Category: Windows Server | Microsoft Community Hub

Recent Discussions

CAL license management
What is the procedure to install a CAL (not RDS CAL, just CAL) on a Windows Server 2022 server either in an AD domain and in a workgroup? How can a customer check the use of CALs to be sure not exceding the number of CALs he purchased?
Solved
Marius_Roma
Brass Contributor
Mar 02, 2025 Place Windows Server for IT Pro
Windows Server
42Views
0likes
1Comment
CAL an d RDCAL
I aqpologize for the very simple question. When a user connects to a Windows Server via Remote Desktop Services does he require a CAL, a RDCAL or both? Where can I locate detailed documentation about the subject? Regards
Solved
Marius_Roma
Brass Contributor
Mar 02, 2025 Place Windows Server for IT Pro
Windows Server
28Views
0likes
1Comment
Increase the size of user profile disk in my remote desktop server
Hi all experts. I have a server for remote desktop services purposes, Windows 2016 standard, and domain joined. It is configured using User Profile Disk, and the maximum limit is set to 5GB. I want to increase the maximum limit but I can't do it under the collection's properties because that field is grayed out. My questions: How to increase the maximum limit? Please guide me and let me know how. Can I increase the maximum limit for 1 single user only? If yes, please let me know how. I found some info from the web that this can be done by the Diskpart command, is it true? If I follow the Diskpart method, do all user profiles encounter data lost? I need your guidance and input, I appreciate it. Here are some images:
Solved
szuguan
Copper Contributor
Feb 20, 2025 Place Windows Server for IT Pro
Hyper-V
storage
Windows Server
163Views
0likes
4Comments
RAM Memory Leak Issue
Good morning. I am experiencing issues with an updated installation of Windows Server 2016. The task manager reports 8.1GB of memory used (which normally tends to grow indefinitely), and I can't figure out what is using this memory. The growth is about 1GB per day. However, no processes appear that justify the 8GB of RAM used. Even using RAMMAP, I can't find anything significant... On the server, additionally, we have SentinelOne as antivirus and Apache-Tomcat. Thank you for your help.
Solved
andrea_rinaldi
Copper Contributor
Feb 07, 2025 Place Windows Server Insiders
General
99Views
0likes
2Comments
Windows Admin Center v2.4 will not use SAN Cert
Hello, We've noticed an issue with the new Windows Admin Center Modernized Gateway (v2.4) and SAN certificates, at least in our environment. All of our servers get an autoenroll computer certificate (hostname.domainname.com) -- it only uses a common name, and has no subject alternative names. For webservers, we generate an additional certificate with subject alternative names, so that web browsers do not report an insecure https website. Windows Admin Center v2.4 does not seem to work with these certificates. When installing WAC and selecting the correct SAN certificate in the "Custom Setup" or even setting the certificate manually using Set-WACCertificateSubjectName -Thumbprint 'thumbprintofcert' the website will only use the autoenroll certificate. I deleted the autoenroll certificate from the machine, and tried setting the certificate to the SAN cert and the site will not even load. As soon as I forced a gpupdate /force to get a new autoenroll computer certificate and it will use that one, but never the SAN cert. Just in case it was the subject name of the cert, I generated a new SAN cert with a completely different name from the autoenroll cert: WAC.domainname.com instead of APP-WAC01.domain.com. I then used the Set-WACCertificateSubjectName -Thumbprint and verified that it was using the new SAN cert by running Get-WACCertificateSubjectName and it showed that it was using the WAC.domainname.com certificate. Website would not load at all. So I don't know if it has issues with SAN certs, or anything other than an autoenroll certificate with only a common name, but nothing works. If Windows Admin Center Modernized Gateway still used IIS, we'd be able to get IIS to use the SAN cert like the previous version of Windows Admin Center. Is this a known issue? Anyone else having issues with SAN certs? -J
Solved
rmoat
Brass Contributor
Jan 27, 2025 Place Windows Admin Center
261Views
0likes
4Comments
Active Directory Functional Level Support
Hi all, This is a first time post for me here but I am struggling to find this information out from MS or MS support themselves. I am currently assisting a customer upgrade some servers from Windows 2012 R2 to Windows 2022 and 2 of the servers are DCs. Now I am well across the recommended upgrade process but I have seen in their current AD that they are running functional level 2008 R2. I am well aware that 2008 R2 and 2012 R2 are no longer supported but what about the AD functional level? Now I have researched this half to death across the MS KBs, tech forums etc. and I am conflicting information. Some MS representatives in forums have said that these functional levels are not supported but they don't supply any official documentation or statement from MS which says this. I just raised a ticket with MS support to ask the question but the responding engineer was confusing as hell and whilst I appreciate English would be their second language, I don't think they understood what I asked. So is there anyone in the discussion forum who knows the answer to this? If you do, can you please point me to the official MS statement backing this up as well. Is AD functional level 2008 R2 and 2012 R2 supported or not supported? Appreciate any help anyone here can provide. Cheers Alex
Solved
ozzeus76
Copper Contributor
Nov 25, 2024 Place Windows Server for IT Pro
Active Directory
312Views
0likes
4Comments
ISSUE: Windows Server 2025 - OneDrive Shell Folder does not work in File Explorer
Dear Windows Server Insider team, I am seeing this issue for a longer time now and hoped it would be resolved. Will be repeating my tests with 26311 soon and updating this thread by then. I consider this issue of low to medium importance. If this goes live it can harm especially Windows Server based VDI which usually using OneDrive and FSLogix Containers. This one is just tested in easy complexity with OneDrive for Home Use, but I expect it can also affect OneDrive for Business. Overall, I would rate this an UX limitation with an available workaround for advanced users. Thanks! https://aka.ms/AAt80nr
Solved
Karl-WE
MVP
Oct 29, 2024 Place Windows Server Insiders
General
438Views
1like
3Comments
Download page of Windows Server Insider Preview times out
can anyone else access https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver for me the webpage times out or reports back this issue.
Solved
Karl-WE
MVP
Oct 28, 2024 Place Windows Server Insiders
General
200Views
0likes
1Comment
Error Occurred While Enrolling for a Certificate - Certificate Server
I am getting the above error when try to renew or enroll a new certificate. Additional information is The Certificate request could be submitted to the certification authority. Error: The RPC server is unavailable. 0X800706ba (WIN32: 1733 RPC_S_SERVER_UNAVAILABLE) Our CA was on a domain controller where we were getting this error. I moved the CA to it own server, restored the CA but still getting this. I have searched and followed numerous suggestions on the above topic but none have resolved the issue. This is running on a patched Windows Server 2022. Any additional suggestions would be appreciated.
Solved
bfry2461
Brass Contributor
Oct 28, 2024 Place Windows Server for IT Pro
Windows Server
290Views
0likes
1Comment
AD DS Users in Remote Desktop Users group receive not authorized for remote login
Hello, thanks for checking! My AD DS config was lost. I have now built a new PDC for AD DS. I have recreated users and given them remote permissions via remote tab on user details, I have added them to administrators group, and I have added them to Remote Desktop Users group. I have joined "PC1" I can confirm the user can login via console, but when attempting to remote in, is receiving "The connection was denied because the user account is not authorised for remote login." The only user that can use RDP at this time is domain 'administrator'. It was working previously. I have verified that the PC1 has remote desktop enabled, and can connect via domain 'administrator' I would appreciate any insight into this matter!
Solved
KevinM905
Copper Contributor
Oct 22, 2024 Place Windows Server for IT Pro
Active Directory
Login
Networking
Remote Desktop
272Views
0likes
2Comments
SMB over QUIC Client Access Control is inconsistent
We have set up SMB over QUIC on some Windows 2025 file servers and generally it works well. Unfortunately of course, it is not secure by design since there is no MFA or conditional access in the picture. Thus securing the connections falls to its Client Access Control feature where you can allowlist or blacklist connections using client certificates. We implemented this in multiple environments (different domains) and although it works initially, it then starts failing with no changes having been made. The behavior is always the same across various domains once it starts failing - first the connection shows successful: The SMB connection was successfully established. Endpoint Name: FILES Transport: Quic Server socket address: x.x.x.x:443 Client socket address: x.x.x.x:8205 Connection ID: 0xB1D0039C01XXXXXX Mutual authentication: Yes Access control: Yes Then immediately it fails less than a second later: Quic connection shutdown. Error: Mutual authentication failed. Reason: Server close the connection. Endpoint Name: FILES Transport Name: \Device\SmbQUICIpv4_0006_x.x.x.x Guidance: This event indicates that the winquic connection is shutting down by the server. This event commonly occurs because the server certificate mapping is not created. It may also be caused by the server failed to configure the winquic connections.
Solved
Wes808
Brass Contributor
Oct 20, 2024 Place Windows Server for IT Pro
storage
339Views
0likes
3Comments
wof compression not working on Server 2019, compact /exe:lzx
Hi! Got this oddity where it works on some 2019 but not others. It's volumes that support compression. compact /c .\textfile.txt Compressing files in E:\test\ textfile.txt 80510 : 20480 = 3,9 to 1 [OK] Works. But this doesn't compact /c /exe:lzx .\textfile.txt Compressing files in E:\test\ textfile.txt [ERR] textfile.txt: The file system does not support compression. Found another tool that gives a little bit more / other info. https://github.com/wimbrts/WOF_Compress WofCompress.exe /c:lzx /path:textfile.txt Compression using LZX algorithm Error WOF driver missing! Some more info posted as issue at the authors github. https://github.com/wimbrts/WOF_Compress/issues/1 Anyone got a clue why it works on some server and not others? I've compared the output from fsutil fsinfo ntfsinfo fltmc filters Not working server: NTFS Volume Serial Number : 0x90e6dd9ee6dd84be NTFS Version : 3.1 LFS Version : 2.0 Number Sectors : 0x00000003feeaefff Total Clusters : 0x000000007fdd5dff Free Clusters : 0x000000000b47a437 Total Reserved : 0x000000000000118d Bytes Per Sector : 512 Bytes Per Physical Sector : 4096 Bytes Per Cluster : 4096 Bytes Per FileRecord Segment : 1024 Clusters Per FileRecord Segment : 0 Mft Valid Data Length : 0x000000000a9c0000 Mft Start Lcn : 0x00000000000c0000 Mft2 Start Lcn : 0x0000000000000002 Mft Zone Start : 0x00000000000ca9c0 Mft Zone End : 0x00000000000d71c0 Max Device Trim Extent Count : 0 Max Device Trim Byte Count : 0x0 Max Volume Trim Extent Count : 62 Max Volume Trim Byte Count : 0x40000000 Resource Manager Identifier : A36B7921-4B02-11E3-80B9-10604B92980C fltmc filters Filter Name Num Instances Altitude Frame ------------------------------ ------------- ------------ ----- WdFilter 5 328010 0 storqosflt 0 244000 0 wcifs 0 189900 0 CldFlt 0 180451 0 FileCrypt 0 141100 0 luafv 1 135000 0 npsvctrig 1 46000 0 Wof 1 40700 0 Working server: fsutil fsinfo ntfsinfo NTFS Volume Serial Number : 0x5674e49574e478df NTFS Version : 3.1 LFS Version : 2.0 Number Sectors : 0x000000000fb557ff Total Clusters : 0x0000000001f6aaff Free Clusters : 0x0000000001356a89 Total Reserved : 0x00000000000013ff Bytes Per Sector : 512 Bytes Per Physical Sector : 4096 Bytes Per Cluster : 4096 Bytes Per FileRecord Segment : 1024 Clusters Per FileRecord Segment : 0 Mft Valid Data Length : 0x000000003d880000 Mft Start Lcn : 0x00000000000c0000 Mft2 Start Lcn : 0x0000000000000002 Mft Zone Start : 0x000000000061e7c0 Mft Zone End : 0x0000000000622b20 Max Device Trim Extent Count : 4096 Max Device Trim Byte Count : 0xffffffff Max Volume Trim Extent Count : 62 Max Volume Trim Byte Count : 0x40000000 Resource Manager Identifier : 0F1B4301-B8F1-11EB-BBB6-00155D289A03 fltmc filters Filter Name Num Instances Altitude Frame ------------------------------ ------------- ------------ ----- MsSecFlt 6 385600 0 WdFilter 4 328010 0 storqosflt 0 244000 0 wcifs 0 189900 0 CldFlt 0 180451 0 FileCrypt 0 141100 0 npsvctrig 1 46000 0 Wof 1 40700 0
Solved
Mikael
Brass Contributor
Oct 16, 2024 Place Windows Server for IT Pro
storage
Windows Server
202Views
0likes
2Comments
Configure RPC packet level privacy setting for incoming connections not show in group policy
Hi, it's about the group policy setting in windows server 2022, I have downloaded Windows Server 2022 Security Baseline.zip from https://www.microsoft.com/en-us/download/details.aspx?id=55319 Microsoft Security Compliance Toolkit 1.0 and imported SecGuide.adml and SecGuide.admx. I can see the MS Security Guide folder in local group policy editor, but there is no setting for "Configure RPC packet level privacy setting for incoming connections", I also try to find from All Settings, there is no such setting. Could you advice how to config it to let it show in the group policy editor or GPO. Thanks.
Solved
june_hu
Copper Contributor
Sep 11, 2024 Place Windows Admin Center
Group Policy
Group Policy Editor
Group Policy Object
microsoft advanced group policy management
2.6KViews
0likes
2Comments
Excel is creating .tmp files in shared folder without security permissions.
Hello. I have a on-prem 2019 DC that has 2012 r2 server in the same forest. Since the end of July, sometimes when Excel that is used in the workstations, the .tmp files that are created when the excel file is saved are not deleted. If I go to .tmp files' properties, there's nothing in Security and I'm unable to take ownership saying I don't have reading permissions. If I restart the server, I'm able to see the information and to delete them. I have checked the file in virustotal.com, it's clean and it is an Office Open XML Spreadsheet. The servers are both updated, the DNS has no errors and the disk is ok. After some research, I did the following: - Disabled the Microsoft Defender on the Server - Gave full control to the shared folder to everyone - Deactivated the heuristic component of the anti-virus that is installed in the server Despite all this, the .tmp files continue to stay now and then in the shared folder as described earlier. I don't know what can I do to solve this?
Solved
LCoimbra
Copper Contributor
Sep 09, 2024 Place Windows Server for IT Pro
Windows Server
1.1KViews
0likes
3Comments
AD FS Role installs but configuration fails with timeout error
I am attempting to install the Active Directory Federation Services role on a Server 2019 VM. The initial configuration wizard fails when installing ADFS (GUI OR PowerShell - same outcome). All checks pass, but the ADFS service takes roughly 75 seconds to start, so the wizard times out failed. The database is built, the service account and certificate are verified, and the service is ACTUALLY STARTED. Once it fails with "timeout" error, it never builds the APP Pool objects in IIS, and it never builds the objects to populate the AD FS MMC. I have verified that the certificate is built correctly per multiple articles. I followed https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/manually-configure-a-service-account-for-a-federation-server-farm to set up the GMSA service account I have followed the guidance at https://learn.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/service-not-start-events-7000-7011-time-o.ut-error?source=recommendations to add time for the service to start, but the wizard appears to have its own timeout. I have installed SQL Service Management Studio 20, and used it verify that the WID database and the permissions/roles for the service account match guidance. I have verified the SPN and the permissions for the AD FS GUID for the farm. Is there a way to complete the configuration with the long service start?
Solved
paul1945
Copper Contributor
Sep 03, 2024 Place Windows Server for IT Pro
Active Directory
management
security
Windows Server
655Views
0likes
2Comments
Unable to change expired password
I am using Server Next Preview Build 26257. It is a domain controller. I only have the one AD account which I created to do the evaluation. The account password expired today. When I attempt to change it at login, I enter the new password twice as required and hit Enter, but it sends me back and says "The password for this account has expired" with an OK button. If I try again I get the same result. If I purposely type a mismatch for the new PW it does acknowledge that. Has anyone else seen this? I can't think of a workaround.
Solved
CSullivan55
Copper Contributor
Aug 02, 2024 Place Windows Server Insiders
General
1.6KViews
1like
11Comments
(Another) Issue with RADIUS authentication for some users
Hi I thought I'd found the solution to our problem in this Tech Community thread from 2021, only to find that there was only one reply. Our NPS logs looks very very similar to those described in that 'DenverCoder' post, here's a screenshot to illustrate (the working one is in green, and shows the full AD path to the user account in AD, and the Network Policy name): We use NPS servers as part of the solution to provide MFA for our staff VPN. It works perfectly for about 127 out of 130 staff. but three of them don't even get an MFA prompt. Just now I thought I'd found a 4th victim, as she'd tried about 20 times today, only to succeed about an hour ago (not sure what inspired her to try again) Looking at the Event View on the NPS shows events 6273 (“Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.”) and 4625 (“Failure Reason: Unknown user name or bad password.”) To me it looks like it's failing to recognise the user's group membership (you have to be in the AD group for the MFA to work, otherwise you ain't coming in bruv!) All suggestions gratefully received.
Solved
JJeffery
Brass Contributor
Aug 02, 2024 Place Windows Server for IT Pro
Active Directory
security
Windows Server
1.1KViews
0likes
9Comments
DNS Issue - nslookup resolve to random localhost ip
Hello all, I am new here. hope there is someone will help me. Please help me to resolve this issue. the host domain upxxxxx.edu.my can be resolve using public DNS. but while using internal DNS it will resolve to random localhost IP. i had restart the DNS/AD server. i made nslookup again after reboot then it appear 127.118.0.45 (other local IP address). *this is new fresh install windows server 2022 std with AD, DHCP and DNS roles. thank you for your help. i am very appreciate the effort.
Solved
atlinemy
Copper Contributor
Jul 15, 2024 Place Windows Server for IT Pro
Active Directory
DNS
Networking
1.2KViews
0likes
8Comments
Windows Server 2025 Public Preview - Windows Update issue
Hi there, Is Windows Update expected to work with the Windows Server 2025 Public Preview from Microsoft's Evaluation Center? I deployed the 26100.1.240331-1435.ge_release_SERVER_EVAL_x64FRE_en-us.iso image but can't update through Windows Update. Similarly, the Windows Security app and Microsoft Edge browser won't update. I'm inquiring because post-installation, the Microsoft Evaluation Center advises updating Windows via Windows Updates. Thanks, AJ
Solved
AJ_Castle
Copper Contributor
Jun 17, 2024 Place Windows Server Insiders
Windows Update
4.6KViews
0likes
11Comments
Problems with DNS Replication after upgrade
I created a new A/D Server 2022 to replace my A/D Server 2012. The install completed and the FSMO roles transferred fine. However, I cannot manage the A/D GPO. In looking at the logs, it appears that DNS cannot replicate. Password hash synchronization failed for domain: mrc.net, domain controller hostname: MIDSRVR01.mrc.net, domain controller IP address: 172.16.1.43. Details: Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: mrc.net. Error: There was an error establishing a connection to the directory replication service. Domain controller hostname: MIDSRVR01.mrc.net, domain controller IP address: 192.168.99.12 ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: There was an error establishing a connection to the directory replication service. Domain controller hostname: MIDSRVR01.mrc.net, domain controller IP address: 192.168.99.12 ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: RPC Error 1722 : The RPC server is unavailable. Error creating the RPC binding handle The original A/D Server 2012 is multi-honed and it appears DNS is trying to use an IP Address on a private segment 192.168.99.12 which isn't available to the new Server. The new server is on segment 172.16.1.x. If I look at DNS, the server IP addresses appears in this order. How an I make the 172.16.1.43 the primary address? How can I change the IP address to point to the other segment?
Solved
Mikeg0210
Copper Contributor
Jun 07, 2024 Place Windows Admin Center
553Views
0likes
2Comments

Recent Discussions

CAL license management

CAL an d RDCAL

Increase the size of user profile disk in my remote desktop server

RAM Memory Leak Issue

Windows Admin Center v2.4 will not use SAN Cert

Active Directory Functional Level Support

ISSUE: Windows Server 2025 - OneDrive Shell Folder does not work in File Explorer

Download page of Windows Server Insider Preview times out

Error Occurred While Enrolling for a Certificate - Certificate Server

AD DS Users in Remote Desktop Users group receive not authorized for remote login

SMB over QUIC Client Access Control is inconsistent

wof compression not working on Server 2019, compact /exe:lzx

Configure RPC packet level privacy setting for incoming connections not show in group policy

Excel is creating .tmp files in shared folder without security permissions.

AD FS Role installs but configuration fails with timeout error

Unable to change expired password

(Another) Issue with RADIUS authentication for some users

DNS Issue - nslookup resolve to random localhost ip

Windows Server 2025 Public Preview - Windows Update issue

Problems with DNS Replication after upgrade

Events

Recent Blogs

Strengthening your security posture with Windows Admin Center

Removal of DES in Kerberos for Windows Server and Client

Resources

Share

Tags