SMB 1 no longer installed by default in Win 10 1710

https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows-10-rs3-and-windows-server

As per the link above, SMB 1 will no longer be installed by default in Win 10 1710 (which, given the release date, I’m guess that’s what it will be called among techs, rather than the exceedingly shitty “fall creators update” name  – because calling two different versions “creators update” is logical) or the next version of Server 2016 (whatever that ends up being called).

Considering the recent-ish SMB1 targeted attacks, this isn’t surprising – and is a good move in my opinion. Issue is of course, the companies likely to hit by SMB1 (or other old-school attacks) are likely to not be up to date with their patching and even less likely to be up to date with OS versions – so it wont help secure the more vulnerable networks out there….

 

 

Licensing mode for the Remote Desktop Session Host is not configured

Had a situation recently when building a 2012 R2 RDS farm that the message

“Licensing mode for the Remote Desktop Session Host is not configured

kept appearing, even though the licensing server was activated etc. and the server was configured to use it.

Thankfully, this site had the answer

http://www.tbngconsulting.com/blog/bid/404182/Licensing-mode-for-the-Remote-Desktop-Session-Host-is-not-configured

$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj. SetSpecifiedLicenseServerList(“licserver.domain.local”)

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core\LicensingMode
Change the DWORD to 2 for Per Device or 4 for Per User

 

Update 6/09/2016

An employee mentioned to me that setting the license server and licensing mode via group policy also seems to get around this bug

Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host

 

XP/2003 clients cannot run logon scripts from 2012 R2 U1 servers

Recently we had a client who diligently updated their 2012 R2 DC’s to U1 as part of their normal patching cycle – and found afterwards that their 2003 servers were experiencing some “odd” behaviour.

After having a look, sure enough, networking was fine, RPC was fine, all services were fine, but when trying to connect to netlogon, the error: “The specified network name is no longer available” was thrown.

A short amount of searching later, turned up this article:
http://workinghardinit.wordpress.com/2014/04/25/windows-xp-clients-cannot-execute-logon-scripts-against-a-windows-server-2012-r2-domain-controller-workaround/

Our experience of the issue was slightly different – in that it did not occur when the 2012 R2 DC’s were first upgraded, only when U1 was applied, in addition, the 2003 clients could connect to the file server which was running 2012 R2 (not u1) without any issues, but had trouble to any file shares on 2012 R2 u1 servers. It is also worth noting that all of these servers had been upgraded from 2008 R2/2012 – none were fresh builds.

The registry change documented in the article worked and all was good with the world. In this instance, the client only had a small number of servers still running 2003 – and this has given them a bit of a hurry up to sort out the apps on these servers.

*edit 24/11/2015 * – The original article seems to have become unavailable… so the changes are:

  • Install the feature “SMB 1.0/CIFS file sharing support”
  • Navigate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer
  • Edit DependOnService and change
  • SamSS Srv2
  • to
  • SamSS Srv Srv2
  • Restart

Windows 2012 deduplication – turning it off (completely) and recovering your space!

A while back i wrote a post about data deduplication in 2012…. generally a very good feature, but as that specific post talked about, there was a collection of .iso and compressed data where not only did dedup not save me anything, it actually used up more space in the dedup folder than the orginal data size (which i found a little odd)

Today i got around to doing something about this and found

  • Disabling data deduplication (via GUI or powershell) only stops further deduplication from occuring – but data that has already been deduplicated will remain deduplicated
  • In order to “move” (re-hydrate ?) the data back to the original files and out of the deduplication store, use the powershell command start-dedupjob -Volume <VolumeLetter> -Type Unoptimization
  • You can check the status on where this is at by using get-dedupjob, or, i like using TreeSize which shows the size on disk of specific files…. including the deduplication chunks
  • At this stage – i noticed the original files getting bigger, but the dedup store (and the chunks within it) have not decreased at all…. “maybe theres another command for this ?” i thought….
  • There were two additional job types available, “garbageCollection” and “scrubbing”.  Unfortunately the powershell help nor the technet documentation actually state what either of these do! After a bit of searching, i found this page http://www.infotechguyz.com/WindowsServer2012/DedupandWindowsServer2012.html which specifies that GarbageCollection will find and remove unreferenced chunks and scrubbing will perform an integrity check…. so with this knowledge i then ran
  • start-dedupjob -Volume <VolumeLetter> -Type GarbageCollection only to find that this command can only be run when dedup is enabled!
  • In order to get around this, i re-enabled dedup, but excluded all folders on the drive, i also removed all the schedules/background optimisation settings…. then re-ran the command
  • Ininitally the size of the dedup folder increased by approx 100mb (keep in mind the dedup folder a thtis stage was 2.2TB), but soon the get-dedupjob status seemed to stop at 50% and the size of the dedup folder started coming down, quite quickly in 1GB chunks (the chunks seem to be a max of 1GB)
  • Once this completed (it took a while) – i disabled dedup again and all was good

Just to be clear, 2012 deduplication is still a good technology – and i use it elsewhere with great results – just every now and again, you will run into a dataset which it just does not agree with…. and disbaling it completely just isn’t intuitive…. (and yes, all this probably could have been avoided by running the dedup estimator tool – but then i wouldnt have learnt stuff – so theres no fun in that!) hence why I thought it would write the above…. hope it helps someone.

2012 deduplication savings

So now that 2012 has been out for a while… im starting to see a bit more detail on certains features… in this case file de-duplication.

I applied file deduplication to a drive we use called our “SOE” drive, which contains all the MS products, pre-prepared packages for SCCM, VHD (and vhdx) libraries etc…. a reported dedup hit rate of 42%, but on the folder, showing 8.5GB on disk out of 357GB in the folder – quite impressive…. but also not 42%, so where’s the gap?

So, when i ran out of NAS space, i purchased a stand-alone 3TB drive in a server – for storage of “less important” data, that has already been compressed using a combination of 7zip and rar…

As deduplication doesnt work on compressed files, i started decompressing – to see which is better, compression or deduplication. (I realise this depends on file types etc, but this data was a mix of iso’s, documents, executables etc)

I had used approx 2.2TB out of 2.72TB available while the files were compressed.

Once many of the folders were decompressed, i was, according to the properties of the folder, storing 2.16TB of data and only using 151mb on disk….. thats quite impressive, but the properties of the disk told a different story – 7oGB free….

so where has all the space gone?

Utilising one of my favourite tools – treesize by jam software, i had a quick look…. under “System volume informationDeDup” there was now 2.6TB of data… thats right, the dedup folder was larger than the original data itself!

Going back to my SOE drive, i discovered the deup folder was 208GB…. so my real “saving” on the SOE drive was only around the 148GB mark, not the 340-ish Gb the folder properties showed – still a good saving – but unfortunately no where near what that interface claims… but in line with the 42% presented within server manager.

Anyhoo – to sum up….. in order to see the real savings file dedup is providing, have a look in server manager, or have a look at your  “System volume informationDeDup” folder on the volume… and understand that for some volumes (depending on file type), there might not only be no savings, but it may increase your disk usage.

Dedup is something that is cool to get “for free” (i imagine most people reading this blog will have EA’s with software assurance) and will be quite useful in a number of situations…. but, as usual, the Microsoft sales machine is making it sound like the coolest thing that has ever happened (and claiming ludicrous savings – http://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-to-data-deduplication-in-windows-server-2012.aspx)- so in the words of public enemy, don’t believe the hype.