Happy New Year … Not!
With the New Year comes a new class of malicious attack that can impact IT systems. This time, the attack is hardware based, affecting mostly Intel based systems, and to some extent, AMD systems as well.
Here is a list of resources that highlight what it is all about and how to mitigate against this new threat. In the words of Microsoft, “Don’t panic.”
If you are running Windows Server 2012 R2, and have Windows 10 Clients that will soon update to the Windows 10 Anniversary update, you should review the following links.
Susan Bradley’s blog on the manual steps required – http://blogs.msmvps.com/bradley/2016/08/11/windows-10-anniversary-update-and-essentials-r2/
Robert Pearman’s blog with some Powershell fixes – https://windowsserveressentials.com/2016/08/05/july-update-rollup-kb3172614-and-windows-10/
Reinstalling he Essentials Client Connector – Cannot download the package. Check these out – https://windowsserveressentials.com/2016/08/08/cannot-download-the-package-essentials-2012-r2/ and https://www.microsoft.com/en-us/download/details.aspx?id=40285
I recently had to set up a Hyper-V server in a very small environment using an Intel NUC PC. The system installed well, but the LAN drivers would not install. Using information from the following two websites (https://jayrbarrios.com/2014/11/19/intel-nuc-d54250wykh-installing-lan-driver-on-windows-hyper-v-server-2012-r2/ and https://foxdeploy.com/2013/09/12/hacking-an-intel-network-card-to-work-on-server-2012-r2/), I was able to install the LAN driver properly.
- Download the latest driver for the NUC for the Windows 8.1 operating system. The file should be called LAN_Win8.1_64_nn.exe
- Extract the installer using WinRAR to the C:\TEMP folder.
- Go to the following folder C:\TEMP\PRO1000\Winx64\NDIS64 and open e1d64x64.inf in Notepad
Remove the highlighted 3 lines.
Copy the following 3 lines
Scroll down to the next section and past them here
- Save the inf file.
Run the following 3 commands from an Administrative command prompt.
- bcdedit /set LOADOPTIONS DISABLE_INTEGRITY_CHECKS
- bcdedit /set TESTSIGNING ON
- bcdedit /set nointegritychecks ON
- Reboot the server
Install the driver from an Administrative command prompt
C:> pnputil -I -a C:\TEMP\PRO1000\Winx64\NDIS64\e1d64x64.inf
Click Install this driver anyway when prompted
The following messages should be shown.
Processing inf : e1d64x64.inf
Successfully installed the driver on a device on the system.
Driver package added successfully…..
Run the following 3 commands from an Administrative command prompt.
- bcdedit /set LOADOPTIONS ENABLE_INTEGRITY_CHECKS
- bcdedit /set TESTSIGNING OFF
- bcdedit /set nointegritychecks OFF
- Reboot the server and check that the driver has install properly.
Today, MIcrosoft announced the availability of a single update rollup package for Windows 7 SP1 and Windows Server 2008 R2. Some details for the rollup are as follows:
- All security and non-security fixes since the release up to April 2016.
- One installation package.
- Optional install – not offered via Windows Update.
- Monthly rollups after April 2016.
- Security bulletins will continue to link to a direct update.
- For Windows 8.1, Windows Server 2012, and WIndows Server 2012 R2, there will be monthly rollup updates.
Thanks, Microsoft, for listening!
To get the rollups, you need Internet Explorer 6 or higher (not Edge – since this is not an update package for Windows 10). Get the updates here – http://catalog.update.microsoft.com/v7/site/Search.aspx?q=3125574
At this stage, other browsers are not supported, although Microsoft have hinted that the site will be updated in the next few months.
One of the most popular posts on this blog has been the blog on setting up an Internal SMTP Service for SMBs that need to send server reports and support emailing from Internal devices that have move to cloud based email services.
One of the issues with this service is that is occasionally stops. There does not appear to be any reason why it stops, but it does. Restarting the SMTPSVS service does not restart the service, because it is based on IIS6.
Good news! You can use powershell to script the restart of this service.
Open an Administrative PowerShell window.
To Start the SMTP Virtual Server, type the following:
$SMTP.ServerState = 2
To Stop the SMTP Virtual Server, type the following:
$SMTP.ServerState = 4
A hotfix is available for systems broken by the MS15-010 (security update for Windows kernel mode driver: February 10, 2015) update.
When trying to restore files or folders on a client that is connected to the Windows Server 2012 or 2012R2 Essentials server from the dashboard, the following error occurs.
A hotfix for this is now available here – https://support.microsoft.com/en-us/kb/3045682
You can read up more information on this issue here – http://blogs.technet.com/b/sbs/archive/2015/03/13/the-ms15-10-security-update-for-windows-server-2012-r2-essentials-and-the-client-restore-functionality.aspx
I spoke with Robert Crane from CIAOPS – Need to Know podcasts on the options that are available to small businesses in creating a cost effective hybrid IT solution.
Listen to the podcast here – http://ciaops.podbean.com/e/episode-78-boon-tee/
Microsoft have now made it possible to protect your Virtual Machines running on a Hyper-V server with Windows Server 2012 R2 by replicating them to Azure. In the past, this was only available for larger organizations that had access to System Center Virtual Machine Manager. Now, SMBs can take advantage of this service out of the box from Hyper-V without the need to purchase the SCVMM components.
Here is the link to the documentation on how to set this up – http://azure.microsoft.com/en-us/documentation/articles/hyper-v-recovery-manager-hypervsite/
Microsoft has just released version 3 of their Virtual Machine Converter (MVMC). This is a standalone tool that will covert virtual machines, hosts and physical machines to Hyper-V.
The new features of MVMC 3.0 include:
- Converts virtual disks that are attached to a VMware virtual machine to virtual hard disks (VHDs) that can be uploaded to Microsoft Azure.
- Provides native Windows PowerShell capability that enables scripting and integration into IT automation workflows.
- Note The command-line interface (CLI) in MVMC 1.0 has been replaced by Windows PowerShell in MVMC 2.0.
- Supports conversion and provisioning of Linux-based guest operating systems from VMware hosts to Hyper-V hosts.
- Supports conversion of offline virtual machines.
- Supports the new virtual hard disk format (VHDX) when converting and provisioning in Hyper-V in Windows Server® 2012 R2 and Windows Server 2012.
- Supports conversion of virtual machines from VMware vSphere 5.5, VMware vSphere 5.1, and VMware vSphere 4.1 hosts Hyper-V virtual machines.
- Supports Windows Server® 2012 R2, Windows Server® 2012, and Windows® 8 as guest operating systems that you can select for conversion.
- Converts and deploys virtual machines from VMware hosts to Hyper-V hosts on any of the following operating systems:
-Windows Server® 2012 R2
-Windows Server® 2012
-Windows Server 2008 R2 SP1
- Converts VMware virtual machines, virtual disks, and configurations for memory, virtual processor, and other virtual computing resources from the source to Hyper-V.
- Adds virtual network interface cards (NICs) to the converted virtual machine on Hyper-V.
- Supports conversion of virtual machines from VMware vSphere 5.5, VMware vSphere 5.0, and VMware vSphere 4.1 hosts to Hyper-V.
- Has a wizard-driven GUI, which simplifies performing virtual machine conversions.
- Uninstalls VMware Tools before online conversion (online only) to provide a clean way to migrate VMware-based virtual machines to Hyper-V.
- Important MVMC takes a snapshot of the virtual machine that you are converting before you uninstall VMware Tools, and then shuts down the source machine to preserve state during conversion. The virtual machine is restored to its previous state after the source disks that are attached to the virtual machine are successfully copied to the machine where the conversion process is run. At that point, the source machine in VMware can be turned on, if required.
- Important MVMC does not uninstall VMware Tools in an offline conversion. Instead, it disables VMware services, drivers, and programs only for Windows Server guest operating systems. For file conversions with Linux guest operating systems, VMware Tools are not disabled or uninstalled. We highly recommend that you manually uninstall VMware Tools when you convert an offline virtual machine.
- Supports Windows Server and Linux guest operating system conversion. For more details, see the section “Supported Configurations for Virtual Machine Conversion” in this guide.
- Includes Windows PowerShell capability for offline conversions of VMware-based virtual hard disks (VMDK) to a Hyper-V–based virtual hard disk file format (.vhd file).
You can download the tool here – http://www.microsoft.com/en-us/download/details.aspx?id=42497
Microsoft Azure have announced the general availability of Azure Site Recovery services. The announcement by Abhishek Hemrajani is as follows.
“I am excited to announce the GA of the Disaster Recovery to Azure using Azure Site Recovery. In addition to enabling replication to and recovery in Microsoft Azure, ASR enables automated protection of VMs, remote health monitoring, no-impact recovery plan testing, and single click orchestrated recovery – all backed by an enterprise-grade SLA.
The DR to Azure functionality in ASR builds on top of System Center Virtual Machine Manager, Windows Server Hyper-V Replica, and Microsoft Azure to ensure that our customers can leverage existing IT investments while still helping them optimize precious CAPEX and OPEX spent in building and managing secondary datacenter sites.
The GA release also brings significant additions to the already expansive list of ASR’s DR to Azure features:
- NEW ASR Recovery Plans and Azure Automation integrate to offer robust and simplified one-click orchestration of your DR plans
- NEW Track Initial Replication Progress as virtual machine data gets replicated to a customer-owned and managed geo-redundant Azure Storage account. This new feature is also available when configuring DR between on-premises private clouds across enterprise sites
- NEW Simplified Setup and Registration streamlines the DR setup by removing the complexity of generating certificates and integrity keys needed to register your on-premises System Center Virtual Machine Manager server with your Site Recovery vault”
The following scenarios are supported.
Costing can be found here – http://azure.microsoft.com/en-us/pricing/details/site-recovery/
You can read more from the blog post here – http://azure.microsoft.com/blog/2014/10/02/disaster-recovery-to-azure-using-azure-site-recovery-is-now-ga/