User Profile
Wes808
Brass Contributor
Joined 9 years ago
User Widgets
Recent Discussions
Re: When is Network Profile Issue for Domain Controllers going to be at least acknowledged?
Thanks Karl. It's not applicable to this specific win2025-only-and-domain-controller-only bug - win2025 doesn't use the NLA service at all. The only workaround is to script the nic disabling then re-enabling (we do this using a gpo startup script). This is a different bug than the years-long-still-not-fixed bug that affects all Windoze OSes (but not just DCs) and is generally fixed by an NLA restart. Some day Microsoft might get arounud to fixing one or both of these bugs, but given the pathetic response thus far, I'm not holding my breath.849Views1like0CommentsRe: Server 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"
No logic whatsoever. That being said, there's no reason to have a physical DC in this day and age (we have none) so we're not concerned about the script concern. It's been doing the job for months now, and will keep doing so forever I guess, assuming MS never gets a proper fix out lol143Views1like1CommentRe: Server 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"
I know your issue well, friend - for years and years as well. This is a different problem that ultimately presents similarly (wrong fw profile), but only on DCs. And again, NLA is not used the same way in 2025 and so this issue cannot be cured/worked around the same way as the older issue (restarting NLA). The only workaround until Microsheet gets around to solving it (not holding my breath) is to script a disabling/re-enabling of the NIC.133Views1like3CommentsRe: Server 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"
Different issue, unrelated to NLA (which is not used in the same way in 2025 and isn't even started/automatic), but you're spot on about the "do not expect any fix" part. Typical post-covid Microsheet.200Views1like5CommentsRe: SMB over QUIC Client Access Control is inconsistent
In our case the issue was the certificate EKU. Almost 100% sure the guidance was followed when we set this up many months ago, so I believe the doc has since been updated - regardless it does clearly point out that Client Authentiation needs to be an EKU: https://learn.microsoft.com/en-us/windows-server/storage/file-server/configure-smb-over-quic-client-access-control Once we reissued a cert with Client Auth in the EKU, CAC started working for us. w00t!361Views0likes1CommentSMB over QUIC Client Access Control is inconsistent
We have set up SMB over QUIC on some Windows 2025 file servers and generally it works well. Unfortunately of course, it is not secure by design since there is no MFA or conditional access in the picture. Thus securing the connections falls to its Client Access Control feature where you can allowlist or blacklist connections using client certificates. We implemented this in multiple environments (different domains) and although it works initially, it then starts failing with no changes having been made. The behavior is always the same across various domains once it starts failing - first the connection shows successful: The SMB connection was successfully established. Endpoint Name: FILES Transport: Quic Server socket address: x.x.x.x:443 Client socket address: x.x.x.x:8205 Connection ID: 0xB1D0039C01XXXXXX Mutual authentication: Yes Access control: Yes Then immediately it fails less than a second later: Quic connection shutdown. Error: Mutual authentication failed. Reason: Server close the connection. Endpoint Name: FILES Transport Name: \Device\SmbQUICIpv4_0006_x.x.x.x Guidance: This event indicates that the winquic connection is shutting down by the server. This event commonly occurs because the server certificate mapping is not created. It may also be caused by the server failed to configure the winquic connections.Solved607Views0likes3CommentsRe: Server 2025 Core ADDS DC, Network Profile Showing as "Public" and not as "DomainAuthenticated"
DarienHawkins Unbelievable this is still an issue in the final build 26100.1742. I upgraded 2022 DCs in two different domains to 2025 and all of them have the public firewall profile set unless/until I disable/re-enable the nic.1.8KViews0likes2CommentsRe: When is Network Profile Issue for Domain Controllers going to be at least acknowledged?
Unbelievable this is still an issue in the final build 26100.1742. I upgraded 2022 DCs in two different domains to 2025 and all of them have the public firewall profile set unless/until I disable/re-enable the nic.1.8KViews0likes3CommentsRe: Native ARM64 Version of Teams Now Available
Hi Tony, arm64 Teams doesn't appear to include the meeting add-in for Outlook. Major oversight. Any chance you have a contact you can reach out to on this? Our support case is getting stalled with the typical know-nothing tier 1 scriptreaders unfortunately.12KViews1like0CommentsRe: Windows Server 2022 - devices not booting when Secure Boot enabled (KB5022842)
We just installed a TPM on an r530 running win2022 and while we were at it we enabled secure boot. But it won't boot throwing error uefi0073. I assume this has to do with the feb CU which was also just installed. What timing lol. Will disable secure boot for now and follow for updates.27KViews0likes0Commentschanging dialin simple URL broke conferencing regions?
Hi all, We have an onprem SfB install where we have a number of dial plans and associated dialin conference regions configured. We recently changed our dialin simple URL, and have noticed that since that change users are no longer getting the correct information in their skype meeting invites. In Outlook 2016, they get the number from the region that is assigned to the global dial plan, even though they are all assigned user dial plans. They used to properly get the dial-in number from their user dial plan's associated region. If I go to Meeting Options and select the Phones tab, the only region showing there is the one from the global dial plan. This despite the fact that in the SfB contro panel itself, when I select to assign a region to a dial-in number, they all appear. In OWA, the wrong dial-in number does not show in the invite - no number at all gets added. Anyone seen this kind of behavior? Thank you!
Recent Blog Articles
No content to show