Forum Discussion
When is Network Profile Issue for Domain Controllers going to be at least acknowledged?
I did hear back from my Microsoft contact on what it exactly is that's causing it. It's an LDAP packet that's trying to get to ::1 (Loopback) over the IPv6 interface, and it's being dropped, and one thing that breaks 2025 out of the box, is turning off IPv6, or even setting it to prefer IPv4 using the proper registry keys, not turning it off in the IP stack settings in the NIC configuration. Never turn off IPv6 in the NIC configuration settings.
This condition is leading to a timeout with connection to loopback being dropped, and therefore it is causing this behavior of the domain controller taking an extended time to boot as well as have the improper NLA detection for the NIC and firewall profile.
It was first recognized in Windows Server 2019, but fixed in 2022, and it's surfaced again in 2025. They state pretty much what you line up with in a fix coming very soon, but they have to be certain before it rolls to global distribution channels.
I have found this issue beginning in Nov 2022, even with Windows Server 2022. It rared its ugly head after that kerberos fix that November that broke the world. After that, there was a hotfix that fixed it on 2022, 2019, 2016, etc. I noticed this began again in the early vNext 2025 builds. It's still there as of the build available today, even after all the hotfixes apply after updating. Obviously the bandaid for now is restart-netadapter * - or specify your NIC name, if you're concerned about it restarting the wrong NIC, to run at startup via Task Scheduler. This really isn't a fix, but a mere stopgap to allow this to operate properly as it becomes a domain controller. Let's hope someone from MS is paying close attention and addresses this. I've tried all the registry keys, etc, and that does not work. In fact, I think 2025 completely ignores the AlwaysExpectDomainController as everyone swears is the fix. I think they still have problems. This appears to be a nasty conflict between NLA, Windows Defender Firewall, and something hanging in the OS upon the NIC initialization. Also, setting service dependencies isn't the answer either. This should work out of the box. Glad I'm not the only one having this issue.
- AlwaysExpectDomainController does not work with Server 2025.
Re-enables the Ethernet Adapter sounds like a workaround.
When can we expect a solution?
I don't understand the purpose of this forum if no one from the Program Group comments on problems that are mentioned 3-5 times?
sorry- Kinda amazed this obvious of a bug has been around so long, some basic testing you'd think would catch this.
