Forum Widgets
Latest Discussions
Password change error message too generic on Windows Server 2025 domain
Hi everyone, In two different production environments running on Windows Server 2025 (fresh Active Directory installations), users reported an issue when trying to change their password via Ctrl+Alt+Del → Change a password. If the new password doesn't meet complexity requirements, the system returns only a generic error: "Unable to change the password at this time." There’s no indication that the failure is due to the password not meeting policy requirements (length, complexity, history, etc.), which creates confusion and unnecessary support tickets. In previous environments running on Windows Server 2016 or 2019, the error message was more informative, clearly stating when a password was too weak or did not meet domain policy. Is this generic message a known change in Windows Server 2025? Has anyone else encountered the same issue? Is there any way to re-enable the more detailed error descriptions? Thanks in advance for any insight!
IIS Application Pool Recycle Permissions for Non-Admin Users
Hi, We are currently struggling with IIS Application Pool recycle permissions which we need to assign to non-admin users, they can connect to the prod server or by remotely but can only recycle, start or stop application pool. They are not allowed to do anything else. Please let me know what the best and standard approach to achieve this. Thanks
Windows Server 2025 Datacenter - Windows search stopped to work
Hello, Following the most recent cumulative Windows update (June 2025), Windows Search has stopped functioning on our Windows Server 2025 Datacenter. When we attempt to search, a blank window appears and loads indefinitely without returning any results. This is version of affected system: Troubleshooting Steps We've Tried: Checked for additional updates (only security updates were available) Restarted the Windows Search service Restarted Windows Explorer via Task Manager Restarted the server Ran the Windows Troubleshooter Rebuilt the search index Ran sfc /scannow and DISM health checks Has anyone else experienced this issue? If so, were you able to resolve it? Any help would be appreciated. Thanks!
RDP black screen
Hello everyone, On several Windows server 2022 ,up to date, attached to a domain, when domain users initiate an RDP connection they end up with a black screen and mouse cursor only. I don't have this problem with local machine administrator accounts. The problem only occurs on Windows server 2022, not on 2019. On the server, the user who initiated the connection has only 4 processes, and they're always the same: In the server logs, we can see that several processes have been blocked by SRP: The problem is that I haven't defined anything like that... I don't encounter this problem with local administrators on the machine. What's more, it happens randomly. I can have the problem for several days and then nothing for several weeks. Does anyone have any idea what it could be? Have you encountered this problem before? Thank you in advance for your help. Matthieu
Dynamic processor compatibility mode
Hi, I was reading up on the new Dynamic processor compatibility mode in 2025 and have been doing some testing and not happy with the result. We have about 400 blades and that comes to about 8 different CPU types in those blades. As our customers have very dynamic demands we're constantly resizing clusters and the blades give me a lot of flexibility in this. In the past the CPU compatibility setting gave us even more flexibility to live migrate between different CPU families, but it also set back the CPU to 1970 levels feature wise. Now with the new updated dynamic processor compatibility mode we have much more CPU functions that are exposed, which is good. The bad thing though is that the CPU level on the cluster is dynamic and my VMs could get different CPU features available with every power off - power on. For example when I start a new cluster with some fresh blades I just received from my supplier, the cluster will determine the common CPU level to be the latest (say XYZ). The VMs I run on it all have CPU compatibility enabled, so they see level XYZ. Now the customer asks for some quick expansion of the cluster and I have to add some older type of blade. My personal testing has learned that the cluster now determines the common level to be somewhat lower, say RST. The VMs that are already running will keep seeing the XYZ (as expected) but: - they can't live migrate to the older host - on next power off and restart, they will go back to level RST. This gives me two major issues. One is that I can't just update my clusters anymore without VM downtime since I can't move VMs to the older hosts. And the bigger issue is that VMs can sometimes have and sometimes not have a specific CPU feature set. Would love to have an option to manually set a CPU feature set for a cluster. I would take my oldest blade, get that feature set and apply it on all clusters and when that blade type is gone, I'd just update all clusters to a new lowest level. Also, I can't find anywhere how I can see through powershell or GUI, what the common CPU feature set for a cluster is. Love to hear everyone's thoughts about this.....
Erreur Windows update KB5060531
Bonjour, J'ai un serveur Windows 2019 qui rencontre un problème pour installer une mise a jour. Auriez-vous des idées pour solutionner cette erreur ? Erreur rencontrée : Mise à jour cumulative 2025-05 pour Windows Server 2019 (1809) – Systèmes x64 (KB5058392) Code erreur : 0x800706be
Connect a Workgroup device on 802.1x Network with NPS
We have an 802.1X-secured Wi-Fi network using EAP-TLS authentication with machine certificates. Domain-joined devices connect and authenticate successfully. However, we have a scenario where some non-domain (Workgroup) Windows 11 devices must connect to this network — and they fail to authenticate. What we've tested so far: User Certificate Approach: Created a duplicate of the User certificate template. Set Compatibility to Windows Server 2008 (to enable key storage provider support). Set Application Policies to include only Client Authentication. Set Subject Name to Supply in the request. During enrollment, we ensured the UPN in the certificate matches the AD user's UPN (e.g., mailto:user@domain). We verified the certificate appears under Published Certificates in the AD user's account. Machine Certificate Approach: Created a certificate with: CN=host/hostname.domain.local in the Subject DNS=hostname.domain.local in the SAN Client Authentication EKU Ensured the certificate is installed in the Local Machine store with private key. In AD: Created a Computer object matching the machine name. Added the ServicePrincipalName (SPN): host/hostname.domain.local Added altSecurityIdentities: "X509:<i>CN=CA Name,DC=domain,DC=local<s>CN=host/hostname.domain.local</s></i>" What we observe in NPS Event Viewer: Each connection attempt from a Workgroup machine — even with valid certificate, and proper mapping — results in: Reason Code: 16 Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect. We also ensured that: NPS has a valid certificate with Server Authentication EKU The authentication method used is Microsoft: Smart card or other certificate (EAP-TLS) The policies are configured for certificate-based authentication only The question How can we make NPS map a client certificate (from a non-domain device) to a user or computer account in Active Directory, so that authentication succeeds? Are there additional requirements for altSecurityIdentities, or limitations for Workgroup clients that we're missing?
DC Demote failed Access denied
We're trying to demote two domain controllers 2008R2 in a domain ( domx.company.local ) that is part of a forest Company.local We added two new domain controllers into domx.domain.local and tried to demote the two old one. Both of them failed to demote with the error Error - The attempt at remote directory server SRVDC02.domx.domain.local to remove directory server CN=SRVDC01,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=Domain,DC=local was unsuccessful. (5) We checked that all the DC objects and the Site's folder have no flag to protect them from removal. We are logged into the DC to be demoted as an Enterprise admin. Any help on solve the issue is appreciatedHow to choose the correct server edition?
Hi, I am new to IT and currently studying for my first helpdesk job. I was following kevtech it support on youtube and he basically guides us to go over 2016 server, and when I asked on a post on linkedin, a lot of people told me that 2022 was very popular nowadays, and I also heard the mentions of server 2025. They recommend that I research this on Chatgpt, the usage of the versions and their differences, however, I also hoped I could get some input with the community experienced with those different versions. So if you have any input or advice, I would highly appreciate it. Thanks in advance.
SRV 2022 WDS - Can't import Realtek NIC Drivers
hello, i'm using windows deployment services (WDS) on my windows server 2022. many clients (windows 10 and windows 11) have a "Realtek PCIe GbE Family Controller" as onboard NIC. if i get the required driver from ex. HP or DELL i can't import it into my WDS server (error code:0xC10408A6). even the driver from the microsoft catalog won't import. normally i would get it from realtek homepage, but this driver won't import either. a friend of mine has a WDS on a windows server 2019. he can import the driver from the realtek homepage an it works fine. what can i do? the error description says that the cause for failed packages includes unsigned x64 driver-package (it's signed), network connectivity (it's fine) and package corruption (but it works on server 2019). my 2022 server has the latest windows updates.
