Forum Discussion
When is Network Profile Issue for Domain Controllers going to be at least acknowledged?
Since the insider builds from 25398 to the latest 26227 all have the same bug where the domain controller on the builds will show the network category as Public instead of DomainAuthenticated and the only way to fix it is to disable and re-enable the NIC after each reboot.
There has been a few bug reports submitted in the feedback hub and in this community many months ago. It would be at least be nice to be acknowledged.
How do we unmark this clueless post as a “solution?”. It doesn’t even understand the actual problem, much less provide a solution.
Thanks Karl. It's not applicable to this specific win2025-only-and-domain-controller-only bug - win2025 doesn't use the NLA service at all. The only workaround is to script the nic disabling then re-enabling (we do this using a gpo startup script).
This is a different bug than the years-long-still-not-fixed bug that affects all Windoze OSes (but not just DCs) and is generally fixed by an NLA restart. Some day Microsoft might get arounud to fixing one or both of these bugs, but given the pathetic response thus far, I'm not holding my breath.
This issue has been there for a while now and on Server 2025 DCs we are facing the same problems. Ofc it's nice with the workaround, but when can we expect Microsoft to fix that nice feature?
- Saludos te paso este link revisa la información en Microsoft Learng ojalá te sirva https://learn.microsoft.com/es-es/troubleshoot/windows-server/active-directory/troubleshoot-domain-controller-deployment
- not applicable
- Yea. That article is for folks that don't understand AD.
I have found this issue beginning in Nov 2022, even with Windows Server 2022. It rared its ugly head after that kerberos fix that November that broke the world. After that, there was a hotfix that fixed it on 2022, 2019, 2016, etc. I noticed this began again in the early vNext 2025 builds. It's still there as of the build available today, even after all the hotfixes apply after updating. Obviously the bandaid for now is restart-netadapter * - or specify your NIC name, if you're concerned about it restarting the wrong NIC, to run at startup via Task Scheduler. This really isn't a fix, but a mere stopgap to allow this to operate properly as it becomes a domain controller. Let's hope someone from MS is paying close attention and addresses this. I've tried all the registry keys, etc, and that does not work. In fact, I think 2025 completely ignores the AlwaysExpectDomainController as everyone swears is the fix. I think they still have problems. This appears to be a nasty conflict between NLA, Windows Defender Firewall, and something hanging in the OS upon the NIC initialization. Also, setting service dependencies isn't the answer either. This should work out of the box. Glad I'm not the only one having this issue.
- AlwaysExpectDomainController does not work with Server 2025.
Re-enables the Ethernet Adapter sounds like a workaround.
When can we expect a solution?
I don't understand the purpose of this forum if no one from the Program Group comments on problems that are mentioned 3-5 times?
sorry- Kinda amazed this obvious of a bug has been around so long, some basic testing you'd think would catch this.
Disabling and re-enabling the NIC resolves this issue, but upon reboot it goes back to public.
Other people have reported the same:
https://techcommunity.microsoft.com/t5/windows-server-insiders/domain-controller-showing-network-connection-as-public/m-p/3948439?search-action-id=747851316514&search-result-uid=3948439
https://techcommunity.microsoft.com/t5/windows-server-insiders/server-2025-core-adds-dc-network-profile-showing-as-quot-public/m-p/4125017?search-action-id=747851316514&search-result-uid=4125017- tyvm! looks good (or not). Will this also happen before the VM is a AD DS server (DC)?
have you disabled IPv6 or all "stock config"?
What is your external DNS in DNS forwarder on each of the DCs?
Without it the machines cannot see the internet. Test-Connection www.google.de should fail.
Agreed this should not affect the network profile (NLA). but worth looking into.
- As soon WS 2025 DC works with mslab I can look into that, to see if it's reproducible on my end.
Could you share get-netadapter, and get-netipconfiguration, please?- Unbelievable this is still an issue in the final build 26100.1742. I upgraded 2022 DCs in two different domains to 2025 and all of them have the public firewall profile set unless/until I disable/re-enable the nic.
Wes808 my case with MS is still being reviewed. I have good news. The Microsoft engineering team was able reproduce it! That's a good sign. I figured people would start upgrading their DCs and take down their network essentially.... There's a workaround. Do a restart-netadapter * to bring the proper profile back. Set that up as a scheduled task to run at startup for now. More to come.
