Says who? Havent had any problems over 4+ years.
Microsoft has EVAL versions of Windows available for download. They work for 180 days, iirc.
Regular Active Directory Domain Services works great.
You need to explain in high detail your top-view actual needs. If you need NFS, you MIGHT want to be using Kerberos, but you might also get away without using it depending on your network configuration and actual security requirements.
Sane MFA apps explicitly disallow their data from being backed up. That would be a massive attack vector if it was possible.
-
Automated certs (from 2 different CAs, not just LE) are baked in and require ZERO configuration.
-
Configuration simplicity, most of my proxied services take 3 lines total each.
Caddy. A reverse proxy / web server with automated LE certs that is easier than this does not exist.