Linux | Aidan Finn, IT Pro

E: Could Not Open File /var/lib/apt/lists

In this post, I’ll show how I solved a failure, that occurred during an Azure Image Builder (Packer) build with a Ubuntu 20.04 image, which resulted in a bunch of errors that contained E: Could not open file /var/lib/apt/lists/ with a bunch of different file names.

Disclaimer

I am Linux-disabled. I started my career programming on UNIX but switched to being a Microsoft infrastructure person a year later – and that was a long time ago. I am not a frequent Linux user but I do acknowledge its existence and usefulness. In other words, I figured out a fix for me, but it might not be a fix for you.

The Problem

I was using Azure Image Builder, which is based on Packer, to allow the regular creation of a Ubuntu 20.04 image with the latest updates and bits for acting as the foundation of a self-hosted DevOps agent VM Scale Set in a secure Azure network.

I had simple needs:

Install Unzip
Install Terraform

What makes it different is that I need the installations to be non-interactive. Windows has a great community with that kind of challenge. After a lot of searching, I realise that Linux does not.

I set up the tasks in the image template and for a month, everything was fine. Images built and rebuilt. A few days ago, a weird issue started where the first version of a template build was fine, but subsequent builds failed. When I looked at the build log, I saw a series of errors when apt (the package installed) ran that started with:

E: Could not open file /var/lib/apt/lists/…

The Solution

I tried a lot of things, including:

apt-get update
apt-get upgrade -y

But guess, what – the errors just moved.

I was at the end of my tether when I decided to try something else. The apt package installation for WinZip worked some of the time. What was wrong the rest of the time? Time – that was the key word.

Something needed more time before I ran any apt commands. I decided to embed a bunch of sleep commands to let things in Ubuntu catchup with my build process.

I have two tasks that run before I install Terraform. The first prepares Linux:

            {
                "type": "Shell",
                "name": "Prepare APT",
                "inline": [
                    "echo ABCDEFG",
                    "echo sleep for 90 seconds",
                    "sleep 1m 30s",
                    "echo apt-get update",
                    "apt-get update",
                    "echo apt-get upgrade",
                    "apt-get upgrade -y",
                    "echo sleep for 90 seconds",
                    "sleep 1m 30s"
                ]
            },

The second task installs WinZip and some other tools that assist with downloading the latest Terraform zip file:

            {
                "type": "Shell",
                "name": "InstallPrereqs",
                "inline": [
                    "echo ABCDEFG",
                    "echo sleep for 90 seconds",
                    "sleep 1m 30s",
                    "echo installing unzip",
                    "sudo apt install --yes unzip",
                    "echo installing jq",
                    "sudo snap install jq"
                ]
            },

I’ve ran this code countless times yesterday and it worked perfectly. Sure, the sleeps slow things down, but this is a batch task that (outside of testing) I won’t be waiting on so I am not worried.

Azure Bastion For Secure SSH/RDP in Preview

Microsoft has announced a new preview of a platform-based jumpbox called Azure Bastion for providing secure RDP or SSH connections to virtual machines running or hosted in Azure.

Secure Remote Connections

Most people that are using The Cloud are using virtual machines, and one of the great challenges for them is secure remote access. You need RDP or SSH to be able to run these machines in the real world.

Remember: for 99.9% of customers, servers are not cattle, they are sacred cows.

Just opening up RDP or SSH straight through a public IP address is bad – hopefully you have an NSG in place, but even that’s bad. If you enable Standard Tier Security Center, the alerts will let you know how bad pretty quickly. And if the recent scare about the RDP vulnerability didn’t wake you up to this, then maybe you deserve to have someone else’s bot farm or a bitcoin mine running in your network.

There are ways that you can secure things, but they all have the pluses and minuses.

VPN

The real reason that we have point-to-site VPN in Azure virtual network gateway was as an admin entry point to the virtual network.

The clue is in the maximum number of simultaneous connections which is 128, way too low to consider as an end user solution for a Fortune 1000, who Microsoft really do their planning for.

If you have supported end user VPN then you know that it’s right up there with password resets for helpdesk ticket numbers, even with IT people like developers. Don’t go here – it won’t end well.

Just-in-Time VM Access

JIT VM Access is a feature of Security Center Standard Tier. It modifies your NSG rules to deny managed protocols such as RDP/SSH (the deny rules are stupidly made as low priority so they don’t override any allow rules!).

When you need to remote onto a VM, an NSG rule is added for a managed amount of time to allow remote access via the selected protocol from a specific source IP address.

So, if it’s all set up right, you deny remote access to virtual machines most of the time. But you will open direct access. And the way JIT VM Access manages the rules now is wonky, so I would not trust it.

An RDP Jumpbox

This is an old method – a single virtual machine, or maybe a few of them, are made available for direct access. They are isolated into a dedicated subnet. You remote into a jumpbox, and from there, you remote into one of your application/data virtual machines.

Unfortunately, it’s still straight RDP/SSH into a machine that is directly accessible on the Internet. So in the remoting protocol vulnerability scenario, you are still vulnerable at the application layer. You could combine JIT VM Access, but now normal daily operations are going to be a drag and I guarantee you that people will invest time to undermine network security. Also, you are limited to 2 RDS connections per jumpbox without investing in a larger RDS (machines + licensing) solution.

Guacamole

This one is relatively new to me. At first it looked awesome. It’s a HTTPS-based service that allows you to proxy into Linux or Windows virtual machines via RDP or SSH.

All looked good until you started running Windows Server 2016 or later in your virtual machines and you needed NLA for secure connections via RDP. Then it all fell apart. The solution requires you to either disable NLA in the guest OS (boo!) or to hard code a username/password with local logon rights for your guest OS’s into the Guacamole server (double-boo!).

Azure Bastion

In case you don’t know this, a bastion host is another name for a jumpbox – an isolated machine that you bounce through. In this case, Bastion is a service that is accessible via the Azure Portal. You sign into the portal, click Connect and use the Bastion service to connect to a Linux or Windows virtual machine via SSH/RDP in the Portal. The virtual machine does not require a public IP address or a “NAT rule”, but it’s still SSH/RDP.

On the downside:

There’s no multi-factor authentication (MFA)
It requires that you sign into the Azure Portal – many people running in the guest OS might not even have those rights!
VNet peering is not supported – so larger enterprises are ruled out here … no one in their right mind will deploy 500 bastion hosts (one per VNet) in a large enterprise.

Microsoft did say that these things will be worked on, but when? After GA, which based on the time of year I guess will be just before/after Ignite in early November?

In my opinion, Bastion is the right idea, but more of the backlog should have been included in the minimal viable product.

A Gateway to a Better Solution

If you are a Citrix or a RDS person then you’ve been screaming for the last 5 minutes. Because you’ve been using something for years that most people still don’t know is possible. Both Citrix and RDS have the concept of an SSL gateway.

In the case of RDS, we can deploy one or more (load balanced) Windows Server virtual machines with the RDS Gateway role. If we combine that with NPS and Azure AD, we can also add MFA. With a simple tweak to the Remote Desktop Connection client (MSTSC.EXE), we can RDP to a Windows machine behind the RDS Gateway. The connection from the client to the gateway is pre-authenticated, x.509 certificate protected, HTTPS traffic encapsulating the RDP stream. That connection terminates at the RDS Gateway and then forwards as RDS to the desired Windows Server virtual machine behind it.

Unlike the previous jumpbox solution:

This can be a low-end machine, such as a B-Series.
It can scale out using a load balancer
Many people can relay through a single jumpbox machine.
You won’t need RDS licensing at all, not even to scale out to more than 2 users per gateway machine.

So – there’s no SSH here. So Linux is a problem.

Opinion

We don’t really have a complete solution right now. Azure Bastion probably will be the best one in the long-run, but it has so many missing features that I couldn’t consider it now. For Windows, an RDS Gateway is probably best, and for Linux, a Guacamole server might be best.

What do you think?

Linux Integration Services 4.1 for Hyper-V

Microsoft has released a new version of the integration components for Linux guest operating systems running on Hyper-V (2008, 2008 R2, 2012, 2012 R2, and 2016 Technical Preview, Windows 8, Windows 81, and Azure).

What’s new?

Expanded Releases: now applicable to Red Hat Enterprise Linux, CentOS, and Oracle
Linux with Red Hat Compatible Kernel versions 5.2, 5.3, 5.4, and 7.2.
Hyper-V Sockets.
Manual Memory Hot Add.
SCSI WNN.
lsvmbus.
Uninstallation scripts.

Technorati Tags: Hyper-V,Linux

The Genuine Need for Disaster Recovery In Ireland/EU

How many times have you watched or read the news, saw some story about an earthquake, hurricane, typhoon, or some other disaster and think “that will never happen here”? Stop kidding yourself; disasters can happen almost everywhere.

I’ve always considered Ireland to be relatively safe. We don’t have (anything you’d notice) earthquakes, typhoons, or tornadoes; our cattle and sheep don’t need flying licenses. Our weather is dominated by the gulf stream, keep Ireland temperate. It doesn’t get hot here (we are quite northerly) and our winters consist of cloud, rain, and normally about half a day of snow. We get the tail end of some of those hurricanes that hit the east coast US, but there’s not much left by the time they reach us – some trees get knocked over, some tiles knocked on our roofs, but it’s not too bad. Even when we look at our neighbours in England, we see how their more extreme climate causes them disasters that we don’t get. Natural disasters just don’t happen here. Or do they?

The last month or so has revealed that to be a lie. Ireland has been battered by 6 storms in the past month. The latest, Storm Frank, was preceded with warnings that the country was saturated. That means that the ground has absorbed all of the water that it can; any further rainfall will not be absorbed, and it will pool, flow, and flood.

This morning, I woke to these scenes:

Enniscorthy, Co. Wexford [Image source: Paddy Banville]

Graignamanagh, Co. Kilkenny [Image source: Graignamanagh G.A.A]

Middleton, Co. Cork [Image source: Fiona Donnelly]

Frank isn’t finished. It’s still blowing outside my office and more rain is sure to fall. There are stories of communities being evacuated to hotels, and the above photos are just the easy ones for the media to access.

This isn’t just a case of cows trapped in fields, stick a sandbag on it and you’re sorted, or somewhere far away. This is local. And Ireland is a relatively safe place – we’re not Oklahoma, a place that some deity has decided should be subject to cat 5 tornadoes every time you’re not looking. Dorothy, the point is, that disasters happen everywhere, including in the EU where we think it safe.

Let’s bring this back to business. Businesses have been put out of action by these floods. Odds are any computers or servers were either on the ground floor or in the basement. Those machines are dead. That means those businesses are dead. They might be lucky enough to have tapes (let’s leave that for another time) stored offsite but how reliable are they and will bare-metal restore work, or will it take forever? How much money will those businesses lose, or more critically, will those businesses survive loss of customers?

This is exactly why these businesses need a disaster recovery (DR) solution. There are several reasons why they don’t have one now:

Fires and other unnatural disasters happen everywhere
They couldn’t afford one
The business owners didn’t think there was a need for one
Some resellers didn’t think there was demand for one so they never brought it up with their customers

The need is there, as we can clearly see above. And thanks to Microsoft Azure, DR has never been so affordable. FYI, it comes in at a price that is a small fraction of the cost of solutions from the likes of Irish companies such as KeepITSafe – I’ve done the competitive pricing – and it opens that customer up to more technical opportunities with hybrid cloud solutions.

Microsoft Azure Site Recovery Services (ASR) is a disaster recovery-as-a-service (DRaaS) or cloud DR site offering from Microsoft. The beauty of it is that it’s there for everyone from the small business to the large enterprise. It works with Hyper-V, vSphere or physical machines, and it works with Windows or Linux as long as the OS is supported by Azure (W2008 R2 or later on the Windows side).

Note: There is a cost overhead for vSphere or physical machines to allow for on-premises conversion and forward and in-cloud management and storage, so you need a certain scale to absorb that cost. This is why I describe ASR as being perfect for SMEs with Hyper-V and mid-large companies with Hyper-V, vSphere or physical machines.

If I had ASR in place, and I has a business on the quayside in Cork, near the Slaney in Enniscorthy, or anywhere else where the rivers were close to bursting the banks then I would perform a planned failover, requiring about 2 minutes of my time to started a pre-engineered and tested one-click failover. My machines would shut down in the desired order, flush the last bit of replication to Azure, and start up the VMs in the desired order in Azure, and my machines and data would be safe. I can failback to new equipment or stay in Azure if the disaster wipes out my servers. And if that disaster doesn’t happen, I can easily failback to new equipment, or choose to stay in Azure and not worry about local floods again.

Technorati Tags: Azure,DR,Hyper-V,VMware,Windows,Linux

Microsoft News – 19 October 2015

It turns out that Microsoft has been doing some things that are not Surface-related. Here’s a summary of what’s been happening in the last while …

Hyper-V

Microsoft Loves Linux Deep Dive #2 – Linux and FreeBSD Integration Services Core Features: Talking about the services that are integrated into Linux guest OSs on Hyper-V.
Shared Hyper-V virtual disk is inaccessible when it’s located in Storage Spaces on a Windows Server 2012 R2-based computer: A hotfix is available.
Recover From Expanding VHD or VDHX Files On VMs With Checkpoints: Tut tut!
Find All Virtual Machines With A Duplicate Static MAC Address On A Hyper-V Cluster With PowerShell: A handy tip from Didier to avoid networking hell.
Microsoft Loves Linux Deep Dive #3: Linux Dynamic Memory and Live Backup: Dynamic Memory for Linux guests and backup VMs with file system consistency without shutting them down.
Virtual Network Appliances I Use for Hyper-V Labs: A post by Didier Van Hoye.
Microsoft Loves Linux Deep Dive #4: Linux Network Features and Performance: More about open source on Hyper-V.
KB3095308 – VMs may not get additional memory although they’re set to use Dynamic Memory in Windows Server 2012 R2: You experience a poor performance, and IIS servers may run out of memory at peak times.
KB3093571 Update to replicate multiple VM groups and VMs that use shared VHDs in Windows Server 2012 R2 or Windows Server 2012: This article describes a hotfix that enables multiple virtual machine (VM) groups replication and the ability to replicate VMs that use shared Virtual Hard Disks (VHDs) in Windows Server 2012 R2 or Windows Server 2012. This is BIG – I’ll have more on this topic later.
Windows 10 Build 10565 Adds Nested Hyper-V: A post I wrote for Petri.com.
KB3093899 – VMs that run on CSVs fail if DCM can’t query volumes in Windows Server 2012 R2: This article describes an issue that occurs when Desired Configuration Management (DCM) can’t query volumes in Windows Server 2012 R2.
KB961804 – Virtual machines are missing, or error 0x800704C8, 0x80070037, or 0x800703E3 occurs when you try to start or create a virtual machine: This problem may be caused by antivirus software that is installed in the parent partition if the real-time scanning component is configured to monitor the Hyper-V virtual machine files. Follow Microsoft’s guidance on antimalware for Hyper-V hosts, and stop being a “yes sir, no sir” gombeen kow-towing to the know-nothing security “expert”.
Trunking With Hyper-V Networking: Trunk the virtual switch port to allow a virtual appliance connect to multiple VLANs at once.
Remove Lingering Backup Checkpoints from a Hyper-V Virtual Machine: A recovery snapshot stays and you cannot apply or delete it.
Hyper V Amigos Podcast Episode 1 – Ben Armstrong: Hyper-V MVP Carsten Rachfahl interviews Microsoft PM, the Virtual PC Guy.

Windows Server

Windows Server Containers, what are they and where do they fit? Read the Microsoft explanation, and then read my one.
Memory Compression in Windows 10 Threshold 2: Improving resource utilization with TH2, the next major Windows release, coming in November.
“Not enough server storage is available to process this command” error when you try to access file shares on an SOFS-configured server : You ignored the guidance and used SOFS as an end-user file server. Seriously – try reading!
New Windows Server 2016 Storage Video Series: A set of videos on WS2016 storage.
KB3091057 – Cluster validation fails in the “Validate Simultaneous Failover” test in a Windows Server 2012 R2-based failover cluster: This hotfix changes some timing of the “Validate Simultaneous failover” test to more accurately verify the storage compatibility with the failover cluster.
How to setup Nano Server to send diagnostic messages off-box for remote analysis: Troubleshooting Nano server will be fun if you cannot log into it. So don’t log into it.

Windows Client

Windows 10 Enterprise Feature – Credential Guard: Using VSM to protect LSASS.

Azure

Monitor your Azure RemoteApp environment with OpInsight – Part 4: Monitor the User Profile Disks.
Learn how to back up your IaaS VMs in five minutes: It’s simple: create a backup vault, discover VMs, register VMs, create a policy.
Microsoft Azure Backup Server: Download the MAB (based on DPM) to get on-premises backup of Hyper-V, SQL, Exchange, SharePoint and clients that you can forward to Azure Backup vaults.
September updates to Azure RemoteApp: New features in the RDS service. Note that Office 2016 is not supported yet.
A VM that Azure Site Recovery helps protect goes into a resynchronization state: “Resynchronization is required for the machine X. Resume replication to start resynchronization” and “Resynchronization for virtual machine ‘VMName’ was marked corrupted by the service.”.
Inside Azure File Storage: Learn more about this application data sharing facility.
Azure RBAC is GA: Implement just enough administration (JEA) in your Azure subscription.
Azure RemoteApp Custom Image Licensing Error: When you make your own RemoteApp image from scratch.
Introducing Microsoft Azure Backup Server: A post I wrote for Petri.com on “Project Venus” progress.
Azure AD Domain Services is now in Public Preview – Use Azure AD as a cloud domain controller: We’re getting closer to Server Zero. Note the lack of integration with legacy AD.
The Azure AD App Proxy just keeps getting better and better: Cloud-enable legacy apps.
KB3090067 – Azure Backup performance update: Update MARS to avoid when incremental backups by using the Azure Backup agent may run slowly for servers that have many files.
User Environment Management in Azure RemoteApp – Part 1: Using UE-V with the user profile disks.
IIS and Azure Files: Can I host my IIS web content in the cloud using Azure Files? Yes you can put your websites in Azure Files and use shared configuration for shared web content between a farm of auto-scaling, load balanced VMs in an availability set with auto-scaling enabled. Yum!
Get Fast + Easy Support with OMS: Add Microsoft support users to a workspace so they can see the same thing as you.

Office 356

Cloud security controls series – OneDrive for Business: Compliance and security stuff.
Data Loss Prevention in OneDrive for Business, SharePoint Online and Office 2016 is rolling out: PDB is finally starting to improve.
Share with the click of a button in Office 2016: How to edit cooperatively.
What’s new – September 2015: A bit of a quiet month in Office, right? It was just Office 2016, Exchange 2016, …
I sync therefore I am…: A preview of the new ODB sync client
Azure PowerShell 1.0 Preview: A preview of v1.0 which appears to focus on improving admin of Azure Resource Manager.

Miscellaneous

A message to our customers about EU – US Safe Harbour: A comment by Microsoft’s legal honcho, Brad Smith, following the recent ECJ ruling that Safe Harbour is “invalid”.

Microsoft News – 28 September 2015

Wow, the year is flying by fast. There’s a bunch of stuff to read here. Microsoft has stepped up the amount of information being released on WS2016 Hyper-V (and related) features. EMS is growing in terms of features and functionality. And Azure IaaS continues to release lots of new features.

Hyper-V

The Mysterious Case of Infrequent Network Connectivity Issues on 2 Hyper-V VMs Out of 40 Guests: Some PowerShell troubleshooting.
Storage Migration “Operation not allow for VM because Hyper-V State is yet to be initialized from Virtual Machine Configuration” (0x80070015): A fix or workaround to solve this problem.
Missing Hyper-V VMs on Windows 10 – Build 10547: A bug in this insider build hides non v5.0 VMs.
Hyper-converged with Windows Server 2016: Run your storage (Storage Spaces Direct, not SOFS) and Hyper-V cluster on the same hardware.
Configuring site awareness for your multi-active disaggregated datacenters: Solving one of the biggest issues with using Failover Clustering as a DR solution.
Introduction to Linux and FreeBSD on Hyper-V: The Linux Integration Services (LIS). Note that LIS 4.0 can be installed on some distros that have previous versions of LIS built in.
Running Hyper-V on Nano in Windows Server 2016 TP3: For you large scale customers that can afford to lose a host.
Running Nano from Windows Server 2016 TP3 on Hyper-V: Teeny tiny VMs for running born-in-the-cloud services.
Do you know how fast your disks are? I’ve seen expensive customer deployments with over-specced hosts and sh1te SANs where one ordinary VM could effectively shut down the cluster because the SAN couldn’t keep up.
Virtual Machine Storage Resiliency in Windows Server 2016: A very nice resiliency feature from the Hyper-V storage folks.

Windows Client

Windows 10 servicing and deployment guidance now available: Learn about Windows as a Service.
Introduction to Windows 10 servicing: How enterprises can keep devices current with the latest feature upgrades, make better use of Windows Update, and what the new servicing options mean for support lifecycles.
Windows 10 – Reducing the disk footprint: how to deploy Windows 10 with the new smaller installation footprint – great for machines with smaller storage (tablets and ultrabooks)

Azure

Azure Backup – Announcing general availability of backup for Azure IaaS VMs: This vital service for VMs has gone GA with a number of improvements.
Azure Backup of IaaS VMs Generally Available: A post I wrote for Petri.com.
Remote Desktop Services DR Solution using ASR – Guidance: A best practices guide from Microsoft.
SharePoint DR Solution using ASR – Guidance: A best practices guide from Microsoft.
Microsoft Exchange DR Solution using ASR – Guidance: A best practices guide from Microsoft.
A VM that Azure Site Recovery helps protect goes into a resynchronization state: Each VHD must be 1023 GB or less.
Source Control Integration in Azure Automation: Manage your automations scripts.
Monitor your Azure RemoteApp environment with OpInsight – Part 1: A nice hack.
Monitor your Azure RemoteApp environment with OpInsight – Part 2: Continuing the hack.
Microsoft showcases the Azure Cloud Switch (ACS): Linux? Linux! Linux?! Yes; Linux.
September update – Azure Preview Portal improvements: Ibiza continues to evolve in the very long preview. This is starting to feel like the GMail beta. There are some good improvements here, but the lateral scale of the UI needs to be chopped by 80%, or we should get an 80″ Surface Hub for free with every Azure subscription.
Use Azure as Virtual DR Site for VMware and Physical Servers: A post I wrote for Petri.com.
August updates to Azure RemoteApp: Some updates.
How does Azure RemoteApp save user data and settings? I really do not like this solution – I prefer to use a virtual file server with domain membership on the VNet because I have some measure of control.
ADFS Publishing via Azure Traffic Manager : Ah yeah, geo-redundant ADFS.

System Center

Near Real-time Performance Data Collection in OMS: Could this be the start of the replacement of SCOM with a cloud service?
Deploy Software Defined Networks using Virtual Machine Manager : A document based on TP3 of System Center 2016.
2nd Edition of Microsoft System Center: Building a Virtualized Network Solution now available and free to download: Featuring Irish MVP, Damian Flynn.
How to Deploy Host Guardian Service using Service Templates in VMM Tech Preview 3: The new WS2016 Hyper-V security feature.

Office 365

The New Office is Here: In case you missed it, Office 2016 launched this week. O365 customers will get is based on which servicing branch they are in. You might not see it for months if you are in the Current Branch for Business (Pro Plus plans default to this).
What’s new in Office 2016: Why should you upgrade, and what should you look for if you have upgrade rights?
Admins—get ready for Office 2016, rollout begins September 22: I’d tweeted several months ago that I’d heard September was the month, so I am not surprised at all.
Announcing the Office 365 Service Trust Portal: STP is a service feature in Office 365 designed to provide deeper information on how Microsoft manages security, compliance and privacy.
Office 365 Import Service—migration to SharePoint Online and OneDrive for Business just became easier: An out-of-band transfer using hard disks, similar to the Azure import service.
Introducing Office 365 Planner: A “simple and highly visual way to organize teamwork”.
Step-By-Step – Setting up AD FS and Enabling Single Sign-On to Office 365: Set up single sign-on.
How to use your Office 365 subscription with Azure RemoteApp: There’s a new “with O365” template that you can use now. Use your ProPlus installation rights in Azure’s RDS.

EMS

Coming soon – New features for managing Windows 10 and iOS devices: New features between September 25 and October 5.
Day Zero Support for iOS 9 with Intune: Manage your iPhones and iPads.
Azure Active Directory B2B collaboration: Inter-company federation via Azure AD.
Azure AD Premium Dashboard is in preview: Microsoft has turned on the Azure Active Directory Premium Dashboard – available in North America only at this point.
Azure AD B2C and B2B are now in Public Preview:
Learn all about the Azure AD B2B Collaboration Preview: Learn more about the Biz-2-Biz preview.

Security

Tracking a Bluetooth Skimmer Gang in Mexico: A whole new way of skimming your card at the ATM, thanks to the ATM engineers.
Tracking Bluetooth Skimmers in Mexico, Part II: More on this story.
Who’s Behind Bluetooth Skimming in Mexico? A very professional criminal operation.

Miscellaneous

Microsoft heads back to court on September 9th: A post I wrote about the Irish datacenter and US warrant appeal.

Technorati Tags: Microsoft,Hyper-V,Virtualisation,Failover Clustering,Storage,Storage Spaces,Linux,Windows 10,Azure,Cloud,Cloud Computing,Hybrid Cloud,Backup,Remote Desktop Services,DR,Active Directory,System Center,VMM,Security,Office,Office 365,Licensing,EMS,Intune

Microsoft News – 7 September 2015

Here’s the recent news from the last few weeks in the Microsoft IT Pro world:

Hyper-V

Configuring Default Checkpoint type in Windows 10: How to automatically get the legacy style checkpoint behaviour – might be useful in test/dev/demo labs.
Hyper-V Dynamic Memory Versus Virtual NUMA: The two incompatible memory optimization techniques. A post I wrote for Petri.com.
Workgroup and Multi-domain clusters in Windows Server 2016: Note: Workgroup clusters do not support Live Migration (hence useless to most).
Site-aware Failover Clusters in Windows Server 2016: Making stretch clusters more suitable. An interesting option is “preferred site” of a (entire) cluster.
Linux Integration Services 4.0 Update: An update to the Linux integration components for Hyper-V.

Windows Server

How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012: You might disable SMBv1 in totally modern deployments, but I prefer to stay on the well walked path.
Announcing Windows Server 2016 Containers Preview: Post by Scott Guthrie.
Microsoft and Mesosphere partner to bring Mesos container orchestration across Windows and Linux worlds: Container orchestration comes to Windows.
Microsoft and Intel showcase Storage Spaces Direct with NVM Express at IDF ’15: 4.2 million IOPS with S2D.
Data Deduplication in Windows Server Technical Preview 3: BIG improvements for scalability and backup.
Comparing Work Folders and Offline Files: I bet you’ve never heard of Work Folders – what I call “company owned DropBox”.
Work Folders encryption on Windows: Security with replicated files.
Windows Server 2016 Installation Option Changes: Our feedback was listened to.

Windows

Adjusting the Network Protocol Bindings in Windows 10: I guess the same applies to Windows Server 2016.
Windows 10 Pre-Upgrade Validation using SETUP.EXE: Using /Compat ScanOnly.
MDOP 2015 and more tools are now available: Windows 10 support.

System Center

DPM 2012 R2 UR7 re-released: Wow, a System Center update rollup had issues. Whoda thunk it?!?!?!

Azure

Mandatory update for Azure Backup to avoid an authentication error for ongoing backups: You must have a MARS agent that released August 19 2015 or later.
AzCopy – Introducing Append Blob, File Storage Asynchronous Copying, File Storage Share SAS, Table Storage data exporting to CSV and more: AzCopy 3.2.0 and AzCopy 4.2.0-preview are now released.
Azure Backup update – New features in IaaS VM backup support: Support for up to 16 data disks, retention up to 99 years, improved performance, and reporting.
Azure Premium Storage expanding in more regions: Adding Central US, East US, East Asia, and North Europe.
Announcing the GS-Series: Adding Premium Storage Support to the Largest VMs in the Public Cloud: Big and fast.
Boot Diagnostics for Virtual Machines: Needed because there’s not KVM access.
A Look at Microsoft’s New Hybrid Cloud Features: A post I wrote for Petri.com.
How to Link an Azure RemoteApp collection to your existing Azure Virtual Network Without Domain Join: If you have applications that don’t require domains. Beware that this will cause messy session hosts without GPO to control user access/storage from a central point.

Office 365

What’s new – July 2015: Apps galore.
What’s new – August 2015: The education SKUs are getting a “shake up”.
Microsoft is reducing its number of portals, merging Intune with Office 365: Good idea … but I am sceptical of the success/future of this.

Intune

Windows 10, Azure AD and Microsoft Intune: Automatic MDM enrollment powered by the cloud: See the new Active Directory in action.
Microsoft Advanced Threat Analytics in now GA: This EMS bundle member is now available for detecting nefarious usage of company identity.

Events

Meet AzureCon: A virtual event on Azure on September 29th, starting at 9am Pacific time, 5pm UK/Irish time.

Technorati Tags: Hyper-V,Virtualisation,Failover Clustering,Linux,Windows Server 2016,Windows Server 2012 R2,Storage,Networking,Windows 10,Deployment,DPM,System Center,Azure,Cloud,Cloud Computing,Hybrid Cloud,Backup,Remote Desktop Services,Office 365,Intune,Active Directory,Events

Microsoft News – 16 July 2015

It’s been a busy week with WPC driving announcements that affect partners.

Hyper-V

Hyper-V Survey – Why do you turn VMs off? The Hyper-V team wants to know.

Windows Server

Microsoft Issues Final Patch Tuesday Updates for Windows Server 2003: No more security updates!
Bye Windows Server 2003, In Remembrance: My look back on W2003 for Petri.com. I was an early adopter, it was great, but it would have held me back if I didn’t upgrade.

Windows Client

Announcing Windows Update for Business: A post from May that you should read.
Microsoft releases new license terms for Windows 10 – Biggest surprise? No gotchas: Good news, everybody!
Step-By-Step – Building Windows 10 Provisioning Packages: Windows 10 Provisioning Packages have the ability to prepare one or more devices for corporate use.
Windows 10 KMS Client Setup Keys: For those of you on volume licensing.

Azure

Cloud security controls series: Azure Active Directory‘s Access and Usage Reports: AAD Premium edition compliance features.
Azure RemoteApp Core Skills Jump Start now available on-demand: On the Microsoft Virtual Academy.
Learning Windows PowerShell Workflow: Learn how to automate on Azure.
My first runbook: Use the new graphical UI to create your first runbook in Azure Automation.
Using Azure Resource Manager in Azure Automation Runbooks: Automate ARM.
Working with Marketplace Images on Azure Resource Manager: Quite a wordy article that defies summary.
Azure Marketplace announces new features and functionality: A few different things here for deploying stuff.
Expanding Linux and OSS Support on Azure: Limited technical support for major (Azure-supported) Linux distributions, third party and Open source technologies on Azure.
Manage your Azure Linux VM logs through Operations Management Suite: OMS has added the capabilities to be able to manage your Azure Linux VMs logs which you can now consume through the Operational Insights dashboard.

System Center

Datazen Enterprise Server: Datazen Enterprise Server is a collection of web applications and Windows services. Acts as a repository for storing and sharing dashboards and KPIs.

Office 365

What’s new – June 2015: Office for Android phone, Advanced Threat Protection, and more!
Microsoft delivers final Office for Windows 10 apps: Here comes Gemini, the touch version of Office.

Licensing

MPSA Gets Event Better, Major Cloud-Focused Enhancements Are Here: Improvements for the Select replacement.

Miscellaneous

WPC 2015 – 5 Announcements IT Pros Should Care About: Things at this partner conference that affect us all.
Surface Announces New Plans to Expand Business Channel: Microsoft finally is increasing the channel, and this could cause sales to explode.

Technorati Tags: Microsoft,Hyper-V,Virtualisation,Windows Server 2003,Security,Windows 10,Deployment,Licensing,Azure,Scripting,PowerShell,Linux,Office,Office 365

Microsoft News–13 July 2015

I don’t have all that much for you, but the big news is the Azure Site Recovery (ASR, Microsoft’s DR site in the cloud) now supports VMware virtual machines and physical servers, without using System Center. You do need to run some stuff on-prem and in the cloud to make it work though, so there will be a tipping point where the solution becomes affordable.

Azure

Announcing the GA of Disaster Recovery for VMware Virtual Machines and Physical Machines to Azure using ASR: Now you can replicate VMware virtual machines and physical servers to Azure for disaster recovery (DRaaS) or business continuity (BC).
Availability of Linux RDMA on Microsoft Azure: If you want to do HPC or push big data on Azure Linux VMs, limited to SUSE Linux Enterprise Server 12 (SLES12) right now.
Azure Batch Generally Available: I think it’s more of interest to those writing on-prem or cloud based mass processing apps.
Building Linux-Based Solutions on Azure Jump Start: An online event to get you going with Linux on Azure.
Try the new Azure Authenticator application: A new oAuth app for multi-factor authentication, not just for AAD, but also other services including Google.
Designing Your Network Infrastructure For Disaster Recovery: A whitepaper to guide you on this critical step.
Backups or replications that use Microsoft Azure Recovery Services Agent fail after December 9, 2015: Uh, whoops! Carry out those updates.
”Run As” with Azure Automation Hybrid Worker: A method for executing runbooks on-premises with specific non-system permissions.
You can now ingest Syslog data into OMS from Azure Linux VMs: If you use Azure Diagnostics, Operations Management Suite can ingest syslog data from storage accounts configured to store your diagnostics data. As of the publication of this blog post, OMS can ingest all logs routed through syslog or RsyslogD.

System Center

What’s new in System Center Configuration Manager Technical Preview 2: Available now. Lots of interesting stuff including “Support for installing Configuration Manager on Azure Virtual Machines”.
Setting up Multicasting in Microsoft Configuration Manager 2012: Love this feature. Save some bandwidth and speed up those mass deployments.

Office 365

Announcing archiving for non-Microsoft data in Office 365: Thanks to extensive collaboration and deep integration with Actiance and Globanet, Office 365 extends its rich and comprehensive archiving solution to cover a wide array of third-party data sources.
Announcing preview of new Skype for Business services in Office 365: Skype Meeting Broadcast, PSTN Conferencing (The Curse of Zune), and Cloud PBX with PSTN Calling (also suffering The Curse of Zune). So that’s just Skype Meeting Broadcast.
Office 2016 Preview—Update 2: New charts, live view co-authoring, Excel/PowerPoint Insights, Tell Me, Hand writing conversion for equations.
Announcing compliance toolset for public folders: The Office 365 archiving and eDiscovery toolset is being extended to include public folders.
Announcing new activity logging and reporting capabilities for Office 365: Summarising a number of corporate compliance tools.

Technorati Tags: Microsoft,VMware,Azure,Hybrid Cloud,Cloud,Cloud Computing,DR,Linux,Networking,Security,Scripting,PowerShell,Configuration Manager,Deployment,Office,Office 365

Microsoft News – 29 June 2015

As you might expect, there’s lots of Azure news. Surprisingly, there is still not much substantial content on Windows 10.

Hyper-V

What is the Windows Server Network Controller? A post I wrote for Petri.com.
Virtual Machine Compute Resiliency in Windows Server 2016: Dealing with transient cluster failures and keeping VMs online.
NEW RDS deployment model – Personal Session Desktops: A VDI scenario without using a client OS. In Windows Server 2016 additional improvements have been added to the Desktop Experience feature to make the Server OS look even more as a (Windows 10) Client OS. You will “… essentially be able to do “VDI” in Azure where every user will have a fully persistent desktop with options to allow user installed applications or maybe even local admin privileges”.
Script – Image Factory for Hyper-V: A handy solution from Ben Armstrong.
Handy Tool for Converting KVM / VMware Images to Hyper-V: A solution for V2V conversions from KVM to Hyper-V for when you’ve realised that your boss was an idiot.

Windows Server

DNS Server Startup Time Improvements in Windows Server 2012 R2: Tuning for those people running HUGE DNS databases (40,000 to 50 million records!).
PowerShell Script to build your Nano Server Image: Deploying Nano Server
How to use WDS to PxE Boot a Nano Server VHD: Do a network boot with Nano Server – How UNIX-y!
Microsoft Support for Secure Shell (SSH): Light on details: ” the PowerShell team will support and contribute to the OpenSSH community”.

Windows Client

Most IT Pros Expect To Deploy Windows 10 Within 2 Years: “40 percent of IT pro participants were planning to deploy Windows 10 within the first year of release … [another] 33 percent were planning Windows 10 deployments within two years”.
Windows 10 – What’s next for Microsoft’s Insider testers: Microsoft gets it “right” on the 3rd attempt. Maybe.
Azure AD, Microsoft Intune and Windows 10 – Using the cloud to modernize enterprise mobility: Azure AD is the glue (a common theme).

Azure

Azure RemoteApp – User Connection Error: For “With VPN” or hybrid deployments, sort out your UPNs to ensure that the AAD and the LAD user accounts match up. First a user signs into AAD via the RemoteApp client, and then they sign into AAD using Remote Desktop.
Azure RemoteApp – App-V Support Part 1: Deliver apps to RemoteApp using virtualization. App-V Standalone.
Azure RemoteApp – App-V Support Part 2: Full App-V infrastructure.
Step through creating a Resource Manager-based Azure Virtual Machine with PowerShell: A LOT of code is required, but once you have it, it’s quicker to create VMs using PoSH than via the GUI.
Container Apps now available in the Azure Marketplace: It’s Docker time!
Troubleshoot Secure Shell (SSH) Connections to a Linux-based Azure Virtual Machine: Steps to fix this complex scenario.
Sync Azure RemoteApp Collection Membership with Azure Automation: A clever solution to populate an App Collection with the members of an AD group.
How to Create and Validate a Microsoft Azure Active Directory Domain: A post I wrote for Petri.com.
How To Upload Files to Microsoft Azure: A post I wrote for Petri.com.
Wormhole Area Networking and Microsoft Azure: Pending patent – a post I wrote for Petri.com.
Easier Azure VM Deployment with the Custom Script Extension: A post I wrote for Petri.com.
Using the Microsoft Azure Storage Explorer Tools: A post I wrote for Petri.com.
Sharing Files in the Cloud using Azure Files: How to use the Storage Accounts Files service between VMs.
Improving Microsoft Azure File Server Performance with BranchCache: A post I wrote for Petri.com.
Enable Distributed BranchCache on a Microsoft Azure File Server: A post I wrote for Petri.com.
Does Azure Backup Work? A post I wrote for Petri.com.
Microsoft Launches New Microsoft Azure VM Pricing Tool: A post I wrote for Petri.com.
Key Vault is now generally available: This HSM in the cloud offering is now GA. Example usage: central SSL cert storage and VM full disk encryption (coming soon).
Azure Active Directory Premium reporting now detects leaked credentials: Detect when your users have lost control of their usernames and passwords.
DevOps Basics – Infrastructure as Code: Deploying VMs using ARM templates via the Ibiza portal.
DevOps Basics – Infrastructure as Code – The PowerShell Method: An alternative to the previous.
Azure AD Conditional Access preview update – More apps and blocking access for users not at work: Note conditional access to Azure RemoteApp.
May updates to Azure RemoteApp: What changed?

Office 365

Announcing auto-expanding, highly scalable archives for Office 365 email: To accommodate customers who require very, very large archiving storage, Microsoft announced new auto-expanding, highly scalable archiving.
Exchange Online Advanced Threat Protection is now available: A new subscription service for unknown malware, real-time protection against malicious URLs, and reporting.
7 new Exchange Online Protection enhancements: Improving the basic service.
What’s new – May 2015: A summary of O365 improvements.
Introducing Compliance Search in Office 365: A faster and more lightweight way of searching within your organization’s data in Office 365.
Rights Management Service departmental templates comes to Office 2013: A feature that allows organizations to define different policies that will be deployed to different departments (or roles) for their use in documents and emails, now natively supported in Office 2013.
New Intune capabilities for Outlook on iOS and Android: Customers using Outlook for iOS and Android can now use built-in MDM for Office 365 or Microsoft Intune to secure email data on mobile devices within their organization.

EMS

New features coming to Intune over the next week: Starting June 22 and ending July 2.
Microsoft adds Advanced Threat Analytics to its Enterprise Mobility Suite: More security coming to EMS (cloud) and ECS (on-prem).

Misc

Samsung Accused of Blocking Security Updates in its PCs: Are OEMs stupid, ignorant, or do they just not care? IMO, this one is a grey area.

Technorati Tags: Microsoft,Hyper-V,Windows Server 2016,Windows Server 2012 R2,DNS,Virtualisation,PowerShell,Deployment,Remote Desktop Services,Scripting,Linux,Failover Clustering,Windows 10,Azure,Cloud,Cloud Computing,Hybrid Cloud,Networking,Security,Backup,Active Directory,Office 365,Intune