Out of Band Cumulative Updates Question
I installed March 2026 Cumulative Update on a new server instead of April due to some RC4 changes to test something. I noticed that after the update installed in the event viewer it thinks the June 2026 update was installed. I don't see the June update under installed updates but shows up in update history. The build version of the server matches with the March 2026 update. Is this a weird side effect of installing a superceded update? I'm having trouble understanding what is going on.
KB5094128 ntoskrnl.exe version wrong?
For update KB5094128 The list of updated files contains an ntoskrnl.exe with file version 10.0.20348.5257 which in my opinion should be 10.0.20348.5256. https://go.microsoft.com/fwlink/?LinkId=2368532 We use scanning tools which rely on this list of updated files. But the installed file version is different and therefore our scanning tools report these installations as "vulnerable" After applying patch KB5094128 the version of \windows\system32\ntoskrnl.exe is 10.0.20348.5256 Does anybody know if the information in this .csv is wrong?
Windows Server 2025 24H4 is not useable anymore after Nov. Update KB5068861
Hello, currently, on several Windows Server 2025 Datacenter systems, version 24H2, I am experiencing severe issues accessing network resources after the automatic installation of update KB5068861. This affects network access from Windows Server 2025 24H2 to Windows Server 2025 24H2. Access from these servers to older Windows Server 2016 systems works without any problems. When entering a UNC path—whether by name or by IP—I am always prompted for my credentials, even as a domain administrator. No matter which credentials I enter, I always receive the message that the username or password is incorrect. Under “Change advanced sharing settings,” the two switches “Network discovery” and “File and printer sharing” are set to OFF in the domain network after the update. Re-enabling these two options, which are normally enabled by default, does not improve the situation. Since this patch, I also have an issue on a Windows Server 2025 RDS host where a logged-in user cannot type in the “Search” field. Additionally, the performance on the RDS host feels extremely sluggish. Unfortunately, uninstalling the patch is not possible. The patch KB5067036 is not installed. I have already performed a restore to the day before KB5068861 was installed, but without the desired improvement in performance. Even after the restore, I still cannot access the network via UNC through File Explorer as a user. In the search window, I can access via UNC path. As an administrator, access via UNC path works both in File Explorer and in the “Search” field. Everything worked fine before 11/11/2025. Has anyone had similar experiences or already found a solution? Is a patch for the patch planned? Currently, troubleshooting feels like groping in the dark! In this state, the 24H2 server is no longer usable. What was Microsoft even thinking, releasing such faulty patches—and for weeks now? Is there still any quality control at Microsoft for such critical updates and patches? Thanks for every support, idea, and comment.
Windows server 2025 Application Crashing Events
I have installed a Windows Server 2025 and after starting it in about 30 minutes the following error appears in the Windows application log . ======================================= Log Name: Application Source: Application Error Date: 4/6/2026 1:51:06 μμ Event ID: 1000 Task Category: Application Crashing Events Level: Error Keywords: User: SERVER\Administrator Computer: SERVER.efarmacy.internal Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.26100.1, time stamp: 0x5bc61463 Faulting module name: biwinrt.dll, version: 10.0.26100.32230, time stamp: 0xb950595a Exception code: 0xc000027b Fault offset: 0x0000000000012713 Faulting process id: 0x1964 Faulting application start time: 0x1DCF4100B5B371A Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\biwinrt.dll Report Id: a0fa5d15-b026-4d12-a047-d965195ac338 Faulting package full name: MicrosoftWindows.Client.CBS_1000.26100.275.0_x64__cw5n1h2txyewy Faulting package-relative application ID: Global.Accounts Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" Guid="{a0e9b465-b939-57d7-b27d-95d8e925ff57}" /> <EventID>1000</EventID> <Version>0</Version> <Level>2</Level> <Task>100</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2026-06-04T10:51:06.2935992Z" /> <EventRecordID>7473</EventRecordID> <Correlation /> <Execution ProcessID="1984" ThreadID="6560" /> <Channel>Application</Channel> <Computer>SERVER.efarmacy.internal</Computer> <Security UserID="S-1-5-21-4001248846-3127524418-1814302027-500" /> </System> <EventData> <Data Name="AppName">backgroundTaskHost.exe</Data> <Data Name="AppVersion">10.0.26100.1</Data> <Data Name="AppTimeStamp">5bc61463</Data> <Data Name="ModuleName">biwinrt.dll</Data> <Data Name="ModuleVersion">10.0.26100.32230</Data> <Data Name="ModuleTimeStamp">b950595a</Data> <Data Name="ExceptionCode">c000027b</Data> <Data Name="FaultingOffset">0000000000012713</Data> <Data Name="ProcessId">0x1964</Data> <Data Name="ProcessCreationTime">0x1dcf4100b5b371a</Data> <Data Name="AppPath">C:\WINDOWS\system32\backgroundTaskHost.exe</Data> <Data Name="ModulePath">C:\Windows\System32\biwinrt.dll</Data> <Data Name="IntegratorReportId">a0fa5d15-b026-4d12-a047-d965195ac338</Data> <Data Name="PackageFullName">MicrosoftWindows.Client.CBS_1000.26100.275.0_x64__cw5n1h2txyewy</Data> <Data Name="PackageRelativeAppId">Global.Accounts</Data> </EventData> </Event> =========================================== I have already done the actions to check the files. The check does not find any problems but the problem continues to appear. "DISM.exe /Online /Cleanup-image /Restorehealth" "sfc /scannow". I would like to know if anyone else has faced this problem and if there is a solution for it. Thanks in advance .
SCCM- Upgrade from 2409 to 2509 WSUS timeout issue
Had a working task sequence on 2409 that performed software updates at the end of the task sequence. Upgraded to 2509 - I get a timeout issue when getting to that point on the task sequence. Ive performed maintenance on the WSUS Server, (obsolete, expired etc) I removed the Software Update Point - and re installed it selected the Products of Server 2016,2019, server operating system 21h2 , Windows 10 1903 or later and Windows 11. rebooted both the SCCM and SQL Server. after doing the above but the HRESULT 0x80244010 still persists. "Exceeded max server round trips" — client couldn't retrieve all updates in one cycle. Software centre updates in the OS seem to be unaffected or unknown if clients are affected, only in a task sequence this occurs. Blog posts refer to older items, what would cause this to fail after a upgrade from 2409 to 2509? AI help repeats about reducing metadata and updates but for weird reason i keep getting 700+ updates for the above categories!
PowerShell counterpart for Failover Cluster Manager "Live Migration Settings"
In Failover Cluster Manager, there's "Live Migration Settings" where I can define what cluster networks I want to carry live migration traffic. Even after some research, I cannot find a PowerShell cmdlet that lets me do the same...
Remote desktop app hangs when opening a new process
I have a windows remote desktop server, windows server 2022. We have a few programs we allow access to people published as remote apps. One of the programs exports to Excel by opening excel, creates the workbook/worksheet, but the window does not show and the program hangs waiting for excel to close. The user can't see excel and therefore can't close excel so they are stuck. as an admin, I can connect to the remote desktop server and end task on their excel instance and then they can continue working. Is there a way to allow the excel window to show when opened by a remote app? We prefer to only allow our users access to the one app they need to run instead of a desktop.Windows Server 2025 DC — LSASS handle leak identified via WinDbg — authz!AuthzpDeQueueThreadWorker
Hello All!! Im having a problem, LSASS crashes on a Windows Server 2025 Domain Controller, I identified what appears to be the root cause using WinDbg memory dump analysis. Sharing this hoping someone else has seen it or Microsoft can confirm. The Problem LSASS handle count grows continuously over time and eventually crashes with a 0xC0000005 access violation (Event ID 1015). After a reboot the cycle repeats. The growth rate correlates with authentication load and faster during peak hours, slower overnight. WinDbg Dump Analysis Captured LSASS dump at high handle count and ran !handle 0 f: Token handles: overwhelmingly dominant Everything else: negligible Every leaked token shows: GrantedAccess: 0x8 (TOKEN_QUERY only) PointerCount: overflowed to negative integer Running !findstack authz 2 shows multiple worker threads all sitting in: authz!AuthzpDeQueueThreadWorker What Was Tested And Eliminated Stopped or disabled each individually and measured handle growth rate — zero meaningful difference from any: - Antivirus (all components) - Backup software - Application services - VSS snapshots - Hardware management agents etc.. Environment OS: Windows Server 2025, fully patched with the latest updates including April LSASS update. Role: Domain Controller DNS PAM: Not active. Conclusion Token handles are opened with TOKEN_QUERY access inside authz!AuthzpDeQueueThreadWorker and never released. Reference counter overflows to negative integer. Growth rate scales directly with authentication load. Current workaround: reboots during off hours. Has anyone else seen this pattern on Windows Server 2025? Is there a known fix or Microsoft acknowledgment for this specific authz token handle leak?
Creating parent reverse lookup zone when child zones already exist — what happens?
We have an AD-integrated DNS environment that has accumulated a large number of reverse lookup zones over time, created without any parent zone — essentially DNS sprawl from years of admins creating individual subnet zones rather than working from a parent. We currently have approximately 80+ reverse lookup zones including: Dozens of x.10.in-addr.arpa zones covering various 10.x.x.x subnets Multiple x.172.in-addr.arpa zones A handful of others including 100.192.10.in-addr.arpa, 168.192.in-addr.arpa, 204.167.in-addr.arpa, 215.204.167.in-addr.arpa, 135.7.in-addr.arpa None of these were ever delegated from a parent zone — they were just created independently. The 10.in-addr.arpa zone does not exist. Domain controllers are a mix of Windows Server 2019 Standard (majority) and Windows Server 2025 Standard. Our goal is to create 10.in-addr.arpa as the consolidation point going forward — new registrations go there, and we migrate existing child zones into it one at a time, deleting old ones as we go at a pace we're comfortable with. Before touching anything, we need to understand what creating 10.in-addr.arpa will actually do to the existing child zones. Specifically: Will existing records in the child zones be deleted? We've seen the TechNet article documenting records vanishing when creating a child zone under an existing parent — does the same destructive behaviour occur in the reverse direction? Will auto-delegations be created in the new parent zone pointing to the existing child zones, and if so how quickly? Will the child zones continue to function normally for queries while the parent exists alongside them? Will dynamic registration start hitting the parent zone for subnets not covered by an existing child zone, or will something unexpected happen? We can't test this in a lab as we don't have a replica environment available, and can't risk touching production without understanding the behaviour first. Pointers to any documentation covering this specific scenario would also be appreciated — we've been unable to find anything that addresses creating the parent after the children already exist independently.