Recent Discussions
Windows Server 2025 24H4 is not useable anymore after Nov. Update KB5068861
Hello, currently, on several Windows Server 2025 Datacenter systems, version 24H2, I am experiencing severe issues accessing network resources after the automatic installation of update KB5068861. This affects network access from Windows Server 2025 24H2 to Windows Server 2025 24H2. Access from these servers to older Windows Server 2016 systems works without any problems. When entering a UNC path—whether by name or by IP—I am always prompted for my credentials, even as a domain administrator. No matter which credentials I enter, I always receive the message that the username or password is incorrect. Under “Change advanced sharing settings,” the two switches “Network discovery” and “File and printer sharing” are set to OFF in the domain network after the update. Re-enabling these two options, which are normally enabled by default, does not improve the situation. Since this patch, I also have an issue on a Windows Server 2025 RDS host where a logged-in user cannot type in the “Search” field. Additionally, the performance on the RDS host feels extremely sluggish. Unfortunately, uninstalling the patch is not possible. The patch KB5067036 is not installed. I have already performed a restore to the day before KB5068861 was installed, but without the desired improvement in performance. Even after the restore, I still cannot access the network via UNC through File Explorer as a user. In the search window, I can access via UNC path. As an administrator, access via UNC path works both in File Explorer and in the “Search” field. Everything worked fine before 11/11/2025. Has anyone had similar experiences or already found a solution? Is a patch for the patch planned? Currently, troubleshooting feels like groping in the dark! In this state, the 24H2 server is no longer usable. What was Microsoft even thinking, releasing such faulty patches—and for weeks now? Is there still any quality control at Microsoft for such critical updates and patches? Thanks for every support, idea, and comment.
Turning Off Tamper Protection on Workstations
How do I turn off Tamper Protection on a domain-joined Windows 11 workstation? The problem is a workstation has Windows Defender in Passive Mode instead of being in Not Running mode after installing a 3rd party antivirus. Windows Defender is making running network applications from the servers much slower because it's still real-time scanning. I also suspect Tamper Protection is also preventing network drive exclusions from working on this workstation and on the ones that use Windows Defender without a 3rd party antivirus. I've tried adding every registry entry, Group Policy, and PowerShell command on the local workstation I could find to disable Windows Defender, but nothing works. I'm assuming this is due to Tamper Protection ignoring everything? This is an on-premises domain and doesn't use Microsoft Intune or Microsoft Endpoint Configuration Manager.
Cache drive reconfiguration in Server 2025 Storage Spaces Direct cluster
We have a three node S2D cluster running Server 2025, with the storage in a 3 way mirror, running Hyper-V VMs. Each node has 4 x NVMe drives that are currently being used as cache drives, but which are connected to a RAID controller (in HBA mode), so in the S2D configuration they appear as SSD drives rather than NVMe drives. We've purchased the required cables and drive bays to be able to reconfigure the NVMe drives so that they're attached directly to the PCIe bus, so they'll show up as NVMe drives and hopefully give us a performance boost, so I'm just trying to plan the reconfiguration. I was hoping it would be a relatively simple process of shutting everything down, reconfiguring the storage and bringing everything back online, but ChatGPT suggests things won't be that easy and that a complete reconfiguration of the storage would be required. So in a nutshell, can the cache drives be reconfigured without a complete rebuild of the S2D storage ? Cheers, Rob
AOVPN / Reasoncode 16
We have an always on vpn configuration. This worked fine till few months ago, users can't get connected anymore. After reboot of NPS server, all works fine for some time (random, sometimes 1 day, 2 days, 1 week), till the users can't get connected again. Reboot of nps server solves it. When users can't connect, I see an event on NPS server with reason code 16 Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information. User: Security ID: xxx Account Name:xxx Account Domain: xxx Fully Qualified Account Name: xx Client Machine: Security ID: NULL SID Account Name: - Fully Qualified Account Name: - Called Station Identifier: x.x.x.x Calling Station Identifier: x.x.x.x NAS: NAS IPv4 Address: x.x.x.x NAS IPv6 Address: - NAS Identifier: server-VPN01 NAS Port-Type: Virtual NAS Port: 14 RADIUS Client: Client Friendly Name: server-VPN01 Client IP Address: x.x.x.x Authentication Details: Connection Request Policy Name: Virtual Private Network (VPN) Connections Network Policy Name: Virtual Private Network (VPN) Connections Authentication Provider: Windows Authentication Server: server-NPS01 Authentication Type: PEAP EAP Type: Microsoft: Smart Card or other certificate (EAP-TLS) Account Session Identifier: 33373834 Logging Results: Accounting information was written to the local log file. Reason Code: 16 Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect. As said, reboot of nps solves issues temporary. Already installed new nps server but same issue. Any suggestions where to check ?Microsoft Clearinghouse server connection issues + phone line is dead end
We see a rising number of customers having issues installing or reinstalling their RDS Licenses via automatic connection. According to volume licensing support reinstalling licensing should not work this way any longer and requires customers to contact the RDS activation hotline which is +49 800 5077777 for Germany. If you dial through the menu and reach the RDS Licensing support, for weeks it is not possible to get through speaking with any agent. Instead the phone computer asks for your phone number and to enter it via your phone (DTMF). Whatever the way you enter a number like +492212343434 or 02212343434 it ends up that the voice computer says the number cannot be recognized. I guess that the Microsoft Clearinghouse server has issues with TLS 1.2 and some ciphers but we cannot pin it down even with the networking guys. Here are some possible messages: Customer A: Cannot install licenses, the server is correctly activated and can also be reactived successfully Customer B: Cannot install licenses, server ist correctly activated but can only be reactivated via web. Interestingly activating or reactivating the RDS CAL Server itself works fine on some customers On Other customers even this is not successful anymore due to connection issues. I began to see this last year when customers began to use Windows Server 2019 RDS CAL Servers, while Windows Server 2016 and 2012 R2 were unaffected. We have tried to setup a fresh Windows Server but no help. So 3 things causing a combined issue and blocker: - the RDS CAL phone support is unavailable in Germany - Automatic activation installing new licenses does not work (but is required for RDS via CSP) - Automatic activation re-installing already activated licenses does no longer work according to VL Support as - Automatic activation for Activation / Reactivation of a Server does not work anymore for some customers due to connection issuesWINGET is not recognized as a commandlet on win 2k19 server fresh setup
I have setup a new win2k19, I followed the instructions Install-PackageProvider -Name NuGet -Force | Out-Null Install-Module -Name Microsoft.WinGet.Client -Force -Repository PSGallery | Out-Null Repair-WinGetPackageManager When I try anu winget command I get winget is not recognized as a commandlet
vNVMe on Hyper-V to unlock PCIe 5.0 NVMe performance
On hosts with NVMe PCIe 5.0 (E3.S/U.2), Hyper-V guests still use virtual SCSI and leave a lot of performance on the table. We are paying for top-tier storage, yet software becomes the limiter. A virtual NVMe device that preserves checkpoints/Replica/Live Migration would align guest performance with modern hardware without forcing DDA and its operational trade-offs.
Windows Admin Center 2410 not updating Server 2025
Hi, I have 3 new 2025 servers all updated and on the domain. Windows Admin center is working fine with all other servers (2012, 2016, 2019, and 2022). For these 3 new servers, I can connect and login through Adm Center and when I choose the "updates" tab the circle in the middle of the screen spins indefinitely. It never even shows if updates are available or not, it just spins. If I log onto the servers locally, I can see and install updates manually. But when I go back and connect through ADM Center, I just get the spinning circle. I currently only have 3 2025 servers, so for me it appears to be an issue with how they talk to ADM Center concerning updates. (and this makes me hesitate to update other servers) I've tried RDP, registry, Powershell, etc (all through ADM Center). It ALL works, but updates never do. Additionally the 2025 servers are able to communicate just fine to report update status to our WSUS server. If I click the "update history" tab on the updates page in Admin Center, I then see an error, but not sure what would be denying anything, when the connection already seems to be made: "Message We couldn't check update history. Error: (1) RemoteException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) (2) RemoteException: The property 'ServerSelection' cannot be found on this object. Verify that the property exists and can be set. (3) RemoteException: You cannot call a method on a null-valued expression. (4) RemoteException: You cannot call a method on a null-valued expression." I tried to temporarily disable the firewall with no change in behavior. The account I'm using is a domain admin account and also added to the local admin group for testing.
Add support for sha-2 and sha3 in Supported Kerberos Encryption Types
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/decrypting-the-selection-of-supported-kerberos-encryption-types/ba-p/1628797 https://web.mit.edu/kerberos/krb5-devel/doc/admin/enctypes.html#enctype-compatibility It seems like `aes128-cts-hmac-sha256-128` and `aes256-cts-hmac-sha384-192` are supported by other Kerberos implimentations, but not yet supported by Windows Server. Can those be added to Windows Server? Also can you please think about adding sha-3 based ones too?
Unable to use a certificate from my Windows CA
I am trying to use my own certificate signed by my CA, instead of the self-signed SSL certificate it offers by default. In fact, with the self-signed SSL certificate, WAC runs on HTTPS: However, when I switch to the certificate I have generated in my CA: When I try to access the link, it returns me: So if I switch back to self-signed SSL certificate: The WAC console is working properly again: What I doing wrong when I generate that certificate?Securing ldap in WIndows AD
Hello everyone. I would like to secure the use of LDAP within an Active Directory domain. My domain has three Windows 2022 DCs. Searching online, I found these suggestions: Enforce LDAPS (LDAP over SSL/TLS) Disable Plain-text LDAP Bindings Block or Restrict Port 389 (Optional but Recommended) Enable Channel Binding Tokens (CBT) Does it make sense to only allow certain users to browse LDAP? Could limiting LDAP browsing to certain users cause problems? ThanksUnable installing extensions from a different feed
I added a new feed from a path, and WAC is telling me it can't read the feed or update the corresponding catalog. I followed the instructions in this link: "https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/configure/using-extensions#installing-extensions-from-a-different-feed". In fact, since my network isn't connected to the internet, I also followed the instructions in this other link: "https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/configure/using-extensions#installing-extensions-on-a-computer-without-internet-connectivity". Regarding adding a file share as a source, it must meet the criteria outlined in this link: "https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/configure/using-extensions#installing-extensions-from-a-different-feed". However, I'm getting these error messages and therefore don't have any extensions available to add:NUMA Problems after In-Place Upgrade 2022 to 2025
We have updated several Hyper-V hosts with AMD Milan processors from Windows 2022 to Windows 2025 using the in-place update method. We are encountering an issue where, after starting about half of the virtual machines, the remaining ones fail to start due to a resource shortage error. The host's RAM is about 70% free. We can only get them to start by enabling the "Allow Spanning" configuration, but this reduces performance, and with so many free resources, this shouldn't be happening. Has anyone else experienced something similar? What has changed in 2025 to cause this issue? The error is: Virtual machine 'R*****2' cannot be started on this server. The virtual machine NUMA topology requirements cannot be satisfied by the server NUMA topology. Try to use the server NUMA topology, or enable NUMA spanning. (Virtual machine ID CA*****3-ED0E-4***4-A****C-E01F*********C4). Event ID: 10002 <EventRecordID>41</EventRecordID> <Correlation /> <Execution ProcessID="5524" ThreadID="8744" /> <Channel>Microsoft-Windows-Hyper-V-Compute-Admin</Channel> <Computer>HOST-JLL</Computer>VM Load balance is not working
Hi All, I have 4 node cluster in which VMs are manually distributed and now when i enabled the load balance feature via Windows Admin Center it not load balancing the VMs i double checked the load feature via PowerShell and it shows true. kindly suggest form where i should start the troubleshooting.26063 deduplication data corruption is still there.
From Server 2022 up to this newest 26063 build, they all have the same problem, as described here: https://techcommunity.microsoft.com/t5/windows-server-insiders/server-vnext-26040-and-server-2022-deduplication-data-corruption/m-p/4047321 I am out of energy for today and give up for today. It seems to be impossible to get Microsoft to care for actual OS bugs instead of marketing.Hyper V Server 2019 VM Paused-Critical Disk(s) encountered critical IO errors
I am running Hyper V server 2019 and running 2 windows 10 VM (only OS running) and 1 Windows server essentials 2019. It worked fine for 6 months just running basic AD tasks. a management software was installed and we had issues since. The 2 windows 10 VM can't start up. An error occurred while attempting to start the selected virtual machines 'Windows 10 VM' failed to change state When I starte the windows server 2019 essentials a Paused-Critical shows on STATE and Status is 'Disk(s) encountered critical IO errors. there's plenty of available storage space in the VM Can anyone help? thank youWindows 11 automatically restarting after install security Update — With GPO and WSUS.
Hi everyone, I’m facing a strange behavior with Windows 11 devices that receive updates through WSUS and are fully managed via Group Policy. Here’s the scenario: We have a GPO configured as follows: -Configure Automatic Updates → 4 (Auto download and schedule the install) -Scheduled installation every day at 10:00 -Install during automatic maintenance → disabled -Active Hours configured -Turn off auto-restart for updates during active hours → Enabled -Update deadlines set to 0 (to avoid any forced restart) -No other restart-related policies set in the domain Even with this configuration, after updates are installed, Windows 11 shows the following message: “Your organization manages update settings. We will restart and install this update at X minutes.” And then the device automatically restarts, even when: -a user is logged in -it is outside Active Hours -deadlines are disabled -no-auto-restart is enabled This behavior does not happen on Windows 10 — only on Windows 11.
Windows Admin Center Preview - 2511 English [MSI Corrupt]
When attempting to launch the WindowsAdminCenterPreview_2511.msi, I received an error message (See Below). In addition, when I test the MSI using 7zip, the archive fails to validate. This occurred downloading the installer package twice over a two-day period. My system info is below.
Recent Blogs
- 5 MIN READWe’re thrilled to announce the arrival of Native NVMe support in Windows Server 2025—a leap forward in storage innovation that will redefine what’s possible for your most demanding workloads. Modern ...Dec 15, 2025
- Great news for IT pros managing the next generation of Windows devices! Windows Admin Center now supports Arm-based Copilot+ PCs, bringing the powerful, browser-based management experience you rely o...Dec 12, 2025
