Windows Server

Hello, Valume shadow Copy or VSS services of our windows server 2019 configured in Automatic. but more than 3 and 4 times per day they stops and it take alot of to start again. how can i reduce this time and which solution help me that service start immediatly when it stop thanks alotView the full article

Hello,we are testing operating system Windows 2025 server and virtual machine with this OS does not see any approved updates from WSUS server. Approved cumulative updates for Windows 2025 showed no needed computers at WSUS console. We can updated this virtual machine via internet access or by downloading cumulative update from Windows catalog but updating by WSUS server is not possible. Approved patches for Windows 2025 are shown as Not Applicable. There is no problem for Windows 2016, 2019 and 2022 servers at our WSUS server.View the full article

Hi Everyone,I am facing an issue after setting up a forest-level trust between two domains: Trusting domain: xyz.com Trusted domain: abc.comThe trust was successfully established(forest --> transitive ) which is reflected in both the forest. But I am unable to access or translate users from the trusted domain (abc.com) in the trusting domain (xyz.com).What I've Checked So Far: DNS resolution between the two forests appears to be working fine. The trust has been validated successfully in "Active Directory Domains and Trusts." Verified permissions for accounts attempting to accView the full article

Big man： As the title. I need your help。 View the full article

Hi Community,I've been looking into a large amount of password spraying attempts against our company azure AD user accounts.The majority of logon failures are due to incorrect credentials, and we use MFA.My main question surrounds the following failure reasons:- "The users attempted to log on outside of the allowed hours (this is specified in AD)."- "Access has been blocked due to conditional access policies."What I'm hoping to find out with these two error messages is if they imply that the credentials were correctly entered, but failed at the step before MFA challenge due to a policy denyingView the full article

All of a sudden a client reports none of their 35 workstations can connect to the internet. I logged into the server and have no problem connecting to the internet from there.It's a domain setup with about 35 workstations and 1 (virtual) server (Windows Server 2022). clients are a mix of win 10 and 11. Everything has been working fine since server went in 1 1/2 years ago. Nothing changed recently that I am aware.ipconfig /all on a workstation shows all the correct settings.-the client points to the server ip address for dnsFrom a workstation I can do nslookup google.com, properly resolves to View the full article

Is there support for WPA3 using group policy? View the full article

Few W2022 21h2 servers cannot install KB5048654 (also KB5046616 kept failing) showing 0x8007371b.Other few W2022 21h2 servers also failed installing the same CUs, ending with error 0x800f0983 We reset win update service, and run 'sfc /scannow' and dism commands, and restated, but update still failing. These are the latest updates released.It is frustrating, as there is no pattern just seems random.All above servers successfully installed all the October (including CU/.Net) updates.This seems to be a Ms issue, so please address urgently. I am sure other users experiencing similar. Because systView the full article

Hi Microsoft. i try to download the Windows Server 2016 ISO. But the problem is the Download is slow. Any Solution?* Moved from Windows/otherView the full article

We get the error above once a day with a few minutes of 24 hrs.The full error is:Event ID: 1008 Source: Microsoft-Windows-Perflib Description: The Open procedure for service BITS in DLL C:\\Windows\\System32\\bitsperf.dll failed with error code The system cannot find the file specified.. Performance data for this service will not be available.View the full article

Dear Support,I have created a Windows application using WPF and deployed it to a server location using Click-Once. It was properly digitally signed and used by everyone in the organization. However, recently we have started getting the "Unknown Publisher" security warning and "Publisher can't be verified" message whenever a new version is published and users update to the latest version.I checked the digital signature and confirmed that it has not expired. We haven't changed any configuration settings either. This warning issue has only started appearing recently.I suspect this could be relateView the full article

I'm playing around with Server 2025 and when I promote it to a Domain Controller I've discovered 3 programs quit communicating.Threatdown/Malwarebytes Agent is unable to report to the cloudNinjaRMM agent is unable to report to the cloudXen Guest Tools are unable to report to a local xcp-ng/XOA host the memory usageIf I demote the server everything starts working as it should. I've tried temporarily disabling the built-in firewall, but that didn't help. I also rebuilt the server from the ground up and that didn't help.I recently built a 2022 Domain Controller and haven't ran into any of these iView the full article

As you may recall we had recently announced a public preview of Hotpatching on Windows Server 2025 VMs in Azure. With this latest preview we are moving towards fulfilling a top request by customers who want this capability for their on-premise machines. You will be able to benefit from the reduced reboots of your Windows Server 2025 machines with this optional Hotpatching capability. This capability was earlier limited to Windows Server 2022 Azure Edition VMs in Azure. The preview provides an opportunity for you to try this new capability to see how it will work in the upcoming Windows Server 2025 and provide feedback. What is Hotpatching? Hotpatching is a way to install OS security updates on machines without the need of a reboot after installation. It works by patching the in-memory code of running processes without the need to restart the process. We first shipped this feature in Windows Server 2022 Azure Edition. Better protection, as the Hotpatch update packages are scoped to Windows security updates that install faster without rebooting. Reduces the time exposed to security risks and change windows, and easier patch orchestration with Azure Update Manager. Fewer binaries mean updates download and install faster, consume fewer disk and CPU resources. Lower workload impact with fewer reboots. What is part of the preview? With this preview you can connect your Windows Server 2025 Datacenter Evaluation edition machines to Azure Arc and subscribe to Hotpatching. See the steps below. Connect to Azure Arc your Windows Server 2025 Datacenter Evaluation machines Subscribe/ unsubscribe Hotpatching service via the Azure Arc portal Manage deployment of Hotpatch updates natively on Azure via Azure Update Manager. Getting Started To get started follow the steps below. For any feedback or questions contact us on hotpatchfeedback@microsoft.com Create a VM using Windows Server 2025 Datacenter from the Microsoft Evaluation Center Download the Windows Server 2025 ISO image from the Microsoft Evaluation Center. Note: You may have to fill in a form and provide your email address. On Hyper-V, or other platform, create a Gen 2 VM and use the option to create the VM using the ISO. For installation media, point to the ISO downloaded from Evaluation Center. For detailed steps, see Create a virtual machine in Hyper-V and Create a virtual machine with Hyper-V on Windows 11 If you are using Omnissa as your virtualization platform, on the Select a guest OS page, select Enable Windows Virtualization-Based Security. For more details, click here. Enable Virtualization-based security (VBS) Run the command below in an elevated command prompt. You will need to restart after modifying the registry setting. Reg add "HKLM\SYSTEM\ControlSet001\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f To check if VBS is running post reboot, open System Information on your machine.You should see this: If you are using Omnissa and VBS is still not running, follow the steps outlined in this documentation. Install the July 2024 monthly security update(KB5040435) Download and install the July 2024 security update or use Azure Update Manager. This is needed for you to observe that September 2024 security update will not require a restart. Connect the VM to Azure Arc For step-by-step instructions on how connect your virtual machine to Azure Arc, see Quickstart - Connect hybrid machine with Azure Arc-enabled servers. You will need to run the PowerShell script from the Azure Arc portal on your machine. Enabling hotpatching To enable Hotpatching, in the Azure Portal, select Azure Arc from the Azure services tiles, then select Machines. You will see the Azure Arc connected machine you set up earlier displayed in the list: Selecting that machine will take you to the server management page. You will see Hotpatch (preview) card towards the bottom. Select the tile to activate a pop-out that will allow you to select Hotpatching. Tick the box and select Confirm. Behind the scenes the Azure Arc connected server will be configured to receive Hotpatches. It takes about 10 minutes for the operation to complete. If you refresh the page while the operation is going,the Hotpatch tile will show a status of Pending. After enrollment is complete, the Hotpatch tile will show that the service is Enabled. Note: If the Status is stuck on Pending, the Azure Arc agent has likely not yet been updated. To update Arc Agent, run the below command in PowerShell on the machine: [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-WebRequest -UseBasicParsing -Uri "https://aka.ms/azcmagent-windows" -TimeoutSec 30 -OutFile "$env:TEMP\install_windows_azcmagent.ps1"; & "$env:TEMP\install_windows_azcmagent.ps1"; The Azure Arc attached machine is now ready to receive Hotpatches! Scan and install the September 2024 Hotpatch After completing the steps above, when you perform a Windows Update Scan, you will be offered a Hotpatch [see image below]. If you notice that you are not offered a Hotpatch, please pause the update and send us the update logs. To get update logs, run this command in PowerShell: Get-WindowsUpdateLog When the Hotpatch update for September has successfully completed, without requiring the machine to restart, you will see this in the Windows Update history You can also use the Server Configuration tool (SConfig) to download and install the Hotpatch update if you are offered other updates that you are not interested in installing. Scan and install the September 2024 Hotpatch using Azure Update Manager Using Azure Update Manager, you can identify all machines that are eligible for hotpatch updates, and plan installation of those updates on a schedule. For hotpatch updates being non-intrusive on availability, you can create faster schedules and update your services immediately after release, with less planning to maintain reliability of your machines at scale. Here’s how to manage hotpatch updates using Azure Update Manager: Verify that the Hotpatch subscription is available or has already been enabled from the Updates tab of your Arc Server: Select change next to Hotpatch to cancel or enable the Hotpatch subscription on demand. Scan and view the September 2024 security update offered to the machine by performing an assessment: Choose to include the September 2024 security update and when to install it on your Arc server by creating a user-defined schedule or a one-time update. You can install it immediately after it is available, allowing your machine to get secure faster. Verify whether the 9B update has been installed and the reboot status of the machine by viewing history By following the steps in this post, you have a streamlined way to plan for the installation of Hotpatches on your Arc machines. Hotpatch preview: frequently asked questions Are there any prerequisites for subscribing to Hotpatching? There are some prerequisites: Windows Server 2025 Datacenter evaluation Virtualization Based Security should be enabled and running on your machine July Security update installed Machines should be Azure Arc connected View the full article

As technology advances, so must our security protocols. As part of our ongoing commitment to provide the highest level of security and performance, we are deprecating the PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer 2 Tunneling Protocol) protocols from future Windows Server versions. While these protocols have served us well over the years and will still be available to users, it is time to transition to more secure and efficient alternatives: SSTP and IKEv2. In this post, let’s walk through deprecation considerations, reasons, and recommendations to ensure you benefit from the best security options. What deprecation means for PPTP and L2TP? Deprecation is not removal. Deprecation refers to the stage in the product lifecycle when a feature or functionality is no longer in active development and may be removed in future releases. Features and functionalities are added or occasionally removed from new releases of a product. If they’re removed, that’s typically because we’ve added a better option. Deprecated features continue to work and are fully supported until they are officially removed. We’re certain that you already have product lifecycles incorporated into your management strategy. Even so, the deprecation notification can span a few months or years to help you make the necessary transition. After removal, the feature or capability will no longer work. PPTP and L2TP have been reliable workhorses in the world of VPN technology. However, with the increasing sophistication of cyber threats, these protocols have become less effective in providing the robust security necessary to protect our data. Their vulnerabilities have been well-documented, and they are no longer sufficient to meet the current security standards. Transitioning to SSTP and IKEv2 To ensure you continue to benefit from the best available security, we recommend transitioning to Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2). These protocols offer enhanced security features, faster connection speeds, and improved reliability. Benefits of SSTP Strong encryption: SSTP uses SSL/TLS encryption, providing a secure communication channel. Firewall traversal: SSTP can easily pass through most firewalls and proxy servers, ensuring seamless connectivity. Ease of use: With native support in Windows, SSTP is simple to configure and deploy. Benefits of IKEv2 High security: IKEv2 supports strong encryption algorithms and robust authentication methods. Mobility and multihoming: IKEv2 is particularly effective for mobile users, maintaining VPN connections during network changes. Improved performance: With faster establishment of tunnels and lower latency, IKEv2 offers superior performance compared to legacy protocols. Steps to transition to SSTP and IKEv2 Note that PPTP and L2TP will still remain available if you want to make outgoing VPN connections based on these protocols. This is true for future Servers and Client SKU releases. However, what is being changed is that Windows RRAS Server (VPN Server) will not accept any incoming VPN connections based on these protocols. As a result, please refer to the detailed set of instructions here for a step-by-step guide on transitioning to SSTP/IKEv2: How to install and configure Remote Access (RAS) as a VPN server. Conclusion The deprecation of PPTP and L2TP is a necessary step in maintaining the highest security standards. By transitioning to SSTP and IKEv2, you are ensuring that your network communications remain secure, efficient, and reliable. We are here to support you through this transition. Reach out to our support team if you have any questions or need further assistance. View the full article

You asked and we delivered: Standard and Datacenter edition server hotpatching - security updates without reboots - is ready for your evaluation in Windows Server 2025 Azure Arc-enabled Hotpatch public preview. This feature will be a game changer; simpler change control, shorter patch windows, easier orchestration… and you may finally get to see your family on the weekends. Hotpatches Hotpatches are OS security updates that don’t require a reboot. It works by patching the in-memory code of running processes without the need to restart the process. This gives you benefits like: Lower workload impact with fewer reboots. Instead of 12 mandatory reboots a year on “Patch Tuesday”, you’ll now only have quarterly scheduled reboots (with the rare possibility of reboots being required in a nominal Hotpatch month). Fewer binaries mean updates download and install faster while consuming fewer disk and CPU resources. Easier patch orchestration and change control. Integrated with the optional Azure Update Manager. Hotpatch has been available for a few years in Windows Server 2022 Datacenter: Azure Edition, this is tried and true technology. The real change is how and where you get those security updates. Hotpatching will be available as an option through the power of Azure Arc. Azure Arc enables management and allows the Windows Server internal licensing service for Hotpatch to run so that Hotpatch updates are delivered to customers. Trying it out Thanks to Azure Arc, enabling hotpatches for your Windows Server 2025 Datacenter and Standard edition evaluation machines takes only a few clicks. Simply enroll through the built in Azure Arc agent setup included in Windows Server 2025 evaluation, enable the hotpatch preview, and you’re in business. Changing the game Hotpatching has been around for years in Windows Server 2022 Azure Edition, but always required running a VM in Azure or on Azure Stack HCI. When Windows Server 2025 becomes generally available, you will be able to run the edition you want, where you want - whether on-prem, in Azure, or elsewhere. You'll have an option to hotpatch Windows Server 2025 physical servers or virtual machines, and those VMs can run on Hyper-V, VMware, or anywhere else that supports Microsoft’s protection-focused Virtualization Based Security standard. We think Windows Server 2025 hotpatching will change the game for organizations. Start your evaluation today! View the full article

We’re excited to announce the preview of Hotpatch on Windows Server 2025 Evaluation VMs running in Azure. This preview provides the same great experience of Hotpatching as on Windows Server 2022 Azure Edition. Hotpatching in Azure is only supported on Azure Edition SKUs. Evaluation version is made available for you to validate the capability and ensure readiness. When this is made generally available Azure Edition will be the only supported SKU in Azure for Hotpatching. Get started today by creating a VM in the preview offer. Hotpatches are monthly Windows OS security updates that update in-memory processes without requiring server reboots. For information on how Hotpatches work, read this. If you’re already familiar with this feature that was first released three years ago, here are the steps to start previewing: Steps to create a preview VM Step Instructions Create VM using Windows Server 2025 Preview image published to Azure Marketplace Create VM using the “Windows Server 2025 Preview” image from Microsoft Server Operating Systems Preview - Microsoft Azure Image has Hotpatch enabled by default. Verify Virtualization Based Security is running Ensure VBS is running by going to System Info Hotpatching enablement Image has Hotpatching enabled by default, unless it was disabled at provision time. Hotpatch Preview FAQ Do I have to sign up or fill in a form to participate? No forms to fill. This is a public preview and open to all Azure IaaS users. What to expect from the preview? After you create a VM using the preview image, the VM will be offered upon release August and September security updates. These OS updates will not require your machines to reboot. What is expected from users participating in this preview? Report any errors you see and optionally provide feedback by sending us an email. Will we be able to run this in production? The VMs created during preview can only be used for testing and validation purposes. Production workloads should not be run on them. What happens post public preview? When the capability launches, Hotpatching will no longer be supported on these preview images. At GA Hotpatching will only be supported on Windows Server 2025 Azure Edition SKUs besides the current Windows Server 2022 Azure Edition. Why does my Hotpatch status show as “Pending Evaluation” or “Unknown”? After VM creation, the Azure Portal may show “pending evaluation” or “unknown” status for few days. Once an assessment is completed on the VM, the status will update to reflect the Hotpatch update compatibility. Useful links: Hotpatch for Windows Server Azure Edition | Microsoft Learn What’s New in Windows Server v.Next (microsoft.com) Hotpatching is now available for Windows Server VMs on Azure with Desktop Experience! - Microsoft Community Hub View the full article

The server threat landscape is constantly evolving with cybercriminals becoming more ambitious and sophisticated in their attacks, and the damage is becoming more costly to those targeted. In April 2022, the ransomware group Conti carried out two massive ransomware attacks that breached the Costa Rican government and affected nearly 30 different ministries and different essential services within the country. This attack was so disruptive that the President of Costa Rica had to declare a state of National Emergency, the first ever such instance in response to a cyberattack. In different incidents, Shields Health Care Group had a data breach where nearly 2 million patient records were stolen by attackers, and Medibank Private Ltd., one of the largest health insurance providers in Australia had data pertaining to 9.7 million customers stolen. In the latter case, the attackers threatened to release the customer data on the dark web unless a ransom was paid. Servers are the backbone of modern businesses, and they store and process vast amounts of sensitive data. As a result, server security is critical to protect against cyberattacks that can cause financial losses, reputational damage, and legal liabilities. In 2021, Microsoft announced the launch of Secured-core servers in partnership with our silicon partners and original equipment manufacturers (OEMs). These servers offer some of the most advanced hardware-based security capabilities that make it harder for adversaries to carry out cyberattacks. In this post, we will provide an example of how the upcoming Windows Server 2025 Secured-core servers seamlessly integrate with the broader suite of Microsoft's security offerings to not just identify but also help block real world attacks. Bring Your Own Vulnerable Drivers (BYOVD) attack technique There is an entire class of attacks that rely on an attack technique known as "Bring Your Own Vulnerable Driver" (BYOVD). In these attacks, a malicious adversary with administrative privileges installs a legitimately signed driver with a vulnerability in it on the target system. These drivers have direct access to the internals of the operating system. This vulnerability is then exploited to provide the attacker with the highest level of privileges on the system, which is then used to disable security processes running on the system. We'll now take a couple of vulnerable drivers that have been used in attacks in the past. kprocesshacker.sys Process Hacker is a free and open-source malware analysis tool that is used for debugging, malware detection and system monitoring. Process Hacker was used by a ransomware known as DoppelPaymer, which had several high-profile targets such as Foxconn, Kia and Boyce Technologies. DoppelPaymer hijacks ProcessHacker to terminate a list of processes such as those responsible for security, e-mail server, backup and database software to impair defenses. It drops the ProcessHacker executable, its driver and a malicious stager DLL into a subdirectory of %APPDATA%. The driver, known as kprocesshacker.sys, allows it to communicate with the kernel and is used to load the stager DLL via DLL Search Order Hijacking and subsequently, upon receiving a trigger, terminate processes running in the kernel. asWarPot.sys AvosLocker is a ransomware group that has targeted victims across multiple critical infrastructure sectors in the United States such as financial services and government facilities sectors. Certain samples of the AvosLocker Ransomware used a legitimate but vulnerable Avast Anti-Rootkit driver known as asWarPot.sys to disable endpoint protection agents and security features on the targeted systems. Secured-core servers and Microsoft Defender for Cloud in action to help protect against modern threats Configuring your on-premises servers for hybrid cloud security is made simple with Windows Server 2025. Using the Azure Arc installer wizard included in Windows Server 2025, then onboarding with Microsoft Defender for Cloud will add cloud-based protections to Secured-core servers such as continuous assessment, built-in benchmarks, security recommendations, threat protection capabilities and remediation guidance in case threats have been detected. Here we will discuss how each layer of security works to help protect against threats. Defense against kprocesshacker.sys using Secured-core servers Secured-core servers offer a hardware-based security feature known as Hypervisor-protected code integrity (HVCI). HVCI uses Virtualization-based Security (VBS) to run kernel mode code integrity inside a secure, isolated environment instead of the main Windows kernel. HVCI contains a code integrity security policy that contains a list of vulnerable drivers that are not allowed to load on the system. As a result, when kprocesshacker.sys tries to load on the system, it is blocked from loading by HVCI, and an analysis of the event logs in the Windows Admin Center shows that the code integrity policy prevented the driver from loading, as this driver was present in the blocklist. This demonstrates how properly configured Secured-core servers can proactively help detect and block threats present on the system. This can also be viewed in the "Advanced hunting" tab within the Microsoft Defender portal, which allows users to explore up to 30 days of events to locate potential threats. Defense against asWarPot.sys using Microsoft Defender for Cloud Microsoft Defender for Cloud constantly keeps monitoring your workloads and clusters for active threats on your servers. When the asWarPot.sys on the system, Defender for Cloud blocks the action from taking place. At the same time, based on the communication preferences set forth by the IT admins, an alert is fired indicating that some suspicious activity was taking place in their environments, and that a threat was detected and blocked. IT admins can log into the Azure Portal and view the security alerts that fired in their server environment, and drill deeper into the specifics of the malware that tried to execute on their systems. Security response teams within enterprises might be interested in understanding the exact attack chain associated with the malware to set guardrails to prevent similar attacks in the future. When your servers have been onboarded with Defender for Cloud, a Microsoft Defender for Endpoint agent is also installed. The presence of the Defender for Endpoint agents on these machines allows security response teams to dig deeper into the sequence of events that took place leading up to when the malicious event occurred. Admins can go the Microsoft Defender portal to view the details associated with the attack, and drill down into exactly what events led to the malicious asWarPot.sys driver attempting to load on the system. Protect your on-premises workload with Secured-core servers At the end of the day, your workload is only as secure as the foundation it is built on, and Secured-core servers provide a strong and secure foundation to help protect your on-prem infrastructure. It seamlessly integrates with the broader suite of security offerings such as Defender for Cloud to offer even more powerful capabilities such as threat detection, alerting and remediation capabilities. Since its launch in 2021, we have observed a consistent rise in the adoption of Secured-core servers. In 2022, we have established Secured-core as a prerequisite for all new Azure Stack HCI, version 22H2 solutions built on Gen 3 or newer server-grade silicon platforms. We are also excited to announce that leading manufacturers such as Dell Technologies, HPE, and Lenovo have committed to supporting Secured-core server across all their products based on Gen 3 or newer server-grade silicon platforms for Windows Server 2022 and Windows Server 2025. Visit the Windows Server catalog or Azure Stack HCI catalog to find out the latest servers and solutions from the breadth of industry leading partners supporting Secured-core server. Additional resources What is Secured-core server for Windows Server Protect your infrastructure with Secured-core server Microsoft brings advanced hardware security to Server and Edge with Secured-core Try Windows Server 2025 now in preview Learn about the upcoming Windows Server 2025 View the full article

Windows Server Summit sponsored by Intel is happening now -- starting at 8 am Pacific Time today and going through Thursday afternoon. You can check out the schedule directly and join the sessions here. However, if you want to get a post event email with links to some of the presentations and other resources, you'll also want to complete this registration form. Sign in to your Tech Community account to post questions during the sessions. View the full article

Greetings folks! There have been several recent changes in the virtualization market, so this month, I wanted to take a moment to respond to the flood of questions we are receiving about Hyper-V futures, Windows Server 2025, and more. I surmise this blog will garner questions in the comments section, so I plan to answer those questions in the next blog. Let’s get started beginning with Hyper-V itself. Hyper-V is Microsoft's hardware virtualization product. It lets you create and run a software version of a computer, called a virtual machine (VM). Each virtual machine acts like a complete computer, running an operating system and programs. When you need computing resources, virtual machines give you more flexibility, help save time and money, and are a more efficient way to use hardware than just running one operating system on physical hardware. This quick description is just the beginning of what Hyper-V delivers… Hyper-V is a strategic technology at Microsoft. Please reread that last sentence. When I say strategic technology, I say this because Hyper-V is used throughout Microsoft in: Azure Windows Server Azure Stack HCI Windows client Xbox If you are using Windows Server, you already have Hyper-V. There is no additional charge, it’s built-in, just like it has been for over 15 years. The difference between Hyper-V in Windows Server Standard and Datacenter is the number of Windows Server guest OS instances that are included: With Windows Server Standard, you are licensed to run two instances of Windows Server guests OS environments. With Windows Server Datacenter, you are licensed to run unlimited copies of Windows Server guest OS environments. If you are running Linux as a guest OS, just make sure you are licensed by your distributor, and you can run as many Linux guests as you’d like run on either Windows Server Standard or Datacenter. In terms of Linux guest OS support, Hyper-V supports Red Hat Enterprise Linux, CentOS, Debian, Oracle Linux, SUSE, and Ubuntu. Linux integration services are included in the Linux kernel and updated for new releases. Hyper-V also supports FreeBSD with FreeBSD Integration Services built into FreeBSD 10.0 and later. The unlimited use rights of Windows Server Datacenter coupled with the complete package of Hyper-V, Software-defined storage (Storage Spaces Direct) and Software-defined networking (SDN) deliver the best bang for your buck, making it extremely popular. Considering the power and scale of modern compute and storage (Local, SAN, File, Hyperconverged), Windows Server Datacenter is great for virtualization hosts. Hyper-V is used for more than just virtualization Hyper-V is used for platform security. Virtualization-based security, or VBS, uses hardware virtualization and the hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. Windows uses this isolated environment to host several security solutions, providing them with increased protection from vulnerabilities and preventing the use of malicious exploits which attempt to defeat protections. VBS enforces restrictions to protect vital system and operating system resources, or to protect security assets such as authenticated user credentials. Hyper-V is used for containers. Hyper-V isolation for containers offers enhanced security and broader compatibility between host and container versions. With Hyper-V isolation, multiple container instances run concurrently on a host; however, each container runs inside of a highly optimized virtual machine and effectively gets its own kernel. The presence of the virtual machine provides hardware-level isolation between each container as well as the container host. Hyper-V in Azure Below is a screen shot of a virtual machine in Azure. Take a close look. This single VM supports up to 1,792 Virtual Processors and 29.7 Terabytes of RAM. I apologize that this VM only has 29.7 Terabytes of RAM (we support up to 48 TB of RAM), but those machines are busy running some of the largest workloads on the planet. Because Hyper-V is used throughout Microsoft and in Azure, you reap the benefits of innovation we deliver in Azure that percolates through the other products. For example, today in Azure we have a wide range of VM offerings from small to gargantuan with a wide range of CPU, memory, networking, storage options and GPUs. Azure VMs with GPUs are available with single or fractional GPUs and designed for compute intensive, graphics intensive and visualization workloads from Virtual Desktops to AI. To enable these VM offerings in Azure with GPUs required changes to Hyper-V. Guess what is coming in Windows Server 2025? Windows Server 2025 is introducing GPU partitioning (GPU-P) to enable scenarios on-premises or at the edge. You will be able to partition GPUs and assign them to VMs while retaining high availability and live migration. GPU-P is so flexible that you can live migrate VMs with partitioned GPUs between two standalone servers. No cluster required and great for test/dev! Windows Server 2025 is introducing Workgroup Clusters Speaking of no cluster required, we are making significant changes to make Hyper-V deployments at the edge easier. One thing we are hearing from you is that due to the power of modern servers, it is easier than ever to deploy small footprints at the edge. Today, you can purchase two and three node clusters that are small enough to fit in the overhead compartment of an airplane. Up to Windows Server 2022, deploying a cluster requires Active Directory. While this is not an issue in the datacenter, this adds complexity at the edge. With Windows Server 2025, we are introducing the ability to deploy “Workgroup Clusters.” Workgroup clusters do not require AD and are a certificate-based solution! Windows Server 2025 is chock full of innovation, and GPU-P and workgroup clusters are just the beginning. If you would like to learn more about Windows Server 2025 with demos, check out this Ignite Session, “What’s New In Windows Server vNext (2025).” Windows Server 2025 Insider Preview: Now with Flighting! If you want to start evaluating Windows Server 2025, there is no better time than right now and we’re making it easier than ever with Windows Server flighting! If you have a recent Windows Server insider build installed, you can now go to Windows Update in Settings, and check for updates. This will provide an update to a newer build, as a Feature update (also known as “in place OS upgrade”). That’s it! The process is easy and has proven well for hundreds of thousands of Windows 10 and Windows 11 insiders over the years. Windows Server 2025 Hyper-V As I stated earlier, Hyper-V is a strategic technology at Microsoft used throughout our products. Since the first release of Hyper-V in Windows Server 2008, we never stopped innovating Hyper-V and there are no plans to stop. In the next blog, I will be answering your questions, and we will see where that takes us! One more thing: Windows Server Engineering Summit 2024 I’m pleased to announce the Windows Server Engineering Summit 2024. This year, we bring you three days of demos, technical sessions, and Q&A, led by Microsoft engineers, guest experts from Intel, and our MVP community. RSVP now to learn: What’s coming next in Windows Server 2025 Get best practices for security and identity Tips for cloud migration and hybrid cloud management Cover new technologies and capabilities Hybrid cloud with Azure Arc Security and hardening, (everyone's favorite) Migration, and much more We'll also offer live Q&A during all the sessions so watch, learn, and post your questions early and often! Cheers, Jeff Woolsey Microsoft View the full article

If you’re a Windows Server insider, you’re no stranger to preview builds. And if not, it’s never been a better time to start! However, up until now, you had to download each new build manually and either perform a clean installation or do in-place upgrade by running Setup from the media. This is a familiar task, and it sure became easier and more reliable over years. But it’s time consuming and might be boresome—especially if you do it often. (By the way: thank you for testing those upgrades, this is a very important feature and reliability of it is paramount to us.) But it’s not the only way anymore! Those options are still available (and will remain available of course.) However, there’s one more option now, and we’re pretty excited about it. We hope you will be, too! Enter “flighting” If you have a recent Windows Server insider build installed, you can now go to Windows Update in Settings app, and check for updates. This will bring you a newer build, as a Feature update (also known as “in place OS upgrade”.) That’s it! The process is incredibly simple and has proven well for thousands of Windows 10 and Windows 11 insiders across the years. For example, this way you can seamlessly upgrade from build 26010 (published on December 8th last year) to build 26040 which we’ve just published. From now on, we plan to publish each new build to Windows Update (aka “flighting”) at the same time we publish the familiar ISO to our Windows Server insider community. It’s your choice to upgrade using Setup as before, or to use Windows Update for the same. What does not change The frequency on which new builds are published. We still plan to publish a new build for Windows Server insiders approximately every two weeks, although there can be delays or skipped weeks for various reasons. You still need to check for updates manually. On Windows Server, the administrator is always in control, and the updates won’t be automatically installed. (Unless you enable automatic updates yourself.) Nothing is changing for production servers running released OS versions, such as Windows Server 2022 or Windows Server 2019. This feature is only available in preview builds. In other words, you need to manually download and install a preview build to get started. Flighting (OS upgrade via Windows Update) is currently available via Settings app. As such, it’s currently only for Windows Server with Desktop Experience. Looking forward With that said, this a new functionality for us, so there may be rough edges. Please share your thoughts with us and feedback on what worked well and what did not. We plan to expand this functionality over time, e.g., by adding more channels—just like flighting on Windows 11. If there’s a particular feature you’re looking for, don’t hesitate to drop us a line in the comments. And as Windows Server development is getting up to speed, stay tuned for more news! View the full article

Introducing Windows Server 2025! Today, we are thrilled to announce the official name of the next release of Windows Server, Windows Server 2025. Windows Server 2025 is driven by your feedback and your desire to embrace a hybrid, adaptive cloud. Here are a few areas we’re investing in: Windows Server Hotpatching for everyone Next Generation Active Directory and SMB Mission Critical Data & Storage Hyper-V & AI And much more… Today, we’re also releasing a new Windows Server Insider Build (v.26040) with the updated name, and there are a couple screenshots below. Sound interesting? Want to learn more? Here are some resources. If you haven’t joined Windows Server Insider Program, there’s no better time than now! We release new builds every ~two weeks, and many new features are already in. Some features are still on the way, and when they land, you’ll hear about it through the Insider Program. Join the Windows Server Insider Program here: https://learn.microsoft.com/en-us/windows-insider/business/server-get-started If you want to learn more about Windows Server 2025, check out this Ignite session “What’s New in Windows Server vNext” which was the very first introduction to Windows Server 2025. https://techcommunity.microsoft.com/t5/windows-server-news-and-best/in-case-you-missed-it-windows-server-at-microsoft-ignite/ba-p/3995168 Cheers, -Jeff Woolsey, Microsoft Threads: @wsv_guy Twitter: @wsv_guy Windows Server 2025 System Properties Windows Server 2025 Server Manager Windows Server 2025 Setup View the full article

This Thursday, January 25 at 9 a.m. Pacific time we’ll be having an Ask Microsoft Anything (AMA) session on Windows Server “v.Next.” Yes, we are hard at work on the next version of Windows Server and our Microsoft program managers, including NedPyle and Jeff_Woolsey_MSFT among others, will be on the chat to get your feedback and answer your questions. We’d love to hear from you about: Your thoughts on the Windows Server features previewed at Ignite Your feedback on innovations and improvements you’d like to see in future versions of Windows Server Here is the link to the session, where you can sign up to add it to your calendar. The team is looking forward to chatting with you! View the full article

We loved having so many of you from our Windows Server community at Ignite, whether you were there in-person or watching online. For the vast majority who weren’t able to make it, I wanted to share some great Windows Server highlights that you can watch at your convenience: What’s New in Windows Server v.Next – This session, led by Jeff Woolsey and Elden Christiansen, featured previews of what we are working on for the next version of Windows Server. Watch the video to catch up on enhancements that are available now, including Hotpatch for Desktop Experience in Windows Server 2022 Datacenter: Azure Edition, as well as some sneak peeks, including improvements for File Server, Hyper-V, and Storage. If you like what you see in the session, try it out! You can try many of these upcoming features through the Windows Insider program. Do More with Windows Server and SQL Server on Azure – If you like demos and rapid-fire feature news, you will love this Ignite breakout session with Jeff Woolsey and Bob Ward. They cover some of the newer capabilities of Windows Server and SQL Server in Azure, including Microsoft Defender for Azure SQL. View the full article

Hi Windows Server Community, On this month's Patch Tuesday (see KB5031364), we released a set of new in-box experiences for WS2022 that we're really excited about! We're making it easier than ever before to connect your server to Azure Arc, Microsoft's management platform for on-premises and multi-cloud servers. You've told us that you love the fact that Arc enables inventory of all your servers running everywhere: on-premises, on physical, virtual or even multi-cloud. Azure Arc provides this at no additional cost, click here to learn all about it. The first change you'll notice is a new system tray icon that helps you get started with Azure Arc if you aren't yet using it. If you choose to set up Azure Arc, the entire process -- downloading, installing, and configuring the Azure Connected Machine agent -- can now be completed using graphical wizards on the server. You don't need to go to the Azure portal, generate a script, and run it in PowerShell anymore. When Azure Arc is installed on the server, the system tray icon and Server Manager both show the status of your connection to Azure and let you perform common agent management tasks. We believe these experiences will help admins by providing a convenient, interactive set of experiences for using Azure Arc with Windows Servers that include the Desktop Experience. Since this is all new on Windows Server 2022 as of October 2023, it is important to understand what has been added and what has not. What is included: A Windows Server optional component that includes the following. AzureArcSetup.exe (installer wizard) and entry points to launch this on the Start Menu, in Local Server properties view in Server Manager, and via an icon in the systray (that requires discovery by clicking to expand) A systray icon that becomes more interactive once the Arc installer wizard is used to complete successful connection of the machine to Azure What is not included: The Azure Connect Machine agent, or any other agent (an admin must choose to install this as part of the installer GUI wizard) Anything that changes the security posture or configuration of the local Windows Server Anything that changes permissions, access, or policies of an Azure account For more details on the new in-box Azure Arc-enabled servers onboarding workflow, learn more here. The AzureArcSetup optional component (containing the graphical installer and system tray icon) can be completely removed by an administrator through Server Manager or PowerShell by following documentation here: Install or Uninstall Roles, Role Services, or Features | Microsoft Learn. Thanks, Yash & the Windows Server team​; Ryan & the Azure Arc team View the full article

In case you missed it: On July 27 we celebrated the incredible 30-year anniversary of Windows Server (counting from Windows Server NT 3.1 in 1993). But what's really worth celebrating is all of you -- the IT managers and system admins who have worked with Windows Server and helped us make it better over the last three decades. We love the enthusiasm of the Windows Server community and we are so honored to have been on this ride along with you. Thank you. Since our initial post from Jeff_Woolsey_MSFT went live, we've had so many people add their nostalgic pics of well-worn Windows Server NT books and decades-old swag. In addition to Jeff's extensive history and video on Windows Server, Sonia Cuff put together this fun video compilation and post. Be sure to check them out! Windows Server NT came along when Bill Gates was CEO, when the Internet was in its early days, and just few people owned what would later become today's smartphones. In terms of technology, at this time, a 2-processor computer was huge, a 4-processor computer was a “super computer.” Windows Server NT 3.1 supported both 2- and 4- processor systems. What I find even more interesting is the way that, with the growth and steep innovation curve of Windows Server and other business technologies, the IT team has grown in importance and come out of the shadows. I found this old Windows Server 2003 commercial that illustrates how this dynamic was becoming real at the turn of the last century: For those of you working in corporate settings or other large organizations, do you feel you're finally starting to get the credit you deserve? With that, I'd like to close the book on one more Windows Server milestone and amplify a couple of the more recent developments: As we take a moment to look back on this 30th birthday of Windows Server, we have plenty of new and improved features coming that will make innovation easier, and can free up time for more strategic work. Here are a few examples we've recently announced: Hotpatch – Until recently, Hotpatching had only been available on Windows Server 2022 Datacenter: Azure Edition in Server Core. As of this July, we’ve rolled it out for Desktop Experience. Hotpatch updates simplify securing your Windows Server devices without needing a reboot. Early adopters have reported being able to update their VMs within a couple of days as compared to previously taking weeks. Windows Admin Center version 2306 – This new version became generally available in June. Among the improvements in the new version is Windows Defender application control (WDAC) support. Read about this and other new features the WAC team created thanks to your input. New ways to get Extended Security Updates. Following the standard lifecycle policy, Windows Server 2012 / 2012 R2 is reaching the end of extended support in October. At Inspire, we announced a new way to get Extended Security Updates (ESUs) should you need them. Again, a big THANK YOU to the Windows Server community! View the full article