Recent Discussions
Announcing Windows Server vNext Preview Build 26334
Hello Windows Server Insiders! Today we are pleased to release a new build of the next Windows Server Long-Term Servicing Channel (LTSC) Preview that contains both the Desktop Experience and Server Core installation options for Datacenter and Standard editions, Annual Channel for Container Host and Azure Edition (for VM evaluation only). Branding remains, Windows Server 2025, in this preview - when reporting issues please refer to Windows Server vNext preview. If you signed up for Server Flighting, you should receive this new build automatically. Please note this will be the last Windows Server Insider Preview until January 2025. We look forward to seeing you in the new year! What's New Windows Defender Application Control for Business (WDAC) Windows Defender Application Control (WDAC) for business is a software-based security layer that reduces attack surface by enforcing an explicit list of software that is allowed to run. Introduced with Windows Server 2025, we have provided Microsoft defined ‘default policy’ which can be applied to the server via PowerShell cmdlets, powered by our ‘Security configuration platform called ‘OSconfig’. To learn more, please review Windows Defender Application Control for Business (WDAC) - Microsoft Community Hub Windows Admin Center (WAC) Beginning with build 26252, Windows Server preview customers can download and install Windows Admin Center right from the Windows Server Desktop using the in-OS app that takes care of downloading and guides you through the installation process. Note: You must be running a desktop version of Windows Server Datacenter or Standard preview to access this feature. Windows Server Flighting is here!! If you signed up for Server Flighting, you should receive this new build automatically later today. For more information, seeWelcome to Windows Insider flighting on Windows Server - Microsoft Community Hub Feedback Hub app is now available for Server Desktop users! The app should automatically update with the latest version, but if it does not, simply Check for updates in the app’s settings tab. Known Issues Download Windows Server Insider Preview (microsoft.com) Flighting: The label for this flight may incorrectly reference Windows 11. However, when selected, the package installed is the Windows Server update. Please ignore the label and proceed with installing your flight. This issue will be addressed in a future release. Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues. Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: Available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire September 15, 2025. How to Download Registered Insiders may navigate directly to the Windows Server Insider Preview download page. If you have not yet registered as an Insider, see GETTING STARTED WITH SERVER on the Windows Insiders for Business portal. We value your feedback! The most important part of the release cycle is to hear what's working and what needs to be improved, so your feedback is extremely valued. Beginning with Insider build 26063, please use the new Feedback Hub app for Windows Server if you are running a Desktop version of Server. If you are using a Core edition, or if you are unable to use the Feedback Hub app, you can use your registered Windows 10 or Windows 11 Insider device and use the Feedback Hub application. In the app, choose the Windows Server category and then the appropriate subcategory for your feedback. In the title of the Feedback, please indicate the build number you are providing feedback on as shown below to ensure that your issue is attributed to the right version: [Server #####] Title of my feedback See Give Feedback on Windows Server via Feedback Hub for specifics. TheWindows Server Insiders space on the Microsoft Tech Communities supports preview builds of the next version of Windows Server. Use the forum to collaborate, share and learn from experts. For versions that have been released to general availability in market, try the Windows Server for IT Pro forum or contact Support for Business. Diagnostic and Usage Information Microsoft collects this information over the internet to help keep Windows secure and up to date, troubleshoot problems, and make product improvements. Microsoft server operating systems can be configured to turn diagnostic data off, send Required diagnostic data, or send Optional diagnostic data. During previews, Microsoft asks that you change the default setting to Optional to provide the best automatic feedback and help us improve the final product. Administrators can change the level of information collection through Settings. For details, see http://aka.ms/winserverdata. Also see the Microsoft Privacy Statement. Terms of Use This is pre-release software - it is provided for use "as-is" and is not supported in production environments. Users are responsible for installing any updates that may be made available from Windows Update. All pre-release software made available to you via the Windows Server Insider program is governed by the Insider Terms of Use.
Domain Trusts
I am currently testing Windows Server 2025 before rolling any upgrades out to our customer base. We have trusts configured between two remote forests where one of the domains is a subdomain of the other. Because of this we have to use Name Suffix Routing Exclusions to prevent AD attempting to route the subdomain through the parent. However, every time the 2025 domain controllers are rebooted the exclusions are being wiped. Is this a known bug in 2025?
Windows Server 2019 grey "X" on folders on LTO
Hi everyone We have just upgraded one of our servers from 2016 to 2019 Std. Since then when I try to copy a file to the LTO, which is directly connected to the server, icons appear with a grey "X" in the bottom left corner. I tried moving the file but the same result appears (when I move it back to the Desktop the "X" disappears). There is no cloud sync of any kind related to this server. Just to be clear, everything worked fine on 2016. Hope someone is able to help. Thank you in advance. Best regardsStorage Migration Service - Failing to Validate data
So, im getting ready to Migrate 10TB of data. Both servers are running Server 2019 Both have the Admin center installed, and "Storage Migration Service" is installed on both. I have it to a stage where i want to "validate Source and Destination Devices" when i go to validate it, it gives these 2 errors. **************************** The destination proxy is registered. Warning Warning: The destination proxy wasn't found. Backup privileges can be enabled for these credentials. Warning Warning: Backup privileges cannot be enabled as target credentials are not an administrator in Orchestrator ****************** Everything else here passes.. The destination exists. Success Pass The destination server isn't the same server as the source. Success Pass The SMB connection works. Success Pass We can use the credential provided. Success Pass The credential has administrative privileges. Success Pass The destination is unique. Success Pass The source and destination computers are supported for transfer. Success Pass The orchestrator server has at least two CPU cores. Success Pass Source volume G: - The source volume exists. Success Pass Source volume G: - The destination volume exists. Success Pass Source volume G: - The destination volume is unique. Success Pass Source volume G: - The file systems are supported. Success Pass Source volume G: - The file systems match. Success Pass Source volume G: - There is enough free space on the destination volume. Success Pass ************************************* I cant for the life of me, find out what i need to do next before i go ahead with the transfer. can some one please advise what i need to do next.
No control which updates to install anymore
Hello Community, In Windows Updates, in server 2022, Its all or nothing. Cant control which updates to install. Since this seems to be the default behavior, Is this the best practice to do all the updates at once? Just do them all at once as only choice and cross your fingers? Thanks, JohnServer 2016 Windows Update disabled?
I have Windows 2016 and 2019 Servers. All in in the same OU and getting the same Group Policy. This is confirmed via gpresult. I am using GP to disable Automatic Updates. This looks to be working in 2019: But with Server 2016, it says this: Should I expect these servers to update?
Configuring AD with macOS mobile account
I'm needing to use Active Directory and file sharing to create functional macOS mobile accounts. I've created the user accounts in AD and assigned them to a Profile Path on a valid share. I successfully bind the macOS machine to the AD server. Everything looks good and I'm seemingly able to log into the machine with the credentials for any given user. Yet when I log in, the user's home folder doesn't get created on the server where the Profile Path is set to. On a Windows11 machine, this does get created as expected (and used) after logging in with an AD user. But, on the Mac, it doesn't. It looks like the mobile account just creates a local home folder and never pushes back, so to speak, to the AD server. Does anyone have experience with this and know what I may be doing wrong? MikeInstall cert as admin for special user via windows admin center
Hi, I try to install a cert, a website uses to auth the visit. That means I have to install it local and manually by logging into the user acc and install it under "CurrentUser\My". If I install it for the whole machine "LocalMachine\My" it will be ignored when I try to access the website (seems Chrome don't check these certs). Manually that works. But I want to make life easier using windows admin center. The problem is that I log into the machine with an admin account. When I navigate to cert, there is no option to import a cert for a special (different) user account. Is there a way to install it (maybe via powershell) for a special user without knowing his password? I mean - I'm the admin of that machine, I should be able to do that. Thanks for any help!
Weird issue accessing netlogon
Got a bit of a weird issue here...... We have just started using AAD machines via autopilot & intune and doing testing on them accessing resources on our current onprem domain, got things sorted so they can access file shares and DFS namespace shares perfectly fine and thats all going through, but having an issue with intermittent issues with netlogon. There seems to be no pattern but when trying to hit \\domain\netlogon that will work but when trying \\domain.fqdn.gov.uk\netlogon that wont work. However without doing anything trying again a little while later and it will be the opposite way around that can access on the full fqdn but not the short name, and then to make it worse, sometimes both work at the same time. Different devices have been tried and had 2 side by side where one could access short but not fqdn and the other could access fqdn but not short. At the same time if i try to access any server shares on either short name or fqdn then those are fine, seems to just be issues with netlogon on the domain. at all times i can run to \\domain & \\domain.fqdn.gov.uk and the folder list of sysvol and netlogon both appear but its just guess work which is going to work. This happens the same on both our internal network and when connected via cisco anyconnect vpn back into our network. Hopefully someone has come across a similar issue and fixed it! Thanks if you have managed to read this far :)Help to configure IIS with SSL
Hello... I am starting in Windows Server administration, in a new company, they have asked me to configure SSL certificates for two intranet sites they have in Internet Information Services, I suggested buying some certificates and create names for each site as they currently connect like this http://Ip server:port, each site has its own port of course, they tell me no I should use the functionality of Windows server, as this is only for employee connections and do not need to make an expense, what they do not want is to display the warning of unsecured site to employees. I have followed tutorials, Microsoft documentation, creating a certificate authority, self-signed certificates, etc. I need help, please someone who has implemented this and has a tutorial, link, whatever I can use, to do this I am being asked to do.Server 2025 Domain Join Error ASN.1
hallo we wanna join an appliance (cisco ISE) to our domain/forest and get an error. Domain Controllers was updated from Server 2022 to Server 2025 preview it was ok with the appliance in ad. With Server 2025 final we get this error: Test Name :Kerberos test obtaining join point TGT Description :Tests TGT Obtaining in joint point Instance :CCLOUD-AD Status :Failed Start Time :10:13:54 22.11.2024 MET End Time :10:13:54 22.11.2024 MET Duration :<1 sec Result and Remedy... Could not obtain TGT : ASN.1 failed call to system time library. Check Kerberos related AD configuration What we done in troubleshooting, yet: DNS Resoluion works. domain is resolvable NTP is ok and correct time from pdc and synced to all other DCs and Clients/Servers domain join user credentials and permission are correct We tested also with an Domain Admin User/Cred Container/OU and Computer Object Permissions/Owner rights are set to the join account. Delete and let the Appliance create a new Object did not work can anyone help with ideas?
Windows Server 2022 Licensing
Hello Everyone, We currently have a server with 2x16 CPU cores. On this server, "Windows Server 2022 Standard" is installed. Five virtual servers are planned to run on this server. Currently, we have the following licenses: 1 x "WINSVR 2022 STD AddLic 16 Core ROK" 2 x "WINSVR 2022 STD AddLic 4 Core ROK" 1 x "Windows Svr Std 2022 64 Bit 1 pk DS P OEI DVD 24 Core" (This license was already activated on another server, which no longer exists. Is it possible to transfer this license to the new server?) Are these licenses sufficient, or which additional licenses would be required?
Admin account Lockout
Hi All - I have been asked to implement password chages ppoicy at a site we support. During this process I also setup account lockout policy after 5 invalid attempts The option Allow Administrator Account lockout was enabled and now when trying to login I have the message - The referenced account is currently locked out and may not be logged onto. We have only used the correct password to logon - but this still has happened and waiting 30mins does not sort this issue. Also, I have no other Administrator account for this Domain Server. Does anyone have any suggestions on dealing with this ? The Policy has the following settings - Account Lockout Duration 30mins Account Lockout Threshold 5 Invalid logon attemps Allow Administrator Lockout Enabled Reset Account loclout Counter after 30minsHyper V Across 2 Server Rooms
Does Hyper V provide a method of running servers across 2 server room, so that if one server room is lost the VMs can start in the other server room. Does this require a witness node installed in a 3rd location (like VMware) ? Are there any reference designs available from the like of Dell or HP using current hardware ?
Your credentials didn't work - try again
I have this weird issue with WAC atm I have a server which has RBAC enabled, my non-admin domain user; called for example Pete is added to the admin group (so he cant use powershell etc...) When I try to access the server as Pete using WAC, it says my credentials didn't work. Here comes the weird thing: I can access the server as for example my domain admin. If I first do that, go back to the main screen and click menage as and then fill in Pete's credentials it works, with the limited access to the server as the role described. Is there a solution for this?Windows Server 2016/2019 AD LDS installation with a specific configuration set level
With the release of Windows Server 2025, AD LDS configuration sets are required to have a functional level of Windows Server 2016 or greater. Unfortunately, there is no documentation on how to create a configuration set on Server 2016/2019 with a specific level or how to raise the level of an existing set. The only article with relevant information says that manually updating the msDS-Behavior-Versionattribute of the Partitions container to7 will not work.LDS service startup fails - Windows Server | Microsoft Learn. If I execute the C:\windows\adam\adaminstall.exe /?:answer command, I see that a parameter named /ConfigurationSetLevel exists and its default value is 7, However, when I create a new AD LDS configuration set via the wizard, it is created at the level of 2 by default. If I specify ConfigurationSetLevel=7in the /answer: file and pass it to adaminstall.exe, the installation fails without any errors. Notably, any ConfigurationSetLevelfrom 2 to 5 works fine using this method. It seems that it is impossible to create an AD LDS configuration set on Server 2016/2019 and add a replica from Server 2025 to it. Is this correct?
New user and roaming profile
Hi I added a new user to domain controller and I also added a profile path (roaming profile). I went to client computer and tried to login the new user, after logging in it is saysing that the profile was not successful and need to logout amd try again. It is doing this over and over again until I delete the path from the user in domain controller then I can login the user to the machine. After successful login I can put back the profile path in domain controller and when I try to login the user again it is working fine. How to solve this issue?RDP Web Access MFA
This has got to be a stupid question but here goes. We use Remote Desktop Services to deliver remote desktops and apps to external parties. We have MFA setup on the launching of the published app or desktop. However, the initial login to the RD Web Access portal (remote.whitehavencoal.com.au) is not MFA enabled and vulnerable to password guessing. I was able to successfully exploit this. The MSP who set this up claims it’s not possible to put MFA on the initial RDP Web Access portal. I find that very hard to believe given MFA is so prevalent and recommended by everyone including Microsoft on everything. Could you help me either confirm this weakness or point me to a solution.
Recent Blogs
- Network ATC continues to be the preferred method to deploy host networking for our Azure Stack HCI customers. For most customers, deployment takes just a single command and completes in a few minutes...Dec 02, 2024
- First published on TechNet on Jan 21, 2013 Hello.Nov 29, 2024
