Saturday 19 August 2017

Server 2012 R2 BitLocker Post Install Error: Unspecified Error

The following error happened on a DC we recently set up and were going to encrypt via BitLocker:

image

C:\Users\USERNAME\AppData\Local\Packages\windows.immersivecont...
C:\Users\USERNAME\Classic_{GUID}.settingcontent-ms
Unspecified error

A quick search turned up a simple fix: Reboot the server a second time.

Sure enough, good to go:

image

As a rule, we deploy a TPM in all of our physical DCs that are deployed with our clusters. They are then encrypted using BitLocker. This greatly reduces the exposure to compromise if someone has physical access to that DC. For virtual DCs, we now have the ability to pass a vTPM through to the guests in Server 2016. We're still in the testing phase, but our plan is to have _all_ domain controllers on networks we manage encrypted!

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Cloud Service

Posted by Philip Elder Cluster MVP at 11:08 1 comments
Labels: , , , , , ,

Friday 18 August 2017

A Few Thoughts on the Intel Xeon Processor Scalable Family

The original article is here: Intel® Xeon® Processor Scalable Family Technical Overview.

This quick post is for the time challenged folks trying to figure things out as far as how the new Intel Xeon Processor Scalable Family relates to the previous generation Intel Xeon Processor E5-2600 series.

Please note that all of the images below are from the above article.

image

The above grid gives us an idea of which processor grade goes where. Our standard go-to has been the Intel Xeon Processor E5-2620 through the E5-2640 which were at one time the mainstream processors.

The next tier for us would be the E5-26*3 and E5-26*7 series that provided high bin counts (GHz) with low core counts.

Now we can see that the mainstream processors are Silver and the performance grade are Gold.

image

In the charge above 2S, 4S, 8S is the number of sockets the processor supports. DPC is DIMMs Per Channel.

image

As we can see, there are just a few new features included in the new processor family.

Some Thoughts

There is a definite glaring omission in this new processor family: Fourth Generation PCIe :(

As we all know, the data bus is playing catch-up (blog post) to storage and to some extent networking.

While the newly introduced Purley platform has integrated PCIe NVMe ports on the server boards and backplanes there is still a lack of clarity as far as what we need to make things work on the Intel Server System platform.

The PCIe channel count bump from 32 to 48 is most certainly not enough especially with the spec stuck in Generation 3. A pair of 100Gb Mellanox Ethernet cards and a few PCIe NVMe SSDs and we're pretty much saturating the bus ... again.

And one more thing as we've not had a chance to compare apples to apples yet, the new processors look to be more expensive than the previous generation E5-2600v4 equivalents. And, it seems as the core counts go up so do the prices in an almost exponential way.

We'll post some price comparisons in another blog post.

Have a great weekend and thanks for reading!

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Cloud Service

Posted by Philip Elder Cluster MVP at 18:05 0 comments
Labels: , , ,

Friday 11 August 2017

Some Thoughts on Writing in Digital and the Surface Pro 4

I personally love to write. With real pens and ink. :)

Currently, we have a pending order with a Taiwanese vendor for some TWSBI fountain pens.


The above image is from TWSBI's web site. It's a TWSBI Diamond 580 Clear. There's also a Mini version that travels a lot better.

Pilot makes some gorgeous inks. The above ajisai is a pretty neat colour that will be the go-to for regular note taking. We have several different colours on their way at the moment.

When there is a need to write in pencil the Platinum PRO-USE 03 (MSD-1500) is one of the best mechanical pencils ever made in my opinion.



When it comes to art, my primary medium is coloured pencil on various media or graphite pencil also on various media. I'm currently working on a Tiger Moth Orchid using Faber-Castell Polychromos oil based colour pencils.

All of the above is to bring about just how important the digital ink experience needs to be. While not a professional digital ink writer or artist by any means, the digital ink experience is quite important.

To date, my personal best digital pen experience for both writing and art has been with the Microsoft Surface Pro 3 with the Pro 4 (SP4) being even better.

The SP4 provides an excellent platform for one who prefers to write over type.

OneNote has an excellent recognition process that allows for hand written notes to be copied and pasted into Word. For those that take notes at meetings to provide minutes at a later date this feature works great!

It's also great for those that attend conferences to gain information. Writing the notes on the fly can be a lot faster, especially for those of us that developed a written shorthand while in university classes back in the day. ;)

Tie in the taking of pictures to use as a reference later in the day when re-working the handwritten notes into a final set and we have a pretty good method for building some pretty good written work such as articles, blog posts, or even books.

Side Note: Another aspect of writing versus typing is in memory retention. Retention seems to be _a lot_ better when notes are taken live with a pen versus typing those notes in. Retention gets even better if the "crib" notes and pictures are re-worked later that day into a final set of notes.

At some point time will be spent with the Microsoft Surface Studio. It seems to be about the best platform out there for the artistically inclined. We certainly know of quite a few engineering, architectural, and other such firms either switching or looking to switch to the Surface Studio.

The one catch though is that it is difficult to let go of pen and paper when it comes to art. For some, the "analog" versus "digital" art "discussion" can be quite "religious" in nature. ;)

Suffice it to say, if looking for a new ultra-portable system that will run most work related applications and provide an excellent platform for the written word the Surface Pro 4 is the one to choose.

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Cloud Service
Twitter: @MPECSInc
Posted by Philip Elder Cluster MVP at 16:02 0 comments
Labels: , ,

Friday 4 August 2017

Edge Browser: Reset After Malware How To

Every time a client of ours opened Edge they would receive a big red screen with "Edge has been compromised".

With the Edge option to open previous tabs/pages there is no real way to get out of the loop. We cleaned out the Edge temporary files folder and the problem still happened.

So, to fix it we needed to nuke & pave.

We do that by running the following two steps on the problematic machine:

1: Delete:
C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe

2: Elevated PowerShell all on one line:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" -Verbose}

3: Start Edge

With the above process complete the user should get the "Welcome to Edge" message and tabs.

NOTE: This process essentially removes and re-installs Edge. _ALL_ settings, saved passwords, and such are removed!

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Cloud Service
Twitter: @MPECSInc
Posted by Philip Elder Cluster MVP at 14:44 1 comments
Labels: , , , ,

Tuesday 1 August 2017

Exchange: ERROR: The internal transport certificate cannot be removed... FIX

We recently renewed an Exchange server's trusted certificate.

When we went to remove the old certificate in EAC we received the following error:

error
A special Rpc error occurs on server SERVERNAME: The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop.
To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. you can then remove the existing certificate.
Searching turned up a lot of suggestions to just delete the old certificate in the Personal certificates store. Somehow, that did not strike as being the correct methodology since the error makes it clear that the old certificate is still in use.

The proper methodology is to run the following PowerShell in the Exchange Shell to create and bind a new self-issued certificate. Since the certificate is bound to internal services there are no trust issues as indicated by the error message.

New-ExchangeCertificate -IncludeServerFQDN -IncludeServerNetBIOSName -Confirm:$False

The result would be something like this:


Once the command has completed we were able to delete the expired third party certificate in EAC.

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Cloud Service
Twitter: @MPECSInc
Posted by Philip Elder Cluster MVP at 12:06 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)