Recent Discussions
Turning Off Tamper Protection on Workstations
How do I turn off Tamper Protection on a domain-joined Windows 11 workstation? The problem is a workstation has Windows Defender in Passive Mode instead of being in Not Running mode after installing a 3rd party antivirus. Windows Defender is making running network applications from the servers much slower because it's still real-time scanning. I also suspect Tamper Protection is also preventing network drive exclusions from working on this workstation and on the ones that use Windows Defender without a 3rd party antivirus. I've tried adding every registry entry, Group Policy, and PowerShell command on the local workstation I could find to disable Windows Defender, but nothing works. I'm assuming this is due to Tamper Protection ignoring everything? This is an on-premises domain and doesn't use Microsoft Intune or Microsoft Endpoint Configuration Manager.Solved125Views0likes2Comments
Admin Center choosing the wrong certificate
Windows Admin Center version 2410, build 2.4.2.1. We're encountering an issue following the instructions outlined https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/configure/update-certificate?tabs=powershell when replacing the WAC certificate. We've installed a certificate from a third-party CA in the local machine store. The common name matches the DNS FQDN and hostname of the server. Despite specifying the thumbprint of the 3rd party CA cert with the "Set-WACCertificateSubjectName" cmdlet, WAC binds to a different certificate issued by our internal CA for WinRM. The WinRM cert shares the same common name, but it has a later expiration date. I suspect WAC is picking the certificate with the latest expiration date. This also happens when using the GUI, even when we specify the 3rd party cert during customization. We've confirmed that the NETWORK SERVICE account has rights to the private key on the cert as well. I tried deleting the binding using netsh and rebinding to the updated thumbprint. While this is successful, and the output from "netsh http show sslcert" shows the 3rd party CA cert on the port 443 binding, the browser still presents the Internal-CA cert on 443 even after restarting the WinRM and Windows Admin Center services (and rebooting). It seems like there is an issue when multiple valid certificates exist with the same common name in the machine store. Additionally, the "Set-WACCertificateAcl" seems to fail in this case. The Configuration log contains the error below whenever it is run. Set-WACCertificateAcl: Unable to find machine key path for certificate. Skipping setting access control list. We'd prefer to use the 3rd party cert for the HTTPS port and the internal CA cert for WinRM. Is this possible?Solved133Views0likes1Comment
WINGET is not recognized as a commandlet on win 2k19 server fresh setup
I have setup a new win2k19, I followed the instructions Install-PackageProvider -Name NuGet -Force | Out-Null Install-Module -Name Microsoft.WinGet.Client -Force -Repository PSGallery | Out-Null Repair-WinGetPackageManager When I try anu winget command I get winget is not recognized as a commandletSolved96Views0likes2Comments
Certificate authentication with SID not working
When trying to login to Windows (against AD) using a certificate with the SID extension present in the certificate, it will not work if the SAN UPN is missing in the certificate. The error message "Your credentials could not be verified" will be displayed. Changing the certificate template to include SAN UPN will make the login work as expected. Is it by design?Solved170Views0likes2Comments2025-10 Cumulative Update for Windows Server 2019 (KB5066586) Undoes Update on Reboot
We have a Windows Server 2019 Standard which will not install the 2025-10 Cumulative Update for Windows Server 2019 (KB5066586) update. The installation part goes fine, but when the server is rebooted to finalize the update, it goes into "Undoing changes". Then it reboots again, and I am back where I started. The error code is 0x8007000d. I have done the following to debug this: Ran System File Checker sfc /scannow. No errors found. DISM /Online /Cleanup-Image /ScanHealth. No errors found. Ran Windows Update Troubleshooter. No errors found. Shut down Windows Update services. Renamed SoftwareDistribution and Catroot2 folders. Restarted services. No change. Ran ScanDisk. No errors found. Disabled antivirus. No change. Ran Disk Cleanup and manually deleted additional temp files. No change. Checked Event Viewer. Only error is Event 20 which is a failure of the Windows Update Agent. I am out of ideas. If anyone has some, I would much appreciate the help. I am out of ideas.Solved1.4KViews0likes10Comments
Replacing our Server 2016 RDS with Server 2022 RDS
Hi All, I have a Server 2016 terminal server. I set it up a while ago obviously, and I have 10 2016 RDS CALS installed in the RD license manager. We are part of a domain, and I have a group policy assigned to our current RDS server with lots of user options like session limit, printer redirection, max profile size, etc. I created a new Server 2022 VM and installed the RDS role and all it's features. But for some reason, it doesn't appear to be configuring the services. I add the roles via Server Manager once installed, the computer reboots when the server comes back up, Server Manager starts and says the install is complete. But when I go to the Remote Desktop services section in Server Manager, I get this message: "A remote Desktop Service deployment does not exist in the server pool. To create a deployment, run the Add Roles and features wizard and select the Remote Desktop Services installation option." From looking around on the Internet, at step 3. there should be a configuration step where Server Manager starts and configures the RD gateway, license manager, etc. I also found some articles on the Internet about disabling IPv6 or making sure the server is a member of a domain. I've already tried those things and it's still not helping. I also removed all the Roles and readded, but it still behaves the same. The configuration step doesn't start on reboot and no RDS server. I also installed a web certificate and installed it on the server from my CA. Is there a better way to do this? I haven't worked with RDS in a long time. Here's some event viewer messages Event ID 1306 Remote Desktop Connection Broker Client failed to redirect the user domain\administrator. Error: NULL Event 102 The Remote Desktop Gateway service requires a valid Secure Sockets Layer (SSL) certificate to accept connections. Ensure that you have obtained a valid SSL certificate, and then bind (map) the certificate by using RD Gateway Manager. For more information, see "Obtain a certificate for the RD Gateway server" in the RD Gateway Help. The following error occurred: "259" Event ID 2056 The Remote Desktop Connection Broker server could not enumerate the targets for the provider named NULL from the database. Pooled virtual desktop collection name: NULL Error: Logon to the database failed. Event ID 85 The Remote Desktop license server could not be registered as a service connection point in Active Directory Domain Services (AD DS). Ensure that there is network connectivity between the license server and AD DS. To register the license server as a service connection point in AD DS, use Review Configuration in the RD Licensing Manager tool.Solved305Views0likes2CommentsUpdating PowerShell5 via WSUS - possible and needed?
Good day, not sure if its the right subforum. If not, please move. I have a couple of 2016 servers in a domain where I handle updates via WSUS. On the WSUS, in the tab Products and Classifications, PowerShell - x64 is check marked but PowerShell Preview - x64 is not. I guess this refers to PowerShell 7 and it works on the servers on which PowerShell 7 is installed. But the PowerShell 5 versions are not updated via WSUS. The PSVersion on some servers show PSVersion 5.1.14393.8062 which is not the most current. Is there a way to update PowerShell 5 via WSUS, how's the Product named in the tab Products and Classifications? Is it possible to update PowerShell 5 via WSUS at all ?Is there a need to update it at all? Best RegardsSolved136Views0likes1Comment
Wireless secure Windows server 2022
Hello everyone, I am trying to implement ‘wireless secure’ in my domain. I have followed various guides and everything seems to be configured correctly, but I keep getting this error: Reason: Explicit EAP error received Error: 0x40420016 EAP reason: 0x40420016 EAP root cause string: Network authentication failed\nThe authentication method required to connect to the network is not available in Windows. EAP error: 0x40420016 I have verified that communication via AP-WLC-NPS is working correctly, but it is unable to authenticate via eap-tls. Do you have any suggestions? I have collected several logs, but many of them may not be necessary. Thank you for your support.Solved143Views0likes1CommentWindows Admin Center.exe exception (0xe0434352)
I have installed an Azure Local 23H2 one-noded stack and enabled Windows Admin Center (Preview) extension via Azure portal. Solution version: 10.2503.0.13 Node OS Build: 25398.1486 Node Azure Arc Agent version: 1.46.02809.1841 however the WindowsAdminCenter service on the node will not start: Extension Message: Executing Enable operation, SettingDnsRecords: Creating/updating DNS records, GetDataFromMetadataService: Getting data from Azure metadata service, GetInstanceMetadataForArc: Retrieving the virtual machine instance metadata information, GettingWacPort: Getting Windows Admin Centers configured port, GettingCSPFrameAncestors: Getting Windows Admin Center configured CSP frame ancestors, UpdatingWindowsAdminCenterConfiguration: Updating Windows Admin Center Configuration, StoppingWindowsAdminCenterService: Stopping Windows Admin Center service, UpdatingInstallationTypeSettings: Updating Installation type for Windows Admin Center, UpdatingCSPSettings: Updating CSP Frame Ancestors for Windows Admin Center, UpdatingCORSSettings: Updating CORS origins for Windows Admin Center, UpdatingPort: Updating port for Windows Admin Center, UpdatingWebSocketValidationOverride: Updating WebSocket validation override settings, UpdatingTokenAuthenticationEnabled: Updating token authentication setting, UpdatingAutoUpdate: Updating auto update setting, SettingProxy: Updating proxy for Windows Admin Center, GettingWacPort: Getting Windows Admin Centers configured port, UpdatingWindowsAdminCenterConfiguration: Updating Windows Admin Center Configuration, GetDataFromMetadataService: Getting data from Azure metadata service, GetInstanceMetadataForArc: Retrieving the virtual machine instance metadata information, TestWACAppServiceReachability: Testing reachability of Application Web Service of Windows Admin Center, GetAccessTokenForArc: Getting access token from Azure Arc's identity endpoint, GetDataFromMetadataService: Getting data from Azure metadata service, GetInstanceMetadataForArc: Retrieving the virtual machine instance metadata information, WriteCertificateThumbprint: Storing certificate thumbprint for future reference., RetrieveCertificate: Retrieving certificate from key vault using app service, ImportingCertificate: Importing Certificate to Certificate Store, StoppingWindowsAdminCenterService: Stopping Windows Admin Center service, UpdatingSubjectName: Updating WAC certificate subject name, UpdatingCertificateACL: Updating WAC certificate ACL, UpdatingServicesEndpoints: Updating WAC endpoint FQDN, StartingWindowsAdminCenterService: Failed to start Windows Admin Center service In Event viewer (system) I can see that the service starts and then stops again right after with the following error: Windows Admin Center.exe exception (0xe0434352) I have tried to reboot node and remove and reinstall extension. But the error persists. I know it is in preview but I would like to get it to work. Any suggestions?Solved424Views0likes2Comments
Server 2022 WMI Issues
Hi there, I have a Server 2022 with WMI problems affecting the server in a few ways. The server is a domain controller, RD Broker and hosts some files also. The server actually operates ok for the users day-to-day. I discovered the issue when opening AD Connect, getting an Invalid Class error message. When running various fundamental commands at the command prompt (e.g. tasklist) I get the same error. When looking at the WMI Control in Computer Management again - Invalid Class. I have tried various fixes found online such as verifying the WMI repository (it comes back as consistent) but I think I've reached a dead end. I don't want to restore the server from backup as I believe this issue has been ongoing for a couple of months before it was discovered. I can't get in to the Remote Desktop part of server manager to replace the certificate, and the certificate expires next week. Does anyone have any ideas please? Any help greatly appreciated, thanks. ChrisSolved409Views0likes2CommentsWindows Server 2025 DC Won't Install / Uninstall MSI packages, NIC Domain Category issue.
In the last week I have set up a Win 2025 Server Std Hyper-V host with 2 VMs, one being a domain controller. I have discovered that once the machine is promoted to a DC I can no longer install any .msi packages. .exe packages seem to work fine. My scenario: After setting up the VM (before promotion to DC), I installed my RMM package (.msi - NinjaRMM) and all was fine at that point. I can see and access the VM in my RMM console. After promoting the machine to a DC, I noticed later that the status in my RMM was offline or disconnected. I soon discovered this problem with installing / uninstalling packages. Somehow I was able to uninstall the NinjaRMM, but could not re-install it. Also when Ninja installs the agent it also installs Splashtop. At this point I cannot uninstall Splashtop. Using something simple like the Putty 64bit .msi for testing. Can't install that neither. Any .msi I have tried just hangs for about 30 minutes then times out. Main error code in the .msi log is 1603, which is supposed to be closely related to permissions, but I have found no issues with permissions. Check GPO and have found nothing there either. I have Win 2022 DCs in the same domain and have no issues installing / uninstalling these packages. Internet search has found similar issues, but no answers. Secondly, when rebooting the 2025 DC, the NIC initially gets assigned the Public network category. Disabling / Re-Enabling the adapter the Domain category is immediately assigned. Secondly, I attempted to create a PS script to restart the adapter at startup (task manager...set to run as SYSTEM), and while the tasks starts, it never runs the script. After working with ChatGPT it was suggested to change the script to have a simple one line command 'Exit 0' statment. That doesn't run either. Seems that this problem has relations to being run as SYSTEM, which I believe is also related to the install issue. Internet searches found others stating they have encountered similar issues, but no resolutions. For the install issue, some have stated that if they demote the DC to a member server, .msi installs run successfullly (which seemed to be my case before I promted it a DC). I haven't tried demoting it to a member server, but I did spin up a second Win 2025 Server VM, joined it to the domain and at that point I have no issues installing / uninstalling anything...including .msi packages (oops, I did state this in an earlier paragraph). Tried contacting MS. Seems with no support plan they won't talk with me. That's awesome, you pay for a product, and they won't provide support for it. Such a joy. Hoping that someone might have seen these issues as well. LThibxSolved3.7KViews0likes4CommentsNo support for Protected Users in Microsoft Entra Domain Services?
I have been loooking into mapping best practices about configuring hardening / tiering model from on-premises Active Directory to Microsoft Entra Domain Services (MEDS). I'm well aware that MEDS is NOT a replacemenet for AD DS and have many restrictions and missing features, but that does not stop me from wanting to make it as secure as possible for member servers to be joined to. Since MEDS is a PaaS in Azure, deployed from within Azure and managed in another way than Active Directory, of course there are different ways of implementering a good tiering model. In my study I wanted to see if I could enable Protected Users feature (join users to Protected Users Group). However I find this group to be present but not possible to add members to (feature greyed out). I have a member server in the MEDS instance and have installed AD DS Tools. My user is member of AD DDS Administrators group. I would like to know if anyone have some knowledge on the subject to share?Solved147Views0likes1CommentIncrease the size of user profile disk in my remote desktop server
Hi all experts. I have a server for remote desktop services purposes, Windows 2016 standard, and domain joined. It is configured using User Profile Disk, and the maximum limit is set to 5GB. I want to increase the maximum limit but I can't do it under the collection's properties because that field is grayed out. My questions: How to increase the maximum limit? Please guide me and let me know how. Can I increase the maximum limit for 1 single user only? If yes, please let me know how. I found some info from the web that this can be done by the Diskpart command, is it true? If I follow the Diskpart method, do all user profiles encounter data lost? I need your guidance and input, I appreciate it. Here are some images:Solved3.2KViews0likes6CommentsWindows Server 2022 or 2025 Data Centre edition- concurrent editing of Microsoft office documents
Does Windows Server 2022 or 2025 Data Centre edition provide real time collaboration or concurrent editing (through workspaces etc) by multiple users on Microsoft office documents hosted on it locally. So for the sole purpose of having concurrent editing feature of office documents, can Windows Server 2022 or 2025 Data Centre edition become an alternative to using Sharepoint server hosted locally or on premise.Solved296Views0likes2CommentsRAM Memory Leak Issue
Good morning. I am experiencing issues with an updated installation of Windows Server 2016. The task manager reports 8.1GB of memory used (which normally tends to grow indefinitely), and I can't figure out what is using this memory. The growth is about 1GB per day. However, no processes appear that justify the 8GB of RAM used. Even using RAMMAP, I can't find anything significant... On the server, additionally, we have SentinelOne as antivirus and Apache-Tomcat. Thank you for your help.Solved321Views0likes2CommentsWindows Admin Center v2.4 will not use SAN Cert
Hello, We've noticed an issue with the new Windows Admin Center Modernized Gateway (v2.4) and SAN certificates, at least in our environment. All of our servers get an autoenroll computer certificate (hostname.domainname.com) -- it only uses a common name, and has no subject alternative names. For webservers, we generate an additional certificate with subject alternative names, so that web browsers do not report an insecure https website. Windows Admin Center v2.4 does not seem to work with these certificates. When installing WAC and selecting the correct SAN certificate in the "Custom Setup" or even setting the certificate manually using Set-WACCertificateSubjectName -Thumbprint 'thumbprintofcert' the website will only use the autoenroll certificate. I deleted the autoenroll certificate from the machine, and tried setting the certificate to the SAN cert and the site will not even load. As soon as I forced a gpupdate /force to get a new autoenroll computer certificate and it will use that one, but never the SAN cert. Just in case it was the subject name of the cert, I generated a new SAN cert with a completely different name from the autoenroll cert: WAC.domainname.com instead of APP-WAC01.domain.com. I then used the Set-WACCertificateSubjectName -Thumbprint and verified that it was using the new SAN cert by running Get-WACCertificateSubjectName and it showed that it was using the WAC.domainname.com certificate. Website would not load at all. So I don't know if it has issues with SAN certs, or anything other than an autoenroll certificate with only a common name, but nothing works. If Windows Admin Center Modernized Gateway still used IIS, we'd be able to get IIS to use the SAN cert like the previous version of Windows Admin Center. Is this a known issue? Anyone else having issues with SAN certs? -JSolved959Views0likes5CommentsActive Directory Functional Level Support
Hi all, This is a first time post for me here but I am struggling to find this information out from MS or MS support themselves. I am currently assisting a customer upgrade some servers from Windows 2012 R2 to Windows 2022 and 2 of the servers are DCs. Now I am well across the recommended upgrade process but I have seen in their current AD that they are running functional level 2008 R2. I am well aware that 2008 R2 and 2012 R2 are no longer supported but what about the AD functional level? Now I have researched this half to death across the MS KBs, tech forums etc. and I am conflicting information. Some MS representatives in forums have said that these functional levels are not supported but they don't supply any official documentation or statement from MS which says this. I just raised a ticket with MS support to ask the question but the responding engineer was confusing as hell and whilst I appreciate English would be their second language, I don't think they understood what I asked. So is there anyone in the discussion forum who knows the answer to this? If you do, can you please point me to the official MS statement backing this up as well. Is AD functional level 2008 R2 and 2012 R2 supported or not supported? Appreciate any help anyone here can provide. Cheers AlexSolved1.5KViews0likes4Comments
Events
Recent Blogs
- 7 MIN READOh boy, here we go again. The last time I talked about a networking tool, the infamous iPerf3 article, I kicked up a hornet’s nest online. This one should not be controversial. I hope. The choi...Jan 08, 20261KViews5likes5Comments
- 5 MIN READWe’re thrilled to announce the arrival of Native NVMe support in Windows Server 2025—a leap forward in storage innovation that will redefine what’s possible for your most demanding workloads. Modern ...Dec 15, 202574KViews16likes90Comments
