Microsoft has issued a cautionary note to IT administrators regarding a significant issue impacting Windows Server 2025 domain controllers. Following a system restart, these servers may struggle to manage network traffic effectively, which could lead to interruptions in Active Directory (AD) environments.
The root of the problem lies in the domain controllers defaulting to the standard firewall profile instead of the necessary domain firewall profile after rebooting. This misconfiguration can result in a series of complications:
- Domain controllers may become inaccessible on the domain network.
- Applications and services operating on affected servers or remote devices might fail or remain unreachable.
- Ports and protocols that should be restricted by the domain firewall profile may remain open, introducing potential security vulnerabilities.
This issue is confined to Windows Server 2025 systems that host the Active Directory Domain Services role, leaving client systems and earlier server versions unaffected.
Workaround for Affected Systems
In response to this challenge, Microsoft has outlined a temporary workaround to alleviate the issue. Administrators can manually restart the network adapter on the affected servers using PowerShell with the following command:
textRestart-NetAdapter *
It is important to note that this workaround must be executed after each system restart, as the issue recurs every time the server reboots. To simplify this process, Microsoft suggests creating a scheduled task that will automatically restart the network adapter whenever the domain controller is restarted.
The underlying issue stems from domain controllers failing to apply the correct network profile post-reboot. Instead of loading the “Domain Authenticated” profile, they revert to a “Public” or standard firewall profile, disrupting critical AD functions such as Group Policy application, replication, and authentication.
While similar issues were noted in previous versions like Windows Server 2022, past fixes do not address the current problem in Windows Server 2025. Microsoft has confirmed that its engineers are diligently working on a permanent solution, with a fix anticipated in an upcoming update, although a specific timeline has yet to be disclosed.
Recommendations for Administrators
In the interim, administrators are encouraged to:
- Implement the manual workaround or automate it using scheduled tasks.
- Closely monitor their domain controllers for any connectivity and service disruptions.
- Avoid unnecessary restarts of affected servers whenever feasible.
Organizations impacted by this issue should brace for potential downtime during restarts and ensure that critical services relying on Active Directory remain operational through these temporary measures.
Equip your team with real-time threat analysis With ANY.RUN’s interactive cloud sandbox -> Try 14-day Free Trial
