Share via

Upgrade Windows Server 2016 to 2025

Rancy Chadha 20 Reputation points
2026-02-11T20:36:18.22+00:00

We are planning to upgrade the windows server standard from 2016 to 2025. Below are the details: Current OS: Windows 2016 Standard

Planned to upgrade: Windows 2025

Method: In Place upgrade

Infra: Azure VM

This server is also our certificate server that issues certificates hence it has windows certificate services enabled. As per article: https://learn.microsoft.com/en-us/azure/virtual-machines/windows-in-place-upgrade#perform-in-place-upgrade-to-windows-server-2016-2019-2022-or-2025 upgrade from 2016 to 2025 is supported.

However, I would like to know if it would not break our certificate service or there are any prerequisites that we need to consider or is it not possible to upgrade to 2025 if we use the server for certificate service. Thanks in advance!

Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
0 comments
Answer accepted by question author
  1. Harry Phan 15,915 Reputation points Independent Advisor
    2026-02-11T21:05:55.8433333+00:00

    Hello Rancy,

    An in‑place upgrade from Windows Server 2016 Standard to Windows Server 2025 on Azure VMs is supported, including systems running Active Directory Certificate Services. The upgrade process itself does not inherently break the CA role, but you must treat it as a high‑risk workload because the CA database, private keys, and registry configuration under HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration are critical. Before proceeding, perform a full backup of the CA database (%windir%\System32\CertLog), the CA private key, and export the CA configuration using certutil -backupdb and certutil -backupkey. It is also recommended to snapshot the VM in Azure prior to the upgrade.

    Microsoft’s guidance emphasizes that while in‑place upgrades are technically supported, the best practice for certificate services is migration rather than upgrade, because it reduces risk and ensures clean state continuity. If you decide to proceed with in‑place upgrade, validate the CA service immediately afterward by issuing and revoking test certificates, and confirm CRL publishing. If any anomalies appear, restore from backup or fall back to the snapshot. In short, yes, it is possible, but you should prepare backups and a rollback plan, and strongly consider migration if this CA is mission‑critical.

    Harry.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-11T20:36:33.79+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Upgrading from Windows Server 2016 to Windows Server 2025 is supported, and you can perform this as an in-place upgrade. However, when dealing with a server that has Windows Certificate Services enabled, there are a few considerations to keep in mind:

    1. Backup: Always ensure you have a complete backup of your server and its configurations before proceeding with the upgrade. This is crucial in case any issues arise during the upgrade process.
    2. Compatibility: While the upgrade path is supported, it’s important to verify that all applications and services running on the server, including the Certificate Services, are compatible with Windows Server 2025. Check for any known issues or required updates for your specific setup.
    3. Testing: If possible, test the upgrade in a non-production environment first to identify any potential issues that could affect your certificate services.
    4. Downtime: Be prepared for some downtime during the upgrade process, as the server will disconnect from RDP sessions and may require time to complete the upgrade.
    5. Post-Upgrade Configuration: After the upgrade, you may need to reconfigure certain settings or verify that the Certificate Services are functioning as expected.

    Overall, while upgrading to Windows Server 2025 should not inherently break your certificate services, careful planning and testing are recommended to ensure a smooth transition.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.