Cisco Releases December Warning About a July Bug for Windows Servers

Someone at Cisco just woke up in time for the holidays.

On December 13, 2018, a Cisco Field Notice was issued to warn customers that…

Multiple processes that run on a Microsoft Windows 2012 R2 server can crash or fail to start because of KB4338815

The solution is to install KB4338831 on the affected servers. But, both updates (KB4338815 and KB4338831) are from July 2018.

For those Cisco customers waiting for a fix for this, its been available since July – you just didn’t know it until now.

Actions Required Per Windows Operating System to Fully Protect Against Spectre/Meltdown Vulnerabilities

For Microsoft’s operating systems, fully protecting against Spectre/Meltdown vulnerabilities may require additional actions. Use the table below to get an understanding of which protections are enabled by default versus those that might require further action.

 

OS CVE-2017-5715 CV-2017-5754 CVE-2018-3639
Windows 10 Enabled by default Enabled by default Disabled by default – see ADV180012
Windows Server 2016 Disabled by default – see KB4072698 Disabled by default – see KB4072698 Disabled by default – see ADV180012
Windows 8.1 Enabled by default Enabled by default Not applicable
Windows Server 2012 R2 Disabled by default – see KB4072698 Disabled by default – see KB4072698 Disabled by default – see ADV180012
Windows RT 8.1 Enabled by default Enabled by default Not applicable
Windows 7 Enabled by default Enabled by default Disabled by default – see ADV180012
Windows Server 2008 R2 Disabled by default – see KB4072698 Disabled by default – see KB4072698 Disabled by default – see ADV180012
Windows Server 2008 Enabled by default Enabled by default Not applicable

 

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Upgrading Windows Server 2012 to 2016 Removes Time Server Role

If you’re using a Windows Server 2012 or 2012 R2 server as a Time Server for your organization, you’re better off just doing a clean installation of Windows Server 2016 instead of the in-place upgrade.

According to KB4051628

After you do an in-place upgrade on the computer to install Windows Server 2016 Version 1607, the computer is no longer advertised as a time server.

There’s actually a pretty easy fix. The upgrade simply doesn’t set a registry value during installation.

Per the same KB article:

Locate the following registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

Set the DWORD value of Enabled to 1.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

August Rollup Windows 8.1 and Windows Server 2012 R2 May Break NPS Authentication

If you glance at an update information page, you might miss something important.

In the known issues section of the Windows 8.1 and Windows Server 2012 R2 rollup for August 2017, you may have missed the following…

NPS authentication may break, and wireless clients may fail to connect.

Microsoft has provided the following workaround…

On the server, set the following DWORD registry key’s value to = 0: SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13\DisableEndEntityClientCertCheck


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows Server 2012 R2 Processor Generation Detection Reliability Update Available

Microsoft today has released a Processor Generation Detection fix for Windows Server 2012 R2. The update is only available through Windows Update as an optional update.

Details in KB article 4033428: Windows Server 2012 R2 processor generation detection reliability update: July 18, 2017

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

IT Pro Support: Managing Windows 10 GPO Issues Running on Windows Server 2012 R2

Microsoft has supplied a pretty comprehensive document that outlines the issues that can be observed when managing a Windows 10 Group Policy client in an environment running Windows Server 2012 R2.

KB4015786: Known issues managing a Windows 10 Group Policy client in Windows Server 2012 R2

The KB article provides a way to identify the changes in Group Policy settings between the different CBB’s of Windows 10. With Windows 10 Creators Update delivering on April 11, 2017, this KB becomes even more valuable.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

AVMA License Keys for Windows Server 2016

By Garth Jones

What are Automatic Virtual Machine Activation (AVMA) license keys? AVMA license keys are used to license virtual machines (VMs) hosted on Windows Server 2016 or 2012 R2. For more details about AVMA license keys see this article.

By using the AVMA feature, you can reduce your VM licensing costs as your VMs will be covered within the existing host servers’ licensing. See the licensing data sheet for more details.

AVMA License Keys for Windows Server 2016

The table above shows that you get unlimited VMs with Windows Server Datacenter Edition and two VMs for Standard Edition. In either case the AVMA license keys are what you should use to activate the VMs on the server.

What are the AVMA license keys that you should use? In Joseph’s blog post, Fun with AVMA, he lists the Windows 2012 R2 AVMA license keys, but what are the keys for Windows Server 2016 or any of the client operating systems (OS)? The answer to this question is listed below. You can see that there are keys for Windows 8.1, Windows 10, Windows Server 2012 R2 and Windows Server 2016.

With these AVMA license keys you should be able to create perfect test labs when using Windows Server 2016 Datacenter since it allows unlimited VMs. I use Windows Server 2016 Datacenter for my test lab for this very reason!

If you have any questions, please feel free to contact me at @GarthMJ.

Windows Server 2016

Windows Server 2016 Datacenter – TMJ3Y-NTRTM-FJYXT-T22BY-CWG3J

Windows Server 2016 Standard – C3RCX-M6NRP-6CXC9-TW2F2-4RHYD

Windows Server 2016 Essentials – B4YNW-62DX9-W8V6M-82649-MHBKQ

Windows 10

Windows 10 Enterprise – NPPR9-FWDCX-D2C8J-H872K-2YT43

Windows 10 Pro – VK7JG-NPHTM-C97JM-9MPGT-3V66T

Windows 10 Home – TX9XD-98N7V-6WMQ6-BX7FG-H8Q99

Windows 2012 R2

Windows Server 2012 R2 Datacenter – Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW

Windows Server 2012 R2 Standard – DBGBW-NPF86-BJVTX-K3WKJ-MTB6V

Windows Server 2012 R2 Essentials – K2XGM-NMBT3-2R6Q8-WF2FK-P36R2

Windows 8.1

Windows 8.1 Professional – GCRJD-8NW9H-F2CDX-CCM8D-9D6T9

Windows 8.1 Professional N – HMCNV-VVBFX-7HMBH-CTY9B-B4FXY

Windows 8.1 Enterprise – MHF9N-XY6XB-WVXMC-BTDCT-MKKG7

Windows 8.1 Enterprise N – TT4HM-HN7YT-62K67-RGRQJ-JFFXW

Sources: https://technet.microsoft.com/en-us/library/dn303421.aspx

http://blog.vttechnology.com/2014/02/keys-for-windows-server-2012-r2-avma.html

Microsoft Extends Support for Windows Server 2012

Due to the timing of the release of Windows Server 2016, Microsoft has extended support for the original release of Windows Server 2012. This means that all versions of Windows Server 2012 are now supported until October 10, 2023.

An official KB article is available to announce the change: Lifecycle dates extended for Windows Server 2012


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Notes from the Field: Converting Hyper-V Server to Windows Server

By Garth Jones

In a previous blog post I talked about Broadcom NIC issues that cropped-up when I upgraded a Hyper-V Server to Windows Server 2012 R2 Standard. In this blog post I’ll talk about the lessons I learned during the upgrade.

During the upgrade process I also needed to convert a pass-through disk to a VHDX file, adjust the RAID configuration, and convert the host to Windows Server 2012 R2 Standard. I decided to change the RAID configuration to RAID 1 for the host OS C:\ and RAID 5 to hold all the VHDX files on D:\. This was done to allow the maximum disk space without sacrificing performance on the VMs.

At a high level the following steps were performed.

1. Backed-up both VMs to a Network Attached Storage (NAS) device.

2. Created an iSCSI (Internet Small Computer System Interface) target that was bigger than the pass-through disk.

3. Installed Windows Server 2012 R2 Standard on the C:\ drive.

4. Attached the iSCSI target as T:\.

5. Used Hyper-V Manager to create a VHDX file; saved the file to T:\ using the pass-through disk as the source disk.

6. Validated that the VHDX file was created correctly.

7. Reconfigured 10 of the drives to a RAID 5 configuration.

8. Formatted and assigned the newly created drive as D:\.

9. Copied the original VHDX file to the new drive from the NAS device.

10. Copied the new VHDX file (pass-through disk) from the iSCSI target.

11. Created both VMs within Hyper-V Manager.

12. Removed the iSCSI target from the host server.

13. Tested the VMs to ensure they were working correctly.

14. Created new back-ups of both VMs to the NAS device, including the new VHDX file from the pass-through disk.

15. Kept the migrated VHDX file for approximately 14 days as a backup.

This plan may sound simple, but what did I learn?

· You can’t directly upgrade from Hyper-V 2012 Server to Windows Server 2012 R2 Standard. You must format the OS drive and start fresh.

· Even if you select a dynamically expanding VHDX file of 128 GB (default size) when you copy the pass-through disk to the VHDX file, it will take the original size of the pass-through disk.

· Converting from a pass-through disk to VHDX file is extremely slow! A 6TB drive took ~16 hours to convert.

· If you have a Broadcom NIC, regardless of which manufacturer (Dell, HP, etc.), you have to check your settings on the host server.

· Set aside at least a few days to complete this task!

If you have any questions, please feel free to contact me @GarthMJ.

Notes from the Field-Converting Hyper-V Server to Windows Server

Hyper-V Server Slow? Check Broadcom NIC KB

By Garth Jones

The first day after upgrading from Hyper-V 2012 Server to Windows Server 2012 R2 Standard with the Hyper-V role installed, I was in the office early, like any good administrator, making sure that there weren’t any issues.

Unfortunately, before I had a chance to look at my emails, a colleague told me that the server was slow. Specifically, file transfers were very slow.

What happened?

When the request to upgrade the server originally crossed my desk, I wanted to upgrade Hyper-V 2012 Server to Windows Server 2012 R2 Standard, but my research told me that you couldn’t do that.

I had to change my plan to format the hard drives and install Windows Server 2012 R2 Standard. The update was also complicated by the fact that the Hyper-V host server had a pass-through disk for one of the Virtual Machines (VMs). Since I needed to start over, I also decided to maximize the hard drive (HD) space at the same time because there was a weird configuration for 10 of the 12 HDs.

This blog post isn’t about how to upgrade from Hyper-V Server 2012 to Windows Server 2012 R2 Standard. Instead, it explains how I fixed the slow file transfers to the Virtual Machine.

By way of background, this server has two VMs; one Domain Controller (DC) and one SharePoint server, plus the host server itself.

I started troubleshooting by copying a 195 MB file from my admin workstation to the server. I was getting 2.5 MB/second. I then copied the same file to the SharePoint server. I was getting 5 MB/second. I checked the setting for both VMs and I noticed that they shared the same physical NIC. Since this server has 4 NICs, I assigned each VM its own dedicated NIC. I then mapped one of the remaining NICs to the host server itself.

I re-did the same test, but the results were more or less the same. Next, I copied the file to the host server and it was so fast that the copy was done before any performance data could be displayed!

The test files were copied to the exact same drive, so disk I/O was clearly not the problem. It also meant that the physical network between my desktop and the server wasn’t the problem.

I did some more research and found that Dell has a KB that lists a known issue with Broadcom NIC. Even though I was working on an HP Enterprise server, also with a Broadcom NIC, I tried the suggestion within the KB. Within seconds my file transfers to the VMs mimicked what I could get to the host server. Problem solved.

If you have any questions, please feel free to contact me @GarthMJ.

Hyper-V Server Slow-Check Broadcom NIC KB

More RAM Space Needed for VMs with Windows Server 2012 R2

By Garth Jones

Recently, I built a number of Virtual Machines (VMs) and every time I created a new VM, I attached Windows Server 2012 R2 x64 with Update ISO. After the update was attached, I booted the VM and then always got the following error message:

Error 0xc0000017: There isn’t enough memory available to create a ramdisk device.

More RAM Space Needed for VMs with Windows Server 2012 R2-Error Message

The first time I read this screen, I shook my head and said, “Impossible! The VM has 512 MB of RAM.” It’s always worked before, so I even restarted the VM to confirm that it had 512 MB of RAM. However, after a bit of investigation, it turns out that the latest version of the ISO requires more RAM. Fortunately, there is a simple fix! In the Startup RAM field, change 512 MB to 1024 MB.

More RAM Space Needed for VMs with Windows Server 2012 R2-Startup RAM Field 

I wish there was an update to Windows Server 2012 R2 in order to set the default to 1024 MB instead of falling into this “trap” each time I create a new VM.

KB3159706 is the Update that Enables Windows 10 Feature Updates for WSUS

In the patching communities this question comes up quite a bit, so its worth having it recorded so its easy to find.

Q: Which update is the one I need to apply to enable WSUS to deploy Feature Updates for Windows 10?

A: KB3159706You must install this update on any WSUS server that is intended to sync and distribute Windows 10 upgrades (and feature updates) that are released after May 1, 2016. Without this update applied to Windows Server 2012 or Windows Server 2012 R2, WSUS 4.0 will only be able to deploy quality updates. The actual update enables ESD decryption provision in WSUS in Windows Server 2012 and Windows Server 2012 R2.

NOTE: This update is only for those running Windows Server 2012 or Windows Server 2012 R2. WSUS 4.0 running on Windows Server 2016 already contains the extra capability.


Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections