Essential Insights on Windows Server 2025
How to do a in place upgrade from a Windows Server 2022 Active Directory controller to a Windows Server 2025 active directory
Finish
When i begon with scripting using PowerShell ISE for Coding.
PowerShell ISE and Visual Studio Code are free coding tools from Microsoft.
But when Visual Studio Code was released back in 2015 i was switching to that. Powershell ISE i still use on a daily base for some basic tasks.
But with de Extenions list for Visual Studio Code getting better and better scripting is much faster and without errors and easyer to read.
The list with favo extensions is getting bigger en bigger.
Which makes my live a little easyer and helpfull.
So the list of my Favorites:
Prettier – Code Formatter
TODO Highlight
Code Spell Checker
Dutch – Code Spell Checker
Code Snap
Error Lens
Hashicorp HCL
HashiCorp Terraform
Because AI is hot I ám currently testing the following plugins
ChatGPT
GitHub CoPilot
GitHub CoPilot Chat
Using the ChatGPT/CoPilot plugins makes scripting even faster
Microsoft has identified an issue that affects Windows Server domain controllers (DCs), and has expedited a resolution that can be applied to affected devices. Out-of-band (OOB) updates have been released for some versions of Windows today, March 22, 2024, to addresses this issue related to a memory leak in the Local Security Authority Subsystem Service (LSASS). This occurs when on-premises and cloud-based Active Directory domain controllers service Kerberos authentication requests.
This issue is not expected to impact Home users, as it is only observed in some versions of Windows Server. Domain controllers are not commonly used in personal and home devices.
Updates are available on the Microsoft Update Catalog only. These are cumulative updates, so you do not need to apply any previous update before installing them, and they supersede all previous updates for affected versions. If your organization uses the affected server platforms as DCs and you haven’t deployed the March 2024 security updated yet, we recommend you apply this OOB update instead. For more information and instructions on how to install this update on your device, consult the below resources for your version of Windows:
Note: The OOB release for Windows Server 2019 will be released in near term.
As Windows Server 2025 Preview is officially released, I wanted to test a automated build of the Windows Server 2025 Preview release. So that I can deploy this in my home lab and going to test the new features if I can find the time….
Hashicorp Packer is a self-contained executable producing quick and easy operating system builds across multiple platforms. Using Packer and a couple of HCL2 files, you can quickly create fully automated template(s) with latest Windows Updates en VMware Tools. When you schedule a fresh builds after patch Tuesday you have always an up-to-date and fully secured template.
When using VMware customization tools. You can spin up vm’s in minutes.
Files you need?
The files and versions I am using at the time of this writing are as follows:
Outside of downloading both Packer and Windows Server 2022 Preview build, you will need the following files:
Other considerations and tasks you will need to complete:
Like other automated approaches to installing Windows Server, the automated Windows Server 2025 Packer build requires an answer file to provide answers to the GUI automatically and other installation prompts that you normally see in a manual installation of Windows Server.
You will find the scripts here: https://github.com/WardVissers/Packer-Win2025
The only problem that I had was: Switching from Nic from Public to Private
# Set network connections profile to Private mode.
Write-Output ‘Setting the network connection profiles to Private…’
do {
$connectionProfile = Get-NetConnectionProfile
Start-Sleep -Seconds 10
} while ($connectionProfile.Name -eq ‘Identifying…’)
Set-NetConnectionProfile -Name $connectionProfile.Name -NetworkCategory Private
I had some time to check out the new version of Server 2025.
For the full upcomming features check: https://ignite.microsoft.com/en-US/sessions/f3901190-1154-45e3-9726-d2498c26c2c9?source=sessions
Download Server 2025 Preview: https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver
Server 2025 will come with a lot of features (My Top 20+):
Need to find some time to dig in
Handy link: https://techcommunity.microsoft.com/t5/windows-server-insiders/announcing-windows-server-preview-build-26040/m-p/4040858
I while ago I started with parker to create simple templates for use in my homelab.
It take some time to find the rights scripts and learning en understanding the HCL2 coding
But in related to Security reasons I want to use a Windows Core Server the smaller footprint.
What is Server Core App Compatibility Feature on Demand: https://learn.microsoft.com/en-us/windows-server/get-started/server-core-app-compatibility-feature-on-demand
Installing Features on Demand through Powerschell contains a bug. You may see “failure to download files”, “cannot download”, or errors like “0x800F0954” or file not found.
To Solve that I created I powerschell script to run the install twice: featuresondemand.ps1
You can find al the needed files on my Public Github Packer repository: https://github.com/WardVissers/Packer-Public
When running is showing like this:
It works for now, but there is one thing that would the hole thing a quiet nicer.
Passwords encrypted in a separate file.
First Step Shutdown ESXi Server enable Encryption
Second Add vTPM
Boot ESXi Server(s)
Configure Key Providers (Add Native Key Provider)
Now you can add vTPM to you VM
Don’t forget to enable VBS
Create GPO SRV 2022 – Virtualization Based Security and I did Apply only to my Server 2022 Lab Environment
System Information on my Server 2022 Lab Server
Virtual Machine with Windows Server 2022 with KB5022842 (Feb 2023) installed en configured with secure boot enabled will not boot up on vSphere 7 unless updated to 7.0u3k (vSphere 8 not affected)
In VM vmware.log, there is ‘Image DENIED’ info like the below:
2023-02-15T05:34:31.379Z In(05) vcpu-0 – SECUREBOOT: Signature: 0 in db, 0 in dbx, 1 unrecognized, 0 unsupported alg.
2023-02-15T05:34:31.379Z In(05) vcpu-0 – Hash: 0 in db, 0 in dbx.
2023-02-15T05:34:31.379Z In(05) vcpu-0 – SECUREBOOT: Image DENIED.
To identify the location of vmware.log files:
#vim-cmd vmsvc/getallvms | grep -i “VM_Name”
/vmfs/volumes/xxxxxxxx-xxxxxxx-c1d2-111122223333/vm1/vm1.vmx
/vmfs/volumes/xxxxxxxx-xxxxxxx-c1d2-111122223333/vm1/vmware.log
Resolution
This issue is resolved in VMware ESXi 7.0 U3k, released on February 21st 2023. Build 21313628
Notes:
Microsoft announced the addition of the Windows Server Hybrid Administrator Associate certification to our portfolio, to be released in early December 2021. This new certification validates the skills of administrators working in hybrid environments.
Administrators in this role support their teams and organizations using Windows Server—both in the cloud and on-premises/
You’ll need to pass two exams to earn this certification. These exams, Exam AZ-800 (beta): Administering Windows Server Hybrid Core Infrastructure and Exam AZ-801 (beta): Configuring Windows Server Hybrid Advanced Services, will be available in early December 2021.
You must be logged in to post a comment.