/tags/windows-server/ Recent content in Windows Server on Network Haven Hugo en-us Wed, 13 May 2026 12:00:00 +0200 /posts/2026/fixing-scep-certificate-enrollement-over-https-on-elux-thin-clients/ Wed, 13 May 2026 12:00:00 +0200 /posts/2026/fixing-scep-certificate-enrollement-over-https-on-elux-thin-clients/ <p>Currently we trying out eLux as an replacement of older thin clients with ThinOS or IgelOS. We tried to configure 802.1x authentication and the therefore needed certificate enrollment with our current SCEP/NDES server. We came across the issue that the scep client that eLux uses – <a href="https://github.com/certnanny/sscep">sscep</a> – an open source “Simple SCEP client for Unix” <strong>doesn’t support certificates requests over HTTPS</strong>.</p> <p>When investigating the problem we found this GitHub issue which explains our problem. Our NDES server was only reachable over HTTPS – both on the administration page and most importantly also on the request web page (certsrv/mscep) where the client requests their certificates.</p> /posts/2026/how-to-manually-import-wsus-updates-in-an-air-gapped-environment/ Tue, 21 Apr 2026 23:10:03 +0200 /posts/2026/how-to-manually-import-wsus-updates-in-an-air-gapped-environment/ <p>Since 2023 you could not import updates manually to WSUS. Microsoft offers you a <a href="https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site?branch=pr-4097#powershell-script-to-import-updates-into-wsus">script</a> to download the updates from the update catalog when you provide the <strong>UpdateID</strong> to the script. The script defaults to localhost if you dont provide the WSUS server. For example:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-powershell" data-lang="powershell"><span class="line"><span class="cl"><span class="p">.\</span><span class="n">ImportUpdateToWSUS</span><span class="p">.</span><span class="py">ps1</span> <span class="n">-UpdateId</span> <span class="mf">12345678</span><span class="p">-</span><span class="n">90ab-cdef</span><span class="p">-</span><span class="mf">1234</span><span class="p">-</span><span class="n">567890abcdef</span> </span></span></code></pre></div><p>But this script has a big issue for air-gapped enviroments – it still relies on the microsoft update catalog to download and import it to the WSUS server. But in the background the script just uses the <a href="https://learn.microsoft.com/en-us/previous-versions/windows/desktop/bb530766%28v=vs.85%29">ImportUpdateFromCatalogSite()</a> powershell function. If you look at the parameters, you can parse the UpdateID but also “an array of the local paths where any files required by the update can be found.”</p> /posts/2026/issue-detecting-domain-network-on-domain-controller-when-using-nic-teaming/ Fri, 10 Apr 2026 23:10:03 +0200 /posts/2026/issue-detecting-domain-network-on-domain-controller-when-using-nic-teaming/ <p>We had an issue where our domain controller lost its domain network profile after a reboot. When it came back up it was set to public instead of domain.</p> <p>The problem occurred only when Windows NIC teaming (switch-independent) was used in combination with two network adapters in the team. As soon as one network adapter was disabled from the team (while the other remained active), the network profile (domain) was recognized correctly.</p>