Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

windows server 2025 unreachable after kB5048667

1
  1. Create a new Windows 2025 Base EC2 instance, joined to an AD directory
  2. Open Windows Update, Install kB5048667, reboot as asked by windows
  3. Instance is not reachable by RDP, ping is not working, Instance Reachability Check fails

Can you reproduce, please?

Topics
Compute
Tags
Amazon EC2Windows
Language
English
asked a year ago964 views
3 Answers
3

Thank you for reporting this issue with Windows Server 2025 becoming unreachable after installing KB5048667. This is a known issue related to Device Guard being enabled by default in Windows Server 2025.Our internal teams are actively working on resolving this issue. In the meantime Here are some workarounds you can try:

  1. Group Policy Method:

    • Launch Local Group Policy Editor (gpedit.msc)
    • Navigate to Computer Configuration\Administrative Templates\System\Device Guard
    • Configure "Turn On Virtualization Based Security"
    • Set Radio button to Disabled
    • Apply changes
    • Try joining the domain again

  2. Registry Method: Open an elevated cmd or PowerShell prompt and run:

    • reg add HKLM\System\CurrentControlSet\Control\Lsa /v LsaCfgFlags /d 0 /t REG_DWORD
    • reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard /v LsaCfgFlags /d 0 /t REG_DWORD
    • Ensure "The operation completed successfully." is returned from both commands
    • Try joining the domain again

  3. Use BIOS boot mode: This issue doesn't occur when using BIOS boot mode. You can use the BIOS image for Windows Server 2025: BIOS-Windows_Server-2025-English-Full-Base (ami-043539cbdc18a470d) as an interim solution.

  4. Switch to an AMD instance type: This issue only affects instance types where VBS/CG is available. AMD-backed instance types don't support VBS features, so they're not impacted. You can recover a failing instance by switching to an AMD instance type (e.g., from t3.xlarge to t3a.xlarge).

The EC2 team is actively working on resolving this issue.

AWS
answered a year ago
0

dear AWS support, any update about this issue?

answered 7 months ago
0

more information, we deployed recent 2025 server amazon/Windows_Server-2025-English-Full-Base-2025.03.12, it was working fine at t3.2xlarge. later, after updating, it is able to boot, and then Full Stop -> Start and server is becoming non bootable (just black screen).

What is interesting, we have couple of 2025 outside of domain, and they are able to start fine. What domain specific setting or policy can make it unbootable? Do we have any tshoot manualy?

answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content