Windows Server 2019 vs 2022 vs 2025: Which Version to Choose in 2026
Server 2022 mainstream support ends October 2026, so Server 2025 is the better choice for new deployments. The exceptions — when 2022 or even 2019 still win.
On this page
Don't have a Windows Server yet?
Deploy Windows Server 2019/2022/2025 in ~2 minutes. 6-month evaluation licence included.
In short
Pick Windows Server 2022 for most production deployments today, but plan ahead — its mainstream support ends October 13, 2026. After that you'll only get security patches until October 14, 2031. Pick Server 2025 if you want the longest support runway (mainstream until November 13, 2029) and you need the new security defaults — LDAP over TLS 1.3, RC4 Kerberos deprecation, SMB authentication rate limiting. Pick Server 2019 only if a vendor explicitly requires it: mainstream support already ended January 2024, leaving only extended security updates until January 2029.
Quick verdict by use case
| If you're running… | Choose | Why |
|---|---|---|
| New production deployment in Q2 2026 | Server 2025 | Server 2022 mainstream ends in 6 months; Server 2025 buys 3+ extra years |
| QuickBooks Desktop multi-user | Server 2022 | Broadest Intuit-certified version; verify 2025 certification on Intuit's current compatibility page before choosing 2025 |
| MSSQL Standard / Enterprise production | Server 2025 | Modern TLS defaults, longer support runway |
| Active Directory + RDS for office | Server 2025 | LDAP over TLS 1.3, RC4 Kerberos disabled in security baseline, SMB rate limiting against brute-force |
| Internet-facing file shares (SMB) | Server 2025 | SMB over QUIC now on Standard, not just Datacenter |
| MetaTrader EA 24/7 | Server 2022 | Mature, tested, no surprises; Server 2025 unnecessary for trading workloads |
| Legacy LOB software (pre-2020) | Server 2019 | Only if vendor explicitly requires it; otherwise upgrade and test on 2022 |
The Raff dashboard offers all three
Every Raff Windows Server plan lets you pick any of the three versions at creation time. Pricing is identical across versions — you're paying for vCPU, RAM, and storage, not the OS. That means the choice is purely about support runway, security defaults, and software compatibility.
Side-by-side comparison
All dates from Microsoft Lifecycle (canonical source).
| Feature | Server 2019 | Server 2022 | Server 2025 |
|---|---|---|---|
| Released | November 13, 2018 | August 18, 2021 | November 1, 2024 |
| Mainstream support ends | January 9, 2024 (ended) | October 13, 2026 | November 13, 2029 |
| Extended support ends | January 9, 2029 | October 14, 2031 | November 14, 2034 |
| Editions | Datacenter, Standard, Essentials | Datacenter, Datacenter Azure Edition, Standard, Essentials | Datacenter, Datacenter Azure Edition, Standard, Essentials |
| LDAP over TLS 1.3 | ❌ (LDAP prefers TLS 1.2) | Partial (Schannel supports TLS 1.3, LDAP defaults to TLS 1.2) | ✓ Native LDAP over TLS 1.3 |
| RC4 Kerberos | Default-allowed, deprecated | Default-allowed, deprecated | Deprecated; security baseline disables it. Microsoft rolling out DC-default change to AES-SHA1 by mid-2026 |
| LDAP channel binding enforceable | ❌ | Partial | ✓ (replay protection) |
| SMB over QUIC | ❌ | ✓ (Datacenter Azure Edition only) | ✓ (Standard + Datacenter) |
| SMB authentication rate limiter | ❌ | ❌ | ✓ (default on, anti brute-force) |
| Hotpatching | ❌ | Datacenter Azure Edition Core only | Azure / Azure Arc subscription only |
| .NET Framework default | 4.7.2 | 4.8 | 4.8.1 |
| PowerShell default | 5.1 | 5.1 | 5.1 |
Where Server 2019 wins
Almost nowhere as of 2026. Mainstream support ended January 9, 2024 — Microsoft only ships security updates now, until January 9, 2029. Cases for choosing 2019:
- Legacy LOB software with a hard "Windows Server 2019" dependency that the vendor refuses to certify on newer versions (rare in 2026 but exists for some accounting/ERP packages).
- Existing 2019 fleet where matching one more server simplifies operations.
If you're starting fresh, skip 2019. The 5-year shorter support runway versus 2025 makes it economically irrational.
Where Server 2022 wins
The conservative production choice — but the support clock is ticking.
- Broadest software certification today. Every major business app vendor (Intuit, Sage, MetaQuotes, Adobe, all major MSSQL versions) has explicit 2022 support documented. Server 2025 is catching up fast but lags in spots — always check the vendor's current compatibility page.
- Predictable behaviour. Four-plus years of community knowledge, troubleshooting threads, KB articles. When something breaks, the fix is already on Stack Overflow.
- Stable AD experience. Doesn't carry the breaking changes Server 2025 brought (RC4 Kerberos deprecation, LDAP channel binding enforcement, tightened encryption defaults).
The catch: mainstream support ends October 13, 2026. After that, no new features and no non-security bugfixes — just security patches until October 14, 2031. If you deploy 2022 today, plan for an upgrade path to 2025 within 18 months.
Where Server 2025 wins
Pick when these matter to you:
- Longest support runway. Mainstream until November 2029, extended until November 2034.
- LDAP over TLS 1.3. Per Microsoft Learn, Windows Server 2025 LDAP "prefers encryption and supports TLS 1.3 for LDAP over TLS connections." On 2019 and 2022, LDAP over TLS defaults to 1.2 even though Schannel itself supports 1.3. Bigger deal than it sounds for compliance-driven environments.
- Kerberos RC4 deprecation. Microsoft's Windows Server 2025 security baseline disables RC4 entirely, and the DC default-encryption-type change to AES-SHA1 is rolling out across all supported Windows Server versions by mid-2026. Server 2025 gets you there fastest.
- SMB over QUIC on Standard. Was Datacenter-only on 2022. Modern remote file access without a VPN, on the cheaper edition.
- SMB authentication rate limiter. Default on. Throttles failed NTLM and PKU2U authentication attempts. Real protection against brute-force.
- LDAP channel binding enforceable by default. Closes a long-standing replay-attack weakness without you having to remember to harden it.
Don't pick 2025 if:
- Your software stack hasn't been certified yet. Check the vendor's current compatibility matrix before committing.
- You're adding a single 2025 DC to a mixed-version Active Directory forest. Community reports through 2025 document authentication breakage when Server 2025 DCs join forests running alongside 2019/2022 DCs — machine account password rotations fail, domain logons stall, and remediation is painful. The tightened Kerberos defaults don't play nicely with older DCs. If you go to 2025 for AD, plan to migrate all domain controllers together rather than piecemeal.
What about hotpatching?
Hotpatching on Server 2025 is not a free generic feature. Per Microsoft's hotpatch page:
- On Azure VMs: works automatically with Azure Edition images.
- On non-Azure machines (including a Raff Server): requires Azure Arc registration and a monthly subscription fee (announcement, April 2025).
If reboot-free patching is a hard requirement for you, factor in the Azure Arc subscription cost when comparing TCO. For most Raff customers, monthly maintenance reboots remain the norm regardless of OS version.
Where they tie
- Performance under typical workloads. Difference between 2022 and 2025 on a 4-vCPU / 8 GB server is in the noise (under 2% on most benchmarks).
- PowerShell. All three ship 5.1 by default. PowerShell 7.x is a separate install; the experience is identical across versions.
- IIS for ASP.NET. All three host modern ASP.NET Core. The IIS module (ANCM) is functionally identical.
- MSSQL Server 2022. Runs natively on 2019, 2022, and 2025 with no version-specific features locked off.
- RDS Session Host basics. Two-session admin RDP works the same across all three; only RDS CAL setup differs slightly in the management UI between 2019 and 2022/2025.
- Server Manager first-run behaviour. Auto-launches on first RDP login on all three versions.
- Microsoft 365 Apps with Shared Computer Activation. Works on all three — but note that Microsoft 365 Apps support on Server 2019 ended October 14, 2025. Plan accordingly if you host M365. Support on Server 2022 runs until October 2026 (aligned with its mainstream support), and on Server 2025 until October 2029.
Our recommendation
For new Raff Windows Server deployments in Q2 2026: choose Server 2025.
The math has flipped. Server 2022 was the safe default for years, but with mainstream support ending in October 2026, deploying 2022 today commits you to an upgrade project inside 18 months. Server 2025 has caught up on software compatibility for the major business apps (MSSQL, .NET, Office), and the security defaults — TLS 1.3 for LDAP, RC4 Kerberos deprecation, SMB rate limiting — are real wins.
Pick Server 2022 only if you have a documented vendor incompatibility with 2025 (verify on the vendor's current compatibility page, not 2024 forum threads).
Pick Server 2019 only if you have a hard vendor requirement. Start budgeting the upgrade — the extended-support-only window means rising risk without new features.
When you provision your Raff Windows Server, all three versions are available from the dashboard with identical pricing. Switch later by deploying a new VM and migrating — there's no in-place upgrade path on a Windows Server VM.
Tested on
Tested on: Three Raff Windows Servers, one per version, 2 vCPU / 4 GB each.
- Windows Server 2019 Standard build 17763 (RTM)
- Windows Server 2022 Standard build 20348 (RTM)
- Windows Server 2025 Standard build 26100 (RTM)
Each VM provisioned and connected via RDP from macOS 26.3.1 using Microsoft Windows App, 2026-04-20. Tester: Serdar Tekin.
Note: these are RTM builds. Fully-patched production servers will show higher build numbers after cumulative updates.
What's next
- Connect to a Windows Server via RDP (Windows, macOS, Linux, Mobile) — first step on whichever version you pick
- RDS CAL licensing on Windows Server (BYOL & SPLA guide) — license multi-user RDP correctly
- What's new in Windows Server 2025 — Microsoft Learn deep dive
Sources
- Microsoft Lifecycle — Windows Server 2019 (mainstream end 2024-01-09, extended end 2029-01-09)
- Microsoft Lifecycle — Windows Server 2022 (mainstream end 2026-10-13, extended end 2031-10-14)
- Microsoft Lifecycle — Windows Server 2025 (mainstream end 2029-11-13, extended end 2034-11-14)
- Microsoft Learn — What's new in Windows Server 2025 (LDAP TLS 1.3, SMB over QUIC on Standard, SMB rate limiter, LDAP channel binding)
- Microsoft Windows Server Blog — Beyond RC4 for Windows authentication (staged rollout to DC default AES-SHA1 by mid-2026)
- Microsoft Learn — Deprecated features in Windows Server 2025 (TLS 1.0/1.1 disabled by default, RC4 Kerberos deprecation, NTLMv1 removed in 24H2)
- Microsoft Learn — Hotpatch for Windows Server (Azure / Azure Arc subscription requirement on non-Azure machines)
- Microsoft Learn — Windows Server end of support and Microsoft 365 Apps
- Date last verified: 2026-04-20