Windows Server 2012 | Aidan Finn, IT Pro

Microsoft News – 19 October 2015

It turns out that Microsoft has been doing some things that are not Surface-related. Here’s a summary of what’s been happening in the last while …

Hyper-V

Microsoft Loves Linux Deep Dive #2 – Linux and FreeBSD Integration Services Core Features: Talking about the services that are integrated into Linux guest OSs on Hyper-V.
Shared Hyper-V virtual disk is inaccessible when it’s located in Storage Spaces on a Windows Server 2012 R2-based computer: A hotfix is available.
Recover From Expanding VHD or VDHX Files On VMs With Checkpoints: Tut tut!
Find All Virtual Machines With A Duplicate Static MAC Address On A Hyper-V Cluster With PowerShell: A handy tip from Didier to avoid networking hell.
Microsoft Loves Linux Deep Dive #3: Linux Dynamic Memory and Live Backup: Dynamic Memory for Linux guests and backup VMs with file system consistency without shutting them down.
Virtual Network Appliances I Use for Hyper-V Labs: A post by Didier Van Hoye.
Microsoft Loves Linux Deep Dive #4: Linux Network Features and Performance: More about open source on Hyper-V.
KB3095308 – VMs may not get additional memory although they’re set to use Dynamic Memory in Windows Server 2012 R2: You experience a poor performance, and IIS servers may run out of memory at peak times.
KB3093571 Update to replicate multiple VM groups and VMs that use shared VHDs in Windows Server 2012 R2 or Windows Server 2012: This article describes a hotfix that enables multiple virtual machine (VM) groups replication and the ability to replicate VMs that use shared Virtual Hard Disks (VHDs) in Windows Server 2012 R2 or Windows Server 2012. This is BIG – I’ll have more on this topic later.
Windows 10 Build 10565 Adds Nested Hyper-V: A post I wrote for Petri.com.
KB3093899 – VMs that run on CSVs fail if DCM can’t query volumes in Windows Server 2012 R2: This article describes an issue that occurs when Desired Configuration Management (DCM) can’t query volumes in Windows Server 2012 R2.
KB961804 – Virtual machines are missing, or error 0x800704C8, 0x80070037, or 0x800703E3 occurs when you try to start or create a virtual machine: This problem may be caused by antivirus software that is installed in the parent partition if the real-time scanning component is configured to monitor the Hyper-V virtual machine files. Follow Microsoft’s guidance on antimalware for Hyper-V hosts, and stop being a “yes sir, no sir” gombeen kow-towing to the know-nothing security “expert”.
Trunking With Hyper-V Networking: Trunk the virtual switch port to allow a virtual appliance connect to multiple VLANs at once.
Remove Lingering Backup Checkpoints from a Hyper-V Virtual Machine: A recovery snapshot stays and you cannot apply or delete it.
Hyper V Amigos Podcast Episode 1 – Ben Armstrong: Hyper-V MVP Carsten Rachfahl interviews Microsoft PM, the Virtual PC Guy.

Windows Server

Windows Server Containers, what are they and where do they fit? Read the Microsoft explanation, and then read my one.
Memory Compression in Windows 10 Threshold 2: Improving resource utilization with TH2, the next major Windows release, coming in November.
“Not enough server storage is available to process this command” error when you try to access file shares on an SOFS-configured server : You ignored the guidance and used SOFS as an end-user file server. Seriously – try reading!
New Windows Server 2016 Storage Video Series: A set of videos on WS2016 storage.
KB3091057 – Cluster validation fails in the “Validate Simultaneous Failover” test in a Windows Server 2012 R2-based failover cluster: This hotfix changes some timing of the “Validate Simultaneous failover” test to more accurately verify the storage compatibility with the failover cluster.
How to setup Nano Server to send diagnostic messages off-box for remote analysis: Troubleshooting Nano server will be fun if you cannot log into it. So don’t log into it.

Windows Client

Windows 10 Enterprise Feature – Credential Guard: Using VSM to protect LSASS.

Azure

Monitor your Azure RemoteApp environment with OpInsight – Part 4: Monitor the User Profile Disks.
Learn how to back up your IaaS VMs in five minutes: It’s simple: create a backup vault, discover VMs, register VMs, create a policy.
Microsoft Azure Backup Server: Download the MAB (based on DPM) to get on-premises backup of Hyper-V, SQL, Exchange, SharePoint and clients that you can forward to Azure Backup vaults.
September updates to Azure RemoteApp: New features in the RDS service. Note that Office 2016 is not supported yet.
A VM that Azure Site Recovery helps protect goes into a resynchronization state: “Resynchronization is required for the machine X. Resume replication to start resynchronization” and “Resynchronization for virtual machine ‘VMName’ was marked corrupted by the service.”.
Inside Azure File Storage: Learn more about this application data sharing facility.
Azure RBAC is GA: Implement just enough administration (JEA) in your Azure subscription.
Azure RemoteApp Custom Image Licensing Error: When you make your own RemoteApp image from scratch.
Introducing Microsoft Azure Backup Server: A post I wrote for Petri.com on “Project Venus” progress.
Azure AD Domain Services is now in Public Preview – Use Azure AD as a cloud domain controller: We’re getting closer to Server Zero. Note the lack of integration with legacy AD.
The Azure AD App Proxy just keeps getting better and better: Cloud-enable legacy apps.
KB3090067 – Azure Backup performance update: Update MARS to avoid when incremental backups by using the Azure Backup agent may run slowly for servers that have many files.
User Environment Management in Azure RemoteApp – Part 1: Using UE-V with the user profile disks.
IIS and Azure Files: Can I host my IIS web content in the cloud using Azure Files? Yes you can put your websites in Azure Files and use shared configuration for shared web content between a farm of auto-scaling, load balanced VMs in an availability set with auto-scaling enabled. Yum!
Get Fast + Easy Support with OMS: Add Microsoft support users to a workspace so they can see the same thing as you.

Office 356

Cloud security controls series – OneDrive for Business: Compliance and security stuff.
Data Loss Prevention in OneDrive for Business, SharePoint Online and Office 2016 is rolling out: PDB is finally starting to improve.
Share with the click of a button in Office 2016: How to edit cooperatively.
What’s new – September 2015: A bit of a quiet month in Office, right? It was just Office 2016, Exchange 2016, …
I sync therefore I am…: A preview of the new ODB sync client
Azure PowerShell 1.0 Preview: A preview of v1.0 which appears to focus on improving admin of Azure Resource Manager.

Miscellaneous

A message to our customers about EU – US Safe Harbour: A comment by Microsoft’s legal honcho, Brad Smith, following the recent ECJ ruling that Safe Harbour is “invalid”.

Microsoft News – 30 September 2015

Microsoft announced a lot of stuff at AzureCon last night so there’s lots of “launch” posts to describe the features. I also found a glut of 2012 R2 Hyper-V related KB articles & hotfixes from the last month or so.

Hyper-V

The uptime value of the Hyper-V Management console changes to the resume time of the last pause on Windows Server 2012 and Windows Server 2012 R2: The uptime value of the Hyper-V Management console changes to the resume time of the last pause instead of the time when backup completed
A virtual machine that is running on Windows Server 2012 R2 may not start: Not enough memory in the system to start the virtual machine ‘<Virtual Machine Name>’.
Non-queued commands are sent to disk controller on a Windows Server 2012 R2-based Hyper-V host server: A solution to a non-described issue – how weird!
Cluster service stops during the VSS backup in a Windows Server 2012 R2-based Hyper-V cluster: When multiple VSS backups are in progress, the cluster service may crash because of inconsistent state in the CSV VSS provider. Then, all virtual machines go offline because of the CSV failure.
Hyper-V storage migration failure and “ERROR_BAD_COMMAND” error in Windows Server 2012 R2 or Windows Server 2012: You get “Migration did not succeed. Not enough disk space at ‘\’. ” when doing Storage Live Migration to a CSV or Hyper-V Replica stops with ERROR_BAD_COMMAND.

Windows Server

Applications can’t perform I/Os in Windows Server 2012 R2: When a disk fails or isn’t responsive and a large number of I/O port transitions are pending, I/Os may be stalled because the storage adapter is paused and will be resumed after a time-out period as specified by the miniport.
Changed cluster properties revert to default values on cluster nodes that run Windows Server 2012 R2 or Windows Server 2008 SP2: ameSubnetDelay, SameSubnetThreshold, CrossSubnetDelay, or CrossSubnetThreshold properties revert to original values.
Cluster services go offline when there’s a connectivity issue in Windows Server 2012 R2 or Windows Server 2012: The cluster nodes in both datacenters lose quorum and fail when a connectivity issue occurs between datacenters.

Azure

Using Azure Automation to take action on Azure Alerts: Reduce human effort by automation solutions to recurring problems.
Announcing expanded Microsoft Azure support for financial services customers: Adding European Network and Information Security Agency (ENISA) Information Assurance Framework (IAF) and the Shared Assessments Program (formerly known as BITS Shared Assessments).
Microsoft ExpressRoute – Office 365, Azure Government Cloud, more partners, simplified billing: Place equipment (e.g. SANs) in Microsoft “Meet-Me” locations with low latency connections (1-2 ms) to Azure.
Azure Container Service – Now and the Future: Azure Container Service builds on our work with Docker and Mesosphere to create and manage scalable clusters of host machines onto which containerized applications can be deployed, orchestrated, and managed.
Making the cloud more secure: Azure Security Center—a new Azure service that gives you visibility and control of the security of your Azure resources without impeding agility, and helps you stay ahead of cyber threats even as they evolve.
Azure File Storage, now generally available: Shared storage for APPLICATION data. This is not for user files.
How to use Azure File storage with Windows: Here are the Linux instructions.
Azure Storage Improvements: A roundup, including Premium Storage improvements and region support of Import/Export.
Monitor your Azure RemoteApp environment with OpInsight – Part 3: Monitoring the usage of your Azure RemoteApp collection.

Office 365

Announcing general availability of ExpressRoute for Office 365: This direct connection offers customers more predictable network performance, an SLA for guaranteed availability and additional data privacy.
Office 365 release options: Why am I not getting the Office 365 Click-To-Run update from Office 365? Are you in the Standard Release or First Release update rings?

EMS

Microsoft Intune Company Portal for Android: A new version.

Technorati Tags: Hyper-V,Windows Server 2012 R2,Windows Server 2012,Backup,Failover Clustering,DR,Azure,Cloud,Cloud Computing,Hybrid Cloud,PowerShell,Scripting,Networking,Containers,Storage,Remote Desktop Services,Office,Office 365,EMS,Intune

MS15-068–SERIOUS Hyper- V Security Vulnerability

This is one of those rare occasions where I’m going to say: put aside everything you are doing, test this MS15-068 patch now, and deploy it as soon as possible.

The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.

This security update is rated Critical for Windows Hyper-V on Windows Server 2008, Windows Server 2008 R2, Windows 8 and Windows Server 2012, and Windows 8.1 and Windows Server 2012 R2. For more information, see the Affected Software section.

The security update addresses the vulnerabilities by correcting how Hyper-V initializes system data structures in guest virtual machines.

I don’t know if this is definitely what we would call a “breakout attack” (I’m awaiting confirmation), one where a hacker in a compromised VM can reach out to the host, but it sure reads like it. This makes it the first one of these that I’ve heard of in the life of Hyper-V (since beta of W2008) – VMware fanboys, you’ve had a few of these so be quiet.

Note:

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

It sounds like a reasonable organization found and privately disclosed this bug, thus allowing Microsoft to protect their customers before it became public knowledge. Google could learn something here.

So once again:

Test the patch quickly
Push it out to secure hosts and other VMs

[Update]

Some digging by Flemming Riis (MVP) discover that credit goes to Thomas Garnier, Senior Security Software Development Engineer at Microsoft (a specialty in kernel, hypervisor, hardware, cloud and network security), and currently working on Azure OS (hence the Hyper-V interest, I guess). He is co-author of Sysinternals Sysmon with Mark Russinovich.

Technorati Tags: Hyper-V,Virtualisation,Security,Windows Server 2008,Windows Server 2008 R2,Windows Server 2012,Windows Server 2012 R2,Windows 8.1

Microsoft News – 24 February 2015

Here is the latest news in the world of Microsoft infrastructure:

Hyper-V

Hyper-V receives Red Hat certification: Add RHEL 7.0 to the list on WS2012 R2 Generation 1 and Generation 2 VMs, along with WS2012 and W2008 R2 SP1.

Windows Server

Storage Spaces Performance Tuning: A post I wrote on Petri.com

System Center

Windows Azure Pack vNext: A post by Azure MVP Marc van Eijk.
Support for SQL Server 2014 with System Center 2012 R2 Update Rollup 5: Here is the current and planned state of SQL 2014 support in System Center, assuming the latest UR is installed

Azure

Azure Site Recovery Now Supports SAN-to-SAN Replication: A post I wrote for Petri.com
Microsoft Azure Site Recovery Hyper-V Requirements: A post I wrote for Petri.com

Office 365

Microsoft Changing Its Retention Policy for Deleted Office 365 E-Mails: Deleted e-mails always will be recoverable.
Automated Hybrid Troubleshooting Experience: A new automated troubleshooting experience for hybrid Office 365 deployments.
Extended email retention for deleted items in Office 365: With this update, the length of time items remain in the Deleted Items folder is extended to indefinitely or according to the duration set by your administrator < Certain headlines don’t mention that bit!

Miscellaneous

Tales from Tech Support: A competition by Microsoft to find the funniest/worst in IT.

Technorati Tags: Microsoft,Hyper-V,Windows Server 2012 R2,Virtualisation,Windows Server 2012,Windows Server 2008 R2,Linux,Storage,System Center,WAP,SQL,Azure,Cloud,Hybrid Cloud,Cloud Computing,DR,Office 365,Exchange

Microsoft News – 20 November 2014

There are a lot of upset people because of (1) the Azure outage and (2) how Microsoft communicated during the outage. We had a couple of affected customers. The only advice I can give to Microsoft is:

Don’t deploy your updates to everything at the same time.
Now you know how customers feel when bad updates are issued. Bring back complete testing.
Communicate clearly during an issue – that includes sending emails to affected customers. You’ve got monitoring systems & automation – use them. Heck, you even blogged about how (Azure) Automation could be used by customers to trigger actions.

Hyper-V

Backup Jobs Failing Post Nov Rollup Install: Hyper-V PM Taylor Brown has an update.

Azure

Microsoft Azure Services Hit By Widespread Outages: There’s a lot of anger out there because of how Microsoft reported these issues.
Update on Azure Storage Service Interruption: A little bit of information on the issues of the previous 24 hours.
Create a Multi-NIC VM with a Public IP in Azure: Take advantage of this new feature.

Miscellaneous

An Overview of the Microsoft Cloud Platform System: A post by me on Petri.com about Microsoft CPS.

Technorati Tags: Microsoft,Hyper-V,Windows Server 2012,WIndows Server 2012 R2,Backup,Azure,Storage,Cloud,Cloud Computing,Networking,Virtualisation,Hardware

Microsoft News Summary – 10 September 2014

In other news, Apple proves that wearable devices are a pointless Gartner-esque fad, and those preachy tax-avoiding frakkers, U2, suck donkey balls.

Hyper-V

Boot a Hyper-V Virtual Machine Using PXE: A post I wrote for Petri.com

System Center Operations Manager

OM12 Sizing Helper: This is a Windows Phone app version of the OpsMgr 2012 Sizing Helper document.

Azure

Everything You Ever Wanted to Know About Data Protection and More: A new white paper provides in-depth information about protecting critical data in Azure at every layer, whether structured or unstructured, in-transit, or at-rest.
Microsoft Azure Hybrid Connection Client: This download installs the Hybrid Connection Client which enables your Azure VM or a Web/Worker Role instance to access your on-premises data & services using Hybrid Connections.
Windows Azure Poster: I’m sure this will be out of date by the end of the week (if not already).
Scaling Azure VM with Azure Automation, with help of Azure SQL: Using Azure Automation to power down/up VMs when they are not needed, i.e. save money.
Step-By-Step – Enabling A Primary AD FS Server in Azure for Office365 Single Sign-On: This Step-By-Step will provide instruction to setup a primary AD FS 3.0 server on a Windows Server 2012 R2 virtual machine in Azure. This is how you can overcome dependency on HQ Internet connection for roaming O365 users.

Miscellaneous

Microsoft rumored to be poised to buy Minecraft creator for $2 billion: This blocky game is the hottest thing with kids. I’ve spent many an hour *cough* helping *yes, helping* with constructions & adventures on an iPad and Xbox. And to be honest, it is a good problem solving game and it encourages kids to interact, based on what I’ve observed.

Technorati Tags: Windows Server 2012 R2,Windows Server 2012,Hyper-V,Virtualisation,Deployment,System Center,Operations Manager,Windows Phone,Azure,Cloud,Cloud Computing,Hybrid Cloud,RDS,PowerShell,Scripting,Active Directory,Microsoft

BEWARE! Microsoft Released September 2014 Update Rollups For Windows Server

Both Windows Server 2012 and Windows Server 2012 R2 (as well as their desktop OS and RT variants) received update rollups last night.

You know the drill: only install these updates before they are one month old if you want to shut down your business, get fired, and become an IT pariah. Let some other mug do the testing for you. You can do your own pilot testing and approve after that.

The WS2012 release includes a fix for SMB troubleshooting (including other fixes):

2980749 Event log data for troubleshooting SMB in Windows 8 and Windows Server 2012

The WS2012 R2 release highlights for me are:

KB2984324 Clussvc.exe or cluster node crashes when a node sends a message to another node in a Windows Server 2012 R2 cluster
KB2982348 Broadcast storm occurs after a virtual switch duplicates a network packet in Windows 8.1
KB977219 Updates to improve the compatibility of Azure RemoteApp in Windows 8.1 or Windows Server 2012 R2

Technorati Tags: Windows Server 2012,Windows Server 2012 R2,Storage,Networking,Hyper-V,Azure,RDS,Cloud,Cloud Computing

KB2990170 – MPIO Identifies Different Disks As The Same Disk

Microsoft posted a fix for Windows Server 2012, Windows 8, Windows Server 2012 R2, Windows 8.1, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 for when multipath I/O identifies different disks as the same disk in Windows.

Symptoms

The code in Microsoft Windows that converts a hexadecimal device ID to an ASCII string may drop the most significant nibble in each byte if the byte is less than 0x10. (The most significant nibble is 0.) This causes different disks to be identified as the same disk by Multipath I/O (MPIO). At the very least, this may cause problems in mounting affected disks. And architecturally, this could cause data corruption.

Resolution

When you apply this hotfix, the conversion algorithm is fixed. Disks that were masked by this issue before you installed the hotfix may be raw disks that still have to be partitioned and formatted for use. After you apply this hotfix, check in Disk Management or Diskpart for previously hidden disks.

A supported hotfix is available from Microsoft Support.

Technorati Tags: Storage,Windows Server 2008,Windows Server 2008 R2,Windows Server 2012,Windows Server 2012 R2,Windows Vista,Windows 7,Windows 8,Windows 8.1

KB2989586 – Stop Error 0x000000D1 After Installing Hyper-V Role On WS2012

Microsoft posted a hotfix for when you get a stop error 0x000000D1 after you install the Hyper-V role on a computer that’s running Windows Server 2012.

Symptoms

After you install the Hyper-V role on a computer that’s running Windows Server 2012, you may receive the following Stop error message:

0x000000D1 (parameter1 , parameter2 , parameter3 , parameter4 )
DRIVER_IRQL_NOT_LESS_OR_EQUAL

Notes

The parameters in this error message vary, depending on the configuration of the computer.

Not all "0x000000D1" Stop errors are caused by this problem.

Cause

This problem occurs because of incorrect handling of the IP address structure inside the Vmswitch.sys file.

A supported hotfix is available from Microsoft Support.

Technorati Tags: Windows Server 2012,Hyper-V,Virtualisation

Microsoft Fraks Up Patches AGAIN

I’m sick of this BS.

Microsoft is investigating behavior in which systems may crash with a 0x50 Stop error message (bugcheck) after any of the following updates are installed:

2982791 MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014
2970228 Update to support the new currency symbol for the Russian ruble in Windows
2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012

This condition may be persistent and may prevent the system from starting correctly.

If you are affected by any of the above then the repair process (see Known Issue 3) is an ungodly nightmare.

This is exactly why I tell people to delay deploying updates for 1 month. That’s easy using SCCM (an approval rule will do the delaying and supersede for you). WSUS – not so easy and that requires manual approval, which sadly we know almost never works.

Feedback, private and public from MVPs hasn’t worked. Negative press from the tech media hasn’t worked. What will, Microsoft? Nadella oversaw this clusterfrak of un-testing before he was promoted. Is sh1te quality the rule from now on across all of Microsoft? Should we tell our customers to remain un-patched, because catching malware is cheaper than being secure and up-to-date? Really? Does Microsoft need to be the defendant of a class action suit to wake up and smell the coffee? Microsoft has already lost the consumer war to Android. They’re doing their damndest to lose the cloud and enterprise market to their competition with this bolloxology.

Technorati Tags: Windows Server 2012 R2,Windows Server 2012,Windows Server 2008 R2,Windows Server 2008,Windows 7,Windows 8,Windows 8.1