Microsoft has issued a cautionary note to IT administrators regarding a potential issue with Windows Server 2025 domain controllers (DCs). Following a restart, these servers may become inaccessible, leading to disruptions in applications and services. The root of the problem lies in the servers defaulting to the standard firewall profile rather than the domain-specific firewall settings after rebooting.
In a recent update to the Windows release health dashboard, Microsoft stated, “Windows Server 2025 domain controllers (such as servers hosting the Active Directory domain controller role) might not manage network traffic correctly following a restart.” This mismanagement can result in DCs being unreachable on the domain network or being improperly accessible through ports and protocols that should be restricted by the domain firewall profile.
The implications of this issue are significant, as services and applications relying on affected DC servers or remote devices may experience failures or become unreachable for other endpoints and servers within the network.
Workaround available
To mitigate this issue, Microsoft has provided a workaround that involves manually restarting the network adapter on the impacted servers. Administrators can utilize various methods, including the PowerShell command: Restart-NetAdapter *. However, it is crucial to remember that this manual restart must be performed after every reboot, as the issue recurs each time the domain controller is restarted.
To streamline this process, Microsoft recommends setting up a scheduled task that automatically restarts the network adapter whenever the DC server undergoes a reboot. This proactive measure can help maintain network accessibility without requiring constant manual intervention.
Meanwhile, Microsoft’s engineering team is actively working on a permanent solution, which is expected to be included in a future update. Earlier this month, the company also alerted users to another issue affecting Windows Hello logins following the installation of the KB5055523 April 2025 security update. Additionally, a fix was implemented for another problem associated with KB5055523, which caused authentication issues when Credential Guard was enabled on systems utilizing the Kerberos PKINIT pre-auth security protocol.
