What is new in Windows Server 2025
Check its advanced features and innovations
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Find information on known issues and the servicing status for Windows Server 2025. For immediate help with Windows update issues, click here if you are using a Windows device to open the Get Help app or go to support.microsoft.com. Follow @WindowsUpdate on X for Windows release health updates. If you are an IT administrator and want to programmatically get information from this page, use the Windows Updates API in Microsoft Graph.
Current status as of November 6, 2024
Windows Server 2025 is now generally available. It delivers security advancements and new hybrid cloud capabilities in a high performing, AI-capable platform. Windows Server 2025 is Microsoft’s latest Long-Term Servicing Channel (LTSC) release for Windows Server. To download a free 180-day evaluation, visit the Microsoft Evaluation Center.
Windows Server 2025 is offered as an Optional update for Windows Server 2022 and Window Server 2019 devices, if organizations want to do an in-place upgrade. We recommend you use these methods to deploy Windows Server feature updates as Windows Server 2025 is not automatically installed.
To learn more about Windows Server’s Lifecycle Policy, see the Windows Server 2025 lifecycle article.
- Get Windows Server known issues in Graph API
Data is available for supported Windows Server versions
Known issues
See open issues, content updated in the last 30 days, and information on safeguard holds. To find a specific issue, use the search function on your browser (CTRL + F for Microsoft Edge).
| Summary | Originating update | Status | Last updated |
|---|---|---|---|
| Smartcard authentication issues might occur with the October 2025 Windows update This issue is related to a security change introduced for strengthening Windows Cryptographic Services. | OS Build 26100.6899 KB5066835 2025-10-14 | Resolved | 2025-10-22 17:31 PT |
| USB mouse and keyboard not working in the Windows Recovery Environment (WinRE) This issue affects USB devices only within WinRE after installing Windows updates released on October 14, 2025. | OS Build 26100.6899 KB5066835 2025-10-14 | Resolved KB5070773 | 2025-10-20 15:22 PT |
| Directory synchronization fails for AD groups exceeding 10,000 members Issue affects Active Directory Domain Services (AD DS) synchronization, including Microsoft Entra Connect Sync | OS Build 26100.6584 KB5065426 2025-09-09 | Mitigated | 2025-10-17 18:56 PT |
| IIS websites might fail to load Server-side applications that rely on HTTP.sys may experience issues with incoming connections. | OS Build 26100.6899 KB5066835 2025-10-14 | Confirmed | 2025-10-16 16:39 PT |
| Updates installed via WUSA might fail if installed from a shared folder This issue might occur when installing an update from a network folder containing multiple .msu files. | OS Build 26100.4349 KB5060842 2025-06-10 | Mitigated | 2025-09-30 10:04 PT |
| Windows Server 2022 and Server 2019 unexpectedly upgraded to Windows Server 2025 This issue has been mitigated. It was observed when updates were managed through some third-party applications. | N/A | Mitigated | 2024-11-13 17:15 PT |
Issue details
October 2025
Smartcard authentication issues might occur with the October 2025 Windows update
| Status | Originating update | History |
|---|---|---|
| Resolved | OS Build 26100.6899 KB5066835 2025-10-14 | Resolved: 2025-10-22, 17:31 PT Opened: 2025-10-17, 20:06 PT |
Smart card authentication and other certificate operations might intentionally fail after installing Windows Updates released on or after October 14, 2025 (KB5066835) that contain protections for the security vulnerability, CVE-2024-30098. As part of this cryptography improvement, RSA-based smart card certificates are required to use KSP (Key Storage Provider) instead of CSP (Cryptographic Service Provider).
Common symptoms for certificates that use CSP include:
- Smart cards not being recognized as CSP providers (Cryptographic Service Provider) in 32-bit applications
- Inability to sign documents
- Failures in applications relying on certificate-based authentication
- Users might observe error messages such as "invalid provider type specified" and "CryptAcquireCertificatePrivateKey error."
You can detect if your smart card will be affected by this security enforcement if, prior to installing the October 2025 Windows security update (KB5066835), the System log contains Smart Card Service or Microsoft-Windows-Smartcard-Server Event ID: 624 with the message text: "Audit: This system is using CAPI for RSA cryptography operations. Please refer to the following link for more detail: https://go.microsoft.com/fwlink/?linkid=2300823."
Resolution:
For a permanent resolution, developers should update their authenticating app to perform Key Storage Retrieval using Key Storage API documented at Key Storage and Retrieval. Developers should complete this change before Windows updates released in April 2026, at which time the DisableCapiOverrideForRSA workaround listed below is planned to be removed.
Workaround:
If you encounter this issue, you can temporarily resolve it by setting the DisableCapiOverrideForRSA registry key value to 0. This is documented in CVE-2024-30098. Detailed steps to modify the registry key are listed below. Note: This option will be removed in Windows updates, planned for release in April 2026.
Steps to Modify the Registry
⚠️ Important: Editing the registry incorrectly can cause system issues. Always back up the registry before making changes.
1. Open Registry Editor.
- Press Win + R, type regedit, and press Enter.
- If prompted by User Account Control, click Yes.
2. Navigate to the subkey.
- Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais
3. Edit the key and set the value.
- Inside Calais, check if key DisableCapiOverrideForRSA exists
- Double-click DisableCapiOverrideForRSA.
- In Value date, enter: 0
Note: The DisableCapiOverrideForRSA registry setting is NOT added by the default OS install or the installation of Windows Updates and must be manually added on each device.
4. Close and restart.
- Close Registry Editor.
- Restart the computer for changes to take effect.
Affected platforms:
- Client: Windows 11, version 25H2; Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2
- Server: Windows Server 2025; Windows Server 23H2; Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2
USB mouse and keyboard not working in the Windows Recovery Environment (WinRE)
| Status | Originating update | History |
|---|---|---|
| Resolved KB5070773 | OS Build 26100.6899 KB5066835 2025-10-14 | Resolved: 2025-10-20, 14:00 PT Opened: 2025-10-17, 22:18 PT |
After installing the Windows security update released on October 14, 2025 (KB5066835), USB devices, such as keyboards and mice, do not function in the Windows Recovery Environment (WinRE). This issue prevents navigation of any of the recovery options within WinRE. Note that the USB devices continue to work normally within the Windows operating system.
Resolution: This issue was resolved by the Windows out-of-band update, released October 20, 2025 (KB5070773), which is available via the Microsoft Update Catalog, and updates released after that date. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.
Workaround: If your device is impacted by this issue and is unable to boot to Windows to install the latest Windows update, you can work around this issue using one of the following methods:
- If your PC has a touchscreen, you can use the touchscreen's touch keyboard to navigate within WinRE.
- If your PC has a PS/2 port, you can use a PS/2 keyboard or mouse to navigate within WinRE.
- If you had previously created a USB recovery drive, you can boot your computer from the recovery drive. This will take you directly to WinRE with restored USB functionality.
- OEMs and enterprises can use the Preboot Execution Environment (PXE) in Configuration Manager, or can deploy push-button reset features using the Windows Assessment and Deployment Kit (Windows ADK) and Windows Preinstallation Environment (WinPE) add-on to recover affected devices.
Affected platforms:
- Client: Windows 11, version 25H2; Windows 11, version 24H2
- Server: Windows Server 2025
Directory synchronization fails for AD groups exceeding 10,000 members
| Status | Originating update | History |
|---|---|---|
| Mitigated | OS Build 26100.6584 KB5065426 2025-09-09 | Last updated: 2025-10-17, 18:56 PT Opened: 2025-10-14, 17:49 PT |
Applications that use the Active Directory directory synchronization (DirSync) control for on-premises Active Directory Domain Services (AD DS), such as when using Microsoft Entra Connect Sync, can result in incomplete synchronization of large AD groups exceeding 10,000 members. This issue occurs only on Windows Server 2025 after installing the September 2025 Windows security update (KB5065426), or later updates.
Mitigation:
This issue is mitigated using Known Issue Rollback (KIR) for enterprise-managed devices managed by IT departments that have installed the affected update and encountered this issue. IT administrators can resolve this issue by installing and configuring the special Group Policy listed below.
Group Policy downloads with Group Policy name:
- Download for Windows 11, Versions 24H2 and 25H2 and Windows Server 2025 -- Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5066835 251016_21401 Known Issue Rollback
The special Group Policy can be found in Computer Configuration -> Administrative Templates -> Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5066835 251016_21401 Known Issue Rollback. For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback.
Important: You will need to install and configure the Group Policy for Windows Server 2025. Then restart Windows Server 2025 to apply the group policy setting. (Windows 11 is out of scope of this notification and guidance.)
Workaround: Alternatively, affected customers can apply the following registry key as a workaround to disable the feature change.
Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. For more information, see Windows registry for advanced users.
Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides
Name: 2362988687
Type: REG_DWORD
Value: 0
Next Steps: We are working to include the resolution in a future Windows update. Once the update with the resolution is released, organizations will not need to install and configure the Group Policy to address this issue.
Affected platforms:
- Client: None
- Server: Windows Server 2025
IIS websites might fail to load
| Status | Originating update | History |
|---|---|---|
| Confirmed | OS Build 26100.6899 KB5066835 2025-10-14 | Last updated: 2025-10-16, 16:39 PT Opened: 2025-10-16, 16:06 PT |
Following installation of updates releases on or after October 14 (KB5066835), server-side applications that rely on HTTP.sys may experience issues with incoming connections. As a result, IIS websites might fail to load, displaying a message such as "Connection reset - error (ERR_CONNECTION_RESET)", or similar error. This includes websites hosted on http://localhost/, and other IIS connections.
This issue is caused by a variety of conditions which can be influenced by the device's internet connectivity, as well as timing of recent update installation and device restarts. For this reason, it is possible that it may not be observed in some environments despite having installed the update mentioned above. The following steps can help resolve this issue in environments where it's observed:
- On the affected device, open "Windows Update" in the "Windows Settings" app.
- This can be accomplished by opening the start menu, typing "check for updates", and selecting from the results to the right
- Click on "Check for updates". Allow any updates to install.
- Restart your device.
- Note: please restart your device even if no updates are installed in the previous step.
Workaround: IT admins can resolve this issue for managed devices which have installed the affected update and encountered this issue. It can be fixed by installing and configuring the Group policy listed below. For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback. The special Group Policy can be found in Computer Configuration > Administrative Templates > [Group Policy name].
Group Policy downloads with Group Policy name:
- Download for Windows 11, version 24H2, Windows 11 25H2 and Windows Server, version 2025 - Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5066835 251015_22001 Known Issue Rollback.msi
Next steps: We are working on releasing a resolution for this issue in a future Windows update. We will provide an update when more information is available.
Affected platforms:
- Client: Windows 11, version 25H2; Windows 11, version 24H2
- Server: Windows Server 2025
August 2025
Updates installed via WUSA might fail if installed from a shared folder
| Status | Originating update | History |
|---|---|---|
| Mitigated | OS Build 26100.4349 KB5060842 2025-06-10 | Last updated: 2025-09-30, 10:04 PT Opened: 2025-08-15, 11:56 PT |
Windows updates installed using the Windows Update Standalone Installer (WUSA) might fail with error ERROR_BAD_PATHNAME, when the update is installed using WUSA or double-clicking a .msu file from a network share that contains multiple .msu files. These issues might occur on devices that installed updates released May 28, 2025 (KB5060842) and later.
WUSA is a method of installing updates using the Windows Update Agent API which is typically only employed in enterprise environments. It is not common in personal or home settings.
Please note that this issue does not occur when there is only one .msu file in the network share or when the .msu files are stored locally on the device. In addition, after installing an .msu file by double-clicking or using WUSA and restarting Windows, you might notice that the Update History page in Settings continues to indicate that a restart is required to complete the update. This is temporary and should be resolved on its own.
Workaround: To work around this issue, save the .msu files locally on the device and install the update from this location. Also, if you've restarted Windows after installing an .msu file via WUSA, please wait 15 minutes or more before checking the Update History page in Settings. After this short delay, the Settings app should properly indicate if the update installed successfully.
Mitigation: This issue is addressed using Known Issue Rollback (KIR) and is resolved automatically for most home users and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster.
IT admins can resolve this issue for managed devices which have installed the affected update and encountered this issue. It can be fixed by installing and configuring the Group policy listed below. For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback. The special Group Policy can be found in Computer Configuration > Administrative Templates > [Group Policy name].
Group Policy downloads with Group Policy name:
- Download for Windows 11, version 24H2 and Windows Server, version 2025 - Windows 11 24H2 and Windows Server 2025 KB5062660 250806_17201 Known Issue Rollback.msi
Next steps: We are working on releasing a resolution for this issue in a future Windows update. We will provide an update when more information is available.
Affected platforms:
- Client: Windows 11, version 25H2; Windows 11, version 24H2
- Server: Windows Server 2025
November 2024
Windows Server 2022 and Server 2019 unexpectedly upgraded to Windows Server 2025
| Status | Originating update | History |
|---|---|---|
| Mitigated | N/A | Last updated: 2024-11-13, 17:15 PT Opened: 2024-11-09, 12:16 PT |
Windows Server 2025 is intended to be offered as an Optional upgrade in Windows Update settings for devices running Windows Server 2019 and Windows Server 2022. Two scenarios were observed in certain environments:
- Some devices upgraded automatically to Windows Server 2025 (KB5044284). This was observed in environments that use third-party products to manage the update of clients and servers. Please verify whether third-party update software in your environment is configured not to deploy feature updates. This scenario has been mitigated.
- An upgrade to Windows Server 2025 was offered via a message in a banner displayed on the device’s Windows Update page, under Settings. This message is intended for organizations that want to execute an in-place upgrade. This scenario has already been resolved.
The Windows Server 2025 feature update was released as an Optional update under the Upgrade Classification: “DeploymentAction=OptionalInstallation”. Feature update metadata must be interpreted as Optional and not Recommended by patch management tools.
We advise organizations to use Microsoft-recommended methods to deploy Windows Server feature updates.
Next steps: Microsoft is working with third-party providers to streamline best practices and recommended procedures. As an interim measure, Microsoft has also temporarily paused the upgrade offer via the Windows Update settings panel. We estimate it will be available in the first half of 2025. All other upgrading methods to install Windows Server 2025 are still available through the usual channels.
Once the offer via Windows Update resumes, IT administrators will be able to control the feature update offer banner by setting the target version to “hold” in the Group Policy “Select the target Feature Update version.” To learn how to manage feature updates via this group policy, see Manage Feature Updates with Group Policy on Windows Server.
Note: The Windows Server 2025 feature update was made available on November 1, 2024, as KB5044284, which was the same KB number used for Windows 11, version 24H2. This is the KB numbering for both client and server Windows updates. Future updates released for Windows Server 2025 and Windows 11, version 24H2 will share the same KB numbers, but will have different release note sites and links.
Affected platforms:
- Client: None
- Server: Windows Server 2025; Windows Server 2022; Windows Server 2019
Report a problem with Windows updates
To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app.
Need help with Windows updates?
Search, browse, or ask a question on the Microsoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.
For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support. Organizations can request immediate support through Support for business.
View this site in your language
This site is available in 11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.