Windows Server RC-4 Depreciation
RC-4 Depreciation KB ID 0001937 Problem Microsoft has begun a major security hardening programme for Active Directory domain controllers to address CVE‑2026‑20833, a Kerberos vulnerability that enables Kerberoasting attacks by exploiting weak RC4 encryption. If you run Windows Server domain controllers, you must prepare for the phased deprecation of RC4 throughout 2026. Enforcement becomes mandatory in July 2026, and environments...
This Computer Can’t Connect to the Remote Computer
Can’t Connect to the Remote Computer KB ID 0001936 Problem Seen when attempting to RDP to a remote computer. “This computer can’t connect to the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.” Error details: Error code: 0x3 Extended error code: 0x7 Timestamp: 01/05/26 03:21:03 PM Solution: Can’t Connect to the Remote...
Sysprep Validate (fails)
Sysprep Validate KB ID 0001934 Problem Seen whilst running sysprep on a Windows machine. System Preparation Tool 3.14 Sysprep was not able to validate your Windows installation. Review the log file at %windir%\system32\Sysprep\panther\setupact.log for details. After resolving the issue use Sysprep to validate your installation again. Solution: Sysprep Validate Fails Well it’s telling us to review that file, the easiest way to...
Directory Partition Has Not Been Backed Up
Directory Partition Has Not Been Backed Up KB ID 0001933 Problem Seen recently when running dcdiag. A warning event occurred. EventID: 0x80000829 Time Generated: xx/xx/xxxx xx:xx:xx Event String: This directory partition has not been backed up since at least the following number of days. You are seeing this error because dcdiag interrogated the event log and found an Event ID 2089 Log Name: Directory Service Source:...
Best Practice: Demoting a Domain Controller
Demoting a Domain Controller KB ID 0001932 Problem I was having a conversation with some colleagues this week, the conversation was about the placing of an RDS license server, and somebody had recommended putting it on the domain controller, I pointed out that this wasn’t a perfect idea, because in four or five year’s time somebody’s going to demote and take that to my controller off-line and forget all about the fact that...
Cross Hypervisor Migrations Using Veeam
Cross Hypervisor Migrations KB ID 0001925 Problem At a time where a large slice of the community is moving away from VMware, my employer finds itself with a situation where it needs to migrate TO VMware (from Openstack KVM. We need to retire this platform and the customers we have on it, we are hoping will move to our VMware/NSX based IaaS platform. In recent years we have faced challenges with potential customers who were on...
Veeam Invalid NFS Path
Invalid NFS Path KB ID 0001924 Problem When trying to setup a Veeam repository that is an NFS Share, I got the following error. After about 35 minutes of trying different combinations and back slashes and forward slashes I gave up. Solution : Invalid NFS Path I knew I’d seen this before, and annoyingly I’d not written anything down! Turns out I’m old (and blind), the answer is staring me in the face. THERE SHOULD BE...
Audit GPO Changes
Audit GPO Changes KB ID 0001920 Problem If you are reading this your either replanning ahead (bravo!) or there’s been an incident that you are concerned about. If that is the case its important to remember that “you cannot audit retrospectively”* *Note: you can find out when GPOs were altered, but not by whom, with some simple PowerShell i.e. Get-GPO -All | Select-Object DisplayName, ModificationTime Group Policies are...
Windows Certificate Services – Setup a CRL
Setup a CRL KB ID 0000957 Problem One of the often-overlooked tasks in a Public Key Infrastructure (PKI) deployment is configuring your Certificate Services Certificate Revocation List (CRL). For smaller deployments with only one server, you don’t need to worry about complex design considerations (though a CRL doesn’t have to be hosted on a Certificate Services server). In my test environment, I have only one PKI server,...
Windows – Firewall Group Policy
Firewall Group Policy KB ID 0000979 Problem For everyone who simply does not disable the Windows firewall, then you need to be able to manage what ports are open on your machines. The simplest way to do this is via firewall group policy. This week I had to open TCP port 9503 on the local firewall of my McAfee Move Offload Servers. Below I will open that port on all my machines, but in production I will only apply the GPO to...