Announcing Native NVMe in Windows Server 2025: Ushering in a New Era of Storage Performance
We’re thrilled to announce the arrival of Native NVMe support in Windows Server 2025—a leap forward in storage innovation that will redefine what’s possible for your most demanding workloads. Modern NVMe (Non-Volatile Memory Express) SSDs now operate more efficiently with Windows Server. This improvement comes from a redesigned Windows storage stack that no longer treats all storage devices as SCSI (Small Computer System Interface) devices—a method traditionally used for older, slower drives. By eliminating the need to convert NVMe commands into SCSI commands, Windows Server reduces processing overhead and latency. Additionally, the whole I/O processing workflow is redesigned for extreme performance. This release is the result of close collaboration between our engineering teams and hardware partners, and it serves as a cornerstone in modernizing our storage stack. Native NVMe is now generally available (GA) with an opt-in model (disabled by default as of October’s latest cumulative update for WS2025). Switch onto Native NVMe as soon as possible or you are leaving performance gains on the table! Stay tuned for more updates from our team as we transition to a dramatically faster, more efficient storage future. Why Native NVMe and why now? Modern NVMe devices—like PCIe Gen5 enterprise SSDs capable of 3.3 million IOPS, or HBAs delivering over 10 million IOPS on a single disk—are pushing the boundaries of what storage can do. SCSI-based I/O processing can’t keep up because it uses a single-queue model, originally designed for rotational disks, where protocols like SATA support just one queue with up to 32 commands. In contrast, NVMe was designed from the ground up for flash storage and supports up to 64,000 queues, with each queue capable of handling up to 64,000 commands simultaneously. With Native NVMe in Windows Server 2025, the storage stack is purpose-built for modern hardware—eliminating translation layers and legacy constraints. Here’s what that means for you: Massive IOPS Gains: Direct, multi-queue access to NVMe devices means you can finally reach the true limits of your hardware. Lower Latency: Traditional SCSI-based stacks rely on shared locks and synchronization mechanisms in the kernel I/O path to manage resources. Native NVMe enables streamlined, lock-free I/O paths that slash round-trip times for every operation. CPU Efficiency: A leaner, optimized stack frees up compute for your workloads instead of storage overhead. Future-Ready Features: Native support for advanced NVMe capabilities like multi-queue and direct submission ensures you’re ready for next-gen storage innovation. Performance Data Using DiskSpd.exe, basic performance testing shows that with Native NVMe enabled, WS2025 systems can deliver up to ~80% more IOPS and a ~45% savings in CPU cycles per I/O on 4K random read workloads on NTFS volumes when compared to WS2022. This test ran on a host with Intel Dual Socket CPU (208 logical processors, 128GB RAM) and a Solidigm SB5PH27X038T 3.5TB NVMe device. The test can be recreated by running "diskspd.exe -b4k -r -Su –t8 -L -o32 -W10 -d30" and modifying the parameters as desired. Results may vary. Top Use Cases: Where You’ll See the Difference Try Native NVMe on servers running your enterprise applications. These gains are not just for synthetic benchmarks—they translate directly to faster database transactions, quicker VM operations, and more responsive file and analytics workloads. SQL Server and OLTP: Shorter transaction times, higher IOPS, and lower tail latency under mixed read/write workloads. Hyper‑V and virtualization: Faster VM boot, checkpoint operations, and live migration with reduced storage contention. High‑performance file servers: Faster large‑file reads/writes and quicker metadata operations (copy, backup, restore). AI/ML and analytics: Low‑latency access to large datasets and faster ETL, shuffle, and cache/scratch I/O. How to Get Started Check your hardware: Ensure you have NVMe-capable devices that are currently using the Windows NVMe driver (StorNVMe.sys). Note that some NVMe device vendors provide their own drivers, so unless using the in-box Windows NVMe driver, you will not notice any differences. Enable Native NVMe: After applying the 2510-B Latest Cumulative Update (or most recent), add the registry key with the following PowerShell command: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 1176759950 /t REG_DWORD /d 1 /f Alternatively, use this Group Policy MSI to add the policy that controls the feature then run the local Group Policy Editor to enable the policy (found under Local Computer Policy > Computer Configuration > Administrative Templates > KB5066835 251014_21251 Feature Preview > Windows 11, version 24H2, 25H2). Once Native NVMe is enabled, open Device Manager and ensure that all attached NVMe devices are displayed under the “Storage disks” section. Monitor and Validate: Use Performance Monitor and Windows Admin Center to see the gains for yourself. Or try DiskSpd.exe yourself to measure microbenchmarks in your own environment! A quick way to measure IOPS in Performance Monitor is to set up a histogram chart and add a counter for Physical Disk>Disk Transfers/sec (where the selected instance is a drive that corresponds to one of your attached NVMe devices) then run a synthetic workload with DiskSpd. Compare the numbers before and after enabling Native NVMe to see the realized difference in your real environment! Join the Storage Revolution This is more than just a feature—it’s a new foundation for Windows Server storage, built for the future. We can’t wait for you to experience the difference. Share your feedback, ask questions, and join the conversation. Let’s build the future of high-performance Windows Server storage together. Send us your feedback or questions at nativenvme@microsoft.com! — Yash Shekar (and the Windows Server team)Cache drive reconfiguration in Server 2025 Storage Spaces Direct cluster
We have a three node S2D cluster running Server 2025, with the storage in a 3 way mirror, running Hyper-V VMs. Each node has 4 x NVMe drives that are currently being used as cache drives, but which are connected to a RAID controller (in HBA mode), so in the S2D configuration they appear as SSD drives rather than NVMe drives. We've purchased the required cables and drive bays to be able to reconfigure the NVMe drives so that they're attached directly to the PCIe bus, so they'll show up as NVMe drives and hopefully give us a performance boost, so I'm just trying to plan the reconfiguration. I was hoping it would be a relatively simple process of shutting everything down, reconfiguring the storage and bringing everything back online, but ChatGPT suggests things won't be that easy and that a complete reconfiguration of the storage would be required. So in a nutshell, can the cache drives be reconfigured without a complete rebuild of the S2D storage ? Cheers, RobIntroducing the VM Conversion tool in Windows Admin Center – Public Preview
As organizations update their infrastructure, a growing number are seeking adaptable, Microsoft-supported solutions that address current requirements while laying the path for future cloud and AI adoption. Azure provides an agile, scalable, cost-effective platform for infrastructure and innovation. Whether by modernizing to cloud technologies like Windows or Linux VMs, containers, Azure VMware Solution or PaaS services, Azure offers a world-class cloud experience. However, we recognize that some organizations must retain workloads on-premises due to data compliance, governance, or other regulatory requirements. For customers wanting to adopt Windows Server and Hyper-V for this use case, we are excited to provide a new option within Windows Admin Center, the VM Conversion tool, in public preview now. This agentless, cost-free tool streamlines the conversion of virtual machines from VMware to Windows Server with Hyper-V, providing customers flexibility with their on-premises virtualization environments while enabling a seamless transition path to Azure when desired. With minimal infrastructure requirements, the tool is particularly beneficial for small and medium-sized organizations. Additionally, with minimal setup time you can download the new VM Conversion tool extension in Windows Admin Center and begin converting virtual machines in under five minutes. Figure 1- VM Conversion tool in Windows Admin Center 🔑Key Features : Agentless, appliance-free discovery After establishing a connection to the virtualization environment, the tool conducts discovery of all virtual machines without requiring agents or appliances and does so in a non-intrusive manner. Minimal downtime The VM Conversion tool enables initial data replication while the source virtual machine remains operational, thereby preventing any interruptions to ongoing applications. After completing this initial replication, on user consent, the source VM is powered down so a subsequent replication pass can capture any data changes made during the first phase. This two-step process ensures that the cutover time from the source to the target VM is minimized. Group servers You can select and migrate up to 10 virtual machines at a time. This reduces manual effort and accelerates the transition to Windows Server. Boot configuration The tool automatically maps BIOS-based virtual machines to Generation 1 and UEFI-based machines to Generation 2, preserving boot configurations and ensuring compatibility. OS agnostic The tool supports conversion of both Linux and Windows guest OS VMs to Windows Server host. Multi-disk VM support Virtual machines that use several virtual hard disks—common in production environments—are fully supported. The operating system, data, and application disks all migrated together, so manual setup is not needed. ⚙️How It Works To ensure a smooth and reliable transition, the tool performs a comprehensive set of built-in prechecks. These checks validate critical VM attributes such as disk types, boot configuration (BIOS or UEFI), destination disk, memory requirements, and several more. By identifying potential issues early, administrators can proactively address them—minimizing the risk of migration failures and reducing downtime during the final cutover. The VM Conversion tool uses change block tracking (CBT) to efficiently replicate data from one virtual disk format to another. During the initial seeding phase, a full copy of the virtual machine is created while it remains online. This minimizes downtime and ensures data integrity. Before the final cutover, a delta replication captures all changes made since the initial copy, ensuring the destination VM is fully up-to-date post conversion to Hyper-V hosts. 🚀Ready to Take the Next Step? The VM Conversion tool is available now in the public feed of Windows Admin Center. You can install it directly from the Extensions settings in Windows Admin Center. To get started, ensure you're running the Windows Admin Center v2 GA release. 📘 For detailed setup instructions and prerequisites, refer to the Public Preview Documentation. 📍 Summary The VM Conversion tool offers a simple, supported path for organizations to streamline VM conversion to Hyper-V virtualization environments. With no added cost and minimal setup, it empowers customers to streamline VM migration and prepare for the cloud at their own pace. Support for Azure Arc-enabled servers is also planned for future releases, further enhancing hybrid management capabilities. We’re continuously evolving the VM Conversion tool based on user feedback. Please continue to share your feedback here and help us prioritize our efforts for future releases. Happy converting!
AOVPN / Reasoncode 16
We have an always on vpn configuration. This worked fine till few months ago, users can't get connected anymore. After reboot of NPS server, all works fine for some time (random, sometimes 1 day, 2 days, 1 week), till the users can't get connected again. Reboot of nps server solves it. When users can't connect, I see an event on NPS server with reason code 16 Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information. User: Security ID: xxx Account Name:xxx Account Domain: xxx Fully Qualified Account Name: xx Client Machine: Security ID: NULL SID Account Name: - Fully Qualified Account Name: - Called Station Identifier: x.x.x.x Calling Station Identifier: x.x.x.x NAS: NAS IPv4 Address: x.x.x.x NAS IPv6 Address: - NAS Identifier: server-VPN01 NAS Port-Type: Virtual NAS Port: 14 RADIUS Client: Client Friendly Name: server-VPN01 Client IP Address: x.x.x.x Authentication Details: Connection Request Policy Name: Virtual Private Network (VPN) Connections Network Policy Name: Virtual Private Network (VPN) Connections Authentication Provider: Windows Authentication Server: server-NPS01 Authentication Type: PEAP EAP Type: Microsoft: Smart Card or other certificate (EAP-TLS) Account Session Identifier: 33373834 Logging Results: Accounting information was written to the local log file. Reason Code: 16 Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect. As said, reboot of nps solves issues temporary. Already installed new nps server but same issue. Any suggestions where to check ?Microsoft Clearinghouse server connection issues + phone line is dead end
We see a rising number of customers having issues installing or reinstalling their RDS Licenses via automatic connection. According to volume licensing support reinstalling licensing should not work this way any longer and requires customers to contact the RDS activation hotline which is +49 800 5077777 for Germany. If you dial through the menu and reach the RDS Licensing support, for weeks it is not possible to get through speaking with any agent. Instead the phone computer asks for your phone number and to enter it via your phone (DTMF). Whatever the way you enter a number like +492212343434 or 02212343434 it ends up that the voice computer says the number cannot be recognized. I guess that the Microsoft Clearinghouse server has issues with TLS 1.2 and some ciphers but we cannot pin it down even with the networking guys. Here are some possible messages: Customer A: Cannot install licenses, the server is correctly activated and can also be reactived successfully Customer B: Cannot install licenses, server ist correctly activated but can only be reactivated via web. Interestingly activating or reactivating the RDS CAL Server itself works fine on some customers On Other customers even this is not successful anymore due to connection issues. I began to see this last year when customers began to use Windows Server 2019 RDS CAL Servers, while Windows Server 2016 and 2012 R2 were unaffected. We have tried to setup a fresh Windows Server but no help. So 3 things causing a combined issue and blocker: - the RDS CAL phone support is unavailable in Germany - Automatic activation installing new licenses does not work (but is required for RDS via CSP) - Automatic activation re-installing already activated licenses does no longer work according to VL Support as - Automatic activation for Activation / Reactivation of a Server does not work anymore for some customers due to connection issuesWINGET is not recognized as a commandlet on win 2k19 server fresh setup
I have setup a new win2k19, I followed the instructions Install-PackageProvider -Name NuGet -Force | Out-Null Install-Module -Name Microsoft.WinGet.Client -Force -Repository PSGallery | Out-Null Repair-WinGetPackageManager When I try anu winget command I get winget is not recognized as a commandlet
Add support for sha-2 and sha3 in Supported Kerberos Encryption Types
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/decrypting-the-selection-of-supported-kerberos-encryption-types/ba-p/1628797 https://web.mit.edu/kerberos/krb5-devel/doc/admin/enctypes.html#enctype-compatibility It seems like `aes128-cts-hmac-sha256-128` and `aes256-cts-hmac-sha384-192` are supported by other Kerberos implimentations, but not yet supported by Windows Server. Can those be added to Windows Server? Also can you please think about adding sha-3 based ones too?
Securing ldap in WIndows AD
Hello everyone. I would like to secure the use of LDAP within an Active Directory domain. My domain has three Windows 2022 DCs. Searching online, I found these suggestions: Enforce LDAPS (LDAP over SSL/TLS) Disable Plain-text LDAP Bindings Block or Restrict Port 389 (Optional but Recommended) Enable Channel Binding Tokens (CBT) Does it make sense to only allow certain users to browse LDAP? Could limiting LDAP browsing to certain users cause problems? Thanks
NUMA Problems after In-Place Upgrade 2022 to 2025
We have updated several Hyper-V hosts with AMD Milan processors from Windows 2022 to Windows 2025 using the in-place update method. We are encountering an issue where, after starting about half of the virtual machines, the remaining ones fail to start due to a resource shortage error. The host's RAM is about 70% free. We can only get them to start by enabling the "Allow Spanning" configuration, but this reduces performance, and with so many free resources, this shouldn't be happening. Has anyone else experienced something similar? What has changed in 2025 to cause this issue? The error is: Virtual machine 'R*****2' cannot be started on this server. The virtual machine NUMA topology requirements cannot be satisfied by the server NUMA topology. Try to use the server NUMA topology, or enable NUMA spanning. (Virtual machine ID CA*****3-ED0E-4***4-A****C-E01F*********C4). Event ID: 10002 <EventRecordID>41</EventRecordID> <Correlation /> <Execution ProcessID="5524" ThreadID="8744" /> <Channel>Microsoft-Windows-Hyper-V-Compute-Admin</Channel> <Computer>HOST-JLL</Computer>
