In-place upgrade of Windows Server 2022 to 2025

Image may be NSFW.
Clik here to view.

In this article, we shall discuss how to perform an In-place upgrade of Windows Server 2022 to 2025. Windows Server 2025 was officially released on November 1st, 2024. This latest version introduces several enhancements, including improved security features, performance optimisations, and better integration with hybrid cloud environments. Please, see Perform an in-place upgrade from Windows Server 2016 to Windows Server 2019, and how to Upgrade Windows Server 2019 to 2022 via iDRAC.

Windows Server 2025 comes in the following editions tailored to different organisational needs. They are the Essential Edition, the Standard Edition for lightly or non-virtualized environments, the Datacenter Edition for highly virtualised datacenter and cloud environments, as it is in my case, and the Datacenter: Azure Edition for seamless integration with Microsoft Azure in hybrid cloud scenarios.

Since it is time to move my Veeam Backup and Replication (VBR) to a newer version of Windows Server, this might also be the case for you. Depending on what application you are running now, you have several options to get there. You can learn about the known issues for Windows Server 2025 before proceeding to upgrade.

For instance, you can perform an in-place operating system (OS) upgrade (feature update) to a newer version of Windows Server. Or perform a clean install of Windows Server 2025, or even migrate your existing system to Windows Server. This depends on your needs. You will find this guide very exciting. Here is an alternative discussion for the VBR use case on Spicework.

Also, see how to upgrade Windows Server Evaluation to Full Version, how to upgrade Microsoft SQL Server 2019 to 2022, and how to upgrade Windows Admin Center 2306 – 2311: Run WACmg v2401.

Why Perform an Upgrade?

An in-place OS upgrade performs a feature update for your Windows Server while preserving the settings, server roles, features, and data. For non-clustered systems, this method allows you to skip multiple versions, making it the fastest way to upgrade to a newer Windows Server release.

Running the latest version of Windows Server allows you to use the latest features. This includes running the latest security features that deliver the best performance. You can upgrade to a newer version of Windows Server by up to two versions at a time.

Note: Some roles and features do not support in-place upgrades. Virtual machines (VMs) that do not require specific Original Equipment Manufacturer (OEM) hardware driver upgrades are usually successful when performing in-place upgrades.

The table below shows the supported upgrade paths, based on the version you’re currently on

If you wish to convert from one Windows Server Edition to the other, here is a guide on “Convert Windows Server Essentials or Evaluation to Retail Edition“. All you have to do is run a command and enter the appropriate license key for the edition you want to convert to.

Note: It is interesting to note that when you convert your edition from Standard to Datacenter, there’s no way to reverse the process to return to Standard Edition.

Microsoft Windows Server Lifecycle

Windows Server is governed by the “Fixed Lifecycle Policy”. Microsoft’s Fixed Lifecycle Policy guarantees support and servicing for its products over a defined timeframe. This policy covers many commercial and consumer products, ensuring a clear and predictable lifecycle from launch, and allows you to plan your server refresh cycles around set dates.

Mainstream Support is the first phase of Microsoft’s Fixed Lifecycle Policy. It offers comprehensive product support. This includes incident support (no-charge and paid options, hourly support, and warranty claim assistance), security updates, and the option to request non-security updates.

“Mainstream Support” typically lasts five years from the product’s general availability, though the duration may vary based on the product or licensing agreement.

Extended Support follows “Mainstream Support”, providing continued support with certain limitations. This includes paid support and free security updates but no new feature requests or warranty claims.

Long-Term Servicing Channel (LTSC) and the Annual Channel (AC)

Also, as shown in the table below, Windows Server has two primary release channels which are the Long-Term Servicing Channel (LTSC) and the Annual Channel (AC).

The LTSC provides a longer-term option focusing on a traditional lifecycle of security and quality updates. The AC provides more frequent releases, focusing on containers and micro-services, so you can take advantage of innovation more quickly.

Windows Server 2025 is the current LTSC release. Windows Server, version 24H2 is the latest AC release at the time of writing this article. 

Note: When extended support ends, Microsoft stops releasing security patches that protect the server from vulnerabilities and exploits. However, businesses can often purchase extended support from Microsoft for additional patching.

I would recommend upgrading Windows Server as part of a five-year hardware refresh cycle to take advantage of the latest features and ensure mainstream support throughout the server’s.

Please, see Why you should not Upgrade Windows on an ePO Server, how to upgrade Veeam Backup and Replication 12.3, and how to “The virtual machine has terminated unexpectedly during startup with exit code 1 (1×0): Failed to open a session for the virtual machine Windows Server 2019“.

Application Use Case: Veeam Backup and Replication, PostgreSQL and MSSQL

According to the article shared above, a question was raised on if it is recommended to perform an “in-place Upgrade on B&R System on Windows”. From all responses, a lot suggested that a “Clean installation is preferred. But an in-place upgrade should work”. Others suggested migrating to a newer OS (I actually do not like this method for VBR). Some also said that they have performed in-place upgrade of their OS without issues.

I added a comment myself by saying, “It depends”. If you are using VBR solely on the server, I recommend a clean installation. Running VBR only is often recommended. But this is not the case for everyone. I have a Microsoft SQL Server Engine running, VeeamOne instance and PostgreSQL. Therefore, an in-place upgrade is sufficient for me. But you may want to take a look at this response from Veeam Support for more information, as quoted below.

Generally speaking an in place OS upgrade should not directly affect Veeam, though some precautions could be made to ensure things go smoothly.
When upgrading the VBR Server:
First I would ensure that you have the Veeam configuration database backed up, preferably in an encrypted format so that it includes the system credentials.
Next, I would ensure that the backup jobs are disabled during the upgrade process, depending on the types of jobs / actions being taken it is possible to corrupt certain types backups if the system is restarted at inopportune times, particularly during incremental merges, so manually ensuring that none of the jobs will be interrupted is probably for the best.
Finally, should something go wrong it’s not a complicated process to uninstall all Veeam software and reinstall, importing the configuration backup that was made previously.
Aside from that, the only other potential issues that I can foresee are related to the SQL Server that Veeam is using for the Veeam Backup database.

Veeam Support

Note: Therefore, pay attention to PostgreSQL and Microsoft SQL Server (MSSQL) compatibility with VBR as well if my use-case discussed above is similar to your environment.

Recommendation for VBR Test before Upgrade

I recommend performing the upgrade from Windows Server 2022 to Windows Server 2025 in a Veeam Virtual Lab first to ensure a smooth transition before upgrading the Veeam Backup & Replication (VBR) server itself. This allows you to test the upgrade process in an isolated environment without impacting production.

Additionally, creating a VM snapshot before proceeding ensures you can quickly revert to a stable state if any issues arise.

The virtual lab is an isolated virtual environment in which Veeam Backup & Replication verifies VMs. In the virtual lab, Veeam Backup & Replication starts VMs from the application group and the verified VM. The virtual lab is used not only for the SureBackup verification procedure, but also for U-AIR, On-Demand Sandbox and staged restore.

The virtual lab itself does not require that you provision extra resources for it. However, VMs running in the virtual lab consume CPU and memory resources of the ESXi host where the virtual lab is deployed. All VM changes that take place during recovery verification are written to redo log files. By default, Veeam Backup & Replication stores redo logs on the datastore selected in the virtual lab settings and removes redo logs after the recovery process is complete

Please, see Enable Automatic Logon via Windows Registry,  MDM Bridge WMI Provider and Windows 10 MDM Capabilities, and steps to create a Single App Kiosk Mode: Setup Assigned Access using Local Settings.

Operating System Requirement

Veeam supports a Microsoft Windows 2025 systems already. Therefore, installing VBR or performing an in-place upgrade is safe.

Note: Running Veeam backup server or any of Veeam backup infrastructure components on Insider versions of Microsoft Windows OS (both Client and Server) is not supported.

Configuration Database Requirement

All editions of Microsoft SQL Server are supported, therefore, upgrading the OS to Windows Server 2025 should not pose any issues. Since I currently have Microsoft SQL Server 2017 for my VeeamOne on this server, I am good to go as well.

The usage of Microsoft SQL Server Express Edition is limited by the database size up to 10 GB. If you plan to have larger databases, use other editions of Microsoft SQL Server.

Please, see Download and install MSSQL 2019 Express Edition and SSMS on Windows Server, Install Veeam Backup and Replication with the default PostgreSQL and Install SQL Server 2022 Express and SQL Server Management Studio

PostgreSQL support the following version: PostgreSQL 14.x, and PostgreSQL 15.x. Note that PostgreSQL 15.10.1 is included in the Veeam Backup & Replication 12.3 setup itself at the time of writing this article. If you are using PostgreSQL, Veeam does not recommend sharing the instance with any other services. It should be dedicated to host the backup server database only.

Note: You have no business renaming the PostgreSQL database since Veeam Backup and Replication (VBR) connects to the PostgreSQL database to access the configuration database upon upgrade or installation. Also, Veeam Backup and Replication does not support PostgreSQL and Microsoft SQL Server installations on cloud database services.

Please, see Install PostgreSQL on Windows server as Veeam Database Engine, how to Migrate Veeam Configuration Database to PostgreSQL Server, and how to alter a DATABASE compatibility level.

Summary of What’s new in Windows Server 2025

Since Microsoft recommends upgrading to the latest version of Windows Server. This ensures that the latest features are available to you, including the latest security features. This delivers the best performance. Therefore, let us go over these capabilities very quickly.

Desktop experience and upgrade

Note: The look and feel (Desktop Shell) conforms to the desktop shell of Windows 11 experience and appearance when you first log in.

Windows Server 2025 comes equipped with dtrace as a native tool. DTrace is a command-line utility that enables users to monitor and troubleshoot their system’s performance in real time. The following accounts can be added in Windows Settings under Accounts > Email & accounts for Windows Server 2025:

• Work or school account
• Microsoft Entra ID
• Microsoft account

A new compression feature has been added to Windows Server 2025. Items can be compressed by right-clicking and selecting “Compress to.” This feature supports ZIP, 7z, and TAR formats, each with specific compression methods.

Also, most used apps can now be pinned through the Start menu and is customizable to suit your needs. The Task Manager now conforms to the style of Windows 11 as well.

Windows installs WinGet by default on Windows Server 2025, providing a command-line package manager tool for installing applications on Windows devices.

Please, see how to Install Applications with Winget CLI on Windows, how to How to Install Winget on Windows Server, and how to install Winget CLI on Windows. Lastly, here is how to Install and Manage Applications with Winget.

Windows Server 2025 Advanced multilayer security

Windows Server 2025 machines connected to Azure Arc now support Hotpatch after enabling it in the Azure Arc portal. Hotpatch allows OS security updates to be applied without restarting the server.

Also, Starting with Windows Server 2025, Credential Guard is now enabled by default on devices that meet the requirements. Please, see how to Enable or disable Windows Defender Credential Guard, and Protect Remote Desktop credentials with Windows Defender Remote Credential Guard or Restricted Admin Mode.

The latest enhancements to Active Directory Domain Services (AD DS) and Active Directory Lightweight Domain Services (AD LDS) introduce a range of new functionalities and capabilities aimed at optimizing your domain management experience;

• 32k database page size optional feature: Active Directory uses an Extensible Storage Engine (ESE) database since its introduction in Windows 2000 that uses an 8k database page size. The 8k architectural design decision resulted in limitations throughout Active Directory.
• Active Directory schema updates: Three new log database files are introduced that extend the Active Directory schema: sch89.ldf, sch90.ldf, and sch91.ldf. The AD LDS equivalent schema updates are in MS-ADAM-Upgrade3.ldf
• Active Directory object repair: Enterprise administrators can now repair objects with the missing core attributes SamAccountType and ObjectCategory. Enterprise administrators can reset the LastLogonTimeStamp attribute on an object to the current time. These operations are achieved through a new RootDSE modify operation feature on the affected object called fixupObjectState.
• Forest and domain functional levels: The new functional level is used for general supportability and is required for the new 32k database page size feature. The new functional level maps to the value of DomainLevel 10 and ForestLevel 10 for unattended installations. Microsoft has no plans to retrofit functional levels for Windows Server 2019 and Windows Server 2022. 

Delegated Managed Service Account (dMSA)

The Delegated Managed Service Account (dMSA) introduces a new approach for transitioning from a traditional service account to a more secure, managed solution. This account type is designed to simplify the migration process while enhancing security.

With dMSA, service account credentials are fully managed and include automatically randomized keys, reducing the risk associated with static passwords. This eliminates the need for manual password updates and ensures that the original service account passwords are disabled, all while minimizing the impact on existing applications.

The result is a seamless transition that bolsters security without requiring significant changes to application configurations.

Windows Local Administrator Password Solution (LAPS)

The Windows Local Administrator Password Solution (LAPS) is a robust tool designed to streamline and secure the management of local administrator passwords on domain-joined devices. By automatically generating unique, complex passwords for each computer’s local administrator account, LAPS significantly strengthens security across an organization’s network.

These passwords are securely stored within Active Directory, ensuring they are centralized and protected. In addition to the initial generation, LAPS periodically updates these passwords. Below are the new Microsoft LAPS features introduced:

• New automatic account management: IT admins can now create a managed local account with ease. With this feature, you can customize the account name and enable or disable the account. You can even randomize the account name for enhanced security. 
• New image rollback detection: Windows LAPS now detects when an image rollback occurs. If a rollback does happen, the password stored in Active Directory might no longer match the password stored locally on the device. Rollbacks can result in a torn state. In this case, the IT admin is unable to sign in to the device by using the persisted Windows LAPS password. To address this issue, a new feature was added that includes an Active Directory attribute called msLAPS-CurrentPasswordVersion. This attribute contains a random globally unique identifier (GUID) written by Windows LAPS every time a new password is persisted in Active Directory and saved locally.
• New passphrase: IT admins can now use a new feature in Windows LAPS that enables the generation of less-complex passphrases.
• Improved readability password dictionary: Windows LAPS introduces a new PasswordComplexity setting that enables IT admins to create less complex passwords.

OpenSSH in Windows Server 2025

In previous versions of Windows Server, users had to manually install the OpenSSH connectivity tool before utilizing it. However, in Windows Server 2025, the OpenSSH server-side component is now pre-installed by default, streamlining the setup process.

Administrators can easily manage OpenSSH access through the Server Manager UI, which includes a convenient one-click option under Remote SSH Access to enable or disable the sshd.exe service.

Additionally, the system allows administrators to manage user access by adding or removing users from the OpenSSH Users group, providing fine-grained control over who can connect to the server via SSH. This integration simplifies administration and enhances the flexibility of remote access to your Windows Server

The list of what’s new is endless. Therefore, I will recommend you take a look at the official guide.

Here is an article on how to perform Trellix ePolicy Orchestrator Installation on Windows Server, and Trellix ePO On-prem 5.10.0 Service pack 1 Update 3 upgrade.

Removed or Deprecated

In addition to introducing new functionalities, Windows Server 2025 also sees the removal and deprecation of certain features. These changes reflect Microsoft’s ongoing efforts to streamline the operating system and phase out outdated or less secure technologies.

Removed Features​/Deprecated Technologies

Several familiar tools and services have been deprecated in Windows Server 2025:

• WordPad: Microsoft recommends transitioning to more robust alternatives like Word or Notepad for text editing needs.
• SMTP Service: The Simple Mail Transfer Protocol (SMTP) service has been discontinued, urging administrators to adopt more secure and feature-rich email solutions.
• IIS 6 Management Console: The Internet Information Services (IIS) 6 management console has been deprecated, encouraging the use of newer management tools with enhanced capabilities.
• Windows PowerShell 2.0 Engine: The PowerShell 2.0 engine has been removed, necessitating migration to newer versions such as PowerShell 5 or later to continue utilizing scripting and automation functionalities.

In addition to removed features, Windows Server 2025 has placed certain technologies on notice or ceased their development:

• NTLM (All Versions): The NT LAN Manager (NTLM) authentication protocol is no longer being developed, pushing organizations towards more secure authentication methods.
• Computer Browser Driver and Service: This legacy service has been deprecated, reflecting the shift towards more modern networking protocols and services.
• VBScript: Once a favourite among administrators for scripting tasks, VBScript is being phased out in favour of more secure and versatile scripting languages.

In-place upgrade from Windows Server 2022 to 2025

Organizations running Windows Server 2022 can upgrade seamlessly to Windows Server 2025. This step involves, moving from an older version of the operating system to a newer version, while staying on the same physical hardware.

Microsoft has also prioritized backward compatibility, enabling direct upgrades from Windows Server 2012 R2 and later. This approach ensures a smooth and flexible migration path for enterprises still relying on older infrastructures.

Note: Microsoft recommends backing up of your server and other important files before performing an in-place OS feature upgrade, a clean install, or a system migration to a later version of Windows Server.

Since this method is the quickest way to move to a later version of Windows Server, I will be downloading the version of Windows Server free of charge from the following link. You can perform an in-place upgrade from media by downloading and flashing the media to a USB and DVD disk.

Note: You will not be able to  unable to perform an in-place upgrade on any Windows Server configured to Boot from VHD. An in-place upgrade from Windows Storage Server Editions is also not supported. You can perform either a Migration or Installation instead.

Please see Create a bootable USB on Mac: Proxmox VE Setup, and why you should not Upgrade Windows on an ePO Serve.

Perform OS Upgrade

The Windows Server 2025 ISO can be downloaded only if you are using the evaluation version of Windows Server 2022 or any other version.

Note: If you are not using an “Eva version of Windows Server”. You will not be able to keep settings, and apps etc. But, will have only the option to perform a new install and this defeats the goal of this guide. As you can see, this is an Evaluation ISO. Therefore, the upgrade path is not available. Ensure you’re using the correct Windows Server 2025 Volume License or Retail ISO

Prerequisites to performing Windows Upgrade for VBR

Ensure the backup jobs have all completed successfully.

Stop Veeam services when upgrading to Windows Server 2025 to prevent issues during the upgrade process and backup corruption or failures. Stopping Veeam services ensures that no backups are running during the OS upgrade.

After the Upgrade, restart Veeam services and check logs for any issues. Run test backups and restores to confirm everything works correctly.

Performing the Upgrade

Now, right-click on the ISO and select Mount. Next, you should the setup file as shown below.

Alternatively, you can navigate to the VM settings, select the SCSI controller, and attach the installation image.

Once the virtual drive appears, launch the setup from the newly mounted drive.

On the “Getting Updates” window, click Next.

Select the option “I previously installed Windows Server on this PC”.

Next, I will select “Windows Server 2025 Datacenter (Desktop Experience) and click Next

I will accept the Applicable notices and License Terms

Select keep files, settings and apps. This will preserve the settings, server roles, features, and data.

On the “ready to install” window, click on “Install”.

As you can see below, Windows Server 2025 is currently being installed.

During this process, your device will restart several times. As you can see below, the updates is being worked on.

Here is how to Check Windows Activation Status and troubleshoot activation errors, how to Prevent Standard Users from Changing BitLocker Password, and how to Change BitLocker Password in Windows.

Post-Upgrade Steps

Upon restart, you will be prompted to enter your Password.

I will select “Required Only” to send diagnostic data to Microsoft, and click Accept.

Do not forget to check if the VBR services have started automatically. Usually, due to the service startup configured, they are started automatically.

As you can see, I have Windows Server 2025 running on this VM.

Please, see Fix Windows Server frequent disconnects and shutdown, how to Convert Windows Server Essentials or Evaluation to Retail Edition, and Transfer Windows License from one PC to the other on Windows.

Windows Server Activation

As you can see, the activation state is “Not active”. To fix this, click on Change.

Enter the Product Key and click next

In the Activate Windows, click on Activate

As you can see below, Windows is activated.

The “Activation State” is set to “Active” as shown below.

If there are Windows Updates, please run and apply them.

Test Backup Job

Now that the server has been upgraded, we need to verify that backup jobs run smoothly and complete successfully. This includes checking job statuses, and ensuring all scheduled tasks execute as expected.

As you can see below, some jobs have already completed successfully.

I hope you found this article on “In-place upgrade of Windows Server 2022 to 2025” very useful. Please, feel free to leave a comment below.

The post In-place upgrade of Windows Server 2022 to 2025 appeared first on TechDirectArchive.