Server 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"
OS: Windows Server 20225 Standard Core (no GUI), build 26085.1 Role: ADDS, DNS ForestMode: Windows2025Forest DomainMode: Windows2025Domain Platform: Hyper-V guest When standing up a clean Windows Server 2025 using server core and configuring it as a domain controller, the network category (profile) always shows as "public." A clean load of Windows Server 2022 with server core as a domain controller has the same behavior. However, in Server 2022, the fix is to add DNS as a required service to the nlasvc (Network Location Awareness) service. Once that is done, the network category reflects "DomainAuthenticed" and persists between reboots. In Server 2025, the nlasvc service does not have the same requiredservices as Windows Server 2022, and it does not start automatically. Even after configuring the nlasvc service the same way it is in Server 2022 and adding DNS as a required service, the network category still reflects "public." The only way to get the network category to properly reflect the "DomainAuthenticated" status is to disable and reenable the network adapter after each reboot.
Model Context Protocol (MCP) Server for Azure Database for MySQL
We are excited to introduce a new MCP Server for integrating your AI models with data hosted in Azure Database for MySQL. By utilizing this server, you can effortlessly connect any AI application that supports MCP to your MySQL flexible server (using either MySQL password-based authentication or Microsoft Entra authentication methods), enabling you to provide your business data as meaningful context in a standardized and secure manner.GUIDE: Where to find information about Windows Updates and release information (any version)
WINDOWS RELEASE HEALTH DASHBOARD Contains all links below, except for old OSes, Azure Stack HCI, Microcode Updates, Flight hub, Servicing Stack Updates https://docs.microsoft.com/windows/release-health/ RESOLVED AND KNOWN ISSUES All OS, except Azure Stack HCI OS Expand categories on the drop-down menu left hand side https://docs.microsoft.com/windows/release-health/windows-message-center RELEASE INFORMATION + SUPPORT LIFECYCLE Gives an overview about Windows 10 release dates and end of support / supported OS versions and recommended versions. Azure Stack HCI OS https://docs.microsoft.com/azure-stack/hci/release-information Windows Server 2016 - 2022 LTSC, Windows Version version xxxx SAC https://docs.microsoft.com/windows/release-health/windows-server-release-info Windows 11 GAC (+ former SAC) https://docs.microsoft.com/windows/release-health/windows11-release-information Windows 10 GAC (+ former SAC) https://docs.microsoft.com/windows/release-health/release-information Windows 10 2015 - 2021 LTSC https://docs.microsoft.com/windows/whats-new/ltsc/ INSIDER FLIGHT HUB Announces changes for Windows 10 / 11 Insider builds Dev, Beta and release preview builds and patches as well as Windows Feature Pack Updates descriptions (excluding Windows Server Insider and ADK) https://docs.microsoft.com/windows-insider/flight-hub/ INTEL MICROCODE UPDATES Tables top to bottom contains the higher level of security / number of mitigations. Means the bottom table has the highest level of protection / mitigation. These are partly part of the OS depending on the version; therefore, some Windows versions are not listed. If you use WSUS consider importing these updates. Unfortunately they are not part of any product category, even though they are security releated. https://support.microsoft.com/topic/summary-of-intel-microcode-updates-08c99af2-075a-4e16-1ef1-5f6e4d8637c4 Microsoft is making available Intel-validated microcode updates that are related to Spectre Variant 2 (CVE 2017-5715 [“Branch Target Injection”]). Spectre Variant 3a (CVE-2018-3640: "Rogue System Register Read (RSRE)") Spectre Variant 4 (CVE-2018-3639: "Speculative Store Bypass (SSB)"), and L1TF (CVE-2018-3620, CVE-2018-3646: "L1 Terminal Fault"). The following table lists specific Microsoft Knowledge Base articles by Windows version. The article contains links to the available Intel microcode updates by CPU. KB number and description Windows version Source KB4589212: Intel microcode updates Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2 Microsoft Update Catalog KB4497165 Intel microcode updates Windows 10, version 1903 and 1909, Windows Server, version 1903 and 1909 Microsoft Update Catalog KB4494174 Intel microcode updates Windows 10, version 1809, Windows Server 2019 Microsoft Update Catalog KB4494451 Intel microcode updates Windows 10, version 1803, and Windows Server, version 1803 Microsoft Update Catalog KB4494452 Intel microcode updates Windows 10, version 1709, and Windows Server 2016, version 1709 Microsoft Update Catalog KB4494453 Intel microcode updates Windows 10, version 1703 Microsoft Update Catalog KB4494175 Intel microcode updates Windows 10, version 1607, and Windows Server 2016 Microsoft Update Catalog KB4494454 Intel microcode updates Windows 10 (RTM) Microsoft Update Catalog SERVICING STACK UPDATES These special updates for maintain the servicing stack of Windows (which is responsible for updates, dism, adding and removing features etc) have to be installed before any regular update. Currently Windows 10 1909, Windows Server 2019 and Azure Stack HCI OS have combined CUs, means the SSU is already integrated and will care for the correct installation order. Windows Client OS, Windows Server, Azure Stack HCI OS 21H2 and later version have integrated SSU into the CU. Possibly this will be backported to earlier versions. For https://msrc.microsoft.com/update-guide/vulnerability/ADV990001 WINDOWS UPDATE HISTORY aka Release Notes Check the KBs, release date, changes, known issues and remediations of Windows Updates per Windows Version AZURE STACK HCI OS Azure Stack HCI OS 21H2 (release + public preview) Build 20348 https://support.microsoft.com/en-us/topic/release-notes-for-azure-stack-hci-version-21h2-5c5e6adf-e006-4a29-be22-f6faeff90173 Azure Stack HCI OS 20H2 Build 17784 https://support.microsoft.com/topic/release-notes-for-azure-stack-hci-64c79b7f-d536-015d-b8dd-575f01090efd WINDOWS SERVER LTSC Windows Server 2022 LTSC build 20348, internal 21H2 http://support.microsoft.com/help/5005454 Windows Server 2019 LTSC build 17763, internal 1809 https://support.microsoft.com/topic/windows-10-and-windows-server-2019-update-history-725fc2e1-4443-6831-a5ca-51ff5cbcb059 Windows Server 2016 LTSC build 14393, internal 1607 https://support.microsoft.com/topic/windows-10-and-windows-server-2016-update-history-4acfbc84-a290-1b54-536a-1c0430e9f3fd Windows Server 2012 R2 / 2012 R2 Update 1 KB2919355 / ESU (soon) build 6.3.9200 / build 6.3.9600 Mind that you cannot install updates after KB2919355 if this update and prerequisites are not installed https://support.microsoft.com/topic/windows-8-1-and-windows-server-2012-r2-update-history-47d81dd2-6804-b6ae-4112-20089467c7a6 Windows Server 2012 + ESU (soon) build 6.2.9200 https://support.microsoft.com/topic/windows-server-2012-update-history-abfb9afd-2ebf-1c19-4224-ad86f8741edd Windows Server 2008 R2 Service Pack 1 (SP1) + ESU build 6.1.7601 https://support.microsoft.com/topic/windows-7-sp1-and-windows-server-2008-r2-sp1-update-history-720c2590-fd58-26ba-16cc-6d8f3b547599 Windows Server 2008 Service Pack 2 (SP2) build 6.0.6002 https://support.microsoft.com/topic/updateverlauf-f%C3%BCr-windows-server-2008-sp2-9197740a-7430-f69f-19ff-4998a4e8b25b WINDOWS SERVER VERSION, GAC (+ former SAC) This special core version of Windows Server, eligble to use with active Software Assurance for Windows Server started with 1709 ends with 20H2. For Update history check the Windows 10 release notes. I have not listed them specifically due to their very specific usecase and probably low installation count. WINDOWS OS LTSC (Long-Term Support Channel) Windows 10 21H2 LTSC https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb (link unconfirmed to apply for LTSC as of 13.01.2022) Windows 10 1809 LTSC Build 17763 https://support.microsoft.com/topic/windows-10-and-windows-server-2019-update-history-725fc2e1-4443-6831-a5ca-51ff5cbcb059 Windows 10 1607 LTSC Build 14393 https://support.microsoft.com/topic/windows-10-and-windows-server-2016-update-history-4acfbc84-a290-1b54-536a-1c0430e9f3fd Windows 10 1507 LTSC Build 10240 Note that this build has no sub build numbers yet so you cannot recognize in the version which update / CU is installed https://support.microsoft.com/topic/windows-10-update-history-93345c32-4ae1-6d1c-f885-6c0b718adf3b WINDOWS OS, SAC (naming till 21H1), GAC (General Availability Channel, naming for 21H2 and later) Windows 11 version 21H2 Build 22000 https://support.microsoft.com/topic/windows-11-update-history-a19cd327-b57f-44b9-84e0-26ced7109ba9 Windows 10 version 21H2 Build 19044 https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb Windows 10 version 21H1 Build 19043 https://support.microsoft.com/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11 Windows 10 version 20H2 Build 19042 https://support.microsoft.com/topic/windows-10-update-history-7dd3071a-3906-fa2c-c342-f7f86728a6e3 Windows 10 version 2004 Build 19041 https://support.microsoft.com/topic/windows-10-update-history-24ea91f4-36e7-d8fd-0ddb-d79d9d0cdbda Windows 10 version 1909 Build 18363 https://support.microsoft.com/topic/windows-10-update-history-53c270dc-954f-41f7-7ced-488578904dfe Windows 10 version 1903 Build 18362 https://support.microsoft.com/topic/windows-10-update-history-e6058e7c-4116-38f1-b984-4fcacfba5e5d Windows 10 version 1809 Build 17763 https://support.microsoft.com/topic/windows-10-and-windows-server-2019-update-history-725fc2e1-4443-6831-a5ca-51ff5cbcb059 Windows 10 version 1803 Build 17134 https://support.microsoft.com/topic/windows-10-update-history-0d8c2da6-3dba-66e4-2ef2-059192bf7869 Windows 10 version 1709 Build 16299 https://support.microsoft.com/topic/windows-10-and-windows-server-update-history-8e779ac1-e840-d3b8-524e-91037bf7645a Windows 10 version 1703 Build 15063 https://support.microsoft.com/topic/windows-10-update-history-83aa43c0-82e0-92d8-1580-10642c9ed612 Windows 10 version 1607 Build 14393 https://support.microsoft.com/topic/windows-10-and-windows-server-2016-update-history-4acfbc84-a290-1b54-536a-1c0430e9f3fd Windows 10 version 1511 Build 10586 https://support.microsoft.com/topic/windows-10-update-history-2ad7900f-882c-1dfc-f9d7-82b7ca162010 Windows 10 version 1507 Build 10240 Note that this build has no sub build numbers yet so you cannot recognize in the version which update / CU is installed https://support.microsoft.com/topic/windows-10-update-history-93345c32-4ae1-6d1c-f885-6c0b718adf3b Windows 8.1 + 8.1 Update 1 KB2919355 build 6.3.9200 / 6.3.9600 Mind that you cannot install updates after KB2919355 if this update and prerequisites are not installed https://support.microsoft.com/topic/windows-8-1-and-windows-server-2012-r2-update-history-47d81dd2-6804-b6ae-4112-20089467c7a6 Windows 8.0 build 6.2 https://support.microsoft.com/topic/windows-server-2012-update-history-abfb9afd-2ebf-1c19-4224-ad86f8741edd Windows 7.0 Service Pack 1 (SP1) build 6.1.7601 https://support.microsoft.com/topic/windows-7-sp1-and-windows-server-2008-r2-sp1-update-history-720c2590-fd58-26ba-16cc-6d8f3b547599 Windows Vista Service Pack 2 (SP2) build 6.0.6002 https://support.microsoft.com/en-us/topic/windows-server-2008-sp2-update-history-9197740a-7430-f69f-19ff-4998a4e8b25b HISTORY: 13.01.2022 - added release information for Azure Stack HCI, Windows 10 LTSC, corrections on naming conventions of SAC, GAC, LTSC 13.12.2021 - corrected some links that directly linked to en-us instead of the generic page which would redirect to localized pages, - added Windows 10 21H2 SAC link. - honoured naming convention branch > channel. - added General availability channel which is the successor of the SAC (Semi Annual Channel starting with 21H2 releases. 03.11.2021 - Added information for Windows 11 21H1 13.10.2021 - Added information to Azure Stack HCI 21H2 release, other docs still not mention it except update history 07.10.2021 - Added Intel Microcode updates for all available threats and versions 07.10.2021 - Updated one available link for Windows 11. Update histories for 21H2 version W10/W11 are still missing 17.09.2021 - fixed some links pointing to a specific language 17.09.2021 - formatting, seperating LTSC from SAC for Windows 10, added SSUs 17.09.2021 - initial version
Server 2022 Preview missing Let's Encrypt Root certificate
First posted to LetsEncrypt.org and was advised to post this issue here. https://community.letsencrypt.org/t/fyi-windows-server-2022-does-not-have-root-certificate/157208 At the time I'm writing this, Microsoft Windows Server 2022 has not been released and is only available in "Preview". Having said that I've installed the "Preview", installed all patches, and experienced the following errors when connecting to resources that use LE certificate. This happened when using Edge and Chrome. Your connection isn't private Attackers might be trying to steal your information from website.domain.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID Firefox worked fine since it uses its own certificate store. After adding the root certificate to the root store, all was fine. The following output shows the certs currently in the root store by default as well as the PowerShell & OS version: PS C:\> gci Cert:\LocalMachine\Root PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\Root Thumbprint Subject ---------- ------- CDD4EEAE6000AC7F40C3802C171E30148030C072 CN=Microsoft Root Certificate Authority, DC=microsoft, DC=com BE36A4562FB2EE05DBB3D32323ADF445084ED656 CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, S=Western Cape, C=ZA A43489159A520F0D93D032CCAF37E7FE20A8B419 CN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1997 Microsoft Corp. 92B46C76E13054E104F230517E6E504D43AB10B5 CN=Symantec Enterprise Mobile Root for Microsoft, O=Symantec Corporation, C=US 8F43288AD272F3103B6FB1428485EA3014C0BCFE CN=Microsoft Root Certificate Authority 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 7F88CD7223F3C813818C994614A89C99FA3B5247 CN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=US 3B1EFD3A66EA28B16697394703A72CA340A05BD5 CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 31F9FC8BA3805986B721EA7295C65B3A44534274 CN=Microsoft ECC TS Root Certificate Authority 2018, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 245C97DF7514E7CF2DF8BE72AE957B9E04741E85 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Time Stamping Service Root, OU=Microsoft Corporation, O=Microsoft Trust Network 18F7C1FCC3090203FD5BAA2F861A754976C8DD25 OU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stamping Service Root, OU="VeriSign, Inc.", O=VeriSign Trust Network 06F1AA330B927B753A40E68CDF22E34BCBEF3352 CN=Microsoft ECC Product Root Certificate Authority 2018, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8 CN=Microsoft Time Stamp Root Certificate Authority 2014, O=Microsoft Corporation, L=Redmond, S=Washington, C=US DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US D4DE20D05E66FC53FE1A50882C78DB2852CAE474 CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE B1BC968BD4F49D622AA89A81F2150152A41D829C CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US 75E0ABB6138512271C04F85FDDDE38E4B7242EFE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 742C3192E607E424EB4549542BE1BBC53E6174E2 OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US PS C:\> $PSVersionTable Name Value ---- ----- PSVersion 5.1.20348.1 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.20348.1 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 PS C:\> gwmi win32_operatingsystem | fl Caption, Version, BuildNumber Caption : Microsoft Windows Server 2022 Datacenter Evaluation Version : 10.0.20348 BuildNumber : 20348 EDIT @petercooperjr in the previously mentioned Let's Encrypt thread offered this feedback. Thanks. I don't know if it'd help whomever looks at it, but if you look at the Microsoft Trusted Root Program's page of their current trusted roots, you can see that ISRG Root X1 is there. (And it looks like ISRG Root X2 is there too!) https://docs.microsoft.com/en-us/security/trusted-root/participants-list https://docs.microsoft.com/en-us/security/trusted-root/participants-list This document provides details about the participating Certificate Authorities in the Microsoft Trusted Root Program.
Upgrading from Windows Server 2016 to 2019
Is Windows Server 2019 considered a safe upgrade from Windows Server 2016? Is it like installing a new build in Windows 10 (e.g. going from 1703 to 1709)? or is it more substantial than that? traditionally we haven't done in-place upgrades of Server OS, but wondered if 2019 is different, and more like a build upgrade than an OS upgrade? And is there instructions for doing an upgrade of 2016 to 2019?
