Share via

Black screen on Azure VM after promoting to Domain Controller

Claus, Frank 45 Reputation points
2026-02-18T15:29:29.26+00:00

I recently built a 2022 Azure VM. It was fine with no issues. We promoted it to a Domain Controller this past weekend. The promo itself was fine. All Domain services seemed to be fine afterward. Replication was working with no issues. I created a second Site dedicated for this VM as it will only be used in a DR event. Once the server came back up and we verified domain services were fine we attempted to RDP in. We received only a black screen. It prompted for creds but we only ever get the black screen. As I said it was fine prior to the dcpromo so I am assuming perhaps some kind of hardening was implemented that I am unawre of. Also attempted to run DCPROMO on it from another DC and got DFSRe error. Anyway, has anyone seen this? I have done some basic searches and it seems I am not the only one this has happened to. Thanks!

Azure Virtual Machines
Azure Virtual Machines

An Azure service that is used to provision Windows and Linux virtual machines.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Himanshu Shekhar 4,025 Reputation points Microsoft External Staff Moderator
    2026-02-18T19:59:34.6666667+00:00

    @Claus, Frank

    This is a documented issue reported by multiple customers running Windows Server 2022 domain controllers in Azure. After DC promotion, RDP authentication succeeds, but the interactive session never completes, resulting in a permanent black screen.

    In reported cases, the root cause was UAC (EnableLUA=1) interfering with interactive RDP session creation on newly promoted Server 2022 DCs. Disabling UAC via a remote management channel (Serial Console / Run Command / PowerShell Remoting) and rebooting restores RDP access.

    Workaround:

    Set-ItemProperty `

      -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System `

      -Name EnableLUA -Value 0

    shutdown /r /t 0

    After reboot, RDP sessions progress normally beyond authentication. Alternatively, UAC can remain enabled by adjusting Admin Approval Mode for the built‑in Administrator account via local security policy or GPO. The DFSR errors observed during DCPROMO relate to SYSVOL replication and are independent of the RDP black‑screen issue, though they should still be investigated separately.

    Coming to ask again - No there are no special Azure VM specific settings that need to be configured for this scenario. This behavior is not caused by Azure VM configuration differences, and it is not something you missed during VM creation.

    So, this is a Windows Server 2022 behavior after Domain Controller promotion, most commonly seen on Azure VMs but not Azure‑specific. The issue does not occur on Server 2016, which aligns with your observation, due to changes in UAC handling and session initialization in newer Windows Server builds.

    Specifically, after DCPROMO on Windows Server 2022:

    1. RDP authentication succeeds (Event ID 1149 logged)
    2. The interactive session never completes
    3. The user is left with a permanent black screen
    4. AD, replication, DNS, PowerShell, and Server Manager all continue to function normally

    Also, confirmed the root cause as UAC (EnableLUA = 1) interfering with interactive RDP session creation on Server 2022 domain controllers. Disabling UAC (or adjusting Admin Approval Mode for the built‑in Administrator account) and rebooting restores RDP immediately, with no Azure-side changes required.

    If you have any further queries, let me know. If the information is helpful

  2. Q&A Assist
    2026-02-18T15:29:45.0033333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It sounds like you are experiencing a common issue where an Azure VM becomes unresponsive after being promoted to a Domain Controller. This can happen due to various reasons, including changes in policies or configurations that may have been applied during the promotion process.

    Here are some steps you can take to troubleshoot the black screen issue:

    1. Check Boot Diagnostics: Use Boot Diagnostics to view the screenshot of the VM. This can help you determine if the VM is stuck at a certain point during the boot process.
    2. Review Event Logs: Check the setup.evtx logs located at <drive letter>:\Windows\System32\winevt\Logs\Setup.evtx for any errors or warnings that may indicate what went wrong during the promotion.
    3. Enable Serial Console: If you haven't already, enable the Serial Console for troubleshooting. This can provide additional insights into the boot process and any errors that may be occurring.
    4. Rollback Changes: If you suspect that a specific feature or role change caused the issue, you can use the DISM tool to disable any recently added features. For example: 
         Dism /Image:<OS Disk letter>:\ /Disable-Feature /FeatureName:<Feature to remove>
    5. Memory Dump Analysis: If the VM remains unresponsive, consider collecting a memory dump file to analyze the issue further. You can do this by attaching the OS disk to a recovery VM and locating the Memory.dmp file.
    6. Restore from Backup: If you have a recent backup of the VM, restoring it may resolve the issue.

    If these steps do not resolve the problem, you may want to reach out to Microsoft Support for further assistance, especially if you are encountering DFS replication errors.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.