Windows 8, the TPM Module and Bitlocker

Ok ok… I already know about the basic problem that only a couple of companys have a direct Access to the tpm module and the secret keys.

at the 30C3 in Hamburg I saw the talk ok Dr. Prof. Rüdiger Weis – Kryptographie nach Snowden which gave me a good reason to think how safe it is to stay on Windows Systems.

To get it clear… I mistrust every Company doing security stuff for Money.
It doesn’t matter to me  how big or small a Company is.
What we definitely know after the leaks of Edward Snowden is, that everything is possible and tried to get in by Security Agencys all over the world.

But there is a Problem… Windows is still pretty strong on Desktops and Notebooks so what ever we do as “more professional users”, we have to stay close and give Microsoft a reason to do the best in security for all users who are working with Windows.

So hey… If you ever have the Chance to speak with Microsoft employees or MVPs or who ever. Declare your Position to get the most secure System you’ll can get.

For me I’m start re-thinking about using a Linux System as well as my Win/OSXes.

For security reasons… seriously.

Time Sync – Hyper-V and virtual environments in general

As Ben Armstrong wrote a couple of years ago “There is a lot of confusion about how time synchronization works in Hyper-V” …

To demystify that and get the things clear, he wrote an artcile which was updated  frequently.
This stuff is very useful to know and to avoid any troubles. It’s a Kind of Basic knowledge and understanding.
Read it soon If you already missed it. 😉

http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/11/19/time-synchronization-in-hyper-v.aspx

Hyper-V Replica Broker – Cluster Replication

In some cases it’s good to replicate a virtual machine in and outside a clustered system.
I tried this the very first time but after setting up the replication broker role in the failover cluster manager I got an error.

After researching a while whats going on I got a solution.
The Cluster Role couldn’t write a computer object.
Usually you set up an OU where the Hyper-V Servers belongs to and there is the Cluster Role (actually a computer account created during the installation) as well.
Anyway…

The Cluster (machine account) has to get writable access to this OU and after that… The Replica Broker is working. 🙂

More informations about that:

 

http://kristiannese.blogspot.de/2013/01/hyper-v-replica-broker-cluster-network.html

vPro/AMT and Direct Access issue

On my testing lab I ran into a problem as I tried to get vPro access remotely via Direct Access based on Server 2012 R2.
It turned out that there is a problem if I used the virtual network of the Direct Access Server on the same port as the built in network port.

What happend?

I couldn’t get access to the vPro interface on the Hyper-V Host where the DA Server is running as virtual machine.
Reasearching the problem I could see If I’m switching to another vNet on an other port on the same Host the vpro webinterface appears.

In best practise the Host System shouldn’t communicate during the same network port as the virtual machines anyway but with limited ressources I ignored that.
The vPro/AMT Stuff works on a shared base with the first network port on Intels Q Chipsets.
I could reproduce this with a Q77M chip and Intel 82579LM and a Q87M with I217LM as well.

Some smaller or older servers have these kind of shared remote ports as well but in most cases the remote port is independent (HPs iLO is mostly a 100Mbit port for example).

Server 2012 R2 – my personal favourite features

The Preview is still out there and the first impressions were made.
Since R2 hits the TechNet i’m on my way to explore more and more stuff I really like.

  • Tiered Storage Spaces
  • incredible fast (Windows) updates
  • dedup for CSVs
  • shared virtual disks (makes it a lot easier to build Cluster in a Cluster Environments –> guest clustering)
  • online VHDX resizing (Gen2 only)

But there are some Points missing.

A graphical view of hot spots on dedup’d File Servers or something to see what kind of data can dedup’d pretty well and what kind doesn’t.
Quick upgrade/migrations paths for existing Gen1 Hyper-V machines to Gen2.

 

DPM 2012 SP1 Update Rollup 3–Issues

A couple of weeks ago the CU3 for DPM 2012 SP1 cracked something in the SQL Database of one of my DPM Servers.
The Microsoft Support scheduled my case very quickly and resolved the problem within half an hour.

Now after one week CU3 re-release it seems the situation is cleared and everything is fine.

 

Important Update on DPM 2012 SP1 Update Rollup 3–Issues and Workarounds (Update: UR3 has been re-released)

DFS Replication between Domain Controllers stopped – dirty shutdown

The replication between Domain Controllers is essential and I’m always looking for any troubles.
Some of my testing machines getting often the dreaded Event ID 2213 which means one ore more domain controllers were shutted down “dirty” or have some other troubles related to the DFSR Jet Database. Maybe your hard disk is defect.

The DFS Replication service stopped replication on volume %2.

This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.

Additional Information:

Volume: %2

GUID: %1
If there are only a couple of ADCs and you don’t have so many changes within the AD and the policies, the quick solution would be reenabling the replication.
First there is a registry setting you can set back to zero.

HKLM\System\CurrentControlSet\Services\DFSR\Parameters\StopReplicationOnAutoRecovery = 1

And after that resume replication with the command described in the Event ID log.

Wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid=”<GUID>” call ResumeReplication

Server 2012 R2 Preview – Installation error

Especially during in place upgrades I ran several times into installation errors.

“Windows installation encountered an unkown error and cannot continue.”

The reason at the moment seems to be the (177kb) update the setup assistant is recommending.
If you leave the option unchecked the installation will run through.

1.2012-to-R2-error 2.2012-to-R2-error 3.2012-to-R2-error 4.2012-to-R2-error

I ran also into errors during a normal setup on a blank disc with the same error but couldn’t get a hint why.
Maybe it was a corrupt iso image.

 

daily download tasks – wget for windows

Sometimes If you have to get software frequently new it’s good to automatize the procerede.

In my case my collegues wanna get every day stuff like ComboFix directly in to a workspace folder. (ComboFix AV tool – after a couple of days  it says it’s to old and you have to download a fresh, new version)

Download wget for windows and put it where ever you want it.

write a cmd with

del x:\Antivirus\Combofix\combofix*.exe

c:\winwget\wget\wget.exe “http://download.bleepingcomputer.com/sUBs/ComboFix.exe” -P “x:\Antivirus\Combofix” -c
ren x:\Antivirensoftware\Combofix\ComboFix.exe combofix.%date%.exe

 

and set a daily task with the task scheduler …

First row deletes the old version and the second will download the new version.
This is a pretty simple way without special permissions at the download source but you’ll figure it out if you have to. 😉