Windows OS Hub
  • Windows
    • Windows 11
    • Windows 10
    • Windows Server 2025
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
    • Proxmox
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows 10
    • Windows Server 2025
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
    • Proxmox
  • PowerShell
  • Linux

 Windows OS Hub / Windows Server 2025 / Wrong Network Profile on Windows Server after Reboot

September 30, 2025

Wrong Network Profile on Windows Server after Reboot

On domain controllers running Windows Server 2025, an issue occurs where the server incorrectly identifies the network as Public instead of Domain after a reboot. If some of your Windows Defender Firewall rules are applied to a network profile (location), it may cause issues with the server’s network availability.

Domain network Profile not detected on Windows Server after restart

The issue of the network type changing to the incorrect one after a restart is an old bug that has been encountered in domain controllers and member servers running Windows Server versions 2019 and 2022. Restarting the Network Location Awareness service (NlaSvc) was enough to automatically switch back to the Domain network profile in these versions of Windows Server. It is also possible to configure the startup delay for the NlaSvc service or implement a registry option that changes the behavior of the NLA service when it attempts to re-establish the domain connection.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters" -Name "AlwaysExpectDomainController" -Value 1 -Type DWORD

However, Network Location Awareness is disabled by default in Windows Server 2025.

Network Location Awareness service is disabled

To ensure that a Windows Server 2025 host correctly detects the network type, simply re-enable the network adapter after the computer reboots. If you have access to the server console (iLO or equivalent), you can disable and re-enable the network adapter via the ‘Network Connections’ control panel (ncpa.cpl).

Disable and then Enable network adapter via ncpa.cpl

If you only have RDP or PowerShell Remoting access to the DC, it’s possible to restart the network adapters using the PowerShell command:

Get-NetAdapter -Physical | Where-Object { $_.Status -eq "Up" } | Restart-NetAdapter

After this, the network will be correctly identified as a domain network (DomainAuthenticated).

Get-NetConnectionProfile

Change profile from Public to DomainAuthenticated

The issue with resetting the network type on Windows Server domain controllers is related to the DNS server settings. If the server uses itself as the DNS server, it may not respond quickly enough to DNS queries during startup (before the DNS server service is fully initialized) to determine the correct network status. That is why the secure Public profile will be assigned as the network type.

Therefore, ensure that the secondary DNS on the domain controllers points to the addresses of the other domain controllers, and avoid rebooting them all at once by spacing out scheduled reboots.

Alternatively, you can create a workaround using a simple PowerShell script in the Task Scheduler. It should wait for the DNS service to start and then restart the network adapter (run the task as SYSTEM):

Program/script: powershell.exe
Add arguments (optional): -ExecutionPolicy Bypass -NonInteractive -WindowStyle Hidden -command "do {$status = (Get-Service dns)} until ($status.Status -eq 'Running'); Get-NetAdapter -Physical | Restart-NetAdapter"

PowerShell script to Restart-NetAdapter on Windows Server after reboot

In order to apply this script to all DCs, you can deploy a scheduler task to the Domain Controllers OU via GPO.

1 comment
0
Facebook Twitter Google + Pinterest
Questions and AnswersWindows Server 2025
previous post
How to Get Windows 10 Extended Security Updates After End-Of-Life
next post
Converting Windows 10 to Enterprise LTSC Without Losing Data

Related Reading

Find a Process Causing High Disk Usage on...

July 16, 2025

Cannot Install Network Adapter Drivers on Windows Server

May 6, 2025

Configuring Windows Protected Print Mode (WPP)

May 28, 2025

WMIC Command Not Found on Windows

May 19, 2025

Unable to Map Drive: An extended error has...

May 13, 2025

Encrypt Any Client-Server App Traffic on Windows with...

June 16, 2025

Fix: Microsoft Defender Not Updating Automatically in Windows

July 15, 2025

Proxmox: Share a Host Directory with VMs via...

August 21, 2025

1 comment

admin October 1, 2025 - 4:35 am

⚙️ If you are using Windows Server hosts in a domain network, you may experience an issue where the network profile type switches from ‘Domain’ to ‘Private’ after rebooting. This can cause problems with server or service availability if custom domain-based firewall rules are applied to a host and the network type has been reset to the wrong one

⚠️ The root cause is typically that, during boot, the host does not receive a timely response from the DNS server configured on its network adapter. This is particularly common on domain controllers, where the preferred DNS server is usually set to either the controller’s own IP address or the loopback address (127.0.0.1).

👉 Best practice: on a DC, configure another DC as the Preferred DNS server, and set the local DC as the Alternate DNS. Also, avoid rebooting all DCs at the same time 😊.

Alternatively, there are some workarounds:

🔹 In Windows Server 2016/2019/2022, the issue could be mitigated by configuring a delayed start for the NlaSvc (Network Location Awareness) service so that it starts after DNS.
🔹 In Windows Server 2025, NlaSvc is disabled by default, so a workaround is to add a PowerShell script to startup that waits for the DNS service to run and then restarts the network adapter:

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • How to Get Windows 10 Extended Security Updates After End-Of-Life

    September 24, 2025
  • Blocking NTLM Connections on Windows 11 and Windows Server 2025

    September 23, 2025
  • Windows Stucks at ‘Getting Windows Ready, Don’t Turn Off Computer’

    September 15, 2025
  • Clean Up ETL Log Files in ProgramData

    September 9, 2025
  • Fix: Slow Startup of PowerShell Console and Scripts

    September 3, 2025
  • DPI Scaling and Font Size in RDP (RDS) Session

    August 27, 2025
  • Proxmox: Share a Host Directory with VMs via VirtioFS

    August 18, 2025
  • How to Find AD Users with Blank Passwords (Password-Not-Required)

    July 24, 2025
  • Run Elevated Commands with Sudo on Windows 11

    July 16, 2025
  • Find a Process Causing High Disk Usage on Windows

    July 15, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Permanently Disable Driver Signature Enforcement on Windows 11
  • Fix: Windows Update Tab (Button) is Missing from Settings
  • Fix: Your IT Administrator Has Limited Access to Virus & Threat Protection
  • How to Add or Reinstall the Microsoft PDF Printer on Windows
  • Fix: Multiple Connections to a Server or Shared Resources by the Same User
  • How to Remove ‘Some Settings are Managed by Your Organization’ on Windows 11 or 10
  • How to Pause (Delay) Update Installation on Windows 11 and 10
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top