What’s new in the Windows 10 Fall Creators Update (2017)

With the Windows 10 Fall Creators Update, Microsoft are introducing some fun, new ways to get creative – from bringing mixed reality and 3D to the masses, to faster broadcasting for gaming, to turning photos and videos into real memories, and a few things more. The Fall Creators Update can be experienced on a wide variety of Windows 10 PCs (Except Intel Clover Trail systems) and on a few of Windows Mixed Reality headsets listed here.

Continue reading What’s new in the Windows 10 Fall Creators Update (2017)

Advertisements

Network Quality of Service (QoS) on Windows

The goal of Quality of Service (QoS) is to provide preferential treatment to certain subsets of data, enabling that data to traverse the traditionally best-effort Internet or intranet with higher quality transmission.

By using QoS you can:

  • Specify or request bandwidth requirements particular to their application, such as latency requirements for streaming audio.
  • Give applications their required bandwidth — provided bandwidth availability exist.
  • Control network device resources based on user policy and/or application usage.
  • Reserve portions of a given bandwidth for applications or users that require such availability for core business activities.
  • Shape and smooth the traffic that clients submit to the network, thereby avoiding the overburdening of switches and routers suffered with traditional burst transmissions.

 

QoS History in Windows

Windows 2000 introduced the Generic QOS (GQOS) application programming interface (API) as a framework for QOS. The GQOS API provided access to QOS mechanisms that were available as part of the networking stack. Windows 2000 also provided tools, such as Subnet Bandwidth Manager (SBM) and QOS policy control.

In Windows XP, the focus was on prioritization and traffic shaping mechanisms. Although GQOS continued to be the application interface for accessing prioritized QOS, the reservation mechanisms had been removed. The kernel component that implemented prioritization and traffic shaping was the QOS Packet Scheduler, called the Traffic Control (TC) API. The TC API provided control of QOS mechanisms (such as prioritization and shaping) at the host level rather than at the application level, but it required administrative privileges to be invoked. The QOS mechanisms provided in Windows XP supported enterprise QOS needs for wired networks. In Windows XP Service Pack 2 (SP2), the GQOS mechanisms allowed the application to set Layer 3 priorities only. Applications that set Layer 2 priorities for their traffic had to implement an independent service with administrative privileges to set Layer 2 priorities using TC APIs.

In Windows Vista, two features were introduced: Quality Windows Audio Video Experience (qWAVE) and policy-based QOS. qWAVE is designed to estimate the network bandwidth, intelligently mark the application packets (with proper DSCP values), and interact with the application in the event of network congestion or bandwidth fluctuations (informing the application to take appropriate actions). Policy-based QOS allows IT administrators to apply QOS to applications (which do not need to have native support for QOS), computers, and users in their enterprise network.

In Windows 7, enhancements were made to allow policies to be created based on the URL of an HTTP server (rather than just on an application name), source and/or destination IP addresses, source and/or destination ports, and protocol).

 

Using PowerShell to manage QoS

With the following cmdlets you can manage your QoS.

Get-NetQosPolicy      Retrieves network Quality of Service (QoS) policies.
New-NetQosPolicy      Creates a new network QoS policy.
Set-NetQosPolicy      Updates the QoS policy settings.
Remove-NetQosPolicy   Removes a network Quality of Service (QoS) policy.

Lets get started:

Step 1

As usual step 1 is to know from where you are starting. So we are going to check if some NetQosPolicy is already defined. Open PowerShell with administrative priviledges.

The Get-NetQosPolicy cmdlet allows you to retrieve Quality of Service (QoS) policies from a computer.

QoS policies can originate from many sources, such as from the administrator of a local computer, from a domain controller, or from applications that use the QoS Windows Management Instrumentation (WMI) APIs. Therefore, the QoS policies are stored in different locations. If the location as provided by the PolicyStore parameter is not specified, then this cmdlet retrieves all the policies stored on the local computer (localhost).

ActiveStore

ActiveStore is a special location. If ActiveStore is specified as the location, the user will see all the effective QoS policies, regardless of where the QoS policies are stored.

This command gets a list of QoS policies currently effective on the computer:

Get-NetQosPolicy -PolicyStore "ActiveStore"

This command gets all of the properties of a specific QoS policy.

Get-NetQosPolicy -Name "YOUR POLICY HERE" | Format-List -Property *

 

Step 2

The New-NetQosPolicy cmdlet creates a new network Quality of Service (QoS) policy. A QoS policy consists of two main parts: match conditions also known as filters, and actions. If the PolicyStore parameter is not specified, then the new policy is added to local computer (localhost). If a policy is stored in ActiveStore, then the policy will not persist after reboot.

This command creates a QoS policy named FTP that matches an application path at ftp.exe and throttles the traffic at 1,000,000 bits per second.

New-NetQosPolicy -Name "FTP" -AppPathNameMatchCondition "ftp.exe" -ThrottleRateActionBitsPerSecond 1MB -PolicyStore ActiveStore

 

This command creates a QoS policy named SMB Policy that classifies SMB traffic and tags it with 802.1p priority value of 1. The SMB parameter is a built-in filter

New-NetQosPolicy -Name "SMB Policy" -SMB -PriorityValue8021Action 1

This command creates a QoS policy named Backup that matches traffic sent to 10.1.1.176/28 subnet and tags it with DSCP value of 40. This policy is effective only on traffic sent on a domain-joined network adapter.

New-NetQosPolicy -Name "Backup" -IPDstPrefixMatchCondition "192.168.1.170/28" -NetworkProfile Domain -DSCPAction 40

You can also use a single IP as a IPDstPrefixMatchCondition and the NetworkProfile can be: Domain, Public, Private, or All.

Option 3

The Set-NetQosPolicy cmdlet modifies an existing Quality of Service (QoS) policy. You need to specify the existing name to change values in this policy.

This command updates the QoS policy named SMB Policy so that it only applies to traffic that is outgoing from a domain-joined network adapter.

Set-NetQosPolicy -Name "SMB Policy" -NetworkProfile Domain

Step 4

The Remove-NetQosPolicy cmdlet removes the network Quality of Service (QoS) policies. All the policies, in a policy store, are removed unless a specific policy is named.

This example removes a policy named as Backup.

Remove-NetQosPolicy -Name "Backup"

This example removes all the policies from the ActiveStore.

Remove-NetQosPolicy -PolicyStore ActiveStore

 

With this information you can get into shape… 😉

 

Extra Info:

Differentiated Services and DSCP

Diffserv (Differentiated Services) is a protocol that defines traffic prioritization at Layer 3 of the OSI model. Layer 3 network devices, such as routers, that support this protocol use Diffserv markings to identify the forwarding treatment, or per-hop behavior (PHB), that marked traffic is to receive. Diffserv markings for a packet are placed in the IP header.
RFC 2475 defines the architecture for Diffserv. RFC 2474 defines the bits in the Diffserv field.
RFC 2474 redefines the IPv4 TOS octet as 6 bits for the Diffserv value, also known as Diffserv code point or DSCP, followed by 2 unused bits.

DSCP values are backward-compatible with IP precedence values, which means that legacy routers that support only IP precedence can interpret DSCP values. Valid values are 0-63.

Common values sorted from low to high are: 0,8,16,24,32,40,48,56

IEEE 802.1p Priority Levels

IEEE 802.1p defines a 3-bit field called the Priority Code Point (PCP) within an IEEE 802.1Q tag. The PCP value defines 8 priority levels, with 7 the highest priority and 1 the lowest priority. The priority level of 0 is the default. Each priority level defines a class of service that identifies separate traffic classes of transmitted packets.

PolicyStore

Specifies the location of the policy that is stored. The acceptable values for this parameter are:

  • ActiveStore
  • COMPUTERNAME
  • GPO:COMPUTERNAME
  • GPO:DOMAIN\GPONAME
  • LDAP://LDAP-URL

Samba – SMB browsing elections wars

I while ago I posted a page about Kodi and SMB. Read about it here. My goal than was to disable SMBv1 and ban it from my network.

Today I did a new installation of my Chromebook (with Chromebook Unix on the side). I noticed I couldn’t browse with the file manager from my distro and after editing the samba configuration file to bumb the client max protocol to level 3 it still wouldn’t work.

Having multiple looks at my smb.conf file and restarting the service multiple times after uncommenting some settings I had no clou what was going on. Samba can be a handfull but has an overwhelming documentation library. Reading Chapter 7. Name Resolution and Browsing pointed my in the right direction to solve this.

Continue reading Samba – SMB browsing elections wars

VMware vSphere 7 – the next numbered release

vmware

VMworld is two weeks away from now and they already gave us a sneak preview about some upcoming changes in their next product line.

vCenter Server for Windows

VMware plans to deprecate vCenter Server for Windows with the next numbered release (not update release) of vSphere.  The next version of vSphere will be the terminal release for which vCenter Server for Windows will be available.

The vCenter Server Appliance (VCSA) was first introduced with the release of vSphere 5.0 and has since evolved to become the definitive deployment model for vCenter Server. VMware has also been pushing the appliance a bit by giving it features that are exclusive such as:

  • Migration
  • Improved Appliance Management
  • VMware Update Manager
  • Native High Availability
  • Built-in Backup / Restore

VMware plans to deprecate the Flash-based vSphere Web Client

The vSphere GUIs, including the vSphere Web Client and HTML5-based vSphere Client, are tools that are used every day by IT to manage the operation of their virtual data center.  VMware is constantly striving to make these tools performant and easy to use.  However, with the vSphere Web Client, the community were frustrated because it was based on Flash technology that resulted in less than ideal performance and constant update requirements.   Additionally, Adobe has recently announced plans to deprecate Flash.

VMware had the intention for a few years now to eventually replace the vSphere Web Client with a modern GUI administration tool.  The HTML5-based vSphere Client is that worthy successor.  The vSphere Client was introduced first in the Fling, then supported with vSphere 6.5 and has now been in customer hands for 1.5 years and production tested for over 9 months.  Since its introduction, the vSphere Client has received overwhelmingly positive responses from the vSphere community and customer base.

By the time the vSphere Web Client is deprecated, the vSphere Client will be full featured but with significantly better responsiveness and usability.

The vSphere Client will be the primary GUI administration tool for vSphere environments starting in the next release.  Customers should start transitioning over to the vSphere Client if they have not already done so as the vSphere Web Client will no longer be available after the next vSphere release.

Features that will be removed in the next Windows 10 Update

When Microsoft talked about Windows 10 before releasing it they said it will be around for a long time and will be getting updates in a different way than we were used to.

Looking back at this it looks like we already got a sneak preview at this concept with Windows 8 and Windows 8.1 (and remember the Windows XP Media Center disc 2?).

Continue reading Features that will be removed in the next Windows 10 Update

Hyper-V Server 2016 for a workgroup environment – Part 1

Pop quiz: Which Operating System edition from Microsoft has been free for use throughout it’s almost 10 year long lifespan?

Microsoft Hyper-V Server.

What is it?

Hyper-V is Microsoft’s hardware virtualization product. It lets you create and run a software version of a computer, called a virtual machine. Each virtual machine acts like a complete computer, running an operating system and programs. When you need computing resources, virtual machines give you more flexibility, help save time and money, and are a more efficient way to use hardware than just running one operating system on physical hardware.+

Hyper-V runs each virtual machine in its own isolated space, which means you can run more than one virtual machine on the same hardware at the same time. You might want to do this to avoid problems such as a crash affecting the other workloads, or to give different people, groups or services access to different systems.

Virtualization

VMware

There are 3 big players in the virtualization scene. VMware is probably the most well-known player and has been around for a long time. I have worked with ESX from their 2.5 days somewhere in 2004. While many things have changed, the basics are still the same.

You start with the Hardware > Installation of Hypervisor > Management through web interface. This is basically it. ESX has become picky with web browsers but in theory all you need is your web browser to do all the things on your server.

Hyper-V

Microsoft began with Hyper-V as a direct competitor against VMware with the introduction of Windows Server 2008 (aka the Vista edition). Yes it was a 1.0 product for them but it worked. One advantage and probably a disadvantage at the same time was that it could be a dedicated role on your server but it also allowed you to use your server as a regular server with the role Hyper-V on the side. Management throughout the GUI was done by a MSC (Microsoft Management Console snap-in). If you had a full server installed with GUI it was easy to manage on the server itself otherwise you almost had to have the server joined in a domain to manage it. It was possible to manage it from a workgroup but you would have to ‘break’ security on the server-side and perform some DCOM (Distributed Component Object Model) actions on the managing computer that resemble working with a crowbar.

XenServer

Xen backed by Citrix is the third player in the Hypervisor scene. Began as open-source project, was bought by Citrix and given back to the community. In comparison to VMware and Hyper-V it looks more like VMware. I have never worked with the pre-Citrix area of this product but from version 5.6 on you could manage your server through the XenCenter application, a Windows only program. There were alternatives for Linux like OpenXenManager but they were not officially supported by Citrix. The XenCenter application allows to connect to your server over the network with a username and password.

The Interfaces

vSphere 6.5 webclient, navigation bar on the left, menu bar on the top, content in the large screen. It’s okay for regular use. In previous versions you could ‘hack’ the performance monitoring tab to extend the only one hour limit of the free version to 3 days but this doesn’t seem to be possible anymore which is a shame and kind of negative point if you don’t have another system monitoring performance (which is kind of unusual in homelab setups)

Vsphere 6.5 interface

Hyper-V Manager, traditional MMC layout. List on the left, middle part has the content, right side covers the action bar. The Hyper-V Manager has has the basics of what you could do with a VM. Performance monitoring is real-time and will show only live CPU usage and Memory demand/usage.

Hyper-V 2016 interface

XenCenter, navigation bar on the left, toolbar with operations on the top, works with tabs for each different feature. Works great and I love the performance graphs. In previous releases Citrix sometimes used to change the feature level of the free edition and in the 6.x era you could enable enterprise features by using an older client but there is no need for these tricks anymore for regular users.

XenServer 7.2 interface

And XenCenter has one small benefit over the other 2 products with small and simple console allow you to start or shutdown VM’s on the console.

And XenServer has a simple interface on the server for basic operation.

 

Part 1 Finished

I won’t be going into much details which product is better for what reason but I chose Hyper-V Server for 1 reason as my ‘home‘ server. While VMware and Xen are pure virtualization hosts, Hyper-V allows me to use my server also as a file server.

Sure you can run a guest VM on VMware or Xen with multiple terabytes storage but my files are more important that a virtual machine and keeping my files on my harddisk on a VMFS formatted datastore in a VMDK or a XenServer Storage Repository running LVM and ext3 could be hell is something goes wrong with the hypervisor. I prefer to have my files on a harddisk and in case of a server failure I can remove the disk out of my server and plug it into a USB dock. Couldn’t be more simple than that.

Next time

Part 2 will cover the commands to make the most kickass home server setup for file sharing and running some VM’s.

 

H.264 H.265/HEVC Video Extension – Windows 10 Insider

Windows 10 logo

About restoring your video playing experience. HEVC Video Extension on Microsoft Store

The last fey days I had some trouble getting the latest Windows insider slow ring update on my main pc. (Version 16232). I’ve seen this screen a few times now:

Something to do with drivers on my installation. I had to uninstall some drivers from my mouse, audio- and graphics-card to get the update the update installed. Stupid thing about the error was that the GSOD (Green Screen of Death) was at the end of the setup and it automatically did a rollback. I couldn’t choose any other way and with the rollback it also wiped the installation files. Thankfully the rollback works great and as soon as the old Windows installation is up and running it sees an insider update and downloads the whole set again and again and so on….

But anyway I’m running now Build 16232 with the Windows Defender Application Guard for Microsoft Edge functionality. More info on this feature here and here.

The next day after installing the update and my drivers again 🙂 I wanted to resume watching a video on my pc. The video opened with the default Movies and TV app which I actually really like and audio started but my screen kept black.

Maybe I didn’t see the announcement (or maybe there is no announcement as I still can’t find it when googling for it now) but it looks like Microsoft has pulled H.264, x264, H.265 aka HEVC codec support and maybe more from their base OS. You now have to install a small add-on from the store to get the functionality back.

Download it from Microsoft here:

microsoft.com/en-us/store/p/hevc-video-extension/9n4wgh0z6vhq

It probably has something to do with royalties or some lawsuit for a patent infringement but it’s a bit weird there was absolutely no information out there before this happened. The word H265 or H264 hasn’t been mentioned at the Windows Insider blog for the last year.

After installing this add-on I could play my video files again.

 

 

Windows Home Server 2011 End of Mainstream Support – Users left abandoned

Windows Server logo

Windows Home Server 2011 mainstream support has ended in the second quarter of 2017

What does this mean for you?

This means that Microsoft will no longer issue security updates for the Home Server-specific components that make up Windows Home Server 2011. If you are still running Windows Home Server 2008 or Windows Home Server 2011, Microsoft recommends bringing in a new device running Windows Server Standard or Windows Server Essentials and migrating your roles, features and data to the new appliance. Today’s new hardware is significantly faster and cheaper and can better handle the latest Windows security infrastructure, roles and features. Customers moving to a modern operating system will benefit from dramatically enhanced security, broad device support, higher user productivity, and a lower total cost of ownership through improved management capabilities.

Why migrate from Windows Home Server to Windows Server Essentials?

The latest versions of Windows Server Essentials support improvements in security, scalability, and manageability, and it contains device driver support for new hardware and silicon.
Simplified setup. There is no easier way to set up a server than using the Windows Server Essentials Out-of-Box experience. Windows Server Essentials configures AD, certificate services, and DNS. It helps get a public domain name set up, and it generates and installs SSL certificates and everything you need to get started with your own hybrid cloud setup.
Data redundancy and single pool of storage. Windows Server Essentials includes a feature called Storage Spaces that provides data redundancy and storage pooling functionality like that provided by Drive Extender in WHS. Windows Server Essentials has a much more reliable and resilient storage subsystem.
Centralized PC backup and restore. Windows Server Essentials includes the next generation version of the centralized PC backup and restore functionality from Windows Home Server 2011 as well as centralized File History storage for all your PCs. Windows Server Essentials supports up to 75 PC backups vs. Windows Home Server’s 25 PC backup limitation. Windows Server Essentials 2016 also supports backing up volumes to Azure and backing up VMs to Azure Site Recovery (ASR).
Centralized PC and server health monitoring. Windows Server Essentials includes health monitoring, both for the server itself as well as for all the connected PCs.
Document and media sharing. Windows Server Essentials can share content using SMB, iSCSI or NFS. Windows Server Essentials 2016 no longer includes the media streaming codecs, however, we found that people were not actually using that feature and they prefer to decode in the respective media applications.
Remote access. Windows Server Essentials has the remote access gateway feature that automatically generates SSL certificates for your server from GoDaddy. Essentials includes a web-based client for accessing home documents and media, and you can also remote desktop into the server if needed for administration purposes.

IO

Yeah, so this means the product line Home Server is dead and users are forced to migrate an domain, certificates and data. Well data migration isn’t that hard, a basic copy can do the job, but before they can do this they need to setup Storage Spaces which is a new concept for them.

Storage Pools

Do you know how to setup a storage pool with existing data? Well you don’t because it’s not possible…

Migrate Domain

Migrating a domain controller and removing the first existing domain controller used to be a lot of work if done properly. Good thing Microsoft made it easier with 2016. Basically all you need to do is delete the Computer Account from Active Directory Sites and Services (dsa.msc) and after this open a elevated Command Prompt or Powershell and

type ntdsutil and enter. 
Then metadata cleanup
Next type remove selected server <yourservername>

There is still one little issue with this. Server 2016 Essentials is designed to be a domain controller. If you are following the wizard pages after you login you will end up with another domain and joining the first domain will be a hard job. You have to cancel the wizard and join your new 2016 Essentials server manually to the existing domain.

Certificates

You will also have to import the EFS (Encrypted File System) and CA (Certification Authority) from one server to another.

EFS migratation contains files and certificates. The File is located in

%APPDATA%\Microsoft\Crypto\RSA

And you will need to export a certificate under the Administrator account Certificates\Personal\ of the File Recovery type. Export with private key or else you can’t use it.

For the CA feature there are more guides around on the interwebs.

Microsoft hasn’t made a guide for the 2016 edition yet, but the 2012 doesn’t seem that off.

 

So does this sound easy peasy for you? Well go ahead then with your new server (with new harddisks) if you have the funds and are willing to pay for it. It’s just $559 at the Microsoft Store 🙂 Not really a home product isn’t it….