Recent Discussions
Windows Admin Center - Couldn't configure PowerShell authentication error
We have a lab setup to test migrating VMWare VMs to Hyper-V. Everything was working fine, however today whenever we try and access the settings of a VM we get an error. We're going through Cluster Resources -> Virtual Machines -> VMName -> Settings. The error is: Notification details Error Error Couldn't configure PowerShell authentication 1:25:15 PM Sourcehttps://edutech-hv-2.edutech-rd.local/clustermanager/connections/cluster/edutechrd.edutech-rd.local/tools/virtualmachines/settings/parent/virtualmachineview/server/edutech-hv-2.edutech-rd.local/vmid/981389c7-3880-4794-8897-dc1fe48170fd/vmname/Edutech-RD-DC2/general Type Error Message Unable to configure either CredSSP or local PowerShell options. Error: RemoteException: You cannot call a method on a null-valued expression. Now, the two Hyper-V hosts had been disconnected from the network for quite a while during some network upgrades and were only reconnected to the network this morning, having been disconnected for 56 days. domain health is fine. we're using an admin account. not really sure what the issue is. Thanks
Procedures to raise the functional level of AD 2008 r2 to 2019
Hello everyone, Our AD has the Windows Server 2008 functional level and the servers with Windows Server 2016 OS. I intend to raise the functional level to 2019 or 2025. I would like your help with tips and documentation to decide whether 2019 or 2025 would be best, what are the risks and procedures for successful migration. I have an isolated environment to carry out rehearsals and tests before actually going into production.storage migration service not visible in windows admin centre
Hello. Wanting to evaluate Windows Server 2022 Standard, WAC and SMS. WAC is installed as a gateway on the evaluation version of Windows Server 2022. WAC version 2306 Build 1.5.2306.14001. SMS extension 2.32.0 is installed in the WAC. SMS feature is installed on the Windows Server 2022 evaluation and service is running. SMB-In firewall rule is enabled as per SMS requirements. SMS Known Issues page says this was an issue with Windows Server 2019 evaluation versions but was fixed in more recent versions of Windows Server. https://learn.microsoft.com/en-us/windows-server/storage/storage-migration-service/known-issues I'm presuming that Known Issues page is wrong and SMS is still blocked for eval versions of Windows Server but thought I'd ask here in the meantime. Has anyone successfully run SMS on an evaluation version of Windows Server 2022? Thanks.
2026-04 Update Breaks Domain Logins
I have an Active Directory domain that is old (from 2000!) that has been upgraded and moved to newer versions of Windows Server and Active Directory. I have domain controller VMs running Windows Server 2025 Standard Edition. Unfortunately they installed the latest 2026-04 patches which my have changed the Kerberos encryption from RC4 to AES. This has resulted in my not being able to log into any Active Directory domain accounts and the domain controllers themselves. I can only log into workstations using the local account. Suffice to say this a nightmare. Any ideas how to fix it since I can't access the usual tools like Active Directory Users and Computers, Hyper-V won't connect to the VMs, etc. Thanks. SDomain users not able to logon with their password event though it has not been changed....
Hi, we have this weird problem where some of the users suddenly can't login to their computer with the password they have used for almost 20 years (yes sorry, bad practise). When the user reports it I check that I can logon to the computer with my own account (not 20 year old password) which works fine. I check the event log for problems both on the client and the DC and all I see is see which I can relate to the problem is event id 4625 with an error code which means bad password. I check the AD account and see that pwdLastSet has a date in 2006 (not quite 20 years, but close) and I check that the account is not logged out or expired. Also make sure that the password never expires is enabled, so in my book these are all the checks needed and problem not solved. I then change the password to the same password that the user has had for almost 20 years and problem solved, but problem source not found. This has happend to 3-4 users within the last week or two, even a service user with domain admin permissions, only thing I pay note to that they have in common is the pwdLastSet in 2006, but I really can't seem to get my head around this being the issue. Also only other thing I can think of that has changed is that the old DC has been removed a few months ago, and a new 2025 DC has been introduced. promote/demote went without issues and this problem didn't surface before now several weeks after the DC change. So if anyone has experienced something similar or perhaps can point me in a direction for further troubleshooting please let me know. Thansk ThomasPhase 2 of Kerberos RC4 hardening begins with the April 2026 Windows security update
Windows updates released in April 2026 and later begin the second deployment phase of protections designed to address a Kerberos information disclosure vulnerability (CVE‑2026‑20833). This second phase continues the shift away from legacy encryption types such as RC4 by moving toward stronger default ticket behavior. After installing the April 2026 update, domain controllers default to supporting Advanced Encryption Standard (AES‑SHA1) encrypted tickets for accounts that do not have an explicit Kerberos encryption type configuration. If your organization relies on service accounts or applications that depend on RC4-based Kerberos service tickets, now is the time to address those dependencies to avoid authentication issues before the Enforcement phase begins in July 2026. Microsoft recommends continuing to monitor the System event log for Kerberos-related audit events and identify and address misconfigurations or remaining dependencies, then enabling enforcement when warning, blocking, or policy events are no longer logged. See How to manage Kerberos KDC usage of RC4 for service account ticket issuance changes related to CVE-2026-20833 and CVE‑2026‑20833 to learn more about the vulnerability, timelines, recommended preparation steps, and configuration options to ensure compliance before Enforcement mode begins in July 2026.No way to import shared connections WAC 2.6.4
hello, reaching out to to see if I am missing anything with the import-wacconnections change in the powershell module. Previous versions i had everything scripted and running smoothly where I could scrape AD for servers and tags and then import as shared connections for other engineers to use. Now, despite being a gateway admin, if I try and import a CSV via the windows admin center gui, I get an error that only personal connections can be imported. if I use powershell, despite providing the generated access token, I get a 403 error. my issued PKI certificate is good, I am a gateway and server admin, I even corrected the errors in the powershell module regarding $credential vs $credentials that copilot spotted Any advice or pointers to push forward?
Virtual printer in windows server 2019 standard is not shown after configuration
Hello, I am, trying to configure a virtual printer in a Windows server 2019 standard edition that is deployed in OCI cloud. This instance has windows server license included in the pricing. The problem comes when after ending the process of configuration this virtual printer is not displayed in "Devices and printers" any idea why is this happening? Regards, AnaLogin failure from tssdis.exe on RDS server
Remote desktop server in AD environment [Windows Server 2019 standard, running RDweb, RDG, and session host, etc] periodically has service tssdis.exe (remote desktop session broker) failing to login, Event IDs 4648 and then 4625 about half a dozen times before stopping. This doesn't appear to affect any users, but I can't find anything online addressing it or if it's something that needs to be fixed. Some other people have reported the problem but not the solution, such as here: https://social.technet.microsoft.com/Forums/windowsserver/en-US/26e48e81-1400-4f8c-aef2-df03143fa211/login-through-tssdisexe Below are two exports of the event IDs (sanitized) This is the 4648 A logon was attempted using explicit credentials. Subject: Security ID: NETWORK SERVICE Account Name: SERVERNAME$ Account Domain: DOMAIN Logon ID: 0x3E4 Logon GUID: {10b9db0d-f9e0-e3ab-8c95-7dcb4ec5b3c7} Account Whose Credentials Were Used: Account Name: SERVERNAME Account Domain: DOMAIN Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: SERVERNAME.DOMAIN.local Additional Information: SERVERNAME.DOMAIN.local Process Information: Process ID: 0x17c8 Process Name: C:\Windows\System32\tssdis.exe Network Information: Network Address: fe80::xxxx:f30a:xxxx:xxxx Port: 49667 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. This is the 4625: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: SERVERNAME Account Domain: DOMAIN Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC0000064 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: SERVERNAME Source Network Address: fe80::xxxx:f30a:xxxx:xxxx Source Port: 50798 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.Error al agregar Windows Server 2025 a dominio existente, nivel funcional 2016
Buenas a todos, Me dirijo a esta comunidad en busca de orientación para resolver un problema que se me está presentando al intentar integrar un nuevo servidor con Windows Server 2025 Standard a mi infraestructura de Active Directory existente. Descripción del entorno: Dominio de Active Directory activo con Windows Server 2019 Standard. Nivel funcional de dominio y bosque configurado en Windows Server 2016. Controladores de dominio actuales: server-dc01.impresoratec y server-ad2019.impresoratec. El nombre de dominio interno utilizado es impresoratec (nombre NetBIOS/dominio de etiqueta única, sin sufijo DNS completo tipo .local o .com). Problema: Al intentar agregar el nuevo servidor con Windows Server 2025 al dominio, el proceso falla y se presenta el siguiente mensaje de error: "Es posible que el nombre de dominio "impresoratec" sea un nombre de dominio NetBIOS. Si este es el caso, compruebe que el nombre de dominio está registrado correctamente con WINS. [...] La consulta se refería al registro SRV para _ldap._tcp.dc._msdcs.impresoratec. La consulta identificó los siguientes controladores de dominio: server-dc01.impresoratec y server-ad2019.impresoratec. Sin embargo, no se pudo contactar con ningún controlador de dominio." El mensaje sugiere que los registros de host (A) o (AAAA) pueden contener direcciones IP incorrectas o que los controladores de dominio no son accesibles desde el nuevo servidor. Lo que he verificado hasta ahora: Los controladores de dominio existentes están en línea y operativos. La replicación entre los DCs actuales funciona con normalidad. El nuevo servidor con 2025 tiene conectividad de red general, pero no logra localizar los DCs al momento de unirse al dominio. Mi consulta: ¿Alguien ha experimentado este comportamiento al incorporar un servidor con Windows Server 2025 a un dominio con nivel funcional 2016 y un nombre de dominio de etiqueta única (single-label domain)? ¿Existe algún requisito previo adicional —como la actualización del esquema de AD, ajustes en DNS o en WINS— que deba cumplirse antes de agregar el nuevo DC? Agradezco de antemano cualquier orientación o experiencia que puedan compartir.Groups and roles issues
Hello, We use two user accounts, one that is a server administrator and that we use to connect to the servers via RDP (ADMaccounts). The other is not an administrator and we use it on our workstations (USRaccounts). I deleted from Gateway Users the Builtin\users group because I don't want users to access even though they can't do anything. For now I added another group as Gateway Users with our USR accounts. ADM accounts are member of Gateway Administrators. When Im logged into WAC with the ADM user and access to WAC, the browser asks me for credentials, I enter the ADM credentials, and I log in. When I am at my workstation, I access the URL and log in without being asked for credentials with the USR account session. I do not understand this behavior. I need to access from my workstation with the ADM account. How can I make the browser ask me for credentials? Do I have to open the browser with the admin credentials every time I want to manage WAC? Thanks, Best regards
RDS Licensing for administrators
Hello, We are planning to acquire 10 RDS User licenses, and I would like to clarify the following points: Will access be limited to 10 simultaneous rdp session, or can administrators still access the server normally via RDP? Do administrators connecting using mstsc /admin require an RDS license, or is this access exempt? In the past (Windows Server 2016), I recall that exceeding the number of licenses allowed temporary RDP sessions. Could you confirm if this behavior is still the same? Thank you in advance for your clarification.RDP logs in locally
Hi all, Have a Windows 2022 21H2 server, VM on vSphere. When attempting to RDP to it, I briefly see the desktop before getitng the error - you have been disconnected because another connection was made to the remote computer. I note that when viewing the server in vCentre, the 'local' desktop logs in when an RDP connection is attempted. This must then be kicking the RDP session. At the moment the only way to manage it is via vCentre which isn't ideal. Is there a setting somewhere to prevent this from happening? cheers jntoskrnl.exe and build version not getting updated after applying KB5078740 on server 2025
I have installed the latest March patch kb5078740 on server 2025 which was upgraded from server 2022. the patch is showing installed but the ntoskrnl.exe and build version is still showing 10.0.26100.4652. Qualys is detecting it as patch not installed based on file version which should be 10.0.21600.32522. Please let me know how to fix this issue.
Como hacer el Donwgrade de Windows Server 2022 Standard a Windows Server 2019 Standard, es posible??
Tengo que adquirir 3 licencias para 3 servidores dell nuevos comprados con un distribuidor, pero no encuentro localmente licencias de Windows Server 2019, unicamente Windows Server 2022, y para la aplicacion que se desea correr unicamente puedo usar 2019. Se puede hacer el Downgrade de esta version? y alguien sabe cual es el proceso???.....
Events
Kick off Windows Server Summit 2026 with a forward-looking conversation led by the people shaping its future. Gain valuable insights as Windows Server product leaders come together to discuss the mom...
Online
The Windows Server Summit is back with real‑world architecture guidance, scenario-based deep dives, and actionable insights to help you take advantage of the latest and upcoming Windows Server capabi...
Online
Recent Blogs
- We are excited to announce the release candidate for Log Monitor v2.2.0, now available on GitHub: LogMonitor v2.2.0 Log Monitor is an open-source tool that enables Windows containers to surface log...Apr 15, 2026
- We’ve been walking you through Virtualization Mode’s “Add resource” wizard step-by-step, first with a adventurous overview, then a no-nonsense networking walkthrough, followed by a shagadelic storage...Apr 06, 2026
