Recent Discussions
Windows Server 2019 and .NET 4.8?
Hello, On a fully updated Windows Server 2019, roles and features allow me to install only .NET 4.7. One of the solution we are using require .NET 4.8 (Adaxes). When I install .NET 4.8 using the installer available here https://support.microsoft.com/en-us/topic/microsoft-net-framework-4-8-offline-installer-for-windows-9d23f658-3b97-68ab-d013-aa3c3e7495e0 It works, I can install Adaxes, but it break ServerManager as well as Azure AD Connect. What's the correct procedure to install .NET 4.8 on Server 2019 without breaking anything else? Thanks a lot
Storage Migration Service - Can't open transfer and error logs after migrating data
Hi Community, After migrating a drive I'm trying to see which file transfers failed and why but I'm getting this message when trying to open either the transfer log or the errors only log: Transfer Log - Please check file sharing is allowed in your firewall. : This request operation sent to net.tcp://localhost:28940/sms/service/1/transfer did not receive a reply within the configured timeout (00:01:00). The time allotted to this operation may have been a portion of a longer timeout. This may be because the service is still processing the operation or because the service was unable to send a reply message. Please consider increasing the operation timeout (by casting the channel/proxy to IContextChannel and setting the OperationTimeout property) and ensure that the service is able to connect to the client. My destination server is also the migration server (just migrating one drive) and all required ports were openend automatically, I've also double checked the firewall on the source server. Anyone have any ideas?
Windows Admin Center 2410: cannot add computers
After a fresh installation of Windows Admin Center 2410, I cannot add any servers, clusters, PCs etc. WAC gives me "You can add this computer to your list of connections, but we can't confirm it's available" when I enter a computer name (either of FQDN or computer name alone). When I change to the Search Active Directory tab, I get: "We can’t search Active Directory because the Windows Admin Center computer isn’t joined to an Active Directory domain. It’s also possible that your account doesn’t have permission to read from Active Directory." The account I use is a domain admin, and the server running WAC is definitely joined to the AD DS. The server had the previous version of WAC installed where everything worked. Now, with the new version, that's no longer the case...
AD User account deleted by Exchange Machine Account
In my Active directory User account management auditing, 4726 event id raised for a deletion but the person deleted is showing as our Exchange server machine account. Please see the attached image. How could a local exchange server auto delete an AD user id?NUMA Problems after In-Place Upgrade 2022 to 2025
We have updated several Hyper-V hosts with AMD Milan processors from Windows 2022 to Windows 2025 using the in-place update method. We are encountering an issue where, after starting about half of the virtual machines, the remaining ones fail to start due to a resource shortage error. The host's RAM is about 70% free. We can only get them to start by enabling the "Allow Spanning" configuration, but this reduces performance, and with so many free resources, this shouldn't be happening. Has anyone else experienced something similar? What has changed in 2025 to cause this issue? The error is: Virtual machine 'R*****2' cannot be started on this server. The virtual machine NUMA topology requirements cannot be satisfied by the server NUMA topology. Try to use the server NUMA topology, or enable NUMA spanning. (Virtual machine ID CA*****3-ED0E-4***4-A****C-E01F*********C4). Event ID: 10002 <EventRecordID>41</EventRecordID> <Correlation /> <Execution ProcessID="5524" ThreadID="8744" /> <Channel>Microsoft-Windows-Hyper-V-Compute-Admin</Channel> <Computer>HOST-JLL</Computer>Announcing Windows Server vNext Preview Build 26384
Announcing Windows Server vNext Preview Build 26384 Hello Windows Server Insiders! Today we are pleased to release a new build of the next Windows Server Long-Term Servicing Channel (LTSC) Preview that contains both the Desktop Experience and Server Core installation options for Datacenter and Standard editions, Annual Channel for Container Host and Azure Edition (for VM evaluation only). Branding remains, Windows Server 2025, in this preview - when reporting issues please refer to Windows Server vNext preview. If you signed up for Server Flighting, you should receive this new build automatically. What's New Windows Admin Center (WAC) Windows Server preview customers can download and install Windows Admin Center right from the Windows Server Desktop using the in-OS app that takes care of downloading and guides you through the installation process. Note: You must be running a desktop version of Windows Server Datacenter or Standard preview to access this feature. Windows Server Flighting is here!! If you signed up for Server Flighting, you should receive this new build automatically later today. For more information, see Welcome to Windows Insider flighting on Windows Server - Microsoft Community Hub. Feedback Hub app is now available for Server Desktop users! The app should automatically update with the latest version, but if it does not, simply Check for updates in the app’s settings tab. Known Issues Download Windows Server Insider Preview (microsoft.com) Flighting: The label for this flight may incorrectly reference Windows 11. However, when selected, the package installed is the Windows Server update. Please ignore the label and proceed with installing your flight. This issue will be addressed in a future release. Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues. Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only. Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: Available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire September 15, 2025. How to Download Registered Insiders may navigate directly to the Windows Server Insider Preview download page. If you have not yet registered as an Insider, see GETTING STARTED WITH SERVER on the Windows Insiders for Business portal. We value your feedback! The most important part of the release cycle is to hear what's working and what needs to be improved, so your feedback is extremely valued. Please use the new Feedback Hub app for Windows Server if you are running a Desktop version of Server. If you are using a Core edition, or if you are unable to use the Feedback Hub app, you can use your registered Windows 10 or Windows 11 Insider device and use the Feedback Hub application. In the app, choose the Windows Server category and then the appropriate subcategory for your feedback. In the title of the Feedback, please indicate the build number you are providing feedback on as shown below to ensure that your issue is attributed to the right version: [Server #####] Title of my feedback See Give Feedback on Windows Server via Feedback Hub for specifics. The Windows Server Insiders space on the Microsoft Tech Communities supports preview builds of the next version of Windows Server. Use the forum to collaborate, share and learn from experts. For versions that have been released to general availability in market, try the Windows Server for IT Pro forum or contact Support for Business. Diagnostic and Usage Information Microsoft collects this information over the internet to help keep Windows secure and up to date, troubleshoot problems, and make product improvements. Microsoft server operating systems can be configured to turn diagnostic data off, send Required diagnostic data, or send Optional diagnostic data. During previews, Microsoft asks that you change the default setting to Optional to provide the best automatic feedback and help us improve the final product. Administrators can change the level of information collection through Settings. For details, see http://aka.ms/winserverdata. Also see the Microsoft Privacy Statement. Terms of Use This is pre-release software - it is provided for use "as-is" and is not supported in production environments. Users are responsible for installing any updates that may be made available from Windows Update. All pre-release software made available to you via the Windows Server Insider program is governed by the Insider Terms of Use.
How do I create a new certificate for Windows Admin Center??
I just now observed that our internal WAC certificate was only two months old and it's already expired. Can I simply create and use our own self-signed certificate and use it?? Do I install it like normal certificates within the Certificates MMC and WAC will automagically use it?? Thank you, TomPowerShell, Hyper-V: Examine network object relationships.
Is it possible in PowerShell do do things like: Get all VMNetworkAdapters connected to a given VMSwitch Get all VMNetworkAdapters provided by a hypervisor (conected to either a VM or the management OS) When I have the name of a VMNetworkAdapter only, determine whether it's connected to the management OS, or a VM, and if connected to a VM, what VM that is without examining each single endpoint (VM, management OS) and creating a database of objects and their relationships that allows me to get the desired information? Certainly not a couple of PowerShell code lines only, and depending on the size and type (remote, local) of the virtualization environment, I can imagine that time is a factor too.
best /easiest way to grant non-admins permissions to manage windows services remotely
As a part of an automation effort, we want to grant non-admin users the ability to remotely manage certain app services on domain member servers (Windows Server 2022 OS, stop/start/status). I've played around with JEA but was only able to get the get-service command to work, not the stop or start-service. I also played around with group policy, granting FC for the user on the app service, but that didn't seem to do anything at all. I ended up running sc sdset commands on a service, which seemed to work, but that also seems very clunky and not at all easily streamlined, especially if we have several servers to manage that way. Ideally, if the group policy setting would have worked, that'd be a great solution, but I don't know what I'm missing. Has anyone here been able to easily manage granting permissions for non-admin users to manage services or even IIS app pools on remote Windows servers? Most of the time the code used has been powershell, but if there's batch commands that work better, we could use those too. I just don't want to grant local admin permissions just to manage services. Any advice/guidance is greatly appreciated. GinaServer 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"
OS: Windows Server 20225 Standard Core (no GUI), build 26085.1 Role: ADDS, DNS ForestMode: Windows2025Forest DomainMode: Windows2025Domain Platform: Hyper-V guest When standing up a clean Windows Server 2025 using server core and configuring it as a domain controller, the network category (profile) always shows as "public." A clean load of Windows Server 2022 with server core as a domain controller has the same behavior. However, in Server 2022, the fix is to add DNS as a required service to the nlasvc (Network Location Awareness) service. Once that is done, the network category reflects "DomainAuthenticed" and persists between reboots. In Server 2025, the nlasvc service does not have the same requiredservices as Windows Server 2022, and it does not start automatically. Even after configuring the nlasvc service the same way it is in Server 2022 and adding DNS as a required service, the network category still reflects "public." The only way to get the network category to properly reflect the "DomainAuthenticated" status is to disable and reenable the network adapter after each reboot.Inconsistent WinRM Connections
Hi, I've deployed version WAC 2.4.1 (v2) in the past week and have found connections to servers outside the local subnet very inconsistent. The comms side of things have been checked and we have no issues with firewalls or ACL's, and our servers are properly setup to allow WinRM connections from nodes in other subnets (Windows Firewall is also configured accordingly). The connections from our gateway server to other servers (in different subnets) do work, but when we first logon to the gateway server each day I can connect to the servers on the same subnet as the gateway without issue, but then get WinRM connection issues for the other servers. However, if I then leave it for a couple of minutes and try again, I can get connected to the servers in the other subnets without issue and get no WinRM error messages. It's a very strange issue, and all the servers concerned are on Windows 2022. Has anyone else experienced this? Thanks, KennyHow to diagnose lsass.exe leaking memory on Server 2022
Since last week, one DC (it differs, depending on reboot order as to which one, so clearly due to something on the network selecting the DC as a login server) has a huge lsass.exe memory issue. I had to reboot one DC after the process hit 6GB in size. Here's the progression of the process since that reboot: Is anyone else seeing this, perhaps since last week's updates? Any suggestions for how to diagnose?BLOG: CVE-2024-38063 - Disabling IPv6 binding = fix - or not?
Dear community, in today's LinkedIn Stream and other social media you might have noticed a recent CVE and the recommendation to disable IPv6 in Windows Server and Windows Client. We are talking about this one: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 Reading the advisory carefully, Microsoft, strictly speaking, does not directly recommend disabling (technically remove binding) of IPv6. Citing: "Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: Systems are not affected if IPv6 is disabled on the target machine." Maybe I am a bit nitpicking here about old experiences and would greatly appreciate a refreshed Microsoft statement on the disablement (unbinding) of IPv6 and the side-effects in 2024. What we have learned in the past - do no disable IPv6 easily. - yes, you can face issues with IPv6 being on by default and unexpected or misconfiguration. Often caused by DHCPv6, especially in the combination of critical domain controllers, Dual Stack ISPs and SoHo routers messing up your DNS. What's the fuss about IPv6? I am not actively using it in corporate / at home. IPv6 is being used in Windows. More specifically non-routable fe80 addresses and loopback ::1 for internal purposes of Windows or other software. One may complain use cases are - unrightfully - not well and transparent documented. Have a read in the past Here are some references that Copilot brings up. Trust my memory, I've read more like this. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ipv6-for-the-windows-administrator-why-you-need-to-care-about/ba-p/256251 https://community.spiceworks.com/t/is-it-a-bad-practice-to-disabe-ipv6/781811/9 https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows My personal conclusion Hold on, we need patches for this CVE, but we should not disable IPv6 easily. Please disable IPv6 temporarily, when you cannot patch this CVE immediately / in time. Take notes which system you have had to disable and consider re-enabling once patches have been tested and applied. If you are using IPv6 knowingly, note the NIC configs. They will be lost when using static settings rather DHCPv6. I am sad to see that NetSec people, undoubtedly experts in their area, jump on the bandwaggon esp. on Social Media to easily disgrace the IPv6 by default enablement of Windows Client and Windows Server, telling you the easier story: "Disable IPv6 and you are good / if you do not need it." Let me counter: You might not know you're "needing it" it in the first place. Whenever you are changing system defaults in Windows, mind that Microsoft and other software vendors may not consider these changes in their testing. And the Crowdstrike Black Friday showed us clearly how outlier system configs and unwell testing goes along. Not very well. IPv6 usage and defaults today One of the most recent example that Microsoft is using IPv6 can be found in the Azure Arc Agent (Connected Machine Agent) changelog: "Better handling when IPv6 local loopback is disabled" source: https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes How can I disable IPv6, if required? Many roads led to Rome. Windows + X > Terminal / PowerShell (Admin) #save current NIC config into a simple text file Get-NetAdapterBinding -ComponentID "ms_tcpip6" | where Enabled -eq $true | Out-File $env:temp\original-ipv6-config.txt #disable IPv6 on all adapters Get-NetAdapterBinding -ComponentID "ms_tcpip6" | where Enabled -eq $true | Disable-NetAdapterBinding And how to revert the change? Windows + X > Terminal / PowerShell (Admin) #enable IPv6 on all adapters (mind the text file) Get-NetAdapterBinding -ComponentID "ms_tcpip6" | where Enabled -eq $true | Enable-NetAdapterBinding TL:DR Microsoft is using fe80 addresses and loopback ::1 addresses for internal reasons. IPv6 is preferrably used over IPv4 when it is bound to a network adapter, including said special non- routable addresses. Please disable IPv6 temporarily, when you cannot patch this CVE immediately / in time. Take notes of current config. Please share the word and mind that disabling IPv6 can turn your OS into an outlier system, causing immediate or later issue due lack of testing by Microsoft or other software vendors, assuming the defaults, which is IPv6 being turned on.
Events
Meet our Windows Server and Azure engineering leaders and get a look behind the scenes at what's coming next in Windows Server, Azure and hybrid cloud innovations. Speakers: Rick Claus, Douglas Ph...
Online
Windows Server 2025 is the easiest to upgrade Windows Server version ever. In this session, Rob Hindman and Jeff Woolsey will discuss media upgrade and features updates in depth. Speakers: Rob Hin...
Online
Recent Blogs
- Deploying Windows Server 2025 Clusters with Edge Networking Solutions Part 1: How Network ATC Simplifies Host Networking at Contoso Medical Center In today's digital era, a reliable and secure net...Mar 25, 2025
- Security helps protect sensitive data and critical infrastructure. Cyberattacks are on the rise, and it is more critical than ever to ensure that your Windows Server infrastructure is secure. To help...Mar 04, 2025
