Microsoft has successfully addressed a significant issue affecting Windows Server 2025 domain controllers, which had rendered some of these servers unreachable following a restart. This situation also led to failures in various applications and services reliant on these domain controllers.
Details of the Issue
In April, Microsoft acknowledged the bug, explaining that after a reboot, servers were loading the standard firewall profile instead of the intended domain firewall profile. This misconfiguration resulted in improper management of network traffic.
The ramifications were considerable: services and applications operating on the affected domain controller servers or remote devices faced accessibility challenges, leaving endpoints and servers within the same network unable to connect effectively. Microsoft clarified, “Windows Server 2025 domain controllers (such as servers hosting the Active Directory domain controller role) might not manage network traffic correctly following a restart.”
As a consequence, these domain controllers could either become inaccessible on the domain network or be incorrectly reachable over ports and protocols that should be restricted by the domain firewall profile.
Resolution and Workaround
This week, Microsoft rolled out the KB5060842 Windows security update during the June 2025 Patch Tuesday, effectively addressing the known issue. For administrators unable to implement this month’s updates immediately, a temporary workaround is available. They can manually restart the network adapter on the affected servers using the Restart-NetAdapter * PowerShell command.
It is crucial to remember that this workaround must be executed after every reboot until the KB5060842 update is installed, as the issue will recur whenever the impacted domain controllers are restarted.
Additional Fixes
On the same day, Microsoft also resolved another issue that had been preventing some Windows users from logging into their accounts via Windows Hello after the installation of the KB5055523 April 2025 security update. Earlier in April, the company had addressed a separate problem related to authentication when Credential Guard was enabled on systems utilizing the Kerberos PKINIT pre-auth security protocol.
As the landscape of IT continues to evolve, the importance of timely updates and effective patch management cannot be overstated. Microsoft’s proactive approach in addressing these issues reflects its commitment to maintaining the reliability and security of its server solutions.
