SMB 1 in Windows 10

Today we have a quick tip from Luis, one of my partners in crime.  He had a customer that was experiencing poor file sharing performance with Windows 10 clients.  After replicating the environment Luis discovered the issue was due to the SMB (Server Message Block) version being used.  He was able to increase the performance by forcing a lower version of SMB to be used.  He discovered though that SMB version 1 is no longer supported by default in Windows 10.  He found a way to turn it back on.

I wanted to share that with you as it can be useful in a situation where there is an older file server.  When I say older, think Windows 2003 or Windows XP.  So it is no wonder than Microsoft has decided not to allow SMB 1 by default.  I don’t recommend following this procedure simply to increase performance as the trade-off is less security and fewer features.  Also following the below process will not by itself increase speed, as the highest version of SMB will be negotiated*.  This process will allow a Windows Server 2016 or Windows 10 client to connect to an older Windows system hosting a file share.

To enable SMB 1 do the following on the Windows Server 2016 or Windows 10 client.

  1. Open the registry editor and navigate to the following key:
    HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation
  2. Open the DependOnService key.
    default
  3. Add MRxSmb10 to the list below MRSmb20 entry and click OK.
    new
  4. Close the registry editor and restart the Workstation service.

 

I hope you enjoyed this article and found it informative.  If you have anything to add or just want to comment, please feel to do so below.

 

*If you are dead-set on running SMB 1 to improve performance have a look at this Microsoft article.

The machine attempted to join the domain but failed. The error code was 2700.

Good morning.  I ran into an interesting issue a couple of weeks ago.  I had a customer that was not able to join any of their client systems to a newly created Windows Essentials domain.  When running the domain join wizard they were receiving a generic error.  When digging into the event log we were able to find an error code in the following event.

Event ID: 4097
Source: NetJoin
Type: Error
Description:
The machine <server name> attempted to join the domain <domain name> but failed. The error code was 2700.

So what does error code 2700 mean anyway.  I did some checking and could not find a good answer.  I dug into the clientsetup.log and found the following line that gave me the answer I was looking for.

[3156] 170119.143840.1334: ClientSetup: nativeNetJoinDomain returned ErrCode=2700
[3156] 170119.143840.1334: ClientSetup: Join domain fails on the first time, exception: System.ComponentModel.Win32Exception (0x80004005): This device is joined to Azure AD. To join an Active Directory domain, you must first go to settings and choose to disconnect your device from your work or school

This makes sense as a client cannot be connected to two domains at the same time.

Now that we know what the issue, here is the fix.

  1. Open the settings menu in Windows.  This can be done by clicking start icon and choosing Settings.  Choose the Accounts option.
    1-settings
  2. Pick the Access work or school option.
    2-access-work-or-school
  3. Click on the Azure connection to bring up the option to disconnect.
    3-disconnect
  4. When you click on Disconnect, you will get a prompt.  Click Yes.
    4-disconnect-yes
  5. You will get another prompt.  Choose Disconnect again.
    5-disconnect-are-you-sure
  6. Enter alternate account information and click OK.
    6-enter-alt-contact-information
  7. Finally choose the option to Restart now.
    7-restart

After restarting you should now not have any issues joining the Windows domain.

I hope you found this article informative.  If you have anything to add or want to comment, please do so below.

 

 

 

 

 

 

How to run Windows Foundation edition as a Hyper-V virtual machine.

I recently needed to reproduce a customer issue in my lab environment.  My lab is a Windows 10 workstation with the Hyper-V role installed.  Part of reproducing the issue involved building out a Windows Server 2012 R2 Foundation virtual machine. I figured this would not be a problem as 2012 R2 runs fine as a virtual machine.  This was not the case though.  I ran into a major hurdle with the integration tools.  I will describe the process I went through to get a Windows Server 2012 R2 Foundation virtual machine running smoothly.

Now before anyone goes out and tries the below procedure for a production system, please understand that running Foundation edition as a virtual machine is not supported by Microsoft.  Also it will likely violate the EULA (End User License Agreement).  Typically Foundation edition is only sold with an OEM license.  That means it comes pre-installed on hardware and must remain on that hardware.  So in order to do this, and not violate the EULA, a non-OEM license is required.  I have a MSDN subscription and thus have a valid license.  Additionally, I am not running the server for any type of production workload.

I started the process by creating a generation 2 VM (virtual machine).  Unfortunately I found out this will not work as the VM bugchecked during setup.  I deleted that VM and created a generation 1 VM.  I was then able to get the Windows loaded.  This is when I discovered the major hurdle I mentioned above.  The VM responded very slowly to mouse and keyboard input.  I also noticed severely degraded performance.  This was to the point of the VM almost being unusable.  The VM behaved as if none of the integration services drivers were installed.  Unfortunately Windows 10/2016 do not have the option to insert the integration disk.  I was able to get the vmguest.iso from a 2012 R2 hyper-v host.  However when I tried to run the setup I was informed that the latest integration services were already installed.

At this point I realized this was not going to be easy, but I enjoy a challenge.  I browsed the vmguest.iso inside the Foundation VM.  I extracted the following file: D:\support\amd64\Windows6.2-HyperVIntegrationServices-x64.cab.  I then went into device manager.  I noticed quite a few, a dozen or so, unknown devices.
unknown-devices

I then tried to manually load the drivers from the extracted cab file.  While the driver was found, it was not signed.  I figured no sweat, just disable driver signing requirement in the BCD (Boot Configuration Data).  Yet another roadblock.  It is no longer possible to permanently disable driver signature enforcement.  I was able to boot into driver signature enforcement disabled mode.  I then manually loaded drivers for all the Unknown devices.  This corrected the input and performance issues, at least for that boot.  Booting into normal mode caused all the issues to return.

f8-boot-menu

Getting the drivers to load each time Windows booted was the final step in getting the virtual machine to run properly.  I looked into the bcdedit command line options and was not able to find an option to boot to driver signing disabled mode.  What I ended up doing was to add a dummy entry to the boot list and set the timeout to 30 seconds with the following commands.

bcdedit /copy {current} /d "Dummy Entry"
bcdedit /timeout 30

 

dummy

Presently, on each boot I press F8 to get the boot options.  I then select Disable Driver Signature Enforcement.  Now the VM runs with all guest integration services.

If you have been able to find a better way to do this I would like to hear about it in the comments below.

 

Windows Foundation Edition and Single Label domains

Good morning.  I had an interesting issue a couple of days ago I wanted to cover in depth.  I had a customer with a 2003 single label domain.  He was migrating to 2012 R2 Foundation.  He had added the Foundation server as a peer domain controller to the 2003 domain.  The problems came up when he shutdown the 2003 domain controller.  He would receive errors in the silsvc (Server Infrastructure License service) log.  Initially I was under the impression that that Foundation edition does not support single label domains and this is what I told him.  For my customer he preferred running in a workgroup configuration and so he removed active directory from the server.  I wanted to duplicate this environment in my lab to see if I could determine the root cause of the errors and if it was possible to eliminate them.

My test environment consisted of a 2003 R2 virtual machine that was cleanly loaded.  On that server, I setup a single label domain named “mydomain”.  I then installed a 2012 R2 Foundation virtual machine.  This was a significant challenge in itself.  Look for another blog post on getting 2012 R2 Foundation working in a virtual machine.  These virtual machines were linked by a private virtual switch.  Once the virtual machines were setup, I joined the 2012 R2 Foundation server to the 2003 single label domain.  I then promoted the 2012 R2 Foundation as a domain controller.  Finally I verified that replication was working and that the DNS (Domain Name System) zones were present on the 2012 R2 Foundation server.

At this point I checked the silsvc log.  All tests were passing without issue.  I then shutdown the 2003 server.  This was where things went awry.  On the next check done by silsvc the following popup was received.
popup-error

Checking the silsvc log showed two errors.  The first was an event ID 2 that stated: “The Forest Trust Check in the Licensing component did not pass because error 0x8007054B occurred in function f1 [PHQG].  The specified domain either does not exist or could not be contacted.”  This error is identical to the one I saw with my customer.  Additionally I received an event ID 38 that stated: “The Forest Trust Check detected a condition in your environment that is out of compliance with the licensing policy.  This server will be automatically shut down if the issue is not corrected in x day(s) x hour(s) x minute(s).”

forest-trust-check-failed

I then did some digging around to determine if any of the active directory tools were affected.  Everything seemed to work fine with the exception of the Active Directory Domains and Trusts.  When launching that MMC (Microsoft Management Console) I received the following error: “You cannot modify domain or trust information because a Primary Domain Controller (PDC) emulator cannot be contacted.  Please verify that the PDC emulator for the current domain and the network are both online and functioning properly.”
pdc-emulator

This explains why turning off the 2003 domain controller caused the forest trust check to fail.  The silsvc needs to be able to contact the PDC emulator to check for trusts.  If it cannot, then the check fails.  I powered up the 2003 domain controller and transferred the FSMO (Flexible Single Master Operations) roles to the Foundation server.  I was then able to shutdown the 2003 server without receiving any errors.

I hope you found this article informative.  If you have any comments or suggestions please leave them below.

 

Registry bloat and SBS

Good morning.  I wanted to cover a strange issue I ran into yesterday.

error

When going to the Computers tab within the Network tab we would receive a popup with the error “The server cannot query power management configuration.”  I did some checking on this and found that if the Windows 7 and Vista GPO (Group Policy Object) was missing that it could cause this issue.  I checked and that GPO was present.  It also had the default settings.

So what could possibly be causing this then?  Anytime there is an error in the SBS (Small Business Server) console the console.log or console2.log should be reviewed.  This log can be found in the C:\Program Files\Windows Small Business Server\Logs directory.  When I checked that log I found this exception:

[45636] 170118.101919.9681: ClientSetup: Handled exception: ErrorCode:0
BaseException: Microsoft.WindowsServerSolutions.ClientSetup.PowerUtilityException: QuerySleepTimeoutOnAC —> Microsoft.WindowsServerSolutions.Common.GroupPolicy.GPOException: GPOperation.OpenDSGPO —> System.Runtime.InteropServices.COMException: Insufficient system resources exist to complete the requested service. (Exception from HRESULT: 0x800705AA)

Now I have the exception code and message.  Insufficient system resources exist to complete the requested service. (Exception from HRESULT: 0x800705AA).  I have seen these types of issues before in SBS, Essentials and Foundation, so I figured we were running out of heap or nonpaged pool memory.  A telltale sign of this is when the SILSVC (Software Infrastructure License service) fails due to a resource issue.  I checked the log for SILSVC and all checks were passing.  I then did some more searching and found that this error is linked to the SOFTWARE registry hive exceeding the size limit of 2GB.  I checked C:\Windows\System32\config and found that the SOFTWARE registry hive was 2,050,657 KB, which is just over 2GB.

With the issue now identified, I figured a fix should be pretty straightforward.  Unfortunately this was not the case.  The registry hive cannot be compacted while it is in use.  Also Microsoft does not have a tool to trim down the size of the registry.  To make matters worse, the latest backup of the registry hives was 3 years old.  So in this case we decided to try a 3rd party registry cleaning utility to trim down the size of the registry and this is where I left the issue.  With any luck my customer will be able to trim down the size of the registry hive.

I hope you found this informative.  If you have any comments or suggestions, please leave them in the comments below.

The Software Protection Service, part 2

Good morning.  I ran into an interesting issue this morning that I wanted to share.  I have seen this particular problem on several occasions, but a Google search comes up empty.  So I had a customer this morning that was seeing activation issues in 2012 R2.  More specifically, he was unable to make any changes with slmgr.vbs.  In case you were not aware, slmgr.vbs is the command line tool to enter/remove product keys and get information about activation status.

I started troubleshooting this by running the MGADiag (Microsoft Genuine Advantage Diagnostic) tool*.  I was specifically looking for this line: OEMID and OEMTableID Consistent: yes.  This indicates that the server can use an OEM SLP key.  So that ruled out that as a possible issue.

I then wanted to find out why the Software Protection Service was reporting Windows is not activated.  I ran the command: slmgr /dlv.  This command will display licensing information with full verbosity.  The command threw an error though.
slmgr-dlv-error

When running slue.exe 0x2a 0x8007041D, I received the following message:
slmgr-dlv-error-extended

So it appears that the Software Protection Service is not starting.  I confirmed this in the System Event log.
spp-not-starting

Now the big question.  Why is the Software Protection Service not starting?  To determine this I ran a filter on the event viewer to only show me event ID 7000 errors.  I then scrolled to the first event.  In this case the event was first recorded on 12/5/2016.  My next stop was Programs and Features.  It was no surprise that installed on the same day the problem started was SEP (Symantec Endpoint Protection).  I say this as I have seen SEP cause a multitude of issues on server operating systems.  I point out SEP because it is the most common.  I have also seen numerous other security software packages cause problems.  In our case we removed SEP and rebooted.  After the reboot Windows is now reporting that it is activated.

I hope this post has been informative for you.  If you have anything to add or you see any errors please post in the comments below.

 

*I ran into a really good blog article after working on this issue.  It turns out the MGADiag tool is only designed for Windows 7/2008R2.  While it will run on higher version of OSes, there is now a built-in tool.  Thanks to John D over at johndstech.com for posting this.

 

How to upgrade Windows Server Essentials to Standard edition

Time for another quick tip.  In case you hadn’t guessed already, I really like Essentials.  You get quite a few features for a much better price than Standard edition.  There are some limitations though with Essentials.  The good news is that the server can later be upgraded to Standard and the process only takes a few minutes.  On the flip side, a standard license has to be purchased.

Let’s walk through the upgrade process.

  1. Purchase a Windows Server Standard license
  2. Open an administrative PowerShell command
  3. Run the following command to verify the target edition:
    dism /online /Get-TargetEditions
    You should see Target Edition : ServerStandard or something similar
  4. Run the following command to complete the upgrade:
    dism /online /Set-Edition:ServerStandard /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
    Change the edition and product key to match the ones you have.

You should see output similar to below.  Reboot when prompted.

upgrade-to-standard

I hope you found this informative.  If you have any comments or suggestions, please leave them below.