Domain Controller Archives

Winsage

May 6, 2025

Microsoft pushes fix for Windows 11 update 0x80240069 errors

Microsoft has resolved an issue that affected the delivery of Windows 11 24H2 feature updates via Windows Server Update Services (WSUS) after the installation of the April 2025 security updates. Users reported upgrade problems, specifically encountering error code 0x80240069 during attempts to update from Windows 11 23H2 or 22H2. The update complications primarily impact enterprise environments using WSUS, while home users are less likely to experience these issues. Microsoft is rolling out a fix through Known Issue Rollback (KIR) for enterprise-managed devices, requiring IT administrators to implement the KIR Group Policy on affected endpoints. Additionally, Microsoft is addressing a separate issue where some PCs were upgraded to Windows 11 despite Intune policies preventing such upgrades.

Winsage

April 16, 2025

Microsoft warns of blue screen crashes caused by April updates

Microsoft has warned customers about potential system failures due to a blue screen error (secure kernel fatal error) following the installation of Windows updates since March, specifically the KB5055523 April cumulative update and the KB5053656 March preview update, affecting Windows 11, version 24H2. Users may experience crashes and a blue screen exception with the code 0x18B. Microsoft is working on a solution and has implemented a Known Issue Rollback (KIR) to reverse the problematic updates, which will automatically reach affected devices within 24 hours. Affected users are advised to restart their devices. For enterprise-managed devices, administrators must install the KIR Group Policy specific to their Windows version to resolve the issue, requiring a device restart. Further assistance is available on the Microsoft support website. Additionally, Microsoft has released emergency updates for local audit logon policies in Active Directory Group Policy and alerted administrators about potential inaccessibility of Windows Server 2025 domain controllers post-restart.

Winsage

April 15, 2025

Windows Server 2025 may lose DC connectivity after restart

Microsoft has warned about potential accessibility issues with Windows Server 2025 domain controllers after a restart, where affected servers revert to the default firewall profile, disrupting applications and services. A temporary workaround involves manually restarting the network adapter on the impacted servers using the PowerShell command: Restart-NetAdapter *. This workaround needs to be reapplied after each restart of the domain controller, and Microsoft recommends setting up a scheduled task to automate this process. Windows Server 2025, launched earlier this year, introduced new features and security enhancements but has faced previous issues, including freezing Remote Desktop sessions and accidental upgrades from Windows Server 2022. Developers are currently working on a permanent solution for the domain controller issue.

Winsage

April 14, 2025

Windows Server 2025 Restart Bug Breaks Connection with Active Directory Domain Controller

Microsoft has warned IT administrators about a significant issue affecting Windows Server 2025 domain controllers, which may struggle to manage network traffic after a system restart. This problem arises because the domain controllers revert to the standard firewall profile instead of the required domain firewall profile, leading to potential inaccessibility on the domain network, application failures, and open ports that could pose security risks. The issue specifically affects Windows Server 2025 systems with the Active Directory Domain Services role, while client systems and earlier server versions remain unaffected. To address this, Microsoft recommends a temporary workaround: manually restarting the network adapter using PowerShell with the command Restart-NetAdapter * after each reboot. Administrators are advised to create a scheduled task for automation, monitor domain controllers for disruptions, and minimize unnecessary restarts. Microsoft is working on a permanent fix, with an update expected in the future.

Winsage

April 14, 2025

Windows Server 2025 domain controllers may lose connectivity after reboot, says Microsoft

Microsoft has alerted IT administrators about potential connectivity issues with Windows Server 2025 domain controllers after a restart, which may lead to network disruptions and unauthorized access. Applications and services relying on these domain controllers could fail or become unreachable. IT administrators are advised to exercise caution when planning server restarts.

Winsage

April 14, 2025

Microsoft: Windows Server 2025 restarts break connectivity on some DCs

Microsoft has warned IT administrators about a potential issue with Windows Server 2025 domain controllers (DCs) becoming inaccessible after a restart, due to defaulting to the standard firewall profile instead of domain-specific settings. This mismanagement can lead to DCs being unreachable on the domain network or improperly accessible through restricted ports and protocols. A workaround involves manually restarting the network adapter on affected servers after each reboot, and Microsoft recommends setting up a scheduled task for this. The company is working on a permanent solution for a future update. Additionally, Microsoft has alerted users to another issue with Windows Hello logins related to the KB5055523 April 2025 security update and has implemented a fix for authentication issues with Credential Guard and the Kerberos PKINIT pre-auth security protocol.

Winsage

March 26, 2025

Microsoft: Recent Windows updates cause Remote Desktop issues

Microsoft has informed users about issues with Remote Desktop and Remote Desktop Services (RDS) connections after recent Windows updates since January 2025. Users may experience unexpected disconnections during Remote Desktop Protocol (RDP) sessions following the January preview update (KB5050094) and the March 2025 security update (KB5053598). Specifically, users connecting from Windows 11 24H2 PCs to RDS hosts on Windows Server 2016 or earlier may be disconnected after about 65 seconds. Microsoft has introduced a solution through its Known Issue Rollback (KIR) feature, requiring administrators to install and configure the Windows 11 24H2 and Windows Server 2025 KB5053598 250314_20401 KIR group policy. A restart of affected devices is necessary to apply the new settings. A permanent fix will be included in a future Windows update.

Winsage

March 12, 2025

Microsoft: Recent Windows updates make USB printers print random text

Microsoft has acknowledged an issue affecting certain USB printers after the installation of Windows updates since late January 2025, impacting users on Windows 10 (version 22H2) and Windows 11 (versions 22H2 and 23H2). The latest Windows 11 version 24H2 is unaffected. Users may experience unexpected behavior with dual-mode printers using USB Print and IPP Over USB protocols, leading to random text and data being printed, including network commands. This issue arises from the interaction between the print spooler and the printer driver. Microsoft has implemented a solution through its Known Issue Rollback (KIR) feature, which will be automatically rolled out in an upcoming update. IT administrators are advised to install specific group policies to address the issue. Additionally, Microsoft lifted a compatibility hold for some AutoCAD users upgrading to Windows 11 24H2 due to previous launch and crash issues.

Winsage

December 21, 2024

How to setup IPAM on Windows Server

IP Address Management (IPAM) in Windows Server automates and centralizes the management of IP address infrastructure, allowing administrators to monitor, manage, and audit DHCP and DNS servers. Setting up IPAM involves several steps: verifying prerequisites (supported Windows Server version, active directory domain, and operational DHCP/DNS roles), installing IPAM through Server Manager or command prompt, configuring IPAM for file sharing and access settings, configuring server discovery, and managing servers and settings. To add an IP address to IPAM, users access the IPAM console, navigate to the IP Address Space section, select the desired IP Address block, and provide necessary details before saving the changes.

Winsage

December 16, 2024

The Windows Concept Journey

Active Directory (AD) is a hierarchical database that stores information about network objects such as users, computers, printers, and shared resources. Key components of AD include the schema, global catalog, query and index mechanism, and replication service. Management is typically done through the "Active Directory Users and Computers" snap-in, which enhances security and supports authentication federation. The AD database is stored in a file called "ntds.dit" on the Domain Controller (DC). Best practices for securing AD include patching, monitoring, and recovery planning. Remote access to the AD database is enabled through the Lightweight Directory Access Protocol (LDAP) over TCP port 389 or port 636 for secure LDAP (LDAPS).