Recent Discussions
No support for Protected Users in Microsoft Entra Domain Services?
I have been loooking into mapping best practices about configuring hardening / tiering model from on-premises Active Directory to Microsoft Entra Domain Services (MEDS). I'm well aware that MEDS is NOT a replacemenet for AD DS and have many restrictions and missing features, but that does not stop me from wanting to make it as secure as possible for member servers to be joined to. Since MEDS is a PaaS in Azure, deployed from within Azure and managed in another way than Active Directory, of course there are different ways of implementering a good tiering model. In my study I wanted to see if I could enable Protected Users feature (join users to Protected Users Group). However I find this group to be present but not possible to add members to (feature greyed out). I have a member server in the MEDS instance and have installed AD DS Tools. My user is member of AD DDS Administrators group. I would like to know if anyone have some knowledge on the subject to share?
Why did IIS ApplicationHost.config file disappear?
Hello, Currently, I am operating two cloud-based instances of Windows Server 2012 and 2016. In IIS, when I try to add a binding or modify the application pool, the changes are not saved, and I encounter the following error: C:/Windows/system32/inetsrv/config/applicationHost.config Error: Cannot write to the configuration file. When I navigate to the specified path, the applicationHost.config file does not exist. Additionally, for the Windows Server 2016 instance, there are no backup files available in C:\inetpub\history\. Would anyone be able to provide insights into the possible cause of this issue or suggest a solution? Thank you in advance for your help.
Why can't the server generate a report about deleting folders and files?
Hello, I enabled Audit Policy through the following method: Open the Local Group Policy Editor (gpedit.msc). Navigate to Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Object Access. Open the Audit File System policy and check "Success". Update Group Policy Settings: Run the command "gpupdate /force" in Command Prompt to apply the changes. Then I enabled Audit policy on a folder and created and deleted a folder, but when I check the Event Viewer, there is only an ID of 4663. What is the problem? Thank you.
Hyper-V: How do VMs communicate with external?
Simple scenario: VM --> vNIC --> vSwitch (external) --> physNIC --> physSwitch The vNIC assigned to the VM has MAC address aa:aa:aa:aa:aa:aa, the physical NIC (physNIC; the vSwitch of type external is connected to it) has bb:bb:bb:bb:bb:bb. What mechanism ensures that when the VM sends a network packet to the external network (the physical network connected to the physical switch physSwitch), the MAC address of its vNIC (aa:aa:aa:aa:aa:aa) is used, and not the MAC address of the physNIC (bb:bb:bb:bb:bb:bb)? In other words: what makes physSwitch "see" aa:aa:aa:aa:aa:aa when the VM communicates to an external endpoint?
Untagged VLAN - Server 2025 Hyper-V
Hi, I have a strage issue and not finding a solution. Using Server 2025 with two node Hyper-V cluster. Most of the machines using VLANs which works fine. Some machines using no VLAN config. Which usually means the "Access VLAN 1" regarding our switch configuration. With Server 2019 this worked fine. With Server 2025 same NIC port, same server/NIC hardware "Untagged" VMs don't get any network connection. If I add a second NIC to the VM "Untagged" the NIC get immidiatly an IP address and has a proper connection. If I remove the first NIC, the second NIC stop working. It looks like something has changed with Server 2025 (maybe already with Server 2022). Do you have any idea what kinde of problem I have found? Thanks Jack
Launching EXEs on File Server Slow on Hyper-V Host
We have a Server 2019 Hyper-V host that hosts a Server 2008 file server (yeah, I know, too old) and other virtual machines we use as work stations that access various EXE files on the file server. Recently, (not sure when it's started) launching EXE files stored on the 2008 server from one of the workstations (all on the same host) is getting delayed, sometimes as long as 20-30 seconds. An odd thing is that when you first log on to the work station and run the EXE it starts in what I think is a reasonable time, until now a second launch would be a little faster, I'm assuming due to caching. But not, launching it a second time gets the delay. Other file types seem to be OK. Opening large PDFs, for instance, does not have the problem. Working on a virtual machine hosted on our OTHER, older 2012 R2 Hyper-V host (yeah, again, I know) and going across the network, host to host, to access those same EXE files never has the delay problem. Because of virtual machines the 2012 host not having the problem, I'm thinking there's something on the 2019 host that's been updated. Update history shows KB5052000 installed in February and KB5050182 in January. I see that the January update mentions "Remote Code Execution" but the info seems to be specific to Visual Studio so I'm not sure that would apply. Has anyone seen this behavior or can maybe give me a clue as to where to start even looking? Thanks, KenServer 2025 Highlight Selection Color
Just loaded Server 2025 Standard for the first time to play around with it. Did all the updates, installed VM Tools. Is there a bug in the highlighted selection color in Computer Management? When you highlight an object from the Local Users and Groups and Shared Folders, it's a bright blue highlight and the text is yellow. Anywhere else, the highlight seems to be the usual soft blue and white text color. Is that happening to anyone else? Went back to check a 2022 VM and it's not a problem.
DHCP Failover Issue – Standby Server Responding When It Should Not
Hi everyone, I'm encountering an issue with my DHCP failover setup in Hot Standby mode, and I need insights into why the standby server is providing DHCP leases when it shouldn’t. Setup Overview: I manage a network with over 100 sites worldwide, each having a local DHCP server. Each site has a dedicated DHCP server running on the server VLAN. Clients reside on different VLANs, and IP helpers (DHCP relay) are configured on a Checkpoint firewall at each site. The IP helper forwards DHCP requests to: The local DHCP server (primary) in the site's server VLAN. The standby DHCP server (failover), located at an on-premises data center (DC). DHCP servers are configured in Hot Standby mode using Microsoft DHCP Failover. Issue: Despite the Hot Standby configuration, I noticed that my Cisco Meraki dashboard frequently reports a new DHCP server detected, referring to the standby DHCP server, even though the primary DHCP server at the local site is available. Cisco Meraki triggers this alert when it detects DHCPACK packets from the standby DHCP server traversing the local networks. However, in Hot Standby mode, the failover server should only issue leases if the primary server is unreachable. Example: Site-1's primary DHCP server (DHCP-1) has a failover partnership with Failover-1 at the DC. Site-1's connectivity to the DC is stable, yet Cisco Meraki occasionally detects DHCPACK packets from Failover-1, triggering alerts. Troubleshooting Done So Far: Verified that failover mode is correctly set to Hot Standby (not Load Balance). Confirmed that the primary DHCP server is healthy and responding. Checked DHCP logs on both servers but found no clear failover events. Performed packet captures of DHCP traffic, but the results were inconclusive. Investigated whether Checkpoint firewall’s IP helper can prioritize the primary DHCP server, but it appears not to support this functionality. Created a PowerShell script to check for failover-related event logs (Event IDs: 20254 and 20255). This provided better visibility but did not correlate with the Meraki alerts. Questions: Are there any known scenarios where a standby DHCP server in Hot Standby mode might mistakenly issue leases, even when the primary is active? Is there any detailed information on the failover “heartbeat” mechanism between primary and standby servers? I found that it uses TCP port 647, but I couldn’t locate official documentation on the interval and failure conditions. Could failover state synchronization delays cause this behavior? Are there specific logs or PowerShell commands I should check to confirm why the standby server is responding? Is there a way to prevent the standby server from responding unless the primary is truly unreachable (e.g., registry settings, advanced configuration)? Any guidance or troubleshooting steps would be greatly appreciated! Thanks in advance.What MAC address
Create a new virtual switch and connect the management OS to it: New-VMSwitch -Name 'Ext' -AllowManagementOS $true -NetAdapterName 'Prod' A new VMNetworkAdapter was created, get name and MAC address: Get-VMNetworkAdapter -ManagementOS | Format-Table -Property 'Name', 'MacAddress' The MAC address is for example: 00155D05ED13 (the first three octets indicate "Microsoft"). Get MAC address pool of the Hyper-V host: Get-VMHost | Select 'MacAddressMinimum', 'MacAddressMaximum' | Format-Table My understanding is that this pool is used when creating VMNetworkAdapters for VMs. What I see in my case is that the MAC address of the new VMNetworkAdapter is different from the possible pool values. Question: From what pool are MAC addresses pulled for VMNetworkAdapters that are located in the management OS realm?Proactive private share #microsoft
Many comapanies is part of my job last two year. I desade to implement and create new public communty group at microsoft, with public share. Like universal patch insade giant org and partner companes ,microsoft deside lead postiton. Proacticve and future plan is constructed to grow on world network with client and our partnersWindows Server, IIS & Docker Container
Hi , Let say, I have 5 .NET API Containerize using Docker Container on Windows Server 2022. This 5 Container can be accessed using IP Address and Port on each My question is, What happen with my IIS on Windows Server 2022 ? Is that unused ? If unused, can I use this IIS to publish other .NET Application using Direct file deploy ? Please helpWindows Server 2022, IIS & Docker Container
Hello, Let say, I am running 5 .NET API services using Docker Container on Windows Server 2022, this 5 Container can be accessed using IP Address and Port Number 1) What happen with my IIS on Windows Server 2022 ? Can I use this IIS to publish other .NET Application using Direct File Deploy ? Please help
Write to workgroup fileserver from AzureAD joined device.
Hi, We currently have a situation where we are trying to install a program locally, but we want some of the data files (master data for projects, company settings for the most part) to be stored on a fileserver. The installer allows for this change to set UNC path to the share manually, and in our case recommends doing that. The problem we are facing occurs when trying to go on with the installation, the problem reports back that write-protection is enabled. I have the share mapped as a nettwork station, and can create folders/files through explorer. But I think the issue here is that the share mapped using the "Connect with different credential" option, which is required since the share is on a server in a workgroup and the client I'm using is joined to AzureAD. And when i run the installer for the program it is ofcourse ran with my azure user (local administrator), and I guess it tries to write to the UNC path with that user ofcourse. Is there any way i can let the program write to the share without it being to much of a security risk? The same program also has a nettwork license installed on a different workgroup server. I also had to add local users to that server and do some DCOM permission tweaking for that to work. For the license part i can authenticate with the local server user, but thats not an option when trying to install with UNC path for the file/folder structure.Active directory allowing old and new password after reset
We are using windows 2019 server and once password is reset (before expired), we see a behavior that old password is valid for 5mins after password reset. Our replication delay is 15 seconds and we haven't set registry key OldPasswordAllowedPeriod. By documentation https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/new-setting-modifies-ntlm-network-authentication it is mentioned that if OldPasswordAllowedPeriod is not set, default will be 60mins. So where is this 5 mins configured?
Getting Prompted for Username and Password on Internal Web Site, HTTP Error 401.2 - Unauthorized.
I have an internal web site that uses Windows Authentication. This works perfectly on my Microsoft Windows Server 2022 Datacenter Azure Edition which is my developer server. When I tried to put this site out on our test Microsoft Windows Server 2022 Datacenter Azure Edition, with the exact same setup, I get prompted for my Username and Password. It does not matter what I have tried to enter for Username and Password, nothing is ever accepted and it I hit cancel, I get the dreaded HTTP Error 401.2 - Unauthorized. I don't understand why this would work on 1 server, but not the other server. HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers.Server 2025 ReFS Dedup job consumes all memory and hangs server
I posted about this here: https://learn.microsoft.com/en-us/answers/questions/2180202/server-2025-refs-dedup-job-consumes-all-memory-and So, first which place i correct? Here or there? 😁 And, secondly. Anyone got a clue why Server kills it self doing a ReFS dedup? Brgs,Applications settings lost when publish website (Windows Server 2022 IIS)
Hi everyone, I've set up a Windows Server 2022 to host multiple websites. However, every time I publish a new website via FTP using Visual Studio, the application settings configured on the site disappear. I'm wondering if I'm missing something in my setup. Should I be configuring the sites differently, or is there a way to prevent these settings from being reset during deployment? Any advice or insights would be greatly appreciated! Thanks!
Recent Blogs
- Security helps protect sensitive data and critical infrastructure. Cyberattacks are on the rise, and it is more critical than ever to ensure that your Windows Server infrastructure is secure. To help...Mar 04, 2025
- To enhance security and protect against cyber threats, the Data Encryption Standard (DES) encryption algorithm will be intentionally removed from Kerberos after Windows Server 2025 and Windows 11, ve...Feb 28, 2025
