Windows

Windows Server 2025 Restart Bug Breaks Connection with Active Directory Domain Controller

Microsoft has warned IT administrators about a critical issue affecting Windows Server 2025 domain controllers. Following a system restart, these servers may fail to manage network traffic correctly, potentially causing disruptions in Active Directory (AD) environments.

This problem arises because the domain controllers load the standard firewall profile instead of the required domain firewall profile after rebooting.

The misapplied firewall profile leads to several issues:

  • Domain controllers may become inaccessible on the domain network.
  • Applications and services running on affected servers or remote devices may fail or remain unreachable.
  • Ports and protocols that should be restricted by the domain firewall profile may remain open, posing potential security risks.

This issue affects only Windows Server 2025 systems hosting the Active Directory Domain Services role. No client systems or earlier server versions are impacted.

Workaround for Affected Systems

Microsoft has provided a temporary workaround to mitigate the issue. Administrators can manually restart the network adapter on affected servers using PowerShell with the following command:

textRestart-NetAdapter *

However, this workaround must be applied after every system restart, as the problem reoccurs each time the server reboots.

To streamline this process, Microsoft recommends creating a scheduled task that automatically restarts the network adapter whenever the domain controller restarts.

The issue stems from domain controllers failing to apply the correct network profile after a reboot. Instead of loading the “Domain Authenticated” profile, they default to a “Public” or standard firewall profile. This behavior disrupts essential AD functions such as Group Policy application, replication, and authentication.

Similar issues were observed in previous versions like Windows Server 2022, but prior fixes do not resolve this problem in Windows Server 2025.

Microsoft has confirmed that its engineers are actively working on a permanent resolution. A fix is expected to be included in an upcoming update, though no specific timeline has been provided.

Recommendations for Administrators

Until a permanent fix is released, administrators are advised to:

  • Implement the manual workaround or automate it using scheduled tasks.
  • Monitor their domain controllers closely for connectivity and service disruptions.
  • Avoid unnecessary restarts of affected servers whenever possible.

Affected organizations should prepare for potential downtime during restarts and ensure that critical services relying on Active Directory remain operational through these temporary measures.

Equip your team with real-time threat analysis With ANY.RUN’s interactive cloud sandbox -> Try 14-day Free Trial

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts

A sophisticated malware campaign targeting WordPress sites has emerged, utilizing PHP variable functions and cookie-based…

1 hour ago

Threat Actors Tricks Target Users Via Impersonation and Fictional Financial Aid Offers

An international ecosystem of sophisticated scam operations has emerged, targeting vulnerable populations through impersonation tactics…

2 hours ago

TransparentTribe Attack Linux-Based Systems of Indian Military Organizations to Deliver DeskRAT

TransparentTribe, a Pakistani-nexus intrusion set active since at least 2013, has intensified its cyber espionage…

5 hours ago

Jingle Thief Attackers Exploiting Festive Season with Weaponized Gift Card Attacks

As the festive season approaches, organizations are witnessing a disturbing increase in targeted attacks on…

7 hours ago

Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave

The cybersecurity landscape experienced a significant shift in July 2025 when threat actors associated with…

8 hours ago

New Python RAT Mimic as Legitimate Minecraft App Steals Sensitive Data from Users Computer

A sophisticated Python-based remote access trojan has emerged in the gaming community, disguising itself as…

9 hours ago