Thursday 31 May 2018

OS Guide: Slipstream Updates and Drivers Using DISM and OSCDImg

We've posted another guide to our Web site.

Using the script on this page in an elevated CMD allows us to take the base Install.WIM for Windows Server 2016 and slipstream the latest Cumulative Update into it.

Then, the script copies the updated Install.WIM into two separate folders where we keep two sets of installer files/folders. One is a Bare version that has only the Windows installer files. The other contains a whole host of drivers, BIOS and firmware updates, and a copy of the newly minted .ISO file. We use the FULL version for our USB flash drives (blog post) that get permanently plugged into all server systems we deploy.

This script is constantly updated.

Another will be posted at a later date that also includes the ability to update the Install.WIM file with drivers.

UPDATE 2018-06-04: Fixed the link!

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Web Site
Our Cloud Service

Wednesday 9 May 2018

Remote Desktop Client: An authentication error has occurred. *Workaround

Updates last night included one for CredSSP CVE-2018-0886.

For those of us that are hesitant to patch our servers the instant a patch is available we'll be seeing RD Clients unable to connect for the period prior to our regression testing and release cycle.

Remote Desktop Connection

An authentication error has occurred.
The function requested is not supported.

Remote Computer: SERVERNAME
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

For now, the workaround on the remotely connecting RD Clients is to set the following registry key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
"AllowEncryptionOracle"=dword:00000002

Copy and paste the above into Notepad and Save As "CredSSP.REG" in a quickly accessible location.

Double click on the created file and MERGE. An elevated Registry Editor session would also allow for import via the FILE menu.

Once the above registry setting is in-place reboot the client machine and the connection should work.

Happy Patching! :)

UPDATE 2018-05-09 @ 10:47 MST: A caveat:

It is better to update the server backend, if possible, before making the above registry change.

If that is _not_ possible, then after the updates have been applied on the server(s) make sure to _change_ the registry setting to its most secure setting.

UPDATE 2018-05-10 @ 17:38 MST:

Update sources:

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Web Site
Our Cloud Service

Tuesday 1 May 2018

PowerShell Guide Series: Storage Spaces Direct PowerShell Node Published

Apologies for the double post, one of the bulleted links was broken. :(

One of the difficult things about putting our setup guides on our blog was the fact that when we changed them, which was frequent, it became a bit of a bear to manage.
So, we're going to be keeping a set up guides on our site to keep things simple.

The first of the series has been published here:

This guide is a walkthrough to set up a 2-Node Storage Spaces Direct (S2D) cluster node from scratch. There are also steps in there for configuring RoCE to allow for more than two nodes if there is a need.
We will be updating the existing guides on a regular basis but also publishing new ones as we go along.

Thanks for reading!

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Web Site
Our Cloud Service

PowerShell Guide Series: Storage Spaces Direct PowerShell Node Published

One of the difficult things about putting our setup guides on our blog was the fact that when we changed them, which was frequent, it became a bit of a bear to manage.
So, we're going to be keeping a set up guides on our site to keep things simple.
The first of the series has been published here:
This guide is a walkthrough to set up a 2-Node Storage Spaces Direct (S2D) cluster node from scratch. There are also steps in there for configuring RoCE to allow for more than two nodes if there is a need.
We will be updating the existing guides on a regular basis but also publishing new ones as we go along.
Thanks for reading!
Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Web Site
Our Cloud Service