Forum Widgets
Latest Discussions
Windows Server 2022 File Server Cluster | Network Teaming
Hello Microsoft Community, I have a Windows Server 2022 File Server Cluster (all physical nodes) running with SMB shares. At present, it is not configured with NIC teaming. We are planning to setup NIC teaming. I am going to add an additional network adapter to achieve this. Since this is a production file server server. It tried to perform NIC teaming in a test environment. Upon setting up network teaming, File server clustered roles do not come online and fail. It registers an Event ID 1049 about duplicate IPs despite the fact that I have deleted old network adapter via device manager (show hidden devices). New network adapter comes online without any previous knowledge of IPs. When setting up old IP scheme on a new individual network adapter, File server clustered roles come online successfully. However, setting up the old IP scheme on teamed network adapter, it registers Event ID 1049 about duplicate IPs and roles shows a status of Failed instead of Stopped. What would be a best way to achieve network teaming on an existing file server cluster without setting up the cluster from scratch?aleemsyed12Jul 05, 2026Copper Contributor3Views0likes0CommentsIssue with winlogon on Remote Desktop Services:
We are investigating intermittent session establishment failures on Windows Server 2019 servers used as CyberArk PSM / RDS hosts. At unspecified intervals, new privileged sessions fail to establish or are disconnected during the initial session/logon phase. The issue is intermittent and affects new sessions. Existing sessions may continue to work. The strongest and most consistent correlation identified so far is: Microsoft-Windows-TerminalServices-LocalSessionManager/Operational – Event ID 36 Application / Microsoft-Windows-Winlogon – Event ID 4005 We observed that TerminalServices-LocalSessionManager Event ID 36 can occur without a subsequent Winlogon Event ID 4005. However, every observed Winlogon Event ID 4005 is correlated with TerminalServices-LocalSessionManager Event ID 36 in the same incident window. This suggests that Event ID 36 is a consistent precursor or required condition for the Winlogon 4005 cases. Environment Operating system: Windows Server 2019 Role: CyberArk PSM / RDS session host Issue type: intermittent failure during new RDP/PSM session initialization Impact: affected users cannot establish privileged sessions or are disconnected during session startup Similar issue exists on previous windows server 2012 R2 and was fixed : August 16, 2016 – KB3179574 (During virtual channel management, a deadlock condition occurs that prevents the RDS service from accepting new connections.) https://support.microsoft.com/en-us/topic/august-2016-update-rollup-for-windows-8-1-and-windows-server-2012-r2-d472b5d5-4b3a-8e6e-c22a-f62fed604caf I'm looking forward for any ideas how to resolve this issue. Many thanks!!kris1975Jul 03, 2026Copper Contributor29Views0likes1CommentWindows Server 2025 DC — LSASS handle leak identified via WinDbg — authz!AuthzpDeQueueThreadWorker
Hello All!! Im having a problem, LSASS crashes on a Windows Server 2025 Domain Controller, I identified what appears to be the root cause using WinDbg memory dump analysis. Sharing this hoping someone else has seen it or Microsoft can confirm. The Problem LSASS handle count grows continuously over time and eventually crashes with a 0xC0000005 access violation (Event ID 1015). After a reboot the cycle repeats. The growth rate correlates with authentication load and faster during peak hours, slower overnight. WinDbg Dump Analysis Captured LSASS dump at high handle count and ran !handle 0 f: Token handles: overwhelmingly dominant Everything else: negligible Every leaked token shows: GrantedAccess: 0x8 (TOKEN_QUERY only) PointerCount: overflowed to negative integer Running !findstack authz 2 shows multiple worker threads all sitting in: authz!AuthzpDeQueueThreadWorker What Was Tested And Eliminated Stopped or disabled each individually and measured handle growth rate — zero meaningful difference from any: - Antivirus (all components) - Backup software - Application services - VSS snapshots - Hardware management agents etc.. Environment OS: Windows Server 2025, fully patched with the latest updates including April LSASS update. Role: Domain Controller DNS PAM: Not active. Conclusion Token handles are opened with TOKEN_QUERY access inside authz!AuthzpDeQueueThreadWorker and never released. Reference counter overflows to negative integer. Growth rate scales directly with authentication load. Current workaround: reboots during off hours. Has anyone else seen this pattern on Windows Server 2025? Is there a known fix or Microsoft acknowledgment for this specific authz token handle leak?319Views2likes3CommentsWindows Server 2025 Failover Cluster Live Migration Issue
Hi Everyone, I am facing an issue in a Hyper-V Failover Cluster environment where Live Migration intermittently fails due to a service logon-related problem. The environment was previously working normally, but now whenever we attempt to Live Migrate a VM between cluster nodes, the migration fails unless we manually run “gpupdate /force” on the Hyper-V host first. After running gpupdate /force, the migration works temporarily, but the issue returns again during the next migration attempt. This makes it appear that some policy or permission is not being applied consistently on the cluster nodes. During troubleshooting, I attempted to add “NT VIRTUAL MACHINE\Virtual Machines” to the “Log on as a service” policy under Local Security Policy > Local Policies > User Rights Assignment. However, the account does not appear or resolve in the Object Picker when trying to add it manually. At this stage, I am trying to understand whether this is related to a domain GPO overwriting local policy settings, a Failover Cluster permission issue, or something specific to Hyper-V virtual machine accounts. Has anyone encountered a similar issue where Live Migration only works after running gpupdate /force? Also, is there a correct method to add “NT VIRTUAL MACHINE\Virtual Machines” to the “Log on as a service” policy, or should this permission already exist by default on Hyper-V hosts? Any guidance or recommendations would be greatly appreciated.madushan_gunarathneJul 02, 2026Copper Contributor30Views0likes1CommentSecure Boot update still pending on deadline day
After checking the registry keys on 2x VMs which run services for a number of important customers I found they both have: UEFICA2023Error 2147942750 Apparently this means they're pending a reboot. https://blog.mindcore.dk/2026/04/secure-boot-certificate-update-intune/ I can't reboot the VM inside working hours, can they be rebooted after the deadline or do I need to disable Secure Boot on the VMs? I'm concerned I'll have to disable Secure Boot before they're next rebooted for Windows updates.LouisTJul 02, 2026Tin Contributor40Views0likes1CommentServer 2025 to server 2022 downgrade keys
Hello, We bought licenses with these part #'s MFR# P73-08495 and MFR# EP2-25187 which, according to searches on the internet, have downgrade rights. We need to get downgrade keys for server 2022 standard. Our reseller referred us to Microsoft for this. Could someone help? The activation portal does not give us an option to do this and a microsoft support agent told us to make a post here which seems weird to us. We don't know why they couldn't help us via the phone. ThanksTonyamsJul 01, 2026Copper Contributor23Views0likes1CommentWrite to workgroup fileserver from AzureAD joined device.
Hi, We currently have a situation where we are trying to install a program locally, but we want some of the data files (master data for projects, company settings for the most part) to be stored on a fileserver. The installer allows for this change to set UNC path to the share manually, and in our case recommends doing that. The problem we are facing occurs when trying to go on with the installation, the problem reports back that write-protection is enabled. I have the share mapped as a nettwork station, and can create folders/files through explorer. But I think the issue here is that the share mapped using the "Connect with different credential" option, which is required since the share is on a server in a workgroup and the client I'm using is joined to AzureAD. And when i run the installer for the program it is ofcourse ran with my azure user (local administrator), and I guess it tries to write to the UNC path with that user ofcourse. Is there any way i can let the program write to the share without it being to much of a security risk? The same program also has a nettwork license installed on a different workgroup server. I also had to add local users to that server and do some DCOM permission tweaking for that to work. For the license part i can authenticate with the local server user, but thats not an option when trying to install with UNC path for the file/folder structure.HiddenTigerJul 01, 2026Copper Contributor138Views0likes3CommentsActive directory allowing old and new password after reset
We are using windows 2019 server and once password is reset (before expired), we see a behavior that old password is valid for 5mins after password reset. Our replication delay is 15 seconds and we haven't set registry key OldPasswordAllowedPeriod. By documentation https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/new-setting-modifies-ntlm-network-authentication it is mentioned that if OldPasswordAllowedPeriod is not set, default will be 60mins. So where is this 5 mins configured?vimalv55Jul 01, 2026Copper Contributor298Views0likes2CommentsHostname Character Limit
Still being limited to 15 characters for hostnames in 2019 is very upsetting. In an age where we are deploying servers in multiple data centres, whether that be on premise or in the cloud and having multiple environments as well means trying to come up with sensible hostnames in just 15 characters is basically impossible. I’m sure I am not the only person who is frustrated by this limit and would very much like it if Microsoft was to revisit this limit and increase it to bring it in line with the wonderful limit our Linux friends enjoy.LiamG14Jun 25, 2026Tin Contributor176KViews7likes7CommentsSCCM- Upgrade from 2409 to 2509 WSUS timeout issue
Had a working task sequence on 2409 that performed software updates at the end of the task sequence. Upgraded to 2509 - I get a timeout issue when getting to that point on the task sequence. Ive performed maintenance on the WSUS Server, (obsolete, expired etc) I removed the Software Update Point - and re installed it selected the Products of Server 2016,2019, server operating system 21h2 , Windows 10 1903 or later and Windows 11. rebooted both the SCCM and SQL Server. after doing the above but the HRESULT 0x80244010 still persists. "Exceeded max server round trips" — client couldn't retrieve all updates in one cycle. Software centre updates in the OS seem to be unaffected or unknown if clients are affected, only in a task sequence this occurs. Blog posts refer to older items, what would cause this to fail after a upgrade from 2409 to 2509? AI help repeats about reducing metadata and updates but for weird reason i keep getting 700+ updates for the above categories!cidk2000Jun 25, 2026Copper Contributor151Views0likes1Comment
Tags
- windows server2,279 Topics
- Active Directory852 Topics
- management397 Topics
- Hyper-V345 Topics
- networking330 Topics
- security303 Topics
- storage217 Topics
- clustering160 Topics
- PowerShell151 Topics
- AMA102 Topics