Release Notes: Important Issues in Windows Server 2008 R2

Applies To: Windows Server 2008 R2

These release notes address the most critical issues and information about the Windows Server® 2008 R2 operating system. For information about by-design changes, new features, and fixes in this release, see Other Changes in Windows Server 2008 R2 ( For information about important steps to take before installing this release, including issues that you may need to work around, see Installing Windows Server 2008 R2 ( Unless otherwise specified, these notes apply to all editions and installation options of Windows Server 2008 R2.


The Window-Eyes screen reader application incorrectly reports the state of all option buttons in the First Run Wizard.

To work around this, set the focus on the option button and activate it with the SPACEBAR or ENTER key—ignore the Window-Eyes report that the option button has not been activated.


  • Applications that run in a partial trust scenario (such as hosted ASP.NET sites) and use the Entity Framework to query a database will fail with a security exception.

    There is no workaround at this time.

  • This issue affects Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, and Windows Server 2008 R2 for Itanium-Based Systems.

    Any ASP.NET applications that connect to SQL Server Express user instances will fail and receive an error.

    To correct this, first open Internet Information Services (IIS) Manager and select the Load User Profile check box for the affected application pool. If the issue persists, edit the application pool so that it uses the Network Services account.

Distributed File System Replication

This issue applies to Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, and Windows Server 2008 R2 Datacenter.

On a read-only domain controller that uses Distributed File System (DFS) Replication to replicate SYSVOL, the system state restore operation will fail with the following error in the log:

Error Restoring C:\Windows\SYSVOL\domain\ during write: Error [0x80070005] Access is denied

To correct this, take the following steps before performing a system state restore operation:

To unload the read-only filter driver

  1. Boot the server into Directory Services Restore Mode.

  2. Unload the DFS Replication service read-only mini filter driver with the command Fltmc unload DfsrRo.

  3. Perform the system state restore operation.

  4. Reload the read-only mini filter driver with the command Fltmc load DfsrRo.

File Server Resource Manager

If you configure classification rules with regular expressions, the expressions that use the | (OR) operator will not function. To avoid this, construct the regular expressions so that you avoid using the | operator.


If you have the Hyper-V™ role installed in Windows Server 2008 and have virtual network adapters that are disabled, these virtual network adapters will be enabled after you upgrade to Windows Server 2008 R2.

To avoid this, use Hyper-V Windows® Management Instrumentation (WMI) APIs to delete any disabled virtual network adapters prior to the upgrade. For more information, see Virtualization WMI Provider (

If this has already occurred, you can use Hyper-V Manager to remove any unwanted virtual network adapters. To do this, open Virtual Network Manager and then clear the Allow management operating system to share this network adapter check box for affected networks.

Network File System

This issue affects Windows Server 2008 R2 Enterprise and Windows Server 2008 R2 Datacenter.

If you use Network File System (NFS) version 2 or 3 in conjunction with the RPCSEC_GSS security mechanism and the rpc_gss_svc_integrity value (that is, with the –sec=krb5i option) you will be unable to mount shares over the User Datagram Protocol (UDP).

To use the –sec=krb5i option, configure the NFS client and server to use the TCP protocol. If you use the –sec=krb5 option, you can configure the client and server to use either TCP or UDP.

Network Policy Server

This issue affects Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Web Server 2008 R2, and Windows Server 2008 R2 Foundation.

If you install 32-bit extension DLLs for Network Policy Server (NPS) on Windows Server 2008 R2, NPS will fail to start with the error ERROR_BAD_EXE_FORMAT. To avoid this, uninstall any 32-bit extension DLLs and replace them with 64-bit versions from the DLL author.

Routing and remote access

  • Not all non-Microsoft virtual private network (VPN) client applications are currently compatible with this release. For a list of compatible applications, see the VPN client compatibility information (

  • If you use international characters for authentication credentials in a username for Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), or Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAPv2), Network Policy Server (NPS) for Windows Server 2008 R2 is unable to authenticate the credentials. To avoid this issue, do not use international characters in a username for PAP, CHAP, or MS-CHAPv2. (Authentication works if you are using NPS for Windows Server 2008 R2). To correct this, see the Routing and Remote Access blog (

Windows Management Instrumentation

If you upgrade the RC release of Windows Server 2008 R2 to this release, Windows Management Instrumentation (WMI) providers not included in this release and any applications that depend on them may stop working.

To avoid this, use Regedit.exe to export the following keys to a safe location prior to upgrading the server:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\wbem\cimom\CompatibleHostProviders UnSecredList.reg

  • HKEY_LOCAL_MACHINE\Software\Microsoft\wbem\cimom\SecuredHostProviders SecredList.reg

After the upgrade is complete, re-import these keys with Regedit.exe. In addition, if the value of DefaultSecuredHost was 1 prior to the upgrade, use Regedit.exe to add the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\wbem\cimom /v DefaultSecuredHost /t REG_DWORD /d 1 /f

Windows PowerShell

  • If you run the Best Practices Analyzer cmdlet “invoke-BpaModel”, you may receive an exception or an error. This can occur whenever you create a remote runspace and use the command get-bpaModel | invoke-bpaModel with multiple roles installed, or if you run the Best Practices Analyzer scan multiple times.

    To avoid this, change the default memory quota of the remote shell to 250 MB by physically accessing the remote computer and then run the following command in Windows PowerShell™:

    set-item WSMan:\localhost\Shell\MaxMemoryPerShellMB -Value 250

  • This issue affects Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, and Windows Server 2008 R2 for Itanium-Based Systems.

    Windows PowerShell Integrated Scripting Environment (ISE) graphical elements may not render correctly if you are using Windows Presentation Foundation (WPF) hardware acceleration. If the graphical elements do not render correctly, disable WPF hardware acceleration, especially if you are using older video drivers or virtualization software. For more information, see Graphics Rendering Registry Settings (

Windows Search indexing

If you use a computer that has Windows Search enabled (Windows 7, Windows Vista, or Windows XP with Windows Search installed) and have chosen a custom index location that has a path name longer than 128 characters, the indexer will not start after you have upgraded the computer to this release. Search functionality and some library views are affected.

To avoid this, move the index to a different location that has a path name of less than 128 characters before you install this release as an upgrade.

If this has already occurred, use the Restore Defaults button on the Advanced Options pane of the Indexing Options control panel to reset the indexer.

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2009 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Aero, Hyper-V, Internet Explorer, Windows, Windows Media, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.