Microsoft has made a bit of a boo-boo this week. Hopefully, you haven’t auto approved patches this week.
KB4041691 and KB4041676 were pushed as delta updates through WSUS. First published on Twitter, but now there is a Reddit thread on the issue https://www.reddit.com/r/sysadmin/comments/75o0oq/windows_security_updates_broke_30_of_our_machines/
If you run into this issue, you will need to boot into WinRE and use DISM to remove the update.
With all updates from Microsoft lately, I recommend you lab them first. Don’t take the risk.
Microsoft Forefront TMG 2010 has been a solid product. It has not had an update in some time, and that’s a shame.
I was reviewing my TMG server a few weeks ago in order get a bit more performance from it. The server is virtualized, and currently only gives me around 50-60mb/s throughput with all its rules. I wanted to increase this and make it more responsive in the process.
So let us proceed:
#1 Sort Rule Priority
Like most other firewalls, TMG processes rules from top to bottom. If you have a frequently accessed rule, like web browsing, for example, put this at the top. For me, this was a spam filter listening rule. TMG had connections coming in for the spam filter at the rate of 5-10 per second. I moved these to the top
The next rule you want to sort out is traffic from TMG server. I would generally add this as my second/third rule.
After this came my office outbound rules
After this came the rest of my rules which consisted of various servers/voip etc.
#2 Disabled Legacy Services
Since TMG is now discontinued, many of the services in TMG are no longer updated. It’s up to you, but you might as well disable them to recover some performance. These services are:
Virus and Content Filtering
Ensure each one is disabled. You might be a bit hesitant to disable these. If you check your definitions, you will find they have not been updated in some time.
#3 Remove Old Rules
Lastly, remove any old rules. We don’t tend to look at firewalls often. So this simple task often gets overlooked.
As well as removing the old rules, ensure that you make your listener rules only listen to what’s needed. This will cut down on processing time.
TMG is a great product, but now beyond its used by date. TMG will always hold a special place in my software archive as a product that could have become a great firewall appliance <3
I’ve recently been playing around with Windows Storage Spaces on Microsoft Windows Server 2012 R2. They are fantastic. ReFS brings so many benefits over NTFS.
But it’s half complete it seems.
I originally created a parity volume, as I assumed this would be quite similar to RAID 6. You have the option of having a write array, or write cache using SSD drives. I haven’t done this at this stage. I’m currently using 6x6TB Western Digital 7200RPM drives.
After creating the very large volume, I started copying some data. I was copying the data over a 1gbit network interface, so I was expecting to see 100mb/s, or close to it.
At first, I did get 100mb/s. For a minute or so anyway. Then I saw the speed slowly drop to around 30-45mb/s. I thought this was rather strange.
I upgraded all the drivers on the server, mainly the network drivers, as I saw the network speed drop to around that level at the same time as well. However, this made no difference.
I then started to do some research to figure out what was going on.
What I saw was the following: The memory was increasing to a certain, pre-defined point, then it would stop. This indicated that the copying was actually being buffered to memory (write-cache). I assume this is happening because I used the default options when creating a parity drive without a SSD array. This creates a 2GB buffer in memory, which you can clearly see here.
Once the memory buffer, or write-cache is full, you can see the speed drop and the memory start writing the data to disk.
Annoying huh? One way to fix this is by using a cache array of SSD hard drives, but there is another fix.
In PowerShell, you can set the storage space to believe it has battery backup. This is like having battery backup on a raid card. First you need to get the friendly name of your storage volume.
The command is
You will get something similar to the following
Now set the power protected mode of the pool as follows