SQL Server 2025 went GA on November 18th. CU1 dropped on January 15th. Two months in production. Time to check the scoreboard.
I dug through Microsoft's known issues, read what the experts are saying, and tested a few things myself. These are my thoughts on the good, the broken, and where I'm on hold.
CU1: Don't Install It (Yet)
CU1 (KB5074901) landed a week ago with 16 fixes. It also breaks Database Mail.
Could not load file or assembly 'Microsoft.SqlServer.DatabaseMail.XEvents, Version=17.0.0.0' or one of its dependencies. The system cannot find the file specified.
Microsoft's official guidance: "If you use Database Mail and already downloaded this update, don't install it until a fix is available. If you already installed this update, uninstall it." Nice. Welcome to CU1.
What Brent Ozar Says
Brent published his known issues roundup in December. His take: "Knock on wood, this is shaping up to be one of the better, more reliable releases so far."
High praise from someone who's watched a lot of SQL Server launches. His highlights:
Query Store + PSPO on readable secondaries = access violations. If you enable Query Store without disabling PSPO, you can crash the instance. Fix: disable PSPO.
Auditing won't write to the security log. Workaround: write to a file instead. Or, as Brent puts it, "if you need your auditing to be legally defensible, you need to use a third party appliance that sits in between SQL Server and the rest of the network, capturing all network packets." Agreed.
Full-text won't index documents larger than 25MB. Registry edit required to lift the limit.
Won't install without TLS 1.2. If your sysadmins disabled TLS 1.2 everywhere because 'it's deprecated', you'll need to have a discussion.
Won't install with more than 64 cores per CPU. Virtualization workaround: configure more sockets, fewer cores per socket.
PowerShell breaks with strict encryption. The irony: people proactive enough to use PowerShell are also the ones who enforce strict encryption.
SQL Auth logins are slower. SQL Server 2025 uses PBKDF2 for password hashing, otherwise known as 100,000 iterations of SHA-512. Security improvement and NIST compliance -- but every SQL auth adds ~150ms overhead. If you're using connection pooling, you may not notice. If you're not pooling and monitoring login latency, this will surface. VladDBA did the math: brute-forcing that took 45 seconds on 2022 now takes an estimated 154,008 seconds. This is not a small point.
SQLNCLI is gone. Microsoft followed through on a deprecation. The replacement, MSOLEDBSQL, enforces strict TLS certificate validation by default. If your linked servers were set up years ago with self-signed certs and 'trust me' settings, they will break. Options: fix your certificates properly, use TrustServerCertificate=Yes (less secure), or use sysadmin logins / Kerberos.
Aaron Bertrand's Upgrade Surprises
Aaron Bertrand shared three gotchas from real-world upgrades. None prevented the upgrade from completing. All could ruin your day.
1. Setup restarts your instance during the health check. Not during the upgrade, but during the pre-check. If you like to prep everything and click 'Upgrade' at an exact moment, you can't do this anymore. The moment you proceed past a certain point, your instance goes down. Aaron's words: "I can no longer advocate doing that as it is more intrusive than it used to be."
2. Full-text indexes must be rebuilt. If you don't, your full-text queries fail. There's a workaround — set FULLTEXT_INDEX_VERSION = 1 and copy legacy binaries from an older instance — but that's a bandaid. Plan rebuild time. One commenter on Brent's post reported that rebuilding crashes the instance with a memory dump. They have an open case with Microsoft.
3. Linked servers fail with TLS errors. Same MSOLEDBSQL issue as above. Same fix options. Plan ahead.
Vector Search: Cool, But Not Production-Ready
This is the headline feature. Microsoft wants SQL Server to be your vector database. Semantic queries without leaving T-SQL -- but it's not ready yet. Here's what the fine print tells us:
Still in preview. Even though 2025 is GA, you must enable PREVIEW_FEATURES to use vector indexes.
Table goes read-only. No inserts, no updates while the index exists. Data changes require dropping the index, modifying data, and rebuilding manually.
Predicates apply AFTER vector search. You can't filter first, then search. It searches everything, then filters. Scale implications are significant.
Other limitations: MAXDOP is ignored. Requires single-column INTEGER primary key. No partitioning. Not replicated to subscribers. DiskANN limited to Standard/Enterprise.
The read-only limitation alone is a showstopper for most production scenarios. Test it. Learn it. Don't go into it hastily.
This is where I'm on hold.
The Bottom Line
Two months in, SQL Server 2025 is okay. Better than some launches. No catastrophic data corruption bugs. No hard stop recalls. The known issues are annoying but manageable — except CU1. Don't install CU1. Yet.
If you're planning an upgrade:
- Test in lower environments first. Aaron's team found all three issues before hitting production.
- Check your linked servers. SQLNCLI is gone. TLS validation is enforced.
- Inventory your full-text catalogs. Plan rebuild time.
- Start your maintenance window early. Setup is more intrusive now.
- Give it a couple more CUs. Let someone else find the next Database Mail.
Stay sharp. Verify everything. Trust nothing blindly.
More to Read:
Bookmarked this for when the day comes. Thank you for the extremely helpful overview and tips!
ReplyDeleteCompletely my pleasure. Thank you for reading!
Delete