I've been noticing that several of my domain controllers seem to be losing track of their identity, which is causing all kinds of issues with DNS, DHCP, Active Directory, and Kerberos. The fix I've found is quite simple: just restart the Network Location Awareness (NLA) service. This switches the network location back to Domain as it should be. Over the past weekend, a few of my DCs experienced this. Has anyone else dealt with this, and do you have a more reliable solution?
5 Answers
There was supposedly a fix released in June specifically for 2025 Domain Controllers. You can check Microsoft’s release notes for more details.
This issue is pretty well-documented on both Server 2022 and 2025, but it's been especially troublesome on 2025. There’s a cumulative update expected in November or December that should address it. Until then, a good workaround is to set up a task in Task Scheduler to restart the NLA service on server startup.
I really hope that update comes soon, this is becoming a hassle!
I managed to get around this issue by configuring a registry key through GPO to ensure NLA defaults to the private category. You can set it at HKLMsoftwarepoliciesmicrosoftWindows NTcurrent versionnetworkListsignatures and make "Category" (DWORD) = 00000001. Also, consider modifying the NLA service's startup type.
There's another registry key called "AlwaysExpectDomainController" that might help too.
This problem is also showing up on Server 2019. It's almost a ritual to restart NLA right after rebooting the server—maybe keep a shortcut on your desktop to remind you!
I actually faced a similar issue on Server 2012 R2. I just set a scheduled task to restart the NLA service a few minutes after booting up. I haven’t seen this on Server 2022 yet, but it doesn’t surprise me that it's still affecting some users.
I've been having this problem for a long time on various Windows servers. Are you saying it's worse with versions 22 and 25?!