When using Systems Manager Patch Manager to scan Windows Server 2019 patches, if SSM Agent, network, and permissions are all normal, but WindowsUpdate.log shows the Microsoft update service returning 503, the root cause may be on Microsoft's side, not AWS's.

When creating FSx for Windows File Server using a self-managed Active Directory, if Single-AZ 2 or Multi-AZ file system creation fails and reports Get-ADComputer: Unable to contact the server, focus on checking TCP 9389 connectivity from the FSx subnet to the domain controllers.

AWS does not provide Windows AMIs for the Graviton architecture, but that doesn't mean Graviton can't run Windows. This article documents how to use the open-source project bin456789/reinstall's one-click DD script to reinstall a t4g instance running Amazon Linux 2023 into Windows 11 Pro ARM64 in place.

Amazon EC2 High Availability for SQL Server can provide license cost reduction for eligible SQL Server HA standby nodes. However, this cost reduction has strict prerequisites — notably, the standby node cannot carry active workloads or serve as a readable secondary replica for queries.

Do not treat ".NET Framework 4 Features" as a regular application and uninstall it on Windows Server. It is a dependency for many management components, including Server Manager, PowerShell modules, and IIS/WCF-related features. Disabling it by mistake can cause both Server Manager and Install-WindowsFeature to stop working.

Two EC2 Windows instances in the same VPC fail to access a shared folder via SMB. Security groups and NACLs are open, Windows Firewall is disabled, but net use reports error 1792, and packet capture shows STATUS_NETLOGON_NOT_STARTED. The root cause is not VPC networking — security software is intercepting the SMB authentication flow.

EC2 instances launched from public Windows AMIs cannot be directly exported as VMDK via VM Import/Export because they contain AWS-licensed software. The workaround is to perform a block-level read of the EBS root volume after stopping the instance, convert it with qemu-img, and offline-enable Windows generic storage drivers to avoid blue screens in VMware.

After configuring HTTPS on an internal ALB, clients accessing the domain receive curl: (60) SSL certificate problem: unable to get local issuer certificate. This error is not necessarily a network issue — more commonly it means the ACM certificate chain bound to the ALB is incomplete, or the certificate SAN does not cover the accessed domain.

When installing a .NET Framework cumulative update on Windows Server 2019, if double-clicking the .msu or using the wusa.exe path consistently fails and WindowsUpdate.log shows 0xC8000402 PopulateDataStore failed, the problem may not be a CBS installation failure but rather a broken WUA scan layer.

After installing a cumulative update on Windows Server 2016, if the reboot phase displays "We couldn't complete the updates" and repeatedly rolls back, the root cause may not be disk space or component store corruption — it could be historical user profile corruption causing the per-user registry phase to fail.