Recent Discussions
Groups and roles issues
Hello, We use two user accounts, one that is a server administrator and that we use to connect to the servers via RDP (ADMaccounts). The other is not an administrator and we use it on our workstations (USRaccounts). I deleted from Gateway Users the Builtin\users group because I don't want users to access even though they can't do anything. For now I added another group as Gateway Users with our USR accounts. ADM accounts are member of Gateway Administrators. When Im logged into WAC with the ADM user and access to WAC, the browser asks me for credentials, I enter the ADM credentials, and I log in. When I am at my workstation, I access the URL and log in without being asked for credentials with the USR account session. I do not understand this behavior. I need to access from my workstation with the ADM account. How can I make the browser ask me for credentials? Do I have to open the browser with the admin credentials every time I want to manage WAC? Thanks, Best regardsWAC can connect to itself or to other servers.
Hello, I have installed WAC with an internal certificate of my company. I can login to the web, the certificate appears correct in the browser. When I try to connect to the gateway itself or to other servers. No connection could be made because the target machine actively refused it: servergw.domain.com:6601 On event viewer: Event Winrest: Hosting failed to start Exception: System.InvalidOperationException: The requested certificate E=email address removed for privacy reasons could not be found in LocalMachine/My with AllowInvalid setting: False. The certificate is correct like other from company that used in other services, It has private key, and server authentication: E = email address removed for privacy reasons CN = email address removed for privacy reasons OU = company O = company bla bla L = City S = City C = Country I tried to create with other SAN: DNS=servergw.domain.com DNS=servergw DNS=localhost I have also tried to give permissions to the private key to Network Service, change the service to run with Local System. WinRM and trusted hosts are correctly. It only works when I install it with the self-signed certificate that WAC creates and it will say 60 days. What else can I try? Thanks !!
DNS DOH and DOT Server 2025
Does anyone know if Windows Server 2025 is planning to support native DNS over HTTPS or DNS over TLS? As of now, windows clients can be configured to support this, but MS DNS is not DOH or DOT compliant. I am just wondering if this is being considered or if it is on the roadmap. Thanks!
Windows Admin Center - Vmware migration to HyperV
We have a vCenter (multiple hosts) with about 30 VMs and need to migrate them to a single HyperV host. I installed the Windows Admin Center and the other components (https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/use/migrate-vmware-to-hyper-v). I migrated 2 servers, one at a time, and both seemed to work, though I had to set the IP manually. I then chose 2 servers to migrate both at the same time and it seems to be hung. The sync process completed successfully. The migration process for both got to 25% and has been stuck there for a day now. The disks aren't that big and, presumably most of that was created/copied during the sync process. I also don't see an option to stop the process or restart it. I know the VM Conversion is a Preview function, so I'm sure support it limited. Any help or direction would be appreciated.
CSV Auto-Pause on Windows Server 2025 Hyper-V Cluster
Hi everyone, i'm facing a very strange behavior with a newly created HyperV Clsuter running on Windows Server 2025. One of the two nodes keep calling for autopause on the CSV during the I/O peak. Does anyone have experienced this ? Here are the details : Environment Cluster: 2-node Failover Cluster Nodes: HV1 & HV2 (HPE ProLiant DL360 Gen11) OS: Windows Server 2025 Datacenter, Build 26100.32370 (KB5075899 installed Feb 21, 2026) Storage: HPE MSA 2070 full SSD, iSCSI point-to-point (4×25 Gbps per node, 4 MPIO paths) CSV: Single volume "Clsuter Disk 2" (~14 TB, NTFS, CSVFS_NTFS) Quorum: Disk Witness (Node and Disk Majority) Networking: 4×10 Gbps NIC Teaming for management/cluster/VMs traffic, dedicated iSCSI NICs Problem Description The cluster experiences CSV auto-pause events daily during a peak I/O period (~10:00-11:30), caused by database VMs generating ~600-800 MB/s (not that much). The auto-pause is triggered by HV2's CsvFs driver, even though HV2 hosts no VMs. All VMs run on HV1, which is the CSV coordinator/owner. Comparative Testing (Feb 23-26, 2026) Date HV2 Status Event 5120 SMB Slowdowns (1054) Auto-pause Cycles VM Impact Feb 23 Active 1 44 1 cycle (237ms recovery) None Feb 24 Active 0 8 0 None Feb 25 Drained (still in cluster) 4 ~60 (86,400,000ms max!) 3 cascade cycles Severe - all VMs affected Feb 26 Powered off 0 0 0 None Key finding: Draining HV2 does NOT prevent the issue. Only fully powering off HV2 eliminates all auto-pause events and SMB slowdowns during the I/O peak. Root Cause Analysis 1. CsvFs Driver on HV2 Maintains Persistent SMB Sessions to CSV SMB Client Connectivity log (Event 30833) on HV2 shows ~130 new SMB connections per hour to the CSV share, continuously, constant since boot: Share: \\xxxx::xxx:xxx:xxx:xxx\xxxxxxxx-...-xxxxxxx$ (HV1 cluster virtual adapter) All connections from PID 4 (System/kernel) — CsvFs driver 5,649 connections in 43.6 hours = ~130/hour Each connection has a different Session ID (not persistent) This behavior continues even when HV2 is drained 2. HV2 Opens Handles on ALL VM Files During the I/O peak on Feb 25, SMB Server Operational log (Event 1054) on HV1 showed HV2 blocking on files from every VM directory, including powered-off VMs and templates: .vmgs, .VMRS, .vmcx, .xml — VM configuration and state files .rct, .mrt — RCT/CBT tracking files Affected VMs: almost all Also affected: powered-off VMs And templates: winsrv2025-template 3. Catastrophic Block Durations On Feb 25 (HV2 drained but still in cluster): Operations blocked for 86,400,000 ms (exactly 24 hours) — handles accumulated since previous day These all expired simultaneously at 10:13:52, triggering cascade auto-pause Post-autopause: big VM freeze/lag for additional 2,324 seconds (39 minutes) On Feb 24 (HV2 active): Operations blocked for 1,150,968 ms (19 minutes) on one of the VM files Despite this extreme duration, no auto-pause was triggered that day 4. Auto-pause Trigger Mechanism HV2 Diagnostic log at auto-pause time: CsvFs Listener: CsvFsVolumeStateChangeFromIO->CsvFsVolumeStateDraining, status 0xc0000001 OnVolumeEventFromCsvFs: reported VolumeEventAutopause to node 1 Error status 0xc0000001 (STATUS_UNSUCCESSFUL) on I/O operation from HV2 CsvFsVolumeStateChangeFromIO = I/O failure triggered the auto-pause HV2 has no VMs running — this is purely CsvFs metadata/redirected access 5. SMB Connection Loss During Auto-pause SMB Client Connectivity on HV2 at auto-pause time: Event 30807: Share connection lost - "Le nom réseau a été supprimé" Event 30808: Share connection re-established What Has Been Done KB5075899 installed (Feb 21) — Maybe improved recovery from multi-cycle loop to single cycle a little, but did not prevent the auto-pause Disabled ms_server binding on iSCSI NICs (both nodes) Tuned MPIO: PathVerification Enabled, PDORemovePeriod 120, RetryCount 6, DiskTimeout 100 Drained HV2 — no effect Powered off HV2 — Completely eliminated the problem I'm currently running mad with this problem, i've deployed a lot of HyperV clusters and it's the first time i'm experiencing such a strange behavior, the only workaround i found is to take the second nodes off to be sure he is not putting locks on CSV files. The cluster is only running well with one node turned on. Why does the CsvFs driver on a non-coordinator node (HV2) maintain ~130 new SMB connections per hour to the CSV, even when it hosts no VMs and is drained?Why do these connections block for up to 24 hours during I/O peaks on the coordinator node? Why does draining the node not prevent CsvFs from accessing the CSV? Is this a known issue with the CsvFs driver in Windows Server 2025 Build 26100.32370? Are there any registry parameters to limit or disable CsvFs metadata scanning on non-coordinator nodes ? If someone sees somthing that i am missing i would be so grateful ! Have a great day.
Users "Status" fields blank on RDS with Windows Server 2025
Hi, we have two RDS Server with Windows Server 2025 installed (In-Place Upgrade from Server 2019). In Task-Manager under the "Users" Tab all fields of the "Status" row are blank. We cant see if a user is connected or disconnected. In cmd with "query user" it works. Someone else discovered this problem?Server 2025 not accepting Ricoh scans
The scanner has stopped scanning to their server since I upgraded the server OS from Windows Server 2022 to 2025. • Installed the Ricoh drivers for both the scanner and printer (from Ricoh’s web site) • Created a new simple share/filepath for the scanner to send to (\\SERVER2022\Scans) • Used IP address (10.1.10.2) instead of server name in file (UNC) path • Entered admin credentials with or without server name (it is a workgroup server, not a DC) • Created another user and tried all above with that new admin • With either server share and/or user, tried different permissions on the shared folder • Tried disabling/enabling inherited permissions on the shared folder • Disabled the Advanced Firewall entirely for testing – no change either way • Double checked incoming ports/programs on the firewall – all required were open • Activated SMB1 on server, tried with or without SMB2/SMB3 disabled • I was able to create a share on two other computers; one running Windows 10 and one running Windows 11. They both worked.
Migrating from VMware to Hyper-v
Hi, I've recently deployed a new 3x node Hyper-v cluster running Windows Server 2025. I have an existing VMware cluster running exsi 7.x. What tools or approach have you guys used to migrate from VMware to Hyper-v? I can see there are many 3rd party tools available, and now the Windows Admin Center appears to also support this. Having never done this before (vmware to hyper-v) I'm not sure what the best method is, does anyone here have any experience and recommendations pls?Mandatory AccessKey parameter for Import-WACConnection Powershell cmdlet in 2410
Hello, I have recently updated to Admin Center 2410, needed to do a fresh install because I ran into some Ajax error 500 problems when I dried to updrade the existing installation. Now I had a script running one a week which fetched all AD computers and Clusters and imported them as shared connection. I have already figured that I need to use a different path to import the Microsoft.WindowsAdminCenter.ConnectionTools module, and that the syntax for Import-Connection is now Import-WACConnection. However, when trying to connect, the commandlet now has a mandatory AccessKey parameter. The help suggests: "-AccessKey <String> The access key to the endpoint for form login. The access key can be created from Advanced menu of Settings on Windows Admin Center UI." However, I cannot find that option in the UI, there is only "Advanced" in the Development section of the UI, and there is no option for generating an access key. P.S. I have installed WAC to use Kerberos integrated Windows Authentication. In the past, the Import-Connection CMDlet was also just using the credentials of the currently logged-on user. Thank you for your help, MarcThe file Microsoft_Server_InsiderPreview_LangPack_FOD_29531.iso is missing language packs.
Is it difficult to put these language packs in Microsoft_Server_InsiderPreview_LangPack_FOD_29531.iso? WinRe.wim PackageName PackageState ReleaseType InstallTime WinPE-DismCmdlets-Package~31bf3856ad364e35~amd64~~10.0.29531.1000 Installed FeaturePack 2/7/2026 15:07 WinPE-DismCmdlets-Package~31bf3856ad364e35~amd64~en-US~10.0.29531.1000 Installed LanguagePack 2/7/2026 15:07 WinPE-PlatformId-Package~31bf3856ad364e35~amd64~~10.0.29531.1000 Installed FeaturePack 2/7/2026 15:06 WinPE-PlatformId-Package~31bf3856ad364e35~amd64~en-US~10.0.29531.1000 Installed LanguagePack 2/7/2026 15:06 WinPE-PowerShell-Package~31bf3856ad364e35~amd64~~10.0.29531.1000 Installed FeaturePack 2/7/2026 15:07 WinPE-PowerShell-Package~31bf3856ad364e35~amd64~en-US~10.0.29531.1000 Installed LanguagePack 2/7/2026 15:07 WinPE-SecureBootCmdlets-Package~31bf3856ad364e35~amd64~~10.0.29531.1000 Installed FeaturePack 2/7/2026 15:07 WinPE-SecureBootCmdlets-Package~31bf3856ad364e35~amd64~en-US~10.0.29531.1000 Installed LanguagePack 2/7/2026 15:07 WinPE-UpdateOrchestrator-Package~31bf3856ad364e35~amd64~~10.0.29531.1000 Installed FeaturePack 2/7/2026 15:08 WinPE-UpdateOrchestrator-Package~31bf3856ad364e35~amd64~en-US~10.0.29531.1000 Installed LanguagePack 2/7/2026 15:09Can't download 29531
Hi can not download 29531 I get the below, I'm located in Sweden Error We are unable to complete your request at this time. Some users, entities and locations are banned from using this service. For this reason, leveraging anonymous or location hiding technologies when connecting to this service is not generally allowed. If you believe that you encountered this problem in error, please try again. If the problem persists you may contact Microsoft Support – page for assistance. Refer to message code 715-123130 and 2c3feb13-04f8-4432-bc28-c88fc015123b.Encrypted vhdx moved to new host, boots without pin or recovery key
Hyper-V environment. Enabled VTPM on guest Server, 2022 OS and encrypted OS drive C:\ with BitLocker. Host server 2022 has physical TPM. Shut down guest OS and copied vhdx file to another Hyper-V host server that is completely off network (also server 2022 with a physical TPM). Created a new VM based on the "encrypted" vhdx. I was able to start the VM without needing a PIN or a recovery key. Doesn't this defeat the whole point of encrypting vhd's? Searching says that this should not be possible, but I replicated it twice on two different off network Hyper-V host servers. Another odd thing is that when the guest boots on the new host and you log in, the drive is NOT encrypted. So, where's the security in that? Does anyone have any ideas on this or if I'm missing something completely? Or have I just made Microsoft angry for pointing out this glaring flaw??BitLocker Network Unlock Question
I set up network unlock for two servers in our network as a test for a future deployment of BitLocker. Both HP's. One is a DL 360 Gen9 server with aftermarket TPM, the other is a DL360 Gen11 with onboard/HP TPM. Configured first NIC on both boxes for DHCP. Just to test things, I unplugged NIC1 but kept NIC2 plugged in on the Gen11 server and rebooted. It prompted for a PIN on boot up (expected behavior). Did the same test on the Gen9 server and it boots straight into the OS (unexpected behavior). As a further test, I kept NIC1 unplugged and then unplugged NIC2, rebooted and got prompted for a PIN (as expected since box was completely off network). Does anyone have any ideas why this is happening? Could it have something to do with the aftermarket TPM? From what I've read network unlock requires the first NIC to be DHCP so it can communicate with the WDS server and allow network unlock to work. Could it be something with the NIC's on the Gen9 server? I'm at a loss to explain this behavior. Hoping someone may have some insight. TIA
Lots of DNS Server events 5504 on AD DNS server from Cloudflare etc
Hi! I'm getting about 18 events with id 5504 while trying to resolve some DNS names, like fullfiles.xyz. The DNS server is configured to use provider DNS and root hints. I can suppress these messages by disabling root hints or by disabling EDNS0 with dnscmd /config /enablednsprobes 0. I tried to use packet capture on the DC and on the router, and analyzed the results with AI, which answered: "You receive malformed patterns on the WAN interface." Can anybody explain the cause of this problem? Any ideas to fix it? Thanks!
Recent Blogs
- 5 MIN READHello AskDS readers! Sagi and Adesh here. Today we’re excited to talk about a change that finally closes one of the longest‑standing troubleshooting gaps in Group Policy Preferences (GPP). G...Mar 04, 2026
- Hello again — this is Potti Tagore Nadh from Directory Services team. When troubleshooting Windows components, administrators often rely on enhanced logging to diagnose issues quickly and accuratel...Feb 27, 2026
