Brass Contributor

Apr 27, 2024

Server 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"

OS: Windows Server 20225 Standard Core (no GUI), build 26085.1 Role: ADDS, DNS ForestMode: Windows2025Forest DomainMode: Windows2025Domain Platform: Hyper-V guest When standing up a clean Win...

adds

Network Location Awareness

Copper Contributor

Nov 11, 2024

Hello everyone, I had a little time over the weekend to try out a few things again and finally came up with a way that allows me to get to the domain firewall profile (even after a restart) without any major ‘hacks’.

1.) It is important that the server that receives the AD role is assigned an IPv6.

2.) Furthermore, the DWORD AlwaysExpectDomainController must be created in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters and set to 1.

Before I forget, it is normal that the NLA service with version 2025 no longer has any dependencies or is now set to manual. The correct firewall profile is still assigned.

Maybe this will help someone.

dazzabozza
Copper Contributor
Apr 03, 2025
I can confirm that setting a manual IPv6 address on the NIC has resolved this issue for us. Thanks!

EDIT - appears that this reg key is required along with the IPv6 address being set

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters
Add a DWORD parameter: AlwaysExpectDomainController
Set value to:1
- JamfSlayer
  Brass Contributor
  Apr 03, 2025
  Absolutely none of these things above should have to be done on an out of box product to make it work.
GerardV
Copper Contributor
Nov 13, 2024
By assigned an IPv6 you mean static not just DHCP?
- Windows
  Copper Contributor
  Nov 14, 2024
  In my test environment, I assign the IPv6 address via DHCP.