Forum Widgets
Latest Discussions
Phase 2 of Kerberos RC4 hardening begins with the April 2026 Windows security update
Windows updates released in April 2026 and later begin the second deployment phase of protections designed to address a Kerberos information disclosure vulnerability (CVE‑2026‑20833). This second phase continues the shift away from legacy encryption types such as RC4 by moving toward stronger default ticket behavior. After installing the April 2026 update, domain controllers default to supporting Advanced Encryption Standard (AES‑SHA1) encrypted tickets for accounts that do not have an explicit Kerberos encryption type configuration. If your organization relies on service accounts or applications that depend on RC4-based Kerberos service tickets, now is the time to address those dependencies to avoid authentication issues before the Enforcement phase begins in July 2026. Microsoft recommends continuing to monitor the System event log for Kerberos-related audit events and identify and address misconfigurations or remaining dependencies, then enabling enforcement when warning, blocking, or policy events are no longer logged. See How to manage Kerberos KDC usage of RC4 for service account ticket issuance changes related to CVE-2026-20833 and CVE‑2026‑20833 to learn more about the vulnerability, timelines, recommended preparation steps, and configuration options to ensure compliance before Enforcement mode begins in July 2026.
Virtual printer in windows server 2019 standard is not shown after configuration
Hello, I am, trying to configure a virtual printer in a Windows server 2019 standard edition that is deployed in OCI cloud. This instance has windows server license included in the pricing. The problem comes when after ending the process of configuration this virtual printer is not displayed in "Devices and printers" any idea why is this happening? Regards, Ana
Error al agregar Windows Server 2025 a dominio existente, nivel funcional 2016
Buenas a todos, Me dirijo a esta comunidad en busca de orientación para resolver un problema que se me está presentando al intentar integrar un nuevo servidor con Windows Server 2025 Standard a mi infraestructura de Active Directory existente. Descripción del entorno: Dominio de Active Directory activo con Windows Server 2019 Standard. Nivel funcional de dominio y bosque configurado en Windows Server 2016. Controladores de dominio actuales: server-dc01.impresoratec y server-ad2019.impresoratec. El nombre de dominio interno utilizado es impresoratec (nombre NetBIOS/dominio de etiqueta única, sin sufijo DNS completo tipo .local o .com). Problema: Al intentar agregar el nuevo servidor con Windows Server 2025 al dominio, el proceso falla y se presenta el siguiente mensaje de error: "Es posible que el nombre de dominio "impresoratec" sea un nombre de dominio NetBIOS. Si este es el caso, compruebe que el nombre de dominio está registrado correctamente con WINS. [...] La consulta se refería al registro SRV para _ldap._tcp.dc._msdcs.impresoratec. La consulta identificó los siguientes controladores de dominio: server-dc01.impresoratec y server-ad2019.impresoratec. Sin embargo, no se pudo contactar con ningún controlador de dominio." El mensaje sugiere que los registros de host (A) o (AAAA) pueden contener direcciones IP incorrectas o que los controladores de dominio no son accesibles desde el nuevo servidor. Lo que he verificado hasta ahora: Los controladores de dominio existentes están en línea y operativos. La replicación entre los DCs actuales funciona con normalidad. El nuevo servidor con 2025 tiene conectividad de red general, pero no logra localizar los DCs al momento de unirse al dominio. Mi consulta: ¿Alguien ha experimentado este comportamiento al incorporar un servidor con Windows Server 2025 a un dominio con nivel funcional 2016 y un nombre de dominio de etiqueta única (single-label domain)? ¿Existe algún requisito previo adicional —como la actualización del esquema de AD, ajustes en DNS o en WINS— que deba cumplirse antes de agregar el nuevo DC? Agradezco de antemano cualquier orientación o experiencia que puedan compartir.
ntoskrnl.exe and build version not getting updated after applying KB5078740 on server 2025
I have installed the latest March patch kb5078740 on server 2025 which was upgraded from server 2022. the patch is showing installed but the ntoskrnl.exe and build version is still showing 10.0.26100.4652. Qualys is detecting it as patch not installed based on file version which should be 10.0.21600.32522. Please let me know how to fix this issue.VMWARE ESXi and Winddows VM Licenses
We have one VMware environment with 3 servers each with 2 CPUs, to be properly legal he acquired 6 Windows Server Datacenter Edition licenses, what happens is that when he is trying to activate the VMs that are in Windows Server Standard he gets the error that you see in the image. Licensing was carried out correctly as described in the Windows Server 2025 License Guide, in summary: all CPUs and Cores) in the virtualization cluster were licensed. can anyone advise the right way to use the Datacentre License in ESXi environment? thanks in advancedProblem in Windows Server 2022
Hello, I need help with the following: I had the video application installed and working on a VPS with Windows Server 2022, and suddenly it stopped working. It won't start, and it doesn't show any errors or events that I can analyze in the viewer. Does anyone have any idea what might be happening? I've already tried many AI recommendations, from uninstalling and reinstalling an older version of the application to uninstalling the latest server update, among other things. I also tried installing it on another VPS, and it shows the same problem.Bookmark the Secure Boot playbook for Windows Server
Secure Boot is a long‑standing security capability that works in conjunction with the Unified Extensible Firmware Interface (UEFI) to confirm that firmware and boot components are trusted before they are allowed to run. Microsoft is updating the Secure Boot certificates originally issued in 2011 to ensure Windows devices continue to verify trusted boot software. These older certificates begin expiring in June 2026. While Windows Server 2025 certified server platforms already include the 2023 certificates in firmware. For servers that do not, you will need to manually update the certificates. Unlike Windows PCs, which may receive the 2023 Secure Boot certificates through Controlled Feature Rollout (CFR) as part of the monthly update process, Windows Server requires manual action. Luckily, there is a step=by-step guide to help! With the Secure Boot Playbook for Windows Server, you'll find information on the tools and options available to help you update Secure Boot certificates on Windows Server. Check it out today!CrowdStrike Secure Boot Lifecycle Management Content Pack
CrowdStrike has recently released the Secure Boot Lifecycle Management Content Pack. This new feature helps Falcon for IT module users manage Windows Secure Boot certificate updates ahead of these certificates’ expiration beginning in late June 2026. The dashboard provides an at‑a‑glance view of Secure Boot–enabled devices, showing which systems are already compliant with the updated 2023 Secure Boot certificate, which are in progress, and which are blocked or require opt‑in to a managed rollout. It also highlights certificate update failures that may require investigation. In addition, overall readiness is summarized through a compliance gauge, while a 30‑day trend shows how pass and fail counts change as remediation progresses. Filters by operating system, server edition, hostname, and update status help administrators quickly identify devices that need action to help ensure systems remain secure after the certificates expire. The feature also provides management options to opt devices into Microsoft's managed rollout for gradual, tested deployment, and to block updates on hardware with known compatibility issues to prevent boot failures. Note that this feature is available as part of CrowdStrike's Falcon for IT module. CrowdStrike Endpoint Detection and Response (EDR) customers who are not licensed for this module can enable a free trial from the CrowdStrike Store. To learn more about this feature, please see the content pack tutorial video.
PS script for moving clustered VMs to another node
Windows Server 2022, Hyper-V, Failover cluster We have a Hyper-V cluster where the hosts reboot once a month. If the host being rebooted has any number of VMs running on it the reboot can take hours. I've proven this by manually moving VM roles off of the host prior to reboot and the host reboots in less than an hour, usually around 15 minutes. Does anyone know of a powershell script that will detect clustered VMs running on the host and move them to another host within the cluster? I'd rather not reinvent this if someone's already done it.Did Microsoft make a mistake? WinServer 2022 Standard and up.
Microsoft removed functionality of Windows Deployment Service. I know their are ways to to get around this but they either are hackjobs or deploying your own windows with PE. as far as i know of writing this. I know I could go linux. they have a simple cd to follow. Or Mac has their own version for macs. but not microsoft. They THREW it away for some stupid reason. Do I really have to do a VM or worse ditch DNS & DHCP?
