Deploying Multiple NPS Servers
I have been working on ditching our password-based WiFi with WPA2-Enterprise. On DC1 I deployed internal CA, NPS, and group policies that auto-request certs and deploy wireless network settings. Cisco AP is pointed to DC1 as the radius server. NPS has been registered in AD and wireless network policy has been created. Test laptops get their cert and connect just fine. It's working. For redundancy, I installed NPS on DC2. This NPS instance has also been registered in AD, and I imported the NPS config from DC1 to DC2 NPS. Cisco AP has DC1 as first radius server and DC2 as second radius server. If I stop NPS on DC1 to force the Cisco AP to authenticate against DC2, test laptops won't authenticate and connect. What am I missing? They're configured exactly the same (except DC1 hosts the CA...I was under the assumption the CA is AD integrated).
Demoting DC Windows Server 2019
Windows Server 2019 with Domain controller forest version 2016. When demoting our Domain controller XYDC01 in Site XY, it is the only DC and DNS in the site, but all other 20 sites have a DC with DNS. We get this error when demoting our DC. Active Directory domain controller appears to be the last DNS server for the following Active Directory-integrated zones: enterpriseregistration.jens.be If you demote this domain controller, you may be unable to resolve any DNS names in these zones. If you wish to proceed, specify the 'IgnoreLastDNSServerForZone' option. I have tested: #other DC and DNS server in other site Resolve-DnsName enterpriseregistration.jens.be -Server XXDC02 Test-NetConnection XXDC02-Port 135 Test-NetConnection XXDC02-Port 53 Get-DnsServerZone -Name "enterpriseregistration.jens.be" repadmin /syncall /AdeP All test have passed and succesfull. Replication scope = Forest Other DCs have DNS role Zone contains NS records for other DCs Zone exists on other DCs But still having the same issue when trying to demoteIntroducing the VM Conversion tool in Windows Admin Center – Public Preview
As organizations update their infrastructure, a growing number are seeking adaptable, Microsoft-supported solutions that address current requirements while laying the path for future cloud and AI adoption. Azure provides an agile, scalable, cost-effective platform for infrastructure and innovation. Whether by modernizing to cloud technologies like Windows or Linux VMs, containers, Azure VMware Solution or PaaS services, Azure offers a world-class cloud experience. However, we recognize that some organizations must retain workloads on-premises due to data compliance, governance, or other regulatory requirements. For customers wanting to adopt Windows Server and Hyper-V for this use case, we are excited to provide a new option within Windows Admin Center, the VM Conversion tool, in public preview now. This agentless, cost-free tool streamlines the conversion of virtual machines from VMware to Windows Server with Hyper-V, providing customers flexibility with their on-premises virtualization environments while enabling a seamless transition path to Azure when desired. With minimal infrastructure requirements, the tool is particularly beneficial for small and medium-sized organizations. Additionally, with minimal setup time you can download the new VM Conversion tool extension in Windows Admin Center and begin converting virtual machines in under five minutes. Figure 1- VM Conversion tool in Windows Admin Center 🔑Key Features : Agentless, appliance-free discovery After establishing a connection to the virtualization environment, the tool conducts discovery of all virtual machines without requiring agents or appliances and does so in a non-intrusive manner. Minimal downtime The VM Conversion tool enables initial data replication while the source virtual machine remains operational, thereby preventing any interruptions to ongoing applications. After completing this initial replication, on user consent, the source VM is powered down so a subsequent replication pass can capture any data changes made during the first phase. This two-step process ensures that the cutover time from the source to the target VM is minimized. Group servers You can select and migrate up to 10 virtual machines at a time. This reduces manual effort and accelerates the transition to Windows Server. Boot configuration The tool automatically maps BIOS-based virtual machines to Generation 1 and UEFI-based machines to Generation 2, preserving boot configurations and ensuring compatibility. OS agnostic The tool supports conversion of both Linux and Windows guest OS VMs to Windows Server host. Multi-disk VM support Virtual machines that use several virtual hard disks—common in production environments—are fully supported. The operating system, data, and application disks all migrated together, so manual setup is not needed. ⚙️How It Works To ensure a smooth and reliable transition, the tool performs a comprehensive set of built-in prechecks. These checks validate critical VM attributes such as disk types, boot configuration (BIOS or UEFI), destination disk, memory requirements, and several more. By identifying potential issues early, administrators can proactively address them—minimizing the risk of migration failures and reducing downtime during the final cutover. The VM Conversion tool uses change block tracking (CBT) to efficiently replicate data from one virtual disk format to another. During the initial seeding phase, a full copy of the virtual machine is created while it remains online. This minimizes downtime and ensures data integrity. Before the final cutover, a delta replication captures all changes made since the initial copy, ensuring the destination VM is fully up-to-date post conversion to Hyper-V hosts. 🚀Ready to Take the Next Step? The VM Conversion tool is available now in the public feed of Windows Admin Center. You can install it directly from the Extensions settings in Windows Admin Center. To get started, ensure you're running the Windows Admin Center v2 GA release. 📘 For detailed setup instructions and prerequisites, refer to the Public Preview Documentation. 📍 Summary The VM Conversion tool offers a simple, supported path for organizations to streamline VM conversion to Hyper-V virtualization environments. With no added cost and minimal setup, it empowers customers to streamline VM migration and prepare for the cloud at their own pace. Support for Azure Arc-enabled servers is also planned for future releases, further enhancing hybrid management capabilities. We’re continuously evolving the VM Conversion tool based on user feedback. Please continue to share your feedback here and help us prioritize our efforts for future releases. Happy converting!AzUpdate: Sysinternal Updates, MS Certs renewal, App service on Kubernetes on Azure Arc and more
A plethora of announcements was released at Microsoft Build 2021 as expected. Here is what the team will be reporting on this week: certain certifications will require yearly renewal, Sysinternal Tools Updates Announced, App Service Managed Certificates now generally available, Run App Service on Kubernetes or anywhere with Azure Arc and of course the Microsoft Learn module of the week.
Advice for replacing a Windows 2012R2 file server
We have a small company network that includes one Windows Server 2012R2 file server necessary to run Sequel for two server hosted business applications, file and print services for the user accounts and is also the Domain Controller for the Active Directory local forest and domain. Six Windows 11 Pro workstations are domain attached to the file server. The workstations all have a local user account and after domain attaching to the file server, a user.Acme user account with Administrator rights to their local computer. Each has its own 192.168.1.x static address and uses their domain user account with mapped drives to access the fileserver. The existing file server name is ACMEWS2012R2, local public static ip 192.168.1.12, DNS Domain Acme.LAN, Netbios name ACME, local accounts are located in \Users\username, and runs SQL Server Express 2012 with default MSSQL database name and mixed security using the SA with password credentials. The new file server will be using Windows Server 2022 (the company apps are not yet certified for 2025) and SQL SVR Express 2022 and I am looking for information about what configuration decisions I can make to hopefully minimize the need to install new user accounts on the workstations, copy all the user folders between users accounts and reinstall applications. My understanding of Domain security is limited, knowing just enough to get workstations attached and properly accessing the file server SQL based applications. My Google results have provided some piecemeal answers, but I would like to better understand the big picture before starting the server upgrade and make some irreversible configuration choices that would cause unnecessary work re-attaching the workstations. I would first ask for recommendations whether and why to keep or change each of the following: The file server machine name The file server 192.168.1.12 IP address The file server Administrator account and password. The Acme.LAN forest and root domain name that was defined after adding the Active Directory Domain Service role that also added File and Print Services and Group Policy Management. The SQL Server Express default MSSQL database name The SQL Server Express SA account name and password I would also ask about the best steps for disconnecting workstations from the old domain then joining the new domain to hopefully retain the existing workstation user account, or if not, to minimize the need to copy users folders between the user accounts and / or uninstall then reinstall the workstation applications to properly authenticate to the new user account. I would greatly appreciate some experienced insights for how to best accomplish these upgrade goals. Thanks, all!
Not able to update the parameter "UserRightsGenerateSecurityAudits" for OSConfigDesiredConfiguration
Hello, I want to add my AD group as part of "UserRightsGenerateSecurityAudits" in order to be able to collect audit logs but when I run the command, the change is not applied (Processed 0 out of 1 settings) : "Set-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServer -Setting UserRightsGenerateSecurityAudits -Value @("*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415","*S-1-5-20","*S-1-5-19","*S-1-5-21-2654652530-1219913000-911364509-1603") Warning : Cannot process the settings 'UserRightsGenerateSecurityAudits': 0x82d0000a. Verify the value and try again. Processed 0 out of 1 settings. Using GPO, I'm able to update the value, but OsConfig is overwriting it after some time after because the group is not part of defaut values allowed by OsConfig. Your assitance will be ready appreciated. ThanksWindows Server unable to install Cumulative update 21H2 for x64-based Systems (KB5066782)
Hi All, Unable to install the above update. I tried things like sfc/scan, dism tool features but non works. all other updates install except the above. Tried running the update manually but failed. Think this is also breaking functionality of the virus /malware guard. ACS (azure Code signing). The last option that I am thinking of is to run a sever repair with the installation media. I also tried windows trouble-shooter for updates. Any ideas ? This is installed as a virtual machine on Hyper-V. Don't want to rebuild the server. Looking for a solution. The Error code is 0x80073701
windows 2019 KB5066586 & KB5070883 both have error 0x800f0985
Stuck and need suggestions, I have tried SFC & DISM recovery commands, Resetting the Windows Update subsystem Manually downloading the patches Trying to patch though power shell get-windwosupdatelog doesn't provide any insight. cbs.log & dism.log don't provide any insight Tried to update the Servicing Stack Update (SSU) for Windows Server with KB070883 that came out on Oct 23 2025, but it won't install either I get 0x800f0985. Suggestions other than in Place upgrade?
Unable to manage DFS namespace
(updated post) Hi, We have an issue with DFS at our site. It has been working fine for years, but recently the ability to manage it using the DFS MMC no longer works. DFS is still working for the users fine and we can map to it manually, but the MMC tool no longer connects. We can create and manage new namespaces fine though. The error is: " The namespace cannot be queried. The specified domain either does not exist or could not be contacted. " We can't risk recreating the namespace due to the impact on users, so anyone have any idea to fix this and get DFS MMC working to allow management of the namespace? Many thanks DBHow to Reset Windows Server 2008 R2 Administrator Password?
I am struggling to reset the administrator password on my Windows Server 2008 R2 machine. Unfortunately, I do not remember the password and cannot access the system. I have tried use a password reset disk or access the built-in administrator account, but have been unsuccessful thus far. I am worried about losing access to critical files and applications as a result of being unable to log in. Therefore, I am seeking advice and guidance on the most effective and secure way to reset administrator password for Windows Server 2008 R2. I am hoping that other forum members who have encountered similar issues in the past can share their experiences and offer tips and solutions. Thanks.
