Recent Discussions
26063 deduplication data corruption is still there.
From Server 2022 up to this newest 26063 build, they all have the same problem, as described here: https://techcommunity.microsoft.com/t5/windows-server-insiders/server-vnext-26040-and-server-2022-deduplication-data-corruption/m-p/4047321 I am out of energy for today and give up for today. It seems to be impossible to get Microsoft to care for actual OS bugs instead of marketing.
Windows Server 2025 24H4 is not useable anymore after Nov. Update KB5068861
Hello, currently, on several Windows Server 2025 Datacenter systems, version 24H2, I am experiencing severe issues accessing network resources after the automatic installation of update KB5068861. This affects network access from Windows Server 2025 24H2 to Windows Server 2025 24H2. Access from these servers to older Windows Server 2016 systems works without any problems. When entering a UNC path—whether by name or by IP—I am always prompted for my credentials, even as a domain administrator. No matter which credentials I enter, I always receive the message that the username or password is incorrect. Under “Change advanced sharing settings,” the two switches “Network discovery” and “File and printer sharing” are set to OFF in the domain network after the update. Re-enabling these two options, which are normally enabled by default, does not improve the situation. Since this patch, I also have an issue on a Windows Server 2025 RDS host where a logged-in user cannot type in the “Search” field. Additionally, the performance on the RDS host feels extremely sluggish. Unfortunately, uninstalling the patch is not possible. The patch KB5067036 is not installed. I have already performed a restore to the day before KB5068861 was installed, but without the desired improvement in performance. Even after the restore, I still cannot access the network via UNC through File Explorer as a user. In the search window, I can access via UNC path. As an administrator, access via UNC path works both in File Explorer and in the “Search” field. Everything worked fine before 11/11/2025. Has anyone had similar experiences or already found a solution? Is a patch for the patch planned? Currently, troubleshooting feels like groping in the dark! In this state, the 24H2 server is no longer usable. What was Microsoft even thinking, releasing such faulty patches—and for weeks now? Is there still any quality control at Microsoft for such critical updates and patches? Thanks for every support, idea, and comment.
2025-10 Cumulative Update for Windows Server 2019 (KB5066586) Undoes Update on Reboot
We have a Windows Server 2019 Standard which will not install the 2025-10 Cumulative Update for Windows Server 2019 (KB5066586) update. The installation part goes fine, but when the server is rebooted to finalize the update, it goes into "Undoing changes". Then it reboots again, and I am back where I started. The error code is 0x8007000d. I have done the following to debug this: Ran System File Checker sfc /scannow. No errors found. DISM /Online /Cleanup-Image /ScanHealth. No errors found. Ran Windows Update Troubleshooter. No errors found. Shut down Windows Update services. Renamed SoftwareDistribution and Catroot2 folders. Restarted services. No change. Ran ScanDisk. No errors found. Disabled antivirus. No change. Ran Disk Cleanup and manually deleted additional temp files. No change. Checked Event Viewer. Only error is Event 20 which is a failure of the Windows Update Agent. I am out of ideas. If anyone has some, I would much appreciate the help. I am out of ideas.
Access denied. 0x80090010 Enroll cert of Windows hello for Business with on-prem PKI CA Server
We have created Certficate Template from on-prem CA Server ( Windows server 2019 ) using this link : https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/rdp-sign-in?tabs=intune However We can not Enroll Certificate Windows Hello for Business Certificate from User's Desktop ( Windows 11 ) and every time error occurred or Access Denied ( Certificate enrollment for Domain\UserName failed to enroll for a WHfBCertificateAuthentication certificate with request ID N/A from -ERCA.Domain.local\Domain-ERCA-CA-1 (Access denied. 0x80090010 (-2146893808 NTE_PERM)) We have also given Read and Enroll permission to EveryOne and Autheticated Users from CA Certficiate template , but still same erro Please advise if anything more can be done to resolve this issue.Get-ClusterExcludedAdapter cmdlet
Following link https://learn.microsoft.com/en-us/powershell/module/failoverclusters/get-clusterexcludedadapter?view=windowsserver2025-ps when execute Get-ClusterExcludedAdapter cmdlet with error below Get-ClusterExcludedAdapter : The term 'Get-ClusterExcludedAdapter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Get-ClusterExcludedAdapter + ~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Get-ClusterExcludedAdapter:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException same for cmdlet Add-ClusterExcludedAdapter (https://learn.microsoft.com/en-us/powershell/module/failoverclusters/add-clusterexcludedadapter?view=windowsserver2025-ps) Does anyone know why these commands are not available?
Server 2025 Evaluation Version not activating
Hi all, in my test environment I have a fresh server 2025 build (eval version), but not matter what I do I can't get it to activate to allow the 180 days. Following the information on the Windows Server 2025 Eval website: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2025 I have done everything as instructed apart from: "Evaluation versions of Windows Server must be activated over the internet in the first 10 days to avoid automatic shutdown." Searching for an answer online only brings up how to activate a purchased license which is NOT what I want to do. I want to activate the 180 evaluation days. How can I do this please?Active Directory Restoration in Isolated Environment
Introduction: Active Directory is centralized Database which stores the objects like users, groups, computers, printers, shares, service accounts in an hierarchical structure. It is one of the most critical and important services in IT Infrastructure as it provides centralized authentication and authorization, allows administrators to manage access to resources, enforce security policies etc., Objective \ Purpose: The purpose of this article is to provide detailed steps to recover the entire Active Directory forest from Good Backup taken using native backup "Windows Server Backup" and Backup taken through "Azure VM Backup" in an isolated environment to check the backup working status. This builds the confidence of restoring the AD and bringing to production in case of a disaster like complete loss of Production domain or malware attack or any other attack etc., Environment Background: ----------------------------- In this article, the Active Directory environment is considered to be having Root domain as test.com and Child Domain as child.test.com in Azure Cloud. Operating system used is Windows server 2019 and Windows server 2025. Recovery Approaches: ------------------------- Active Directory can be recovered using many methods, viz., 1. Active directories recycle bin: To restore only the deleted objects, but this option is not suitable for recovering complete AD 2. System State Backup: This helps in restoring Active Directory Database in DSRM mode by marking authoritative or non-authoritative based on requirement. 3. Complete VM Backup: This is the best option to restore complete Domain Controller Building the Isolated Environment in Azure: ------------------------------------------------ 1. Create a separate VNET 2. Subnet for Azure Bastion and Subnet for deploying virtual machine 3. NSG to allow only communication inside the VNET and block other communications Restore Procedure: -------------------------- Restoring the Root Domain DC: 1. Search the domain Controller VM in Azure console 2. Select recover and create new 3. Fill in the details of the isolated environment so that the VM will be re-created 4. Login with domain admin privileges 5. Verify the DNS assigned using IPCONFIG /ALL 6. Change the DNS IP address on network properties to Server IP Address 7. Perform Ipconfig /registerdns so that the IP of new DC will be updated 8. Run Command : Net Share to check SYSVOL and NETLOGON is showing up 9. Boot the system into DSRM Mode by selecting the option in msconfig 10. Once it is booted in DSRM Mode, login using local administrator credential If it is needed to restore the system state of any other date after restoring the complete VM, then using "Windows Server Backup Wizard" choose recover and follow the steps; else skip this step and continue with step 11. >Select Backup Location >Specify the backup source >Select date and time >Select the recovery type as system restore >Recovery options as Original >Review and Confirm 11. Open Command Prompt as administrator and mark all the naming context as authoritative using ntdsutil >ntdsutil >activate instance ntds >authoritative restore >restore subtree "DC=test,DC=com" Repeat the above steps for the other Naming context like "CN=Configuration,DC=test,DC=com", "CN=Schema,CN=Configuration,DC=test,DC=com", "DC=ForestDNSZones,DC=test,DC=com", "DC=DomainDNSZones,DC=test,DC=com" as well. Reboot the server in normal mode and perform the following steps for making sysvol as authoritative: Mark the sysvol as authoritative by changing the msDFSR-Enabled value to 1 >net stop dfsr >Open Active Directory Users and Computers, go to View and enable Advanced Features >Navigate to Domain Controllers -> Your DC -> DFSR-Localsettings -> Domain System Volume >Right-click SYSVOL Subscription, select Properties, and then Attribute Editor >Find msDFSR-Options, click Edit, change the value to 1, and click OK >Run repadmin /syncall /Aed from an elevated command prompt to force replication of the AD changes >Run net start dfsr in an elevated command prompt on the authoritative DC. >Run dfsrdiag /pollad from an elevated command prompt on the authoritative DC Verify the domain controller is holding the FSMO roles if not seize the roles. Steps are as follows: >ntdsutil >Roles >Connections >Connect to Server <Recovered VM> >quit >seize PDC Emulator Repeat the above steps to seize the other roles (Infrastructure, Schema master, RID Master and Domain Naming master) Check the time synchronization by using w32tm /query /source. Now Domain Controller is completely recovered from backup. Check the health of domain controller using DCDIAG Command. Restoring the Child Domain DC: 1. Search the domain Controller VM in Azure console 2. Select recover and create new 3. Fill in the details of the isolated environment so that the VM will be recreated 4. login with domain admin privileges 5. Verify the DNS assigned using IPCONFIG /ALL 6. Change the DNS IP address on network properties to Server IP Address 7. Perform Ipconfig /registerdns so that the IP of new DC will be updated 8. Run Command : Net Share to check SYSVOL and NETLOGON is showing up 9. Boot the system into DSRM Mode by selecting the option in msconfig 10. Once it is booted in DSRM Mode, login using local administrator credential If it is needed to restore the system state of any other date after restoring the complete VM then using "Windows Server Backup Wizard" choose recover and follow the steps; else skip this step and continue with step 11. >Select Backup Location >Specify the backup source >Select date and time >Select the recovery type as system restore >Recovery options as Original >Review and Confirm 11. Open Command Prompt as administrator and mark all the naming context as authoritative using ntdsutil >ntdsutil >activate instance ntds >authoritative restore >restore subtree "DC=Child,DC=test,DC=com" Repeat the above steps for the other Naming context. Reboot the server in normal mode and Perform the following steps for making sysvol as authoritative: Mark the sysvol as authoritative by changing the msDFSR-Enabled value to 1 >net stop dfsr >Open Active Directory Users and Computers, go to View and enable Advanced Features >Navigate to Domain Controllers -> Your DC -> DFSR-Localsettings -> Domain System Volume >Right-click SYSVOL Subscription, select Properties, and then Attribute Editor >Find msDFSR-Options, click Edit, change the value to 1, and click OK >Run repadmin /syncall /Aed from an elevated command prompt to force replication of the AD changes >Run net start dfsr in an elevated command prompt on the authoritative DC. >Run dfsrdiag /pollad from an elevated command prompt on the authoritative DC Verify the domain controller is holding the FSMO roles if not seize the roles. Steps are as follows: >ntdsutil >Roles >Connections >Connect to Server <Recovered VM> >quit >seize PDC Emulator Repeat the above steps to seize the other Domain specific roles (Infrastructure, RID Master) Check the time synchronization by using w32tm /query /source. Verify the DNS Resolution for Root Domain and Child domain from both Root DC and Child DC. Verify the Parent and child trust using AD Trust console and validate the Trust connection. Now Domain Controller is completely recovered from backup. Check the health of domain controller using DCDIAG Command. In case it is planned to move this to Production environment to make these as first root DC and first child DC, then following steps are to be performed to cleanup the stale entries of non-functional DC. >ntdsutil >metadata cleanup >Connections >Connect to server <server> >quit >Select Operation Target >list domains >Select Domain <number> >List Servers in site >Select Server <number> >quit >remove selected server Confirm for removal as 'Yes' Repeat the above cleanup steps in both Root Domain DC and Child Domain DC for the non-functioning domain controller. Verify the Dcdiag, repadmin /showrepl, repadmin /replsummary to check health of Domain controller and replications. This completes the recovery of both Root Domain and Child Domain.Windows Server unable to install Cumulative update 21H2 for x64-based Systems (KB5066782)
Hi All, Unable to install the above update. I tried things like sfc/scan, dism tool features but non works. all other updates install except the above. Tried running the update manually but failed. Think this is also breaking functionality of the virus /malware guard. ACS (azure Code signing). The last option that I am thinking of is to run a sever repair with the installation media. I also tried windows trouble-shooter for updates. Any ideas ? This is installed as a virtual machine on Hyper-V. Don't want to rebuild the server. Looking for a solution. The Error code is 0x80073701QOS and MTU settings
A contractor has asserted that latency delays are caused by a "misconfiguration" of the hardware of certain machines that produces flooding of the network with bad packets. They have asserted that they find this when checking out a new site. Is this also associated with a Quality of Service setting on a site's server if it would then release such large number of packets to the network? Does this also require careful adjustment of the MTU (Max. Trans. Unit) settings on each base server? (MS Server setting???) Or does the server simply transmit all the packets it receives from networked machines?
Language Bug
I'd like to report a bug between WS2025 (english version not affected) and WAC. I tried to download Windows Server 2025 evaluation Italian version from https://www.microsoft.com/en-us/evalcenter/download-windows-server-2025?msockid=1c4d54ba113b6b020d1942b710e66a95, I installed all the updates, installed WAC App, present in start (but also by downloading from the website) once the procedure was completed the WAC website opens in Edge but the "Sign in" button does not send any command. there is a problem translating a command because it is accentedS2D FaultDomainAwareness
We're setting up a 2 Node windows 2025 cluster with storage spaces direct After creating the pool we created two virtual disk but see the following output PS C:\WINDOWS\system32> Get-VirtualDisk | Format-List FriendlyName, Size, FaultDomainAwareness FriendlyName : ClusterPerformanceHistory Size : 25769803776 FaultDomainAwareness : StorageScaleUnit FriendlyName : S2DVOL01 Size : 10995116277760 FaultDomainAwareness : FriendlyName : S2DVOL02 Size : 10995116277760 FaultDomainAwareness : The FaultDomainAwareness is empty for the two virtual disk created on the storage pool which is configured like this PS C:\WINDOWS\system32> Get-StoragePool –FriendlyName S2D-CLHV-001-Pool | Format-List FriendlyName, Size, FaultDomainAwarenessDefault FriendlyName : S2D-CLHV-001-Pool Size : 57592038555648 FaultDomainAwarenessDefault : StorageScaleUnit is there something wrong ?Hyper-V can not be installed because virtualization support is not enabled in the BIOS
Win 2022 Datacenter as Hyper-V host Win 2022 Datacenter as Virtual Machine ... after latest Windows Updates (troublemaker KB5034439 who require resize of Recovery partition to be able to be installed successfully) ... on the VM ... is Unable to install Hyper-V Role because of the error "Hyper-V can not be installed because virtualization support is not enabled in BIOS". Very first error it was a different one and it was fixed by enabling extensions who was fixed via this commands /Hyper-V Host /Elevated PowerShell #List of VM Get-VM Get-VMProcessor -VMName <name> #Check Nested (Get-VMProcessor -VMName <name>).ExposeVirtualizationExtensions #Configure Nested Virtualization Set-VMProcessor -VMName <name> -ExposeVirtualizationExtensions $true #Disable Nested Virtualization Set-VMProcessor -VMName <name> -ExposeVirtualizationExtensions $false ... but the error "Hyper-V can not be installed because virtualization support is not enabled in the BIOS" is very tough and I not yet find any solution yet. I'm convinced that they (MS) disable Nested Support via latest Windows Update, but it is only my personal opinion. I even update firmware to the Bios of Host machine and triple check the Virtualization boxes to be enabled but since no one change it it is the same. Anyone having some idea how to Enabled Nested Virtualization on Hyper-V Host Machine ?Public network on NIC instead of domain network
On a Windows Server 2025 Standard Edition, I have 2 NICs: a 10Gbps NIC and 1Gbps NIC. Both NICs have a static IP address, but only the faster 10Gbps has a default gateway. The faster NIC correctly identifies as the domain network but the slower NIC says it is on a public network. The DNS settings and suffixes are the same for both cards. I have another Windows 2025 server with the same setup but both NICs identify as the domain network. Any ideas on how to fix this? Thanks.
Untagged VLAN - Server 2025 Hyper-V
Hi, I have a strage issue and not finding a solution. Using Server 2025 with two node Hyper-V cluster. Most of the machines using VLANs which works fine. Some machines using no VLAN config. Which usually means the "Access VLAN 1" regarding our switch configuration. With Server 2019 this worked fine. With Server 2025 same NIC port, same server/NIC hardware "Untagged" VMs don't get any network connection. If I add a second NIC to the VM "Untagged" the NIC get immidiatly an IP address and has a proper connection. If I remove the first NIC, the second NIC stop working. It looks like something has changed with Server 2025 (maybe already with Server 2022). Do you have any idea what kinde of problem I have found? Thanks JackHow to managed Active Directory using Windows Admin Center
Hello, Can I manage Active Directory using Windows Admin Center ? If yes, please provide the link to give me the documentation on the same. I can see that the Active Directory extension is in preview stage: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/use/manage-servers#active-directory-preview but this document is dated 2019. Any help on the above mentioned is appreciated. Thanks Sushanth Amin
Recent Blogs
- 7 MIN READWelcome to part one of my blog series on Cross Forest Certificate Enrollment. Nowadays, businesses often run across multiple Forests for distinct reasons. You would like to ensure secure authenticati...Oct 22, 2025
- 5 MIN READAbout media-based upgrade to Windows Server 2025 With N-4 media based upgrades, you can upgrade your organization’s physical devices and virtual machines directly from Windows Server 2012R2, Window...Sep 23, 2025
