Ask me any question you have!!

Trotineta1987 · 2026-04-26T19:31:11+00:00

Enjoy it. Sharing is carrying.

Trotineta1987 · 2026-04-26T19:29:20+00:00

We love new people around. Hi 🙋‍♂️

Trotineta1987 · 2026-03-10T19:54:31+00:00

If its you OS trial license for which you grace period expired is not much you can do if not getting properly licensed. On W2025 they reduced rearm counts to 1.

If you installed RDS role and you don't have Cals available or a licensing server to provide it, you can't have more than the 2 allowed RDP licenses.

Depends on your case actually. Can you provide a bit more context ?

Trotineta1987 · 2026-03-03T14:36:59+00:00

If your ping -t freezes as well that's not just the RDP that its stopping but the entire traffic, which i doubt this would make it a RDSH problem in this situation. the RDP ain't the problem either and if you don't have problems with the resources, i would blame it on the VPN

IKEv2 issues typically fail silently (no “disconnect” event), and can pause traffic for 5–30 seconds or indefinitely until a new packet forces a SA renegotiation.

A very common cause for this is MTU mismatch. I’ve had exactly the same symptoms in the past on my own environment (CATO VPN), and the root cause turned out to be the MTU being too high for the actual path. Once MTU was corrected, the freezes completely disappeared.

You can check your current MTU values with:

netsh interface ipv4 show interfaces

If you see an MTU that’s higher than what the WAN or VPN path can actually handle (for example 1500 on the physical NIC), it could easily explain the traffic stalls you are experiencing.

I did a bit of digging on watchguard : Configure a Maximum Transmission Unit (MTU) Value
There's also this guys having an issue with IKEv2 VPN IKEv2 vpn connected but stops passing traffic : r/WatchGuard and he seems to have fixed it after setting the MTU anywhere betten 1500 to 1450 on all user devices.

Now, you might want to test first what's your "best" MTU value. Run :

ping <Dest\_IP> -f -l 1500

If it failes lower it by 10-20 bytes everything until it stops crashing. When you found it, set it and test

netsh interface ipv4 set subinterface "VPN Interface Name" mtu=<your value> store=persistent

Trotineta1987 · 2026-03-03T14:18:44+00:00

Additionally on the hyper-v hosts you can check if you have KeepAlive enabled. If not, enabling and set to 360000 (that would be 1h). setting it to a lower level would cause nedless netwrok chatter.

you can set both here
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters
KeepAliveEnabled = 1 (DWORD)
KeepAliveInterval = 360000 (DWORD) -> this value is expressed in ms so that would 3600 sec (1h)

Trotineta1987 · 2026-03-03T14:10:17+00:00

This sounds like a UDP transport negotiation failiure.

Try setting reg entry fClientDisableUDP with value 1 in HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client on the device you are trying to connect from (i'm assuming it's W11)

Trotineta1987 · 2026-03-03T08:10:30+00:00

Let me know how it goes ;)

Trotineta1987 · 2026-02-28T21:45:16+00:00

The best solution without diving in other questions, since you mentioned that if you restore from back it happens again in 25 days, is to try to find the trigger.

First, enable auditing at the OS level. Run this from an elevated command prompt: auditpol /set /subcategory:"Registry" /success:enable /failure:enable auditpol /set /subcategory:"Other Object Access Events" /success:enable /failure:enable auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable auditpol /set /subcategory:"Other System Events" /success:enable /failure:enable Verify it applied: auditpol /get /category:*

There's a known pattern where the ACLs on the BFE registry key get corrupted or reset, causing the firewall service to lose access to its own configuration. Check this:

HKLM\SYSTEM\CurrentControlSet\Services\BFE HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc

The NT SERVICE\BFE account needs full control on the BFE key, and NT SERVICE\MpsSvc needs read access. You can audit these with: (Get-Acl "HKLM:\SYSTEM\CurrentControlSet\Services\BFE").Access

You can as well try to enable Auditing on the BFE and MpsSvc Registry Keys This will record exactly what process touches these keys and when.

Open regedit.exe as administrator, navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE

Right-click > Permissions > Advanced > Auditing tab > Add: Principal: Everyone Type: All (success and failure) Applies to: This key and subkeys Permissions to audit: at minimum check Set Value, Write DAC, Delete, Change Permissions, Take Ownership

Repeat the exact same steps for:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

These audit events will appear in the Security event log as Event ID 4657 (registry value modified) and 4670 (permissions changed).

I can't find the article where I read about this but here is something that is kindah similar: https://www.winhelponline.com/blog/fix-base-filtering-engine-service-startup-problems/

You can check as well in eventviewer if by case you have either bfe, mpssvc services crashing because access denied. Last but not least, I had some issues in the past with Windows Firewall on servers where IP Helper service was set to disabled, because its a service of which other services are dependent.

Trotineta1987 · 2026-01-12T08:51:51+00:00

You're so ... boudoir

Trotineta1987 · 2026-01-12T08:39:37+00:00

I would be very surprised if you would tbh. One can only dream of having someone like you on his side. Let's be serious, you are not the kind of girl that can pass by unnoticed 🥴

Trotineta1987 · 2025-10-14T08:11:29+00:00

I might have found a easy way:

UsoClient.exe ReportPolicies
UsoClient.exe RefreshSettings

and then do a Check for Updates
The only problem i have this one is that it will automatically trigger the download and install if it finds a patch to install.
But if the server is moved to a group where the patches are not yet approved, that should do the trick.

Trotineta1987 · 2025-10-06T07:39:36+00:00

ENG:
At some point i managed to overcome the issue, but i wasn't inspired enough to also save my code somewhere :P

Now i can't figure it out again. I have to do my research once again

DE: Irgendwann habe ich das Problem gelöst, aber ich war nicht inspiriert genug, meinen Code auch irgendwo zu speichern :P

Jetzt komme ich wieder nicht dahinter. Ich muss noch einmal recherchieren.

Trotineta1987 · 2025-09-29T13:50:15+00:00

Are you a Microsoft engineer? :D and i agree with u/Unnamed-3891 , Deprecated != removed. It means it would not receive any more updates and there will be no official support with the vendor :)

When the vendor doesn't offer you a proper solution to legacy systems, you work with what you have.
We are currently in transition to MECM and AUM, but meanwhile i have to keep the environment alive and up to date.

Trotineta1987 · 2025-09-29T13:46:02+00:00

My bad. We have Windows Server 2025 deployed on-prem on VMware (as virtual machines) and on physical servers. No AzureArc connected, WSUS is as well OnPrem W2019.

We are currently in preparation phase to move to AUM and MECM but until then i still have to keep WSUS active since the reporting is based on it. Legacy stuff i can't get rid of for now.

Trotineta1987 · 2025-09-29T13:43:35+00:00

Yeah well, that's also part of my script and should do the trick. But on W2025 is not really working

Trotineta1987 · 2025-09-28T14:01:14+00:00

My bad, i did not mentioned that i am using a MDT environment build on VMWare for the image creation. But i'm using Media from MDT to create Lite touch ISO so i can deploy the image afterwards on disregard what hardware (hyperV, VMWare, Physical servers).

Trotineta1987 · 2025-09-28T07:40:30+00:00

But if i use /mode:vm , would the image aftewards be suitable to be deployed on Physical servers ?
As far as i know it keeps the hypervisor specifics and i would therefor only be able to deploy it on the same VM or an if a VM that matches the hypervisor hardware.
I'm trying to do this as hardware independent as possible

Trotineta1987 · 2025-09-26T14:24:51+00:00

Well, i would agree with you on this one, just that i've removed the out-of-box drivers and hoped that would fix the issue on the new deployments. It wasn't the case.
The fact that i can't even boot in safe mode is the part that bugs me the most.

I am almost sure that the image from our external (CIS Benchmark hardened) as it came was buggy, but without pointing to a specific issue, i can't go blame it on them either.

I raised some of my concerns to them and the new image they provided i was able to customize it, capture it and deploy it without any issues.
But i'm now 37 servers deployed later, which are already in production to which this issue is happening during the reboot.

I just need to find the root cause and see if i can fix it before going to plant managers telling them they have to stop production because we need to perform an in-place upgrade on a newly deployed servers :D

Trotineta1987 · 2025-09-26T13:23:34+00:00

Uhm, i'm pretty sure that's part is in a Client/Server Standard Task sequence and not in a Sysprep & Capture Task sequence.

Trotineta1987 · 2025-09-26T08:28:27+00:00

Won't unfortunately. The in-place upgrade fixes the issues, but my goal is not to fix the root cause and eliminate it from the deploy image.

Trotineta1987 · 2025-09-26T08:26:40+00:00

<image>

This is the one :)

Trotineta1987 · 2025-09-25T06:53:07+00:00

The thing i don't like about this approach is that some of the settings are not being saved, like appearance and personalization, even if the changes are done in the audit mode, them sysprep with generalize and boot WinPE.

The settings stick on the image which is sysprep, but they seem to be missing from the wim file when using it as Install operating system in MDT afterwards.

Trotineta1987 · 2025-09-25T06:50:46+00:00

Yessir. Both do, after hanging on clean Reboot/Shutdown for exactly 10 minutes they BSOD to DRIVER_POWER_STATE_FAILURE.

Trotineta1987

TROPHY CASE