security
53 TopicsServer 2025 Domain Join Error ASN.1
hallo we wanna join an appliance (cisco ISE) to our domain/forest and get an error. Domain Controllers was updated from Server 2022 to Server 2025 preview it was ok with the appliance in ad. With Server 2025 final we get this error: Test Name :Kerberos test obtaining join point TGT Description :Tests TGT Obtaining in joint point Instance :CCLOUD-AD Status :Failed Start Time :10:13:54 22.11.2024 MET End Time :10:13:54 22.11.2024 MET Duration :<1 sec Result and Remedy... Could not obtain TGT : ASN.1 failed call to system time library. Check Kerberos related AD configuration What we done in troubleshooting, yet: DNS Resoluion works. domain is resolvable NTP is ok and correct time from pdc and synced to all other DCs and Clients/Servers domain join user credentials and permission are correct We tested also with an Domain Admin User/Cred Container/OU and Computer Object Permissions/Owner rights are set to the join account. Delete and let the Appliance create a new Object did not work can anyone help with ideas?55Views0likes0CommentsSMB over QUIC Roadmap
Hello everyone! I had seen somewhere back in October(?) 2022 that Microsoft plans to implement SMB over QUIC for Azure File Shares (without needing Windows Server 2022 (Azure edition). Is this part of the roadmap? I've also seen somewhere that there are plans to eventually make SMB over QUIC available for non-Azure editions of Windows Server 2022. Is this true as well? and if so, is there a roadmap to when this will be available in a Windows Server insiders build? Thank you!Solved3.5KViews1like3CommentsWindows Boot Manager not updated
KB5025885 outlines how to update Windows Boot Manager, but build 26257 still has a Windows Boot Manager that is signed with the old "PCA 2011" certificate. The manual processes in KB5025885 are a real pain (and don't scale) so it would be very annoying if this is not fixed before RTM. https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d808Views1like9CommentsAAD join Server 2025
Hi, Wondering if Server 2025 can be AAD joined. this would help some businesses that have their laptops joined as well as would also like to have the option to join their Server for their line of business apps etc. Seems really strange you can have win11 AAD joined but not server 2025. Or am i just missing something here. Having to use Azure Arc comes with extra headaches and costs.Solved5KViews1like12CommentsIs Enforcing LDAP Signing enabled by default starting with Windows Server 2025?
When connecting to Windows Server 2025 (Preview) using LDAP simple bind, the server rejected the bind.「The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection」was displayed as an error message. If you change the LDAP server signing requirement from the default value to disabled according to the page below, LDAP simple bind will succeed. https://learn.microsoft.com/ja-jp/troubleshoot/windows-server/active-directory/enable-ldap-signing-in-windows-server Is Enforcing LDAP Signing enabled by default starting with Windows Server 2025? If so, where is the announcement about enabling LDAP server signing requirements?691Views0likes2CommentsDocumentation on "Microsoft.OSConfig" PowerShell Module
Hi Server Insiders, is there any documentation available on the PowerShell Module"Microsoft.OSConfig"? OsConfiguration Module | Microsoft Learndoes not help that much and also "Get-Help" is not that helpfull on most of the Commands. 🙂 Thanks! Best regards, Jan449Views2likes2CommentsWill Windows Server 2025 kernel be resilient to Croudstrike-like failures?
I know that Windows Server 2025 will soon be ready for GA, but I'm also thinking that last week's events happened still on time to do something from MS side in order for kernel of Windows Server 2025 to be more resilient to third party (or its own Defender) influence. Can Microsoft introduce something easy, like automatic last known good kernel configuration if BSOD is detected, which would automatically restart Windows without human intervention with the previous version of antivirus, and just signal in System Event Viewer, that last antivirus update had something crashing the system?643Views2likes2CommentsRegreSSHion Vulnerability Remediation
Being that a critical CVE has been identified (RegreSSHion) and Windows Server 2025 has OpenSSH installed by default, what is Microsoft's plan to remediate this? The feature is disabled by default, but installed already - causing it to show as "out of compliance" in vulnerability scans. Read below: CVE-2024-6387: How to fix the regreSSHion vulnerability | Vulcan Cyber1.3KViews0likes4CommentsDNS.EXE Multiple UDP inbound connections on Windows
I am facing an issue regarding multiple open UDP connections on my Windows Server 2022. After running the netstat -an command in the command prompt, I noticed that there are a significant number of UDP ports listed. Apparently these ports are associated with the dns.exe process.340Views0likes0CommentsServer 2025 - GPUpdate triggers immediate LAPS reset
So we're currently testing out the Public preview of Windows 2025 and have noticed some new behaviour when testing out joining the OS to our domain. Initially all works well, the system joins the domain and our LAPS GPOs take over managing the local administrator password, allowing some of our automation to retrieve the password and start running tasks against the system. However one thing we've noticed is that as soon as a gpupdate is triggered on Server 2025 it causes LAPS to immediately reset the password again, something that doesn't occur on Server 2019 or 2022. This in turn causes our ansible automation to immediately begin failing because the credentials are now incorrect. Does anyone know if this is intended behaviour? Or just a quirk of the Preview version? If it is intended behaviour is this something we can change? Given that it only seems to be happening for Server 2025 I'm hoping there might be some OS config we can change to stop it happening, but I'm not sure if we might need to make changes to our GPO instead.1.3KViews1like6Comments