Patch Tuesday: KB4041691 & KB4041676 gona ruin your day

Microsoft has made a bit of a boo-boo this week. Hopefully, you haven’t auto approved patches this week.

KB4041691 and KB4041676 were pushed as delta updates through WSUS. First published on Twitter, but now there is a Reddit thread on the issue https://www.reddit.com/r/sysadmin/comments/75o0oq/windows_security_updates_broke_30_of_our_machines/

If you run into this issue, you will need to boot into WinRE and use DISM to remove the update.

With all updates from Microsoft lately, I recommend you lab them first. Don’t take the risk.

User Device Registration Event ID 304 307

With Server 2016, we’ve been getting a lot of these errors in the event log

This is caused by a task called Automatic-Device-Join which runs as a scheduled task whenever someone logs into a server (terminal server). This can cause a lot of events on the system.

Disable this task. This is used for Azure AD device joins. No idea why this is enabled by default.

Performance Tuning Forefront TMG 2010

Microsoft Forefront TMG 2010 has been a solid product. It has not had an update in some time, and that’s a shame.

I was reviewing my TMG server a few weeks ago in order get a bit more performance from it. The server is virtualized, and currently only gives me around 50-60mb/s throughput with all its rules. I wanted to increase this and make it more responsive in the process.

So let us proceed:

#1 Sort Rule Priority

Like most other firewalls, TMG processes rules from top to bottom. If you have a frequently accessed rule, like web browsing, for example, put this at the top. For me, this was a spam filter listening rule. TMG had connections coming in for the spam filter at the rate of 5-10 per second. I moved these to the top

tmg1

 

The next rule you want to sort out is traffic from TMG server. I would generally add this as my second/third rule.

tmg1.1

After this came my office outbound rulestmg2

 

After this came the rest of my rules which consisted of various servers/voip etc.

#2 Disabled Legacy Services

Since TMG is now discontinued, many of the services in TMG are no longer updated. It’s up to you, but you might as well disable them to recover some performance. These services are:

  • IPS
  • Spam Filtering
  • Virus and Content Filtering

Ensure each one is disabled. You might be a bit hesitant to disable these. If you check your definitions, you will find they have not been updated in some time.

tmg3

tmg4

#3 Remove Old Rules

Lastly, remove any old rules. We don’t tend to look at firewalls often. So this simple task often gets overlooked.

As well as removing the old rules, ensure that you make your listener rules only listen to what’s needed. This will cut down on processing time.

Conclusion

TMG is a great product, but now beyond its used by date. TMG will always hold a special place in my software archive as a product that could have become a great firewall appliance <3

I hope this helps.

Storage Spaces White Paper – Fujitsu

I’ve recently come across this great PDF from Fujitsu on Storage Spaces. I highly recommend all those who are trying achive maximum performance from their storage spaces take a look.

The white paper goes over each storage space type, different cache settings and drive layouts. All of this is graphed.

Link is here.

Storage Spaces and Parity – Slow write speeds

i’ve recently been playing around with Windows Storage Spaces on Microsoft Windows Server 2012 R2. They are fantastic. ReFS brings so many benefits over NTFS.

But it’s half complete it seems.

I originally created a parity volume, as I assumed this would be quite similar to RAID 6. You have the option of having a write array, or write cache using SSD drives. I haven’t done this at this stage. I’m currently using 6x6TB Western Digital 7200RPM drives.

After creating the very large volume, I started copying some data. I was copying the data over a 1gbit network interface, so I was expecting to see 100mb/s, or close to it.

At first, I did get 100mb/s. For a minute or so anyway. Then I saw the speed slowly drop to around 30-45mb/s. I thought this was rather strange.

I upgraded all the drivers on the server, mainly the network drivers, as I saw the network speed drop to around that level at the same time as well. However, this made no difference.

I then started to do some research to figure out what was going on.

What I saw was the following: The memory was increasing to a certain, pre-defined point, then it would stop. This indicated that the copying was actually being buffered to memory (write-cache). I assume this is happening because I used the default options when creating a parity drive without a SSD array. This creates a 2GB buffer in memory, which you can clearly see here.

memory

Once the memory buffer, or write-cache is full, you can see the speed drop and the memory start writing the data to disk.

memory

Annoying huh? One way to fix this is by using a cache array of SSD hard drives, but there is another fix.

In PowerShell, you can set the storage space to believe it has battery backup. This is like having battery backup on a raid card. First you need to get the friendly name of your storage volume.

The command is

Get-StoragePool

You will get something similar to the following
powershell

Now set the power protected mode of the pool as follows

Set-StoragePool -FriendlyName Backup -IsPowerProtected $true

replace backup with the name of your storage pool.

Here it is set as $false

3

Here it is set as $true

4

Quite a difference.

**** I should warn you though that if your server crashes, or has a power failure, your storage space may become corrupt. Make sure you have a UPS in place ****

Like I said earlier, this can be improved with a SSD cache array.

Hopefully this helps someone out there.

*** UPDATED 15/12/2015 ***

I highly recommend you view the Fujitsu white paper on Storage Spaces here.

Microsoft Dynamics CRM 4.0 Update Rollup 2 Bugs

There are a number of small bugs with Microsoft Dynamics CRM 4.0 Update Rollup 2. Since they are quite hard to spot I’ve decided to spell some out here. If you know of anymore, please let me know.

Download Update Rollup 2

  1. Corruption of web.config.
    Solution: Delete web.config and rebuild app
  2. Corruption of certificates.
    Solution: Re copy certificate
  3. System jobs not working.
    Solution: See point 1 and 2. Fix is not very obvious. You can use advance find under system jobs and select the message column to find the exact error.