Windows Server 2022 Archives

Winsage

April 30, 2025

Microsoft: Windows 11 24H2 updates fail with 0x80240069 errors

Microsoft has acknowledged a significant issue affecting enterprise users trying to upgrade to Windows 11 24H2 via Windows Server Update Services (WSUS) after installing the April 2025 security updates, specifically the monthly security update KB5055528. Users with Windows 11 23H2 or 22H2 are encountering Windows Update Service errors with the code 0x80240069, preventing the download process for Windows 11 24H2 from initiating or completing. Microsoft confirmed that devices with the April security update might be unable to update via WSUS. WSUS, primarily used in enterprise settings, has been deprecated as of September 2024, but Microsoft will continue to support existing functionalities. Additionally, Microsoft is addressing a "latent code issue" that has caused some devices to upgrade to Windows 11 despite Intune policies against such upgrades.

Winsage

April 30, 2025

Microsoft: Windows Server hotpatching to require subscription

Microsoft will transition hotpatching for Windows Server 2025 to a paid subscription model starting July 1, 2025, with a cost of [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Microsoft has made a significant announcement regarding the future of hotpatching for Windows Server 2025, a feature that allows administrators to apply security updates without the need for system restarts. As the company prepares for the general availability of this service, it will transition to a paid subscription model starting July 1, 2025. Subscription Details and Preview Phase In a proactive move, Microsoft is encouraging administrators to take advantage of the free preview of hotpatching before it becomes a subscription-based service. This opportunity will remain available until June 30, after which those currently testing the service will be automatically subscribed unless they opt out. “Hotpatching for Windows Server 2025, made available in preview in 2024, will become generally available as a subscription service on July 1st, 2025. With hotpatching, we are taking what was previously an Azure-only capability and now making it available to Windows Server machines outside of Azure through Azure Arc,” Microsoft stated. Upon the subscription launch, hotpatching will be priced at .50 USD per CPU core per month. To utilize this feature in multi-cloud environments or on-premises, users will need both a Hotpatch service subscription and an Azure Arc-connected server running Windows Server 2025 Standard or Datacenter. How to Enable Hotpatching Enabling hotpatching on your server is a straightforward process. First, connect your server to Azure Arc by following the specified steps. Next, navigate to Azure Update Manager within the Azure Portal, select your Azure Arc-enabled server, and check the hotpatching option as outlined in the provided documentation. A Brief History of Hotpatching Hotpatching has been a part of Microsoft's offerings since February 2022, initially available for Windows Server 2022 Datacenter: Azure Edition. This feature allows for the deployment of security updates by patching the in-memory code of running processes, eliminating the need for reboots after each installation. However, it is important to note that servers still require reboots for updates delivered through the standard Windows update channel, which are not included in the Hotpatch program. This includes non-Windows updates, such as .NET patches, and Windows non-security updates. Microsoft began public testing of hotpatching for Windows Server 2025 in September 2024, with further expansions to Windows 11 24H2 and Windows 365 following in November 2024. By April 2025, hotpatch updates will be generally available for business customers using Windows 11 Enterprise 24H2 on x64 (AMD/Intel) systems." max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per CPU core per month. A free preview of the service is available until June 30, 2025, after which users testing the service will be automatically subscribed unless they opt out. Hotpatching allows administrators to apply security updates without system restarts and will be available for Windows Server machines outside of Azure through Azure Arc. To enable hotpatching, servers must be connected to Azure Arc and configured via the Azure Update Manager. Hotpatching was initially introduced in February 2022 for Windows Server 2022 Datacenter: Azure Edition and allows for in-memory code updates, but standard Windows updates still require reboots. Public testing for Windows Server 2025 began in September 2024, with general availability for Windows 11 Enterprise 24H2 expected by April 2025.

Winsage

April 24, 2025

Microsoft fixes bug causing incorrect 0x80070643 WinRE errors

Microsoft has resolved a known issue causing 0x80070643 installation failure errors during the deployment of the April 2025 Windows Recovery Environment (WinRE) updates. This issue affected the KB5057588 update for Windows Server 2022 and the KB5057589 update for Windows 10, versions 22H2 and 21H2. The error message was misleading, as it did not reflect the actual status of the update or the device's performance. The error typically occurred when a device attempted to install the WinRE update while another update was pending a reboot. Microsoft confirmed that users will no longer see the incorrect error message after installing the affected updates. Additionally, in August of the previous year, Microsoft retired the January 2024 Windows security updates that also triggered 0x80070643 errors during WinRE updates. During that time, fraudulent IT support websites promoted malicious PowerShell "fixes" for these errors, leading to malware infections among users.

Winsage

April 21, 2025

Intune flaw pushed Windows 11 upgrades on blocked devices

Microsoft identified a "code issue" within its Intune device management software as the reason for the unintended rollout of Windows 11 to devices not designated for the upgrade. The flaw triggered upgrades despite existing policies meant to prevent them. Microsoft is working on a fix and has advised organizations to pause Windows updates via Intune to avoid further issues. Devices that received the upgrade erroneously will need manual intervention to revert to their previous version. This incident follows a similar occurrence in November 2024, where customers experienced unexpected upgrades from Windows Server 2022 to Windows Server 2025. Microsoft attributed that incident to third-party products used for managing server updates. Additionally, a month prior, Microsoft retracted a preview update for Windows 11 due to severe issues causing crashes.

Winsage

April 19, 2025

Microsoft is deprecating a ‘revolutionary’ virtualization-based security feature for older versions of Windows 11

Microsoft has announced the deprecation of Virtualization-based Security (VBS) enclaves, a feature introduced in July 2024, in Windows 11 23H2 and earlier versions, as well as in Windows Server 2022 and its predecessors. Support for VBS enclaves will continue in Windows Server 2025 and future versions. VBS enclaves were designed to create secure memory spaces using Microsoft's Hyper-V hypervisor, enhancing security for specific application components. The decision to phase out VBS enclaves may be influenced by the rapid development cycle of Windows 11. Users are expected to transition to newer releases as support for Windows 11 23H2 ends in November. Enterprise customers relying on VBS enclaves may face disruptions if the feature is completely removed.

Winsage

April 19, 2025

Microsoft «kills a feature that protected «older» versions of Windows 11 — and no one knows why

Microsoft will discontinue support for virtualization-based security enclaves (VBS enclaves) in Windows 11 versions 23H2 and 22H2, as well as in Windows Server versions 2022, 2019, and 2016. Support for VBS enclaves will only be retained in Windows 11 version 24H2 and later, and in Windows Server 2025 and later. VBS enclaves enhance memory operation security by creating virtual trust levels within a Trusted Execution Environment. Microsoft previously addressed a privilege escalation vulnerability within VBS enclaves (CVE-2025-21370) and plans to integrate the Rust programming language into the Windows kernel starting with Windows 11 version 23H2 in 2024.

Winsage

April 17, 2025

New Windows Server emergency updates fix container launch issue

Microsoft released emergency updates for Windows Server to address startup failures in containers operating under Hyper-V isolation mode, caused by compatibility issues with the 2025.04 B container images. The updates enhance access to essential system files from the Windows Server host, improving compatibility and reliability. These out-of-band updates for Windows Server 2019, 2022, and 2025 must be manually downloaded from the Microsoft Update Catalog, as they will not be delivered through Windows Update. This update follows previous challenges, including authentication issues and boot problems caused by earlier security updates for Windows Server 2019 and 2022.

Winsage

April 16, 2025

Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks

Microsoft is addressing an issue where some Windows devices are prompted to upgrade to Windows 11 despite Intune policies preventing such upgrades, a problem attributed to a "latent code issue" since April 12. A targeted code fix is being deployed, and users are advised to pause Windows feature updates via Intune until the resolution is fully rolled out. Users who upgraded to Windows 11 inadvertently will need to manually revert to their previous version. Additionally, in November 2024, certain Windows Server 2019 and 2022 devices were upgraded to Windows Server 2025 without user consent, and Microsoft acknowledged the problem but did not provide guidance on reverting these upgrades. Microsoft has also resolved an issue with prompts for upgrading to Windows Server 2025, clarifying that notifications were intended only for those seeking in-place upgrades.

Winsage

April 15, 2025

Microsoft tells Windows users to ignore 0x80070643 WinRE errors

Microsoft has acknowledged that some users may experience installation failures with error code 0x80070643 when deploying the April 2025 Windows Recovery Environment (WinRE) updates, specifically affecting the KB5057589 update for Windows 10 versions 22H2 and 21H2, and the KB5057588 update for Windows Server 2022. The company stated that this error is misleading and does not affect device functionality, as the WinRE update is typically applied successfully after a device restart. Users may see a failure indication in Windows Update, but this will be resolved after the next daily scan and restart. Microsoft is working on a resolution for this issue, which follows a similar situation from August 2024. Additionally, fraudulent IT support websites have been identified promoting malicious PowerShell "fixes" for these errors.

Winsage

April 15, 2025

Windows Server 2025 may lose DC connectivity after restart

Microsoft has warned about potential accessibility issues with Windows Server 2025 domain controllers after a restart, where affected servers revert to the default firewall profile, disrupting applications and services. A temporary workaround involves manually restarting the network adapter on the impacted servers using the PowerShell command: Restart-NetAdapter *. This workaround needs to be reapplied after each restart of the domain controller, and Microsoft recommends setting up a scheduled task to automate this process. Windows Server 2025, launched earlier this year, introduced new features and security enhancements but has faced previous issues, including freezing Remote Desktop sessions and accidental upgrades from Windows Server 2022. Developers are currently working on a permanent solution for the domain controller issue.