Category Archives: News

Windows 10 and SBS/Essentials platforms

Be aware that at this time Windows 10 will need a connector update in order to connect to/be backed up by Essentials 2012 r2

http://blogs.technet.com/b/sbs/archive/2015/07/23/client-connector-availability-with-windows-home-server-small-business-server-and-windows-server-essentials-for-supported-client-os.aspx

I have Windows 10 installed behind SBS 2011 and there’s a few tweaks that need to be done that aren’t listed there

1. Windows 10 RDP group policy

The default Group policy rule on the server allowing RDP/RWA access needs to have an additional rule set to work with Windows 10 (also this is needed for 8.1 as well).

Instead of merely having a firewall rule for RDP, you need a firewall rule for RDP- user mode both the TCP-in rule and the UDP-in rule.

rdoub

2. Don’t want your Windows 10 to list like they are Vista machines on SBS 2011’s WSUS? Then follow Robert’s post:

http://titlerequired.com/2015/07/22/windows-10-on-wsus-shows-as-windows-vista/

WSUS already has Windows 10 categories up there ready and waiting for you.

As far as where to get media/how to get media, be aware that behind a domain the Windows 10 reservation icon thing is blocked. But not to worry you don’t NEED it. Just manually go to Microsoft update after 7/29 to pull it down or look for more info on means to get it after 7/29.

If you want to TOTALLY block the ability for folks to manually install it from MU

How to manage Windows 10 notification and upgrade options:
https://support.microsoft.com/en-us/kb/3080351
To configure this Group Policy Object by using Group Policy, the following conditions apply:

  • The appropriate update must be installed.
  • You must use the updated WindowsUpdate.admx file by copying the file from the editing policy location.
Computer Configuration

To block the upgrade by using Computer Configuration, follow these steps:

  1. Click Computer Configuration.
  2. Click Policies.
  3. Click Administrative Templates.
  4. Click Windows Components.
  5. Click Windows Update.
  6. Double-click Turn off the upgrade to the latest version of Windows through Windows Update.
  7. Click Enable.

Policy path: Computer Configuration / Administrative Templates / Windows Components / Windows Update Policy
Setting: Turn off the upgrade to the latest version of Windows through Windows Update

Windows registry

Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To suppress this offer through the registry, set the following registry value:

Subkey: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DWORD value: DisableOSUpgrade = 1

And finally

Single number with 8 digits error code received early on in the process:

Suggests that it’s a Windows update issue. (Example 0x800700)

Troubleshoot with KB956702

https://support.microsoft.com/en-us/kb/956702

Common root causes:

WU components not functioning properly

Internet connection issue

Malware

 

Two part error number:

Example: 0xc1900101 – 0x2000c and 0xc1900101 – 0x30018

The first part tells you what happened, the second part tells you where.

If the second code starts with 1 or 2 the error occurred during the Downlevel or WinPE/Safe OS setup phases.

If the second code starts with 3 or 4, the error occurred during the first or second boot.

 

Code 1 or 2:

Check compatibility of the PC with the manufacturer

Remove security and system utility software

Check integrity of download of ISO and recreate if necessary

Common root causes:

System partition out of space

Damaged installation source files

Incompatible security or utility software

Firmware compatibility or security setting issue

Non standard boot configuration

 

Code 3 or 4:

Errors in this section are difficult to diagnose to a root cause particularly when they end with 17 or 18. These are often driver errors. Issues in this category may be caused by other software or hardware issues.

Disconnect all non-essential hardware

Update drivers for remaining hardware

Install all available Windows updates

Common root causes:

Incompatible device or driver

Incompatible security or utility software

Issue with the user profiles during migration of data

 

More resources:

How to: Troubleshoot common Setup and Stop Errors during Windows – Microsoft Community:

http://answers.microsoft.com/en-us/insider/wiki/insider_wintp-insider_install/how-to-troubleshoot-common-setup-and-stop-errors/324d5a5f-d658-456c-bb82-b1201f735683 Windows 10 system requirements: http://www.zdnet.com/article/windows-10-will-your-pc-run-it/

  • Processor: 1 gigahertz (GHz) or faster
  • RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)
  • Free hard disk space: 16 GB
  • Graphics card: Microsoft DirectX 9 graphics device with WDDM driver
  • A Microsoft account and Internet access


The fail of support

http://www.businessinsider.com/microsoft-ceo-satya-nadella-responded-to-azure-support-cry-from-tiny-startup-2015-7#

So some are saying how cool this is that Satya Nadella stepped up and helped to support this customer.  I see this as a failure of support and I’m guessing that it’s a failure of forum support.  With Azure you have to purchase a support case or you post into the MSDN forum.

http://azure.microsoft.com/en-us/support/plans/
http://azure.microsoft.com/en-us/support/forums/

Bottom line it never should have taken an email to the top.  This should have been totally handled by support.  But I’m not convinced that the customer opened an Azure support case because in my experience with IT pro cases, they call you back and want to work on it as they have a mandate to work on it or close it.  I’m guessing this was forum support where there’s no guarantee of any sort of response time.

 

Helping out Mrs. Essentials

Many of you know Robert (Mr. Essentials) Pearman as the key person who blogs about Essentials topics – more so than I do these days honestly.

http://titlerequired.com/

If you’ve never been to his site for his Essentials content, you should book mark it.

But that’s not what this post is about, it’s about helping his better half.  You know…. his wife!  She’s got an admirable goal to get a Masters as well as everything else she has to do like raising two cute daughters and ….uh, well… like putting up with Mr. Essentials I’m sure.  😉  Seriously I think it’s a wonderful goal so if you feel like I do, please consider helping out to fund her education.

So check out her gofundme page!

Gary passes along a PSA

Gary passes along this info…

“I didn’t see this here, and your blog is usually the first place I look for “SBS” (er.. essentials now) information:

Samsung 850 EVO SSD drives do NOT get along well with Windows 2012 R2.  In an essentials server, they’ll produce 100% crashes, and in any other 2012 R2 server, they’ll produce crashes any time the write cache is turned off (which happens when a server is promoted to a DC — which happens 100% of the time for Essentials.)

Sadly, nothing about the crashes leads a person to believe that it’s the SSD drive, but it has been narrowed down by several people.

There’s quite a bit of information once you know what to search for.  Isn’t that always the case?

Here’s some links:

This guy had the problem, even though it wasn’t narrowed down:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/ebc71806-37ab-49c4-9218-9964b30d958a/0xc000021a-during-server-2012-r2-essentials-setup?forum=winserveressentials

This one narrows it down:
http://community.spiceworks.com/topic/869314-warning-do-not-use-samsung-850-evo-ssd-with-windows-server-2012-r2

Here’s the one that generated my own “ah, ha!” moment:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/81c6d52f-578c-44c8-a6ec-18c03a818295/cant-promote-server-2012-r2-to-domain-controller-get-error-0xc000021a?forum=winserverDS

Patching Exchange

When updating Exchange servers remember that since 2010 era they no longer automatically MU down.

To know what the latest and greatest is – check out this post:

http://blogs.technet.com/b/rmilne/archive/2013/10/29/how-to-check-exchange-2010-ru-version.aspx

For an oneoff clicking on help-about is probably the easiest.

Then compare it to this list here:  https://technet.microsoft.com/library/hh135098.aspx?f=255&MSPPError=-2147217396

Then keep in mind for Exchange 2010 if you do any PCI/TLS tweaking that you need to be on  update rollup 9 as noted here:

SMTP is not transported over TLS 1.1 or TLS 1.2 protocol in an Exchange Server 2010 environment:
https://support.microsoft.com/en-us/kb/3029667

Following up on MS15-010 side effects

Just to follow up on a few updates:  The hotfix for this issue is now out and we’re still pushing for this to be on Microsoft update:  http://blogs.technet.com/b/sbs/archive/2015/03/13/the-ms15-10-security-update-for-windows-server-2012-r2-essentials-and-the-client-restore-functionality.aspx

If you have a 2012 R2 (and only 2012 R2 Essentials is impacted) you’ll need to install this hotfix on all workstations to use the console to restore files.

You cannot restore files and folders from Server Essentials Backup on a Windows-based computer after installing MS15-010
https://support.microsoft.com/en-us/kb/3045682

Want to block the Windows 10 upgrade icon?

Looking to block the Windows 10 upgrade icon from the system tray?

 

Remove windows 10 upgrade icon from sys. tray – Spiceworks:
http://community.spiceworks.com/topic/983148-remove-windows-10-upgrade-icon-from-sys-tray

1, Run the following command

taskkill /f /im GWX.exe /T

This will take about 30 seconds to close it

2. Copy the following into notepad and save it as Disable.reg (ensure the file ending is .reg)

———————————–

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\GWX\shell\open\command]

[-HKEY_CLASSES_ROOT\ms-gwx\shell\open\command]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GWX\shell\open\command]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ms-gwx\shell\open\command]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{18abebc9-83ec-435f-8f15-6d1e9187c999}]

————————————————

Run the Disable.reg file and restart the computer.

Want to get it back? Do the same only copy this and save it as Enable.reg

—————————————————

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\GWX\shell\open\command]

@=”C:\\Windows\\System32\\GWX\\GWX.exe %1″

[HKEY_CLASSES_ROOT\ms-gwx\shell\open\command]

@=”C:\\Windows\\System32\\GWX\\GWX.exe %1″

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GWX\shell\open\command]

@=”C:\\Windows\\System32\\GWX\\GWX.exe %1″

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ms-gwx\shell\open\command]

@=”C:\\Windows\\System32\\GWX\\GWX.exe %1″

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{18abebc9-83ec-435f-8f15-6d1e9187c999}]

@=”Microsoft-Windows-GWX-Ins”

“ResourceFileName”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\

00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\

5c,00,47,00,57,00,58,00,5c,00,47,00,57,00,58,00,2e,00,65,00,78,00,65,00,00,\

00

“MessageFileName”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\

6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\

00,47,00,57,00,58,00,5c,00,47,00,57,00,58,00,2e,00,65,00,78,00,65,00,00,00

“Enabled”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{18abebc9-83ec-435f-8f15-6d1e9187c999}\ChannelReferences]

“Count”=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{18abebc9-83ec-435f-8f15-6d1e9187c999}\ChannelReferences]

@=”Microsoft-Windows-GWX-Ins/Operational”

“Id”=dword:00000010

“Flags”=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{18abebc9-83ec-435f-8f15-6d1e9187c999}\ChannelReferences\1]

@=”Microsoft-Windows-GWX-Ins/Debug”

“Id”=dword:00000011

“Flags”=dword:00000000

Essentials update on MU

Update to remove duplicate descriptions for Office 365 integration in Windows Server 2012 R2 Essentials:

https://support.microsoft.com/en-us/kb/3019270

 

Be aware this is another update for Essentials that “This update removes unnecessary descriptions, and updates Office 365 integration links in the Integrate with Microsoft Office 365 wizard.”

Tracking issues with Essentials

Be aware of issues that have been resolved:

Bug with PowerBI module:

http://blogs.technet.com/b/sbs/archive/2015/05/18/subscribing-to-microsoft-power-bi-breaks-through-the-official-office-365-integration-in-windows-server-essentials.aspx

If you have subscribed to the PowerBI it will break Office 365 integration – see Resolution (Updated on 05/18/2015): The fix for this issue has been included with the following hotfix released for RMS Subscription issue:

Install the following hotfix on the server:

https://support.microsoft.com/en-us/kb/3055778

Bug in Restore console on client side

http://blogs.technet.com/b/sbs/archive/2015/03/13/the-ms15-10-security-update-for-windows-server-2012-r2-essentials-and-the-client-restore-functionality.aspx

If you have Windows 7 and 8 (RTM only NOT 8.1) the bug in the restore console can be fixed with the hotfixes from https://support.microsoft.com/en-us/kb/3045682

 

Issues that have NOT been resolved:

We are still awaiting a hotfix for Windows 8.1 clients with respect to the restore console. ETA is expected to be June.

A little rain, a little thunder, a little power outtage

IMG_1982While the MVP virtual conference was going on, California had a rain storm… and I had thunder,  and a power outage, smack dab in the middle of the Windows update session.

So fortunately I happened to have my laptop next to me and it has an AT&T cellular connection.  I fired up the connection, plugged in the headset and was back online in hopefully not too long of a delay.  But then the fun started.  Because my voip phone system was on battery backup it started ringing.

Look for the recorded session to be posted up to channel 9 and in the meantime Amy (who was wonderful as moderator) will be posting up the decks on www.thirdtier.net/blog site.

My favorite session was the one I did with Lawrence Abrams of bleepingcomputer.com on Ransomware.  He did a wonderful job and I was really pleased how that session went.