Microsoft has successfully addressed a significant vulnerability in Windows Server 2025 that previously hindered Active Directory Domain Controllers from effectively managing network traffic following system restarts. This flaw led to service interruptions and application failures, raising concerns for enterprises relying on this platform.
The patch, designated as KB5060842, was rolled out on June 10, 2025, and it aims to enhance infrastructure stability that has been a pressing issue since the operating system’s launch in November 2024.
Windows Server 2025 Restart Bug
The core of the issue revolved around the handling of domain firewall profiles during restart operations. When domain controllers underwent restart cycles, the system failed to apply these profiles correctly, resulting in mismanaged network traffic that obstructed vital applications and services from connecting to the Active Directory infrastructure.
This bug posed a considerable challenge for enterprise administrators, particularly those overseeing hybrid cloud environments. Windows Server 2025 is positioned as Microsoft’s latest Long-Term Servicing Channel (LTSC) release, tailored for high-performance, AI-capable platforms, making the resolution of this issue all the more critical.
The malfunction stemmed from the improper initialization of domain firewall configurations during the startup sequence. This failure hindered domain controllers from establishing secure communication channels with client systems and other domain controllers within the Active Directory forest topology.
As a result, organizations that depended on Windows Server 2025 for their Active Directory infrastructure faced notable operational hurdles. The inability of domain controllers to manage network traffic effectively post-restart led to disruptions in authentication services, group policy distribution, and directory replication processes.
Consequently, users experienced authentication failures, difficulties accessing domain resources, and potential security vulnerabilities due to the inadequate enforcement of firewall profiles. The technical issue manifested as domain firewall profiles not being applied correctly during the initialization process, which caused the system to revert to more restrictive network configurations that blocked legitimate Active Directory communication protocols.
Essential services such as Kerberos authentication, LDAP queries, and DNS resolution encountered intermittent failures, particularly in environments with multiple domain controllers where replication synchronization was compromised. The bug’s effects were pronounced in settings employing advanced security configurations and those utilizing Windows Hello for Business in Key Trust mode, where additional authentication complexities exacerbated connectivity problems.
Administrative Recommendations
With the release of KB5060842, Microsoft has officially rectified the issue. This patch specifically targets the initialization sequence of domain firewall profiles, ensuring that network traffic management is properly handled following domain controller restart operations.
Organizations utilizing Windows Server 2025 in production environments are strongly encouraged to implement this critical update without delay to uphold the reliability of their Active Directory services.
The timeline for this resolution underscores Microsoft’s dedication to addressing infrastructure-critical issues within the Windows Server 2025 platform, which serves as a foundational element for numerous enterprise hybrid cloud deployments.
Administrators are advised to verify the successful installation of the patch by monitoring domain controller restart cycles and confirming the functionality of Active Directory services post-implementation. Additionally, Microsoft recommends deploying comprehensive monitoring solutions to detect similar network traffic management issues and establishing regular restart testing protocols to ensure ongoing stability across Windows Server 2025 deployments.
Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access
