Just thought of leaving a quick win here. Did you ever had the firewall profile of Windows not correctly mapped after reboots etc.?
This is because after a reboot the Domain Controllers put it in e.g. public profile and this will get passed on to other servers as well. This will effect in not being able to manage machines because of firewall blocks etc.
Solution is to restart the “Network Location Awareness” service and dependent “Network List Service”.
This will reset it to domain profile and after reboots of the other machines which have this it will be updated to domain profile as well. Or restart the service as above that will also do the trick.
Hope it helps!
UPDATE:
Well after migrating to Windows Server 2022 in my homelab the above will not work anymore. Appears the restarting of the NLA service has changed. After some digging around came across the following: Domain Controller thinks its on a Public Network
My working scenario is putting it a delayed start and adding domain services dependency on the NLA service with DNS and NTDS.