windows server
2881 TopicsIssue with winlogon on Remote Desktop Services:
We are investigating intermittent session establishment failures on Windows Server 2019 servers used as CyberArk PSM / RDS hosts. At unspecified intervals, new privileged sessions fail to establish or are disconnected during the initial session/logon phase. The issue is intermittent and affects new sessions. Existing sessions may continue to work. The strongest and most consistent correlation identified so far is: Microsoft-Windows-TerminalServices-LocalSessionManager/Operational – Event ID 36 Application / Microsoft-Windows-Winlogon – Event ID 4005 We observed that TerminalServices-LocalSessionManager Event ID 36 can occur without a subsequent Winlogon Event ID 4005. However, every observed Winlogon Event ID 4005 is correlated with TerminalServices-LocalSessionManager Event ID 36 in the same incident window. This suggests that Event ID 36 is a consistent precursor or required condition for the Winlogon 4005 cases. Environment Operating system: Windows Server 2019 Role: CyberArk PSM / RDS session host Issue type: intermittent failure during new RDP/PSM session initialization Impact: affected users cannot establish privileged sessions or are disconnected during session startup Similar issue exists on previous windows server 2012 R2 and was fixed : August 16, 2016 – KB3179574 (During virtual channel management, a deadlock condition occurs that prevents the RDS service from accepting new connections.) https://support.microsoft.com/en-us/topic/august-2016-update-rollup-for-windows-8-1-and-windows-server-2012-r2-d472b5d5-4b3a-8e6e-c22a-f62fed604caf I'm looking forward for any ideas how to resolve this issue. Many thanks!!25Views0likes1CommentWindows Server 2025 Failover Cluster Live Migration Issue
Hi Everyone, I am facing an issue in a Hyper-V Failover Cluster environment where Live Migration intermittently fails due to a service logon-related problem. The environment was previously working normally, but now whenever we attempt to Live Migrate a VM between cluster nodes, the migration fails unless we manually run “gpupdate /force” on the Hyper-V host first. After running gpupdate /force, the migration works temporarily, but the issue returns again during the next migration attempt. This makes it appear that some policy or permission is not being applied consistently on the cluster nodes. During troubleshooting, I attempted to add “NT VIRTUAL MACHINE\Virtual Machines” to the “Log on as a service” policy under Local Security Policy > Local Policies > User Rights Assignment. However, the account does not appear or resolve in the Object Picker when trying to add it manually. At this stage, I am trying to understand whether this is related to a domain GPO overwriting local policy settings, a Failover Cluster permission issue, or something specific to Hyper-V virtual machine accounts. Has anyone encountered a similar issue where Live Migration only works after running gpupdate /force? Also, is there a correct method to add “NT VIRTUAL MACHINE\Virtual Machines” to the “Log on as a service” policy, or should this permission already exist by default on Hyper-V hosts? Any guidance or recommendations would be greatly appreciated.Secure Boot update still pending on deadline day
After checking the registry keys on 2x VMs which run services for a number of important customers I found they both have: UEFICA2023Error 2147942750 Apparently this means they're pending a reboot. https://blog.mindcore.dk/2026/04/secure-boot-certificate-update-intune/ I can't reboot the VM inside working hours, can they be rebooted after the deadline or do I need to disable Secure Boot on the VMs? I'm concerned I'll have to disable Secure Boot before they're next rebooted for Windows updates.37Views0likes1CommentSecure Boot Q&A opportunities continue in July
If you're still working through Secure Boot certificate update rollouts, Microsoft is continuing the conversation throughout July with three opportunities to get your questions answered by the people closest to the technology. Whether you're focused on Windows Server deployments, virtualization platforms, or OEM updates, these upcoming events are designed to help you navigate planning, validation, troubleshooting, and implementation questions in a live, interactive format. Microsoft engineers and subject matter experts will be available to respond directly to questions from the community. Coming up in July: July 1 - Windows Server Secure Boot AMA Ask Microsoft engineers about Secure Boot certificate updates in Windows Server environments, including deployment planning, monitoring, troubleshooting, and more. July 8 - Secure Boot Office Hours for virtualized environments Bring your questions about Hyper-V, Azure offerings, Windows 365, VMware, and other virtualization scenarios. July 15 - OEM Secure Boot Office Hours Connect with experts to discuss OEM-specific questions, such as firmware considerations, as you prepare for or validate Secure Boot certificate updates. Questions don't have to wait until the events start. With community events, you can post your questions and comments ahead of time, then join the discussion live or catch up when it's convenient for you. Hope you find these events helpful. You can also catch up on demand with the series of Secure Boot AMAs that have taken place over the past several months. Here are the three most recent editions: Ask Microsoft Anything: Secure Boot - June 2026 Ask Microsoft Anything: Secure Boot - May 2026 Ask Microsoft Anything: Secure Boot - April 202631Views0likes0CommentsStatic IP Issue with Windows Server 2022
Hi Community, I installed my first Windows server to learn about the server and Active Directory. I installed Windows Server 2022. I configured a static IP and disabled IPv6. Then I installed Active Directory/DNS. After the reboot, the system is up, and I can access the internet and ping hosts. However, there is a world icon (No internet access) instead of a computer icon (internet access). In the static IP config, it replaced the DNS with 127.0.0.1, I know it'll use the local host as DNS. When I click on Network & Internet settings and Troubleshoot, I see an error 'DHCP is not enabled for "Ethernet"'. The only way it goes away is if I change the static to automatic. How can I fix this issue? Thanks, Also, I added forwarders such as 1.1.1.3 and 1.1.1.2 to DNS.106Views0likes2CommentsOut of Band Cumulative Updates Question
I installed March 2026 Cumulative Update on a new server instead of April due to some RC4 changes to test something. I noticed that after the update installed in the event viewer it thinks the June 2026 update was installed. I don't see the June update under installed updates but shows up in update history. The build version of the server matches with the March 2026 update. Is this a weird side effect of installing a superceded update? I'm having trouble understanding what is going on.34Views0likes0CommentsKB5094128 ntoskrnl.exe version wrong?
For update KB5094128 The list of updated files contains an ntoskrnl.exe with file version 10.0.20348.5257 which in my opinion should be 10.0.20348.5256. https://go.microsoft.com/fwlink/?LinkId=2368532 We use scanning tools which rely on this list of updated files. But the installed file version is different and therefore our scanning tools report these installations as "vulnerable" After applying patch KB5094128 the version of \windows\system32\ntoskrnl.exe is 10.0.20348.5256 Does anybody know if the information in this .csv is wrong?2.1KViews2likes4CommentsSCCM- Upgrade from 2409 to 2509 WSUS timeout issue
Had a working task sequence on 2409 that performed software updates at the end of the task sequence. Upgraded to 2509 - I get a timeout issue when getting to that point on the task sequence. Ive performed maintenance on the WSUS Server, (obsolete, expired etc) I removed the Software Update Point - and re installed it selected the Products of Server 2016,2019, server operating system 21h2 , Windows 10 1903 or later and Windows 11. rebooted both the SCCM and SQL Server. after doing the above but the HRESULT 0x80244010 still persists. "Exceeded max server round trips" — client couldn't retrieve all updates in one cycle. Software centre updates in the OS seem to be unaffected or unknown if clients are affected, only in a task sequence this occurs. Blog posts refer to older items, what would cause this to fail after a upgrade from 2409 to 2509? AI help repeats about reducing metadata and updates but for weird reason i keep getting 700+ updates for the above categories!146Views0likes1CommentWindows server 2025 Application Crashing Events
I have installed a Windows Server 2025 and after starting it in about 30 minutes the following error appears in the Windows application log . ======================================= Log Name: Application Source: Application Error Date: 4/6/2026 1:51:06 μμ Event ID: 1000 Task Category: Application Crashing Events Level: Error Keywords: User: SERVER\Administrator Computer: SERVER.efarmacy.internal Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.26100.1, time stamp: 0x5bc61463 Faulting module name: biwinrt.dll, version: 10.0.26100.32230, time stamp: 0xb950595a Exception code: 0xc000027b Fault offset: 0x0000000000012713 Faulting process id: 0x1964 Faulting application start time: 0x1DCF4100B5B371A Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\biwinrt.dll Report Id: a0fa5d15-b026-4d12-a047-d965195ac338 Faulting package full name: MicrosoftWindows.Client.CBS_1000.26100.275.0_x64__cw5n1h2txyewy Faulting package-relative application ID: Global.Accounts Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" Guid="{a0e9b465-b939-57d7-b27d-95d8e925ff57}" /> <EventID>1000</EventID> <Version>0</Version> <Level>2</Level> <Task>100</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2026-06-04T10:51:06.2935992Z" /> <EventRecordID>7473</EventRecordID> <Correlation /> <Execution ProcessID="1984" ThreadID="6560" /> <Channel>Application</Channel> <Computer>SERVER.efarmacy.internal</Computer> <Security UserID="S-1-5-21-4001248846-3127524418-1814302027-500" /> </System> <EventData> <Data Name="AppName">backgroundTaskHost.exe</Data> <Data Name="AppVersion">10.0.26100.1</Data> <Data Name="AppTimeStamp">5bc61463</Data> <Data Name="ModuleName">biwinrt.dll</Data> <Data Name="ModuleVersion">10.0.26100.32230</Data> <Data Name="ModuleTimeStamp">b950595a</Data> <Data Name="ExceptionCode">c000027b</Data> <Data Name="FaultingOffset">0000000000012713</Data> <Data Name="ProcessId">0x1964</Data> <Data Name="ProcessCreationTime">0x1dcf4100b5b371a</Data> <Data Name="AppPath">C:\WINDOWS\system32\backgroundTaskHost.exe</Data> <Data Name="ModulePath">C:\Windows\System32\biwinrt.dll</Data> <Data Name="IntegratorReportId">a0fa5d15-b026-4d12-a047-d965195ac338</Data> <Data Name="PackageFullName">MicrosoftWindows.Client.CBS_1000.26100.275.0_x64__cw5n1h2txyewy</Data> <Data Name="PackageRelativeAppId">Global.Accounts</Data> </EventData> </Event> =========================================== I have already done the actions to check the files. The check does not find any problems but the problem continues to appear. "DISM.exe /Online /Cleanup-image /Restorehealth" "sfc /scannow". I would like to know if anyone else has faced this problem and if there is a solution for it. Thanks in advance .105Views1like1CommentRemote desktop app hangs when opening a new process
I have a windows remote desktop server, windows server 2022. We have a few programs we allow access to people published as remote apps. One of the programs exports to Excel by opening excel, creates the workbook/worksheet, but the window does not show and the program hangs waiting for excel to close. The user can't see excel and therefore can't close excel so they are stuck. as an admin, I can connect to the remote desktop server and end task on their excel instance and then they can continue working. Is there a way to allow the excel window to show when opened by a remote app? We prefer to only allow our users access to the one app they need to run instead of a desktop.99Views0likes1Comment