I'm facing a strange problem in a network that has both Server 2022 and Server 2025 as domain controllers. Every now and then, users receive invalid password errors and are unable to log into the domain. I've implemented a workaround on the Server 2025 to fix the issue where the network card is recognized as 'public' instead of 'domain', but the problem persists. I've even rebuilt the Server 2025. Has anyone else faced similar issues?
5 Answers
I've heard that mixed environments with Server 2025 can be pretty buggy. You might want to demote the 2025 DC temporarily to see if it improves the situation.
Could this be related to a known issue? I found an article discussing it. You might want to check it out: https://www.reddit.com/r/activedirectory/comments/1lltdk1/comment/n04qpes/
Currently, Server 2025 domain controllers are causing a lot of headaches. If you don't have Exchange on-site, you could run a pure Server 2025 Active Directory. However, mixing 2025 with earlier versions in production is generally not a good idea, especially since Exchange isn't compatible with a 2025 schema master. My advice is to standardize either on Server 2022 or 2025, but I'd lean towards sticking with 2022 for the time being.
I initially thought it was a configuration mistake on my part, so it's good to hear that others are experiencing these issues too.
This issue has been reported in various setups since Server 2016. A common fix is to set the dependencies for Netlogon and DNS services on the Network Location Awareness (NLA) service and ensure NLA has a delayed start. You can check the current dependencies with the command `sc qc service_name`. Just be cautious with the `sc config service_name depend= xxx,xxx` command as it can overwrite existing dependencies. Even with these tweaks, we sometimes faced issues, and eventually set up a script that restarts the NLA service to correct the profile whenever problems arose.
Nice find! That seems to match the symptoms you're describing.