Server 2025 - unable to Open shared files and webpages on another 2025 Server
I have three or 4 2025 virtual servers on our domain penciled in to replace some older servers. All the servers have file and storage roles and one is an IIS server as well. If i try and open a shared file from any 2025 server the windows users name and password pop up opens and you cannot get past it. If trying to open a IIS site from a 2025 server you cannot either. From any other older server or client the share and the webpages are accessible and work as expected. I obviously need this to work as these servers are part of an ERP Environment and need to have access to each other. I've Searched the web and tried some of the suggestions but nothing so far has worked. DNS has passed, pings have passed, Using IP brings the same issues. Help
Unable to Install Windows Server 2022 standard Edition
Hi Team , i'm trying to install the iso of windows server 2022 downloaded from microsoft web site. but i'm receiving an error message at the beginning of the installation. the error message is saying : " windows cannot find the Microsoft Software License Terms. Make sure the installation source is valid " . i kindly request your help on how i can resolve this issue
DCs not replicating across VPN
I am at a loss here. I have looked at every CMD option I can find, verified DNS and cannot get my DCs replicating across the VPN. I don't understand how I was able to join the domain but now the connectivity is a problem. So here is my setup: 2 DCs in Site (my building) 2 DCs in Datacenter connected by IPSec VPN I can ping the IP, the DNS name, the short name, and the domain from all DCs regardless of location. I have verified on each DNS server that the name servers are correct and resolved. I have run nltest, dcdiag, syncall, repadmin, etc. The only error that keeps showing up in most commands is 1722 network error. RPC unavailable. Topology incomplete. One oddity that I found was that on the DCs in the datacenter Sites and Services was missing one of the local DCs. I added it manually but there are no NTDS Settings for it. I have flushed DNS, reregistered DNS, restarted the servers. All Windows firewalls are set to ANY ANY for domain services. My WAN firewalls are ANY ANY between the sites I have no idea what to look for next. Please if anyone has ideas let me know. Also I have already build new servers multiple times and this keeps happening.
DNS and host domain
I configured a Windows 2019 server with DNS service. The domain is contoso.com. The contoso.com domain is outside the local network. I entered the IP of the external domain and deleted the IPs of the Windows server and the replica server. After a few minutes, the server created two host domains again with the IPs of the DNS servers. How do I prevent it from setting the DNS servers as the host domain?Enable Nested Virtualization on Windows Server 2025
Nested virtualization allows you to run Hyper-V inside a VM, opening up incredible flexibility for testing complex infrastructure setups, demos, or learning environments, all without extra hardware. First, ensure you’re running a Hyper-V host capable of nested virtualization and have the Windows Server 2025 VM on which you want to enable as a Hyper-V host ready. To get started, open a PowerShell window on your Hyper-V host and execute: Set-VMProcessor -VMName "<Your-VM-Name>" -ExposeVirtualizationExtensions $true Replace <Your-VM-Name> with the actual name of your VM. This command configures Hyper-V to allow nested virtualization on the target VM. Boot up the Windows Server 2025 VM that you want to configure as a Hyper-V host. In the VM, open Server Manager and attempt to install the Hyper-V role via Add Roles and Features. Most of the time, this should work right away. However in some cases you might hit an error stating: “Hyper-V cannot be installed because virtualization support is not enabled in the BIOS.” To resolve this error run an elevated PowerShell session inside the VM on which you want to enable Hyper-V and run the command: bcdedit /set hypervisorlaunchtype auto This command ensures the Hyper-V hypervisor starts up correctly the next time you boot. Restart your VM to apply the change. After the reboot, head back to Add Roles and Features and try installing Hyper-V again. This time, it should proceed smoothly without the BIOS virtualization error. Once Hyper-V is installed, perform a final reboot if prompted. Open Hyper-V Manager inside your VM and you’re now ready to run test VMs in your nested environment!
Server 2016 Essentials Version 1607 (OS Build 14393.8246)
Hi. Ive had some problems with this server recently and im trying to use DISM to restore health. Problem is Im unable to find the copy of the OS to do it. The only version we have been able to find is a later version which obviously wont work. Any thought on where I can find a copy? MS only seem to have eval versions of 2016. Thanks
MICROSOFT XPS DOCUMENT WRITER
Good Day! Does anyone know who to install the same MICROSOFT XPS DOCUMENT WRITER that installs on WINDOWS 10/11 on SERVER 2025. An application needs it to send emails with attachments via OUTLOOK. None of the drivers available to install manually are the same as the one on WINDOWS 10/11. Thank you!
What's the deal with Kerb3961?
Howdy, everyone! I wanted to write this blog post to discuss the new Kerb3961 library introduced in Windows Server 2025 / Windows 11 24H2. It is (hopefully) making encryption type (etype) usage within Kerberos much easier to anticipate and understand. Let's start with... What is Kerb3961? Kerb3961, named after RFC3961, is a refactor of the Kerberos cryptography engine in its own library. This library is now the authoritative source of: Etype selection Etype usage Etype management For the average IT administrator, the part that is going to be most interesting is #1. The Kerb3961 policy engine is what will authoritatively determine what etypes are available given different Kerberos key usage scenarios. Whereas in previous Windows releases, there were instances of hard coded etype usage due to technical limitations at the time of implementation. Kerb3961 still leverages existing Kerberos etype configuration group policy: Network security Configure encryption types allowed for Kerberos - Windows 10 | Microsoft Learn. However, it no longer honors the legacy registry key path of: HKEY_LOCAL_MACHINE\CurrentControlSet\Control\Lsa\Kerberos\Parameters REG_DWORD SupportedEncryptionTypes As a reminder, the group policy mentioned above is used to configure the supported encryption types for a machine account. The machine then propagates this information into Active Directory (AD) where it is stored in the msds-SupportedEncryptionType attribute for the account. It has no effect on non-etype related Kerberos settings such as those outlined in Registry entries about Kerberos protocol and Key Distribution Center (KDC) with the exception of the DefaultDomainSupportedEncTypes registry key. The biggest change is the reduction of hard-coded etype usage. We have heard the frustrations of customers who are trying to eliminate RC4 usage, and the seemingly unexplainable instances of RC4 usage with their environments. This new library removes these hard-coded dependencies and aggregates all those decisions into one place. With the goal of: More secure Kerberos operations by default More predictable Kerberos etype usage More stable etype additions More stable etype removals For example, if we had not done this refactor, the DES deprecation and on-going work towards RC4 deprecation would not be possible. Why did this need to happen? Kerberos was added to Windows in the early 2000's as a part of beginning the move away from NTLM and into modern cipher usage. Over these decades, there have been incredible strides in security hardening that the original developers could not have foreseen. As a result, some of the design decisions made during that initial implementation impacted our ability to reliably change the way Kerberos operates. This can be seen in things like: Kerberos changes for CVE-2022-37966 Kerberos changes for CVE-2022-37967 Additionally, with the long tail of code in this area and the etype that has been historically used, it had become a near impossibility to add or remove a cipher due to how the etypes were directly associated in Kerberos. What does this mean going forward? The Kerb3961 library has key implications going forward. The biggest one is the removal of hard-coded cipher usage and a stronger adherence to the administrators’ configured encryption types. The environment will operate as configured. Meaning IT administrators can have a high degree of confidence that their configurations will be honored. This increases the amount of knowledge required by administrators. Misconfigurations, previously hidden by loose adherence to the configured etypes, will now be exposed. For more information about Kerberos etype selection, refer to the Kerberos EType Calculator. What needs to be done? To configure an environment requires understanding what etypes are used within an environment. To help aid in this endeavor, we have improved Key Distribution Center (KDC) auditing. 4768(S, F) A Kerberos authentication ticket (TGT) was requested. - Windows 10 | Microsoft Learn 4769(S, F) A Kerberos service ticket was requested. - Windows 10 | Microsoft Learn We have also published two PowerShell helper scripts that leverage these new events. The goal of these scripts is to allow for easier identification of both etype usage and account key availability. These scripts are published on the Microsoft Kerberos-Crypto GitHub repository, where, going forward, we will be using scripts and information published there to better interface with the community. We acknowledge that substantial changes can introduce regressions and friction points for those with mature environments. It is our goal to allow for a smooth adoption of these new features and prevent any unnecessary pain for our already overworked and under-appreciated system administrators. Please be sure to leverage Feedback Hub to share your experiences with us. If you would like to see any of these features early, we highly recommend leveraging the Windows Insider Program and opting into Continuous Innovation and sharing feedback directly with the development team. We understand that this can be challenging, and Microsoft is committed to ensuring that the knowledge needed to make an informed decision about what is right for your environment.
