Merge pull request #9142 from MicrosoftDocs/main

Auto push to live 2025-06-17 10:01:48

Author: Deland-Han

support/windows-server/active-directory/replication-error-1753.md

@@ -1,7 +1,7 @@
 ---
 title: Active Directory Replication fails with Win32 error 1753
 description: Describes an issue where AD operations fail with Win32 error 1753 (There are no more endpoints available from the endpoint mapper).
-ms.date: 01/15/2025
+ms.date: 06/17/2025
 manager: dcscontentpm
 audience: itpro
 ms.topic: troubleshooting
@@ -14,7 +14,8 @@ ms.custom:
 
 This article describes an issue where Active Directory Replications fail with Win32 error 1753: "There are no more endpoints available from the endpoint mapper."
 
-_Original KB number:_   2089874
+_Original KB number:_   2089874  
+_Applies to:_   All supported versions of Windows Server
 
 **Home users:** This article is only intended for technical support agents and IT professionals. If you're looking for help with a problem, [ask the Microsoft Community](https://answers.microsoft.com).
 

support/windows-server/active-directory/replication-error-8524.md

@@ -1,7 +1,7 @@
 ---
 title: Active Directory Replication fails with Win32 error 8524
 description: Describes an issue that Active Directory Replications fail with Win32 error 8524 (The DSA operation is unable to proceed because of a DNS lookup failure).
-ms.date: 01/15/2025
+ms.date: 06/17/2025
 manager: dcscontentpm
 audience: itpro
 ms.topic: troubleshooting
@@ -16,7 +16,8 @@ This article describes symptoms, cause, and resolution steps for AD operations t
 
 > The DSA operation is unable to proceed because of a DNS lookup failure.
 
-_Original KB number:_   2021446
+_Original KB number:_   2021446  
+_Applies to:_   All supported versions of Windows Server
 
 **Home users:** This article is only intended for technical support agents and IT professionals. If you're looking for help with a problem, [ask the Microsoft Community](https://answers.microsoft.com).
 

support/windows-server/remote/media/remote-desktop-listener-certificate-configurations/successful-example-to-run-powershell-commands.png

@@ -1,101 +1,147 @@
 ---
 title: Remote Desktop listener certificate configurations
 description: Describes the methods to configure RDP listener certificates in Windows Server 2012 R2 and Windows Server 2012.
-ms.date: 01/15/2025
+ms.date: 06/17/2025
 manager: dcscontentpm
 audience: itpro
 ms.topic: troubleshooting
 ms.reviewer: kaushika
 ms.custom:
 - sap:remote desktop services and terminal services\licensing for remote desktop services (terminal services)
 - pcy:WinComm User Experience
+zone_pivot_groups: rdp-windows-server-versions
 ---
 # Remote Desktop listener certificate configurations
 
-This article describes the methods to configure listener certificates on a Windows Server 2012-based or Windows Server 2012-based server that is not part of a Remote Desktop Services (RDS) deployment.
+This article describes the methods to configure listener certificates on a Windows Server that is not part of a Remote Desktop Services (RDS) deployment.
 
 _Original KB number:_   3042780
 
 ## About Remote Desktop server listener availability
 
 The listener component runs on the Remote Desktop server and is responsible for listening to and accepting new Remote Desktop Protocol (RDP) client connections. This lets users establish new remote sessions on the Remote Desktop server. There is a listener for each Remote Desktop Services connection that exists on the Remote Desktop server. Connections can be created and configured by using the Remote Desktop Services Configuration tool.
 
-## Methods to configure listener certificate
+## Configure Remote Desktop server listener certificate
 
-In Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2, the Remote Desktop Configuration Manager MMC snap-in lets you direct access to the RDP listener. In the snap-in, you can bind a certificate to the listener and in turn, enforce SSL security for the RDP sessions.
+The MMC method is not available starting from Windows Server 2012 or Windows Server 2012 R2. However, you can always configure the RDP listener by using WMI or the registry.
 
-In Windows Server 2012 or Windows Server 2012 R2, this MMC snap-in does not exist. Therefore, the system provides no direct access to the RDP listener. To configure the listener certificates in Windows Server 2012 or Windows Server 2012 R2, use the following methods.
+::: zone pivot="windows-server-pre-2012"
 
-- Method 1: Use Windows Management Instrumentation (WMI) script
+### [MMC](#tab/mmc)
 
-    The configuration data for the RDS listener is stored in the `Win32_TSGeneralSetting` class in WMI under the `Root\CimV2\TerminalServices` namespace.
+The Remote Desktop Configuration Manager MMC snap-in enables you direct access to the RDP listener. In the snap-in, you can bind a certificate to the listener and in turn, enforce SSL security for the RDP sessions.
 
-    The certificate for the RDS listener is referenced through the **Thumbprint** value of that certificate on a **SSLCertificateSHA1Hash** property. The thumbprint value is unique to each certificate.
+::: zone-end
 
-    > [!NOTE]
-    > Before you run the wmic commands, the certificate that you want to use must be imported to the Personal certificate store for the computer account. If you do not import the certificate, you will receive an **Invalid Parameter** error.
+### [Windows Management Instrumentation (WMI)](#tab/wmi)
 
-    To configure a certificate by using WMI, follow these steps:
+The configuration data for the RDS listener is stored in the `Win32_TSGeneralSetting` class in WMI under the `Root\CimV2\TerminalServices` namespace.
 
-    1. Open the properties dialog for your certificate and select the **Details** tab.
-    2. Scroll down to the **Thumbprint** field and copy the space delimited hexadecimal string into something like Notepad.
+The certificate for the RDS listener is referenced through the **Thumbprint** value of that certificate on a **SSLCertificateSHA1Hash** property. The thumbprint value is unique to each certificate.
 
-        The following screenshot is an example of the certificate thumbprint in the **Certificate** properties:
+> [!NOTE]
+> Before you run the wmic commands, the certificate that you want to use must be imported to the Personal certificate store for the computer account. If you do not import the certificate, you will receive an **Invalid Parameter** error.
 
-        :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/thumbprint-property.png" alt-text="An example of the certificate thumbprint in the Certificate properties.":::
+To configure a certificate by using WMI, follow these steps:
 
-        If you copy the string into Notepad, it should resemble the following screenshot:
+1. Open the properties dialog for your certificate and select the **Details** tab.
+2. Scroll down to the **Thumbprint** field and copy the space delimited hexadecimal string into something like Notepad.
 
-        :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/thumbprint-string-in-notepad.png" alt-text="Copy and paste the thumbprint string into Notepad.":::
+   The following screenshot is an example of the certificate thumbprint in the **Certificate** properties:
 
-        After you remove the spaces in the string, it still contains the invisible ASCII character that is only visible at the command prompt. The following screenshot is an example:
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/thumbprint-property.png" alt-text="An example of the certificate thumbprint in the Certificate properties.":::
 
-        :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/ascii-character-in-command-prompt.png" alt-text="The invisible ASCII character that is only shown at the command prompt." border="false":::
+   If you copy the string into Notepad, it should resemble the following screenshot:
 
-        Make sure that this ASCII character is removed before you run the command to import the certificate.
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/thumbprint-string-in-notepad.png" alt-text="Copy and paste the thumbprint string into Notepad.":::
 
-    3. Remove all spaces from the string. There may be an invisible ACSII character that is also copied. This is not visible in Notepad. The only way to validate is to copy directly into the Command Prompt window.
+   After you remove the spaces in the string, it still contains the invisible ASCII character that is only visible at the command prompt. The following screenshot is an example:
 
-    4. At command prompt, run the following wmic command together with the thumbprint value that you obtain in step 3:
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/ascii-character-in-command-prompt.png" alt-text="The invisible ASCII character that is only shown at the command prompt." border="false":::
 
-        ```console
-        wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT"
-        ```
+   Make sure that this ASCII character is removed before you run the command to import the certificate.
 
-        The following screenshot is a successful example:
+3. Remove all spaces from the string. There may be an invisible ACSII character that is also copied. This is not visible in Notepad. The only way to validate is to copy directly into the Command Prompt window.
 
-        :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/successful-example-to-run-wmic-commands.png" alt-text="A successful example of running the wmic command together with the thumbprint value that you obtain in step 3." border="false":::
-  
-- Method 2: Use registry editor
+4. At command prompt, run the following wmic command together with the thumbprint value that you obtain in step 3:
 
-    > [!IMPORTANT]
-    > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [How to back up and restore the registry in Windows](https://support.microsoft.com/help/322756) in case problems occur.
+::: zone pivot="windows-server-pre-2012"
 
-    To configure a certificate by using registry editor, follow these steps:
+   ```console
+   wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT"
+   ```
 
-    1. Install a server authentication certificate to the Personal certificate store by using a computer account.
+::: zone-end
+::: zone pivot="windows-server-2012"
 
-    2. Create the following registry value that contains the certificate's SHA1 hash so that you can configure this custom certificate to support TLS instead of using the default self-signed certificate.
+   ```console
+   wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT"
+   ```
 
-        - Registry path: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp`
-        - Value name: **SSLCertificateSHA1Hash**
-        - Value type: REG_BINARY
-        - Value data: **certificate thumbprint**
+::: zone-end
+::: zone pivot="windows-11-or-server-2025"
 
-        The value should be the thumbprint of the certificate and be separated by comma (,) without any empty spaces. For example, if you were to export that registry key, the **SSLCertificateSHA1Hash** value would be as follows:
+   ```console
+   Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices | Set-WmiInstance -Arguments @{SSLCertificateSHA1Hash="THUMBPRINT"}
+   ```
 
-        SSLCertificateSHA1Hash=hex:42,49,e1,6e,0a,f0,a0,2e,63,c4,5c,93,fd,52,ad,09,27,82,1b,01
+::: zone-end
 
-    3. The Remote Desktop Host Services runs under the NETWORK SERVICE account. Therefore, you have to set the system access control list (SACL) of the key file that is used by RDS to include NETWORK SERVICE together with the **Read** permissions.
+   The following screenshot is a successful example:
 
-        To change the permissions, follow these steps on the Certificates snap-in for the local computer:
+::: zone pivot="windows-server-pre-2012"
 
-        1. Click **Start**, click **Run**, type *mmc*, and then click **OK**.
-        2. On the **File** menu, click **Add/Remove Snap-in**.
-        3. In the **Add or Remove Snap-ins**  dialog box, on the **Available snap-ins** list, click **Certificates**, and then click **Add**.
-        4. In the **Certificates** snap-in dialog box, click **Computer account**, and then click **Next**.
-        5. In the **Select Computer** dialog box, click **Local computer: (the computer this console is running on)**, and then click **Finish**.
-        6. In the **Add or Remove Snap-ins** dialog box, click **OK**.
-        7. In the **Certificates** snap-in, on the console tree, expand **Certificates (Local Computer)**, expand **Personal**, and then select the SSL certificate that you want to use.
-        8. Right-click the certificate, select **All Tasks**, and then select **Manage Private Keys**.
-        9. In the **Permissions** dialog box, click **Add**, type *NETWORK SERVICE*, click **OK**, select **Read** under the **Allow** check box, and then click **OK**.
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/successful-example-to-run-wmic-commands.png" alt-text="A successful example of running the wmic command together with the thumbprint value that you obtain in step 3." border="false":::
+
+::: zone-end
+::: zone pivot="windows-server-2012"
+
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/successful-example-to-run-wmic-commands.png" alt-text="A successful example of running the wmic command together with the thumbprint value that you obtain in step 3." border="false":::
+
+::: zone-end
+::: zone pivot="windows-11-or-server-2025"
+
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/successful-example-to-run-powershell-commands.png" alt-text="A successful example of running the powershell command together with the thumbprint value that you obtain in step 3." border="false":::
+
+::: zone-end
+
+### [Registry](#tab/registry)
+
+> [!IMPORTANT]
+> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [How to back up and restore the registry in Windows](https://support.microsoft.com/help/322756) in case problems occur.
+
+To configure a certificate by using registry editor, follow these steps:
+
+1. Install a server authentication certificate to the Personal certificate store by using a computer account.
+
+2. Create the following registry value that contains the certificate's SHA1 hash so that you can configure this custom certificate to support TLS instead of using the default self-signed certificate.
+
+   - Registry path: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp`
+   - Value name: **SSLCertificateSHA1Hash**
+   - Value type: REG_BINARY
+   - Value data: **certificate thumbprint**
+
+    The value should be the thumbprint of the certificate and be separated by comma (,) without any empty spaces. For example, if you were to export that registry key, the **SSLCertificateSHA1Hash** value would be as follows:
+
+    ```reg
+    Windows Registry Editor Version 5.00
+    
+    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
+    "SSLCertificateSHA1Hash"=hex:42,49,e1,6e,0a,f0,a0,2e,63,c4,5c,93,fd,52,ad,09,27,82,1b,01
+    ```
+
+3. The Remote Desktop Host Services runs under the NETWORK SERVICE account. Therefore, you have to set the system access control list (SACL) of the key file that is used by RDS to include NETWORK SERVICE together with the **Read** permissions.
+
+   To change the permissions, follow these steps on the Certificates snap-in for the local computer:
+
+   1. Click **Start**, click **Run**, type *mmc*, and then click **OK**.
+   2. On the **File** menu, click **Add/Remove Snap-in**.
+   3. In the **Add or Remove Snap-ins**  dialog box, on the **Available snap-ins** list, click **Certificates**, and then click **Add**.
+   4. In the **Certificates** snap-in dialog box, click **Computer account**, and then click **Next**.
+   5. In the **Select Computer** dialog box, click **Local computer: (the computer this console is running on)**, and then click **Finish**.
+   6. In the **Add or Remove Snap-ins** dialog box, click **OK**.
+   7. In the **Certificates** snap-in, on the console tree, expand **Certificates (Local Computer)**, expand **Personal**, and then select the SSL certificate that you want to use.
+   8. Right-click the certificate, select **All Tasks**, and then select **Manage Private Keys**.
+   9. In the **Permissions** dialog box, click **Add**, type *NETWORK SERVICE*, click **OK**, select **Read** under the **Allow** check box, and then click **OK**.
+
+---

support/windows-server/remote/remote-desktop-listener-certificate-configurations.md

@@ -0,0 +1,46 @@
+---
+title: High-Speed Network Adapters Show Inaccurate Link Speeds
+description: Describes a limitation in Windows user interfaces where the link speed might not be displayed correctly for high-speed network adapters.
+ms.date: 06/17/2025
+manager: dcscontentpm
+audience: itpro
+ms.topic: troubleshooting
+ms.reviewer: kaushika, sheiroqi, v-lianna
+ms.custom:
+- sap:windows desktop and shell experience\file explorer (app only,folders,quick access,file explorer search)
+- pcy:WinComm User Experience
+---
+# High-speed network adapters show inaccurate link speeds
+
+This article describes a limitation in Windows user interfaces where the link speed might not be displayed correctly for high-speed network adapters.
+
+On devices using high-speed network adapters (for example, 400 Gbps or higher), the link speed displayed in Windows user interfaces like Network Connections (**ncpa.cpl**) might be lower than the actual configured speed.
+
+For example, you might observe a displayed speed of 170.5 Gbps even though the hardware is correctly configured for 600 Gbps.
+
+## The link speed exceeds the representable range
+
+This issue is due to a limitation in how certain legacy components query and report link speed information.
+
+Specifically, the Windows user interface retrieves the link speed using a method that returns the result as a 32-bit value, measured in 100-bps units. If the actual link speed exceeds approximately 429.5 Gbps, the value might exceed the representable range and be truncated in the display.
+
+> [!NOTE]
+> This issue doesn't indicate a malfunction of the hardware or system and doesn't affect the actual performance or functionality of the network adapter.
+>
+> The system continues to operate at the correct speed as configured at the hardware level.
+>
+> No action is required unless the display discrepancy causes confusion.
+
+## Verify the accurate link speed
+
+To retrieve the accurate link speed, run the following Windows PowerShell cmdlet:
+
+```powershell
+Get-NetAdapter | Select Name, LinkSpeed
+```
+
+This cmdlet returns the accurate speed as reported by modern networking application programming interfaces (APIs), which support higher-capacity adapters.
+
+## Status
+
+Microsoft is aware of this limitation and is exploring possible improvements in future updates.

support/windows-server/shell-experience/network-adapters-inaccurate-link-speed.md

@@ -2506,6 +2506,8 @@ items:
       href: ./shell-experience/default-date-format-changed.md
   - name: File Explorer/Windows Explorer
     items:
+    - name: High-speed network adapters show inaccurate link speeds
+      href: ./shell-experience/network-adapters-inaccurate-link-speed.md
     - name: Increased CPU usage when accessing a FileTable share
       href: ./shell-experience/increased-cpu-usage.md
     - name: TEMP folder with logon session ID is deleted

support/windows-server/toc.yml

@@ -0,0 +1,13 @@
+### YamlMime:ZonePivotGroups
+groups:
+#Owner: kaushika
+- id: rdp-windows-server-versions
+  title: Windows version
+  prompt: Choose a Windows version
+  pivots:
+  - id: windows-server-pre-2012
+    title: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2
+  - id: windows-server-2012
+    title: Windows Server 2012 or Windows Server 2012 R2
+  - id: windows-11-or-server-2025
+    title: Windows 11 or Windows Server 2025