Upgrade Windows Server 2012 to Server 2019

Reading Time: 3 minutes

Microsoft recommend upgrading your server OS to the latest version, but this is not always possible. Your business may be running third party applications that are not compatible with later Windows Server Operating Systems.

Before upgrading, always check whether the applications running on your current Operating System are supported. It will save you a lot of time and disappointment.

So let’s continue on the basis that you have carried out your checks and the applications currently running on your server supports Server 2019.

Firstly, ensure you have a full backup of your server, so in the event the upgrade goes horribly wrong, you have a backup.

Note: If you have Microsoft Endpoint Protection installed, you will be prompted to remove this app. This app is not compatible with server 2019

Now, that you are all set, you may be thinking, can I upgrade directly from server 2012 or server 2012 R2 to Server 2016? The answer is yes, you can and it’s a supported method. See support matrix from Microsoft below. So whether you decide to upgrade from Server 2012 to 2019 or from 2016 to 2019 a one hop in-place upgrade is supported.

Available in-place upgrade paths

Ok, so we now have a full system backup, and we know that third party apps are supported with server 2016/2019.

Before we get started with the upgrade, Microsoft recommend that you collect some information from your device, for diagnostic and troubleshooting purposes. Because this information is intended for troubleshooting purposes only, store the information at a location where it’s easy accessible and not on the server being upgraded.

To collect your info

  1. Open a command prompt, go to c:\Windows\system32, and then type systeminfo.exe.
  2. Copy, paste, and store the resulting system information somewhere off of your device.
  3. Type ipconfig /all into the command prompt, and then copy and paste the resulting configuration information into the same location as above.
  4. Open the Registry Editor, go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion hive, and then copy and paste the Windows Server BuildLabEx (version) and EditionID (edition) into the same location as above.

Upgrade Server 2012 to 2019

1) Patch your server with the latest windows updates if not already up to date
2) Locate the Windows Server 2019 Setup media, and then select setup.exe
3) Select the Windows Server version you wish to upgrade to

Screen to choose which Windows Server 2012 R2 edition to install

4) Accept the licensing terms

Screen to accept your license agreement

5) If you’re running Microsoft Endpoint Protection on your server, setup will prompt for this app to be removed as it isn’t compatible with Windows Server 2019

6) Select Keep personal files and apps, and then select Next

Screen to choose your installation type

7) After Setup analyses your server, setup will prompt you to proceed with your upgrade by clicking install

Screen showing you're ready to start the upgrade

8) Wait for the upgrade to complete

Screen showing your upgrade progress

9) To ensure the upgrade completed successfully

– Open the Registry Editor, go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion hive, and view the ProductName. You should see your edition of Windows Server 2019, for example Windows Server 2019 Standard. Make sure all of your applications are running and that your client connections to the applications are successful.

If you think something might have gone wrong during your upgrade, copy and zip the %SystemRoot%\Panther (usually C:\Windows\Panther) directory and contact Microsoft support.

Authentication Error Has Occurred. The function requested is not supported

Reading Time: < 1 minute

When attempting to RDP to a server, you may receive the below error:

Authentication Error Has Occurred. The function requested is not supported

There are a couple of ways you can resolve this issue:

Option 1:
1) Click start, click run, type gpedit.msc and click ok
2) Browse to Computer Configuration > Administrative Templates > System > Credentials Delegation > Encryption Oracle Remediation
3) Within Encryption Oracle Remediation click enable and change protection level to Vulnerable and click apply

Option 2:
1) Click start
2) Locate My Computer or This PC depending on your OS version
3) Right click and click properties
4) Click advanced system settings
5) Click the Remote tab
6) Untick the box ‘Allow connections only from computers running remote desktop with network level authentication’
7) Click ok

How to check if LSA Protection was successfully enabled

Reading Time: < 1 minute

  1. Access Event logs
  2. Access System Logs under Windows
  3. Locate event ID 12, should be labelled as Wininit and display the below message

    LSASS.exe was started as a protected process with Level 4

    A reboot is required after you have enabled LSA Protection

    Please read the below link before applying LSA Protection:


The target server is already a domain controller

Reading Time: < 1 minuteYou have promoted your server to a DC, but find that when you go into server manager the alert prompting to promote the server to a DC is still there.

This seems to be a bug and there is an easy way to get around this:

  1. Click Server Manager
  2. Click the link to promote server to DC
  3. Wait for the process to timeout, until you receive the error below. Click show more so the error pops up in a small window.

    Error determining whether the target server is already a domain controller. The target server is already a domain controller

  4. Click the OK button
  5. Click cancel button, so no windows are now showing
  6. Close server manager
  7. Open server manager and the alert should have disappeared

svchost The version store for this instance (0) has reached its maximum size of 2Mb

Reading Time: < 1 minuteError:
Event ID: 623 Source: esent
svchost ( ) The version store for this instance ( ) has reached its maximum size of 2Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible resolution:
If all your servers are getting stuck on the welcome screen for up to 5 minutes when logging on, identify which Domain Controller they are authenticating against, disable the Smart Card Device Enumeration Service on the Domain Controller and reboot. For more details please visit https://cloudbuild.co.uk/?p=2468