Forum Widgets
Latest Discussions
AD Replication Error 1908 (Source DSA)
Hi all, I’m troubleshooting an Active Directory replication issue (error 1908 – “Could not find the domain controller”) in a multi-site environment with 16 domain controllers across multiple locations. The problematic Domain Controller (Site A-DC) is displaying a 6% failure in the replication summary with the 1908 error code in the Source DSA but the Destination DSA do not display any errors. If I replsummary in other DCs, I will see the same result. However, If I run the showrepl command, the result displays all successful replications with no errors. A-DC is used as a replication path and holds the FSMOs roles (Site A is the main DC) and I believe it is also affecting DFSR replication from Site A-FS server to the other file servers. A-FS uses A-DC as its logon server. The below is what I have verified: I have verified that forward and reversed lookup zones have the correct DNS records (Checked SRV records _ldap._tcp.dc._msdcs, _kerberos._tcp, and IP addresses) All the DCs resolve correctly A and PTR records nltest /dsgetdc:domain.com successfully returns domain controller Confirmed Secure channel to be true in A-FS Verified KDC is running in A-DC (I have not trying purging the KDC tickets yet but doubt this will resolve the issue) Troubleshooting performed: flushed/re-registered DNS Restarted netlogon services Time sync wouldn't have a play here since all the other DCs are syncing with A-DC. Any guidance or similar experiences would be greatly appreciated. MiguelSolvedM_i_g_u_e_lApr 23, 2026Copper Contributor191Views0likes7Comments
2026-04 Update Breaks Domain Logins
I have an Active Directory domain that is old (from 2000!) that has been upgraded and moved to newer versions of Windows Server and Active Directory. I have domain controller VMs running Windows Server 2025 Standard Edition. Unfortunately they installed the latest 2026-04 patches which my have changed the Kerberos encryption from RC4 to AES. This has resulted in my not being able to log into any Active Directory domain accounts and the domain controllers themselves. I can only log into workstations using the local account. Suffice to say this a nightmare. Any ideas how to fix it since I can't access the usual tools like Active Directory Users and Computers, Hyper-V won't connect to the VMs, etc. Thanks. SSolvedEMR88Apr 14, 2026Copper Contributor4.1KViews2likes8Comments
Procedures to raise the functional level of AD 2008 r2 to 2019
Hello everyone, Our AD has the Windows Server 2008 functional level and the servers with Windows Server 2016 OS. I intend to raise the functional level to 2019 or 2025. I would like your help with tips and documentation to decide whether 2019 or 2025 would be best, what are the risks and procedures for successful migration. I have an isolated environment to carry out rehearsals and tests before actually going into production.SolvedMarcelo327Apr 14, 2026Copper Contributor185Views0likes2Commentsdcdiag crash with incorrect /s parameter
Hello, I find a mistake in my script which cause DCDiag to crash : dcdiag /v /c /d /e /s:%computername% > C:\Temp\dcdiag.txt %computername% is the mistake. I replaced it by the real server name. Seems like input it not enough checked. VincentSolvedNolmeMar 25, 2026Copper Contributor50Views0likes1Comment
WMI Filter for non-Hyper-V Host
I have been struggling for several days trying to set a GPO WMI Filter that would apply settings to any server, virtual or physical, as long as it is not the Hyper-V Host. It should apply to any VM on VMWare or on Hyper-V hypervisors. I found many suggestions online but none of them really work, like looking for Hypervisorpresent, that is also set to TRUE on VMs so no help. I have many ways to find and apply to an Hyper-V but EXCLUDING Hyper-Vs seems to be a tough one, the WMI filters are designed to find something and apply if it finds it, not the opposite. I have tried queries on the OptionalFeatures class, again it helps me find the Hyper-V but not EXCLUDE it. Anyone have an idea about doing this. BTW, this is to apply a setting only to non-Hyper-V and ignore if it is an Hyper-V. I am also trying to avoid blocking GPOs at a specific OU and re-linking all but 1 GPO from that level, I have to assume that there is a way to target all servers except Hyper-V. Hopefully someone has succeeded in doing the same. Thank youSolvedPepeLePewFeb 21, 2026Copper Contributor180Views0likes3Comments
0x000003eb Windows cannot connect to the printer.
Hello fellow Windows administrators, I have installed Windows 2025 as a print server. I share Xerox network printers from there using the Xerox Gobal PostScript driver (requirement). When installing the shared printer from that server (\\2025server\ double-click the printer), file C:\Windows\system32\spool\DRIVERS\x64\3\PS5UI.DLL gets overwritten by the version from the server (a newer version 2026-02-11 that was pushed by monthly windows updates) which comes from "\\2025server\print$\x64\PCC\ntprint.inf_amd64_c9d56d0edd975df6.cab". It overwrites the version actually in the local server before the printer installation completes. This is normal behavior. On windows 2016 and 2019 the printer installation then fails with error "0x000003eb Windows cannot connect to the printer" and 2 eventlogs : "The print spooler failed to import the printer driver that was downloaded from "\\2025server\print$\x64\PCC\ntprint.inf_amd64_c9d56d0edd975df6.cab" into the driver store for driver Xerox Global Print Driver PS. Error code = 800702e4. This can occur if there is a problem with the driver or the digital signature of the driver." And : "The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\PS5UI.DLL, error code 0x8007007F. See the event user data for context information." If I install the the exact same shared printer on any other OS than 2016/2019 servers , local Ps5ui.dll gets overwritten with the server 2025 (2026-02-11) version and printer installs and fine. I figured that if I go to my old print server (2022) and retrieve ps5ui.dll from there, put it in local folder on the 2016-2019 servers (overwriting the 2026-01-14 | 2026-02-11 version) and install the shared printer again, now it installs fine. (It does not retreive ps5ui.dll from the 2025 again and so it does not overwrite the local onel). I even re-installed 2025 in a vm without network (so no windows update) and extracted ps5ui.dll from there, and this one works too. This issue seems to be caused by recent windows update, the first culprit I'm aware of is dated 2026-01-14. The february update installed today also modifies ps5ui.dll on the 2025 server, but does not resolve the issue either. So, either there's something I have to change on the 2016/2019 servers, or there is a bug in that file… I'm thinking the later as the original file form the 2025 iso works fine. :\Solvedqm2Feb 11, 2026Copper Contributor1KViews0likes2CommentsTurning Off Tamper Protection on Workstations
How do I turn off Tamper Protection on a domain-joined Windows 11 workstation? The problem is a workstation has Windows Defender in Passive Mode instead of being in Not Running mode after installing a 3rd party antivirus. Windows Defender is making running network applications from the servers much slower because it's still real-time scanning. I also suspect Tamper Protection is also preventing network drive exclusions from working on this workstation and on the ones that use Windows Defender without a 3rd party antivirus. I've tried adding every registry entry, Group Policy, and PowerShell command on the local workstation I could find to disable Windows Defender, but nothing works. I'm assuming this is due to Tamper Protection ignoring everything? This is an on-premises domain and doesn't use Microsoft Intune or Microsoft Endpoint Configuration Manager.SolvedDavid OwensDec 24, 2025Copper Contributor782Views0likes2CommentsWINGET is not recognized as a commandlet on win 2k19 server fresh setup
I have setup a new win2k19, I followed the instructions Install-PackageProvider -Name NuGet -Force | Out-Null Install-Module -Name Microsoft.WinGet.Client -Force -Repository PSGallery | Out-Null Repair-WinGetPackageManager When I try anu winget command I get winget is not recognized as a commandletSolvedSalam_ELIASNov 29, 2025Brass Contributor255Views0likes2Comments
Certificate authentication with SID not working
When trying to login to Windows (against AD) using a certificate with the SID extension present in the certificate, it will not work if the SAN UPN is missing in the certificate. The error message "Your credentials could not be verified" will be displayed. Changing the certificate template to include SAN UPN will make the login work as expected. Is it by design?SolvedJan LiikamaaOct 28, 2025Copper Contributor212Views0likes2Comments
2025-10 Cumulative Update for Windows Server 2019 (KB5066586) Undoes Update on Reboot
We have a Windows Server 2019 Standard which will not install the 2025-10 Cumulative Update for Windows Server 2019 (KB5066586) update. The installation part goes fine, but when the server is rebooted to finalize the update, it goes into "Undoing changes". Then it reboots again, and I am back where I started. The error code is 0x8007000d. I have done the following to debug this: Ran System File Checker sfc /scannow. No errors found. DISM /Online /Cleanup-Image /ScanHealth. No errors found. Ran Windows Update Troubleshooter. No errors found. Shut down Windows Update services. Renamed SoftwareDistribution and Catroot2 folders. Restarted services. No change. Ran ScanDisk. No errors found. Disabled antivirus. No change. Ran Disk Cleanup and manually deleted additional temp files. No change. Checked Event Viewer. Only error is Event 20 which is a failure of the Windows Update Agent. I am out of ideas. If anyone has some, I would much appreciate the help. I am out of ideas.Solved1.8KViews0likes10Comments
Tags
- windows server2,272 Topics
- Active Directory851 Topics
- management395 Topics
- Hyper-V344 Topics
- networking329 Topics
- security301 Topics
- storage217 Topics
- clustering159 Topics
- PowerShell151 Topics
- AMA102 Topics