Forum Discussion

Copper Contributor

May 31, 2024

Solved

When is Network Profile Issue for Domain Controllers going to be at least acknowledged?

Since the insider builds from 25398 to the latest 26227 all have the same bug where the domain controller on the builds will show the network category as Public instead of DomainAuthenticated and the...

networking

JamfSlayer
Mar 21, 2025
I did hear back from my Microsoft contact on what it exactly is that's causing it. It's an LDAP packet that's trying to get to ::1 (Loopback) over the IPv6 interface, and it's being dropped, and one thing that breaks 2025 out of the box, is turning off IPv6, or even setting it to prefer IPv4 using the proper registry keys, not turning it off in the IP stack settings in the NIC configuration. Never turn off IPv6 in the NIC configuration settings.
This condition is leading to a timeout with connection to loopback being dropped, and therefore it is causing this behavior of the domain controller taking an extended time to boot as well as have the improper NLA detection for the NIC and firewall profile.
It was first recognized in Windows Server 2019, but fixed in 2022, and it's surfaced again in 2025. They state pretty much what you line up with in a fix coming very soon, but they have to be certain before it rolls to global distribution channels.

JamfSlayer

Brass Contributor

Mar 21, 2025

I did hear back from my Microsoft contact on what it exactly is that's causing it. It's an LDAP packet that's trying to get to ::1 (Loopback) over the IPv6 interface, and it's being dropped, and one thing that breaks 2025 out of the box, is turning off IPv6, or even setting it to prefer IPv4 using the proper registry keys, not turning it off in the IP stack settings in the NIC configuration. Never turn off IPv6 in the NIC configuration settings.

This condition is leading to a timeout with connection to loopback being dropped, and therefore it is causing this behavior of the domain controller taking an extended time to boot as well as have the improper NLA detection for the NIC and firewall profile.

It was first recognized in Windows Server 2019, but fixed in 2022, and it's surfaced again in 2025. They state pretty much what you line up with in a fix coming very soon, but they have to be certain before it rolls to global distribution channels.

Karl-WE

MVP

Mar 23, 2025

Thank you JamfSlayer for finding this solution.

There are several articles from Microsoft that IPv6 is actively used as loopback and for same subnet fe80 communication.

Here's a blogpost from my end in regards to IPv6.

Will backlink this thread BLOG: CVE-2024-38063 - Disabling IPv6 binding = fix - or not? | Microsoft Community Hub