OS: Windows Server 20225 Standard Core (no GUI), build 26085.1Role: ADDS, DNSForestMode: Windows2025ForestDomainMode: Windows2025DomainPlatform: Hyper-V guest When standing up a clean Windows Server 2025 using server core and configuring it as a domain controller, the network category (profile) always shows as "public." A clean load of Windows Server 2022 with server core as a domain controller has the same behavior. However, in Server 2022, the fix is to add DNS as a required service to the nlasvc (Network Location Awareness) service. Once that is done, the network category reflects "DomainAuthenticed" and persists between reboots. In Server 2025, the nlasvc service does not have the same requiredservices as Windows Server 2022, and it does not start automatically. Even after configuring the nlasvc service the same way it is in Server 2022 and adding DNS as a required service, the network category still reflects "public." The only way to get the network category to properly reflect the "DomainAuthenticated" status is to disable and reenable the network adapter after each reboot.

Thank you everyone for reporting this issue! A fix for it is in the works and should be coming soon. In the meantime, resetting the network adaptor by running "restart-netadapter *" OR "Restart-Service NlaSvc -Force" via PowerShell or CMD Prompt is a workaround.

I'm having the same issue and it's unacceptable.I've spent the day hardening a new AD for a customer and, after applying Dec CU, the DC is not seen as a DC anymore... because the network card is staying in public zone even after a restart/disable/enable of the network card.How can MS stay so silent about this?I'm going to open a case tomorrow, but I fear I'm not going to have any success about it.If I have to re-create this AD, it's going to be a waste of time.Thanks MS... I usually defend you when my customers are criticizing but this time, I'm going to have to agree with them.

General available and the issue persist.... Build: 26100.2314unbelievable!!!!!

Where is this issue publicly addressed so that we can track the progress of the fix?

This is not listed in the official Microsoft Windows Server 2025 known issues:https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2025Microsoft clearly has no interest in fixing this. They only seem to be interested in what affects their cloud services or for what that they can charge a monthly subscription for.Or maybe they are not even aware of this bug due to their incompetence and ineptitude.

Server 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"

85 Replies

Wes808
Brass Contributor
Oct 18, 2024
DarienHawkins

Unbelievable this is still an issue in the final build 26100.1742. I upgraded 2022 DCs in two different domains to 2025 and all of them have the public firewall profile set unless/until I disable/re-enable the nic.
- AdamM55
  Copper Contributor
  Oct 19, 2024
  We have upgraded some DCs and ran into this issue. Came here trying to find a solution....
  
  So it looks like M$ has known about this earlier this year, I don't understand why it persists on new builds. I was under the impression it was a new issue, but nope. They've know for over 6 months and still haven't fixed. Ridiculous.
  - AdamM55
    Copper Contributor
    Oct 19, 2024
    Update: The only solution we have found is disabling and re-enabling the NIC.
    
    I don't understand why we are scripting this on an issue that Microsoft was aware of over 6 months ago...
    
    Again, what percentage of DCs do sysadmins want set to public? I'm still confused why anyone would want that in the first place.
ZJonBelZ
Copper Contributor
Jun 21, 2024
I just came across this problem and my solution was to make a ps script that disables and re-enables the Ethernet Adapter. Then I scheduled a task delayed by 1 min at startup, so that at least I don't have to do it manually every time I reboot.
- Stefan_Voigt
  Copper Contributor
  Jun 21, 2024
  AlwaysExpectDomainController does not work with Server 2025.
  Re-enables the Ethernet Adapter sounds like a workaround.
  When can we expect a solution?
  - JamfSlayer
    Brass Contributor
    Jul 15, 2024
    Stefan_Voigt this is still a problem, even on the latest build of Server 2025. I have tried every suggestion, and the only thing that works is a scheduled task that does restart-netadapter * - that is not a solution. Microsoft needs to really focus on this. It's only when it becomes a DC that it does this. I really really really hope they don't let this bug roll into RTM, I've been following it since early vNext, and it's still lingering.
MaximeRastello
MCT
Apr 29, 2024
This is an issue that exists for a while now in previous versions, and still not fixed from MS...
https://techcommunity.microsoft.com/t5/windows-server-for-it-pro/windows-server-2022-unable-to-restart-network-location-awareness/td-p/2722898
SuperCaco
Brass Contributor
Apr 28, 2024
The correct fix to this is adding a key to the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters

Add a DWORD parameter : AlwaysExpectDomainController

Set value to: 1
- DarienHawkins
  Brass Contributor
  May 08, 2024
  SuperCaco
  Thank you! That was an awesome suggestion; however, it did not work.
  - SuperCaco
    Brass Contributor
    May 08, 2024
    DarienHawkins
    
    Check this: https://learn.microsoft.com/en-us/answers/questions/400385/network-location-awareness-not-detecting-domain-ne

Forum Discussion

Server 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"

85 Replies

Resources