Features that will be removed in the next Windows 10 Update

When Microsoft talked about Windows 10 before releasing it they said it will be around for a long time and will be getting updates in a different way than we were used to.

Looking back at this it looks like we already got a sneak preview at this concept with Windows 8 and Windows 8.1 (and remember the Windows XP Media Center disc 2?).

Continue reading Features that will be removed in the next Windows 10 Update

Hyper-V Server 2016 in a workgroup – Part 1

Pop quiz: Which Operating System edition from Microsoft has been free for use throughout it’s almost 10 year long lifespan?

Microsoft Hyper-V Server.

What is it?

Hyper-V is Microsoft’s hardware virtualization product. It lets you create and run a software version of a computer, called a virtual machine. Each virtual machine acts like a complete computer, running an operating system and programs. When you need computing resources, virtual machines give you more flexibility, help save time and money, and are a more efficient way to use hardware than just running one operating system on physical hardware.+

Hyper-V runs each virtual machine in its own isolated space, which means you can run more than one virtual machine on the same hardware at the same time. You might want to do this to avoid problems such as a crash affecting the other workloads, or to give different people, groups or services access to different systems.

Virtualization

VMware

There are 3 big players in the virtualization scene. VMware is probably the most well-known player and has been around for a long time. I have worked with ESX from their 2.5 days somewhere in 2004. While many things have changed, the basics are still the same.

You start with the Hardware > Installation of Hypervisor > Management through web interface. This is basically it. ESX has become picky with web browsers but in theory all you need is your web browser to do all the things on your server.

Hyper-V

Microsoft began with Hyper-V as a direct competitor against VMware with the introduction of Windows Server 2008 (aka the Vista edition). Yes it was a 1.0 product for them but it worked. One advantage and probably a disadvantage at the same time was that it could be a dedicated role on your server but it also allowed you to use your server as a regular server with the role Hyper-V on the side. Management throughout the GUI was done by a MSC (Microsoft Management Console snap-in). If you had a full server installed with GUI it was easy to manage on the server itself otherwise you almost had to have the server joined in a domain to manage it. It was possible to manage it from a workgroup but you would have to ‘break’ security on the server-side and perform some DCOM (Distributed Component Object Model) actions on the managing computer that resemble working with a crowbar.

XenServer

Xen backed by Citrix is the third player in the Hypervisor scene. Began as open-source project, was bought by Citrix and given back to the community. In comparison to VMware and Hyper-V it looks more like VMware. I have never worked with the pre-Citrix area of this product but from version 5.6 on you could manage your server through the XenCenter application, a Windows only program. There were alternatives for Linux like OpenXenManager but they were not officially supported by Citrix. The XenCenter application allows to connect to your server over the network with a username and password.

The Interfaces

vSphere 6.5 webclient, navigation bar on the left, menu bar on the top, content in the large screen. It’s okay for regular use. In previous versions you could ‘hack’ the performance monitoring tab to extend the only one hour limit of the free version to 3 days but this doesn’t seem to be possible anymore which is a shame and kind of negative point if you don’t have another system monitoring performance (which is kind of unusual in homelab setups)

Vsphere 6.5 interface

Hyper-V Manager, traditional MMC layout. List on the left, middle part has the content, right side covers the action bar. The Hyper-V Manager has has the basics of what you could do with a VM. Performance monitoring is real-time and will show only live CPU usage and Memory demand/usage.

Hyper-V 2016 interface

XenCenter, navigation bar on the left, toolbar with operations on the top, works with tabs for each different feature. Works great and I love the performance graphs. In previous releases Citrix sometimes used to change the feature level of the free edition and in the 6.x era you could enable enterprise features by using an older client but there is no need for these tricks anymore for regular users.

XenServer 7.2 interface

And XenCenter has one small benefit over the other 2 products with small and simple console allow you to start or shutdown VM’s on the console.

And XenServer has a simple interface on the server for basic operation.

 

Part 1 Finished

I won’t be going into much details which product is better for what reason but I chose Hyper-V Server for 1 reason as my ‘home‘ server. While VMware and Xen are pure virtualization hosts Hyper-V allows me to use my server also as a file server.

Sure you can run a guest VM on VMware or Xen with multiple terabytes storage but my files are more important that a virtual machine and keeping my files on my harddisk on a VMFS formatted datastore in a VMDK or a XenServer Storage Repository running LVM and ext3 could be hell is something goes wrong with the hypervisor. I prefer to have my files on a harddisk and in case of a server failure I can remove the disk out of my server and plug it into a USB dock. Couldn’t be more simple than that.

Next time

Part 2 will cover the commands to make the most kickass home server setup for file sharing and running some VM’s.

 

Windows Home Server 2011 End of Mainstream Support – Users left abandoned

Windows Server logo

Windows Home Server 2011 mainstream support has ended in the second quarter of 2017

What does this mean for you?

This means that Microsoft will no longer issue security updates for the Home Server-specific components that make up Windows Home Server 2011. If you are still running Windows Home Server 2008 or Windows Home Server 2011, Microsoft recommends bringing in a new device running Windows Server Standard or Windows Server Essentials and migrating your roles, features and data to the new appliance. Today’s new hardware is significantly faster and cheaper and can better handle the latest Windows security infrastructure, roles and features. Customers moving to a modern operating system will benefit from dramatically enhanced security, broad device support, higher user productivity, and a lower total cost of ownership through improved management capabilities.

Why migrate from Windows Home Server to Windows Server Essentials?

The latest versions of Windows Server Essentials support improvements in security, scalability, and manageability, and it contains device driver support for new hardware and silicon.
Simplified setup. There is no easier way to set up a server than using the Windows Server Essentials Out-of-Box experience. Windows Server Essentials configures AD, certificate services, and DNS. It helps get a public domain name set up, and it generates and installs SSL certificates and everything you need to get started with your own hybrid cloud setup.
Data redundancy and single pool of storage. Windows Server Essentials includes a feature called Storage Spaces that provides data redundancy and storage pooling functionality like that provided by Drive Extender in WHS. Windows Server Essentials has a much more reliable and resilient storage subsystem.
Centralized PC backup and restore. Windows Server Essentials includes the next generation version of the centralized PC backup and restore functionality from Windows Home Server 2011 as well as centralized File History storage for all your PCs. Windows Server Essentials supports up to 75 PC backups vs. Windows Home Server’s 25 PC backup limitation. Windows Server Essentials 2016 also supports backing up volumes to Azure and backing up VMs to Azure Site Recovery (ASR).
Centralized PC and server health monitoring. Windows Server Essentials includes health monitoring, both for the server itself as well as for all the connected PCs.
Document and media sharing. Windows Server Essentials can share content using SMB, iSCSI or NFS. Windows Server Essentials 2016 no longer includes the media streaming codecs, however, we found that people were not actually using that feature and they prefer to decode in the respective media applications.
Remote access. Windows Server Essentials has the remote access gateway feature that automatically generates SSL certificates for your server from GoDaddy. Essentials includes a web-based client for accessing home documents and media, and you can also remote desktop into the server if needed for administration purposes.

IO

Yeah, so this means the product line Home Server is dead and users are forced to migrate an domain, certificates and data. Well data migration isn’t that hard, a basic copy can do the job, but before they can do this they need to setup Storage Spaces which is a new concept for them.

Storage Pools

Do you know how to setup a storage pool with existing data? Well you don’t because it’s not possible…

Migrate Domain

Migrating a domain controller and removing the first existing domain controller used to be a lot of work if done properly. Good thing Microsoft made it easier with 2016. Basically all you need to do is delete the Computer Account from Active Directory Sites and Services (dsa.msc) and after this open a elevated Command Prompt or Powershell and

type ntdsutil and enter. 
Then metadata cleanup
Next type remove selected server <yourservername>

There is still one little issue with this. Server 2016 Essentials is designed to be a domain controller. If you are following the wizard pages after you login you will end up with another domain and joining the first domain will be a hard job. You have to cancel the wizard and join your new 2016 Essentials server manually to the existing domain.

Certificates

You will also have to import the EFS (Encrypted File System) and CA (Certification Authority) from one server to another.

EFS migratation contains files and certificates. The File is located in

%APPDATA%\Microsoft\Crypto\RSA

And you will need to export a certificate under the Administrator account Certificates\Personal\ of the File Recovery type. Export with private key or else you can’t use it.

For the CA feature there are more guides around on the interwebs.

Microsoft hasn’t made a guide for the 2016 edition yet, but the 2012 doesn’t seem that off.

 

So does this sound easy peasy for you? Well go ahead then with your new server (with new harddisks) if you have the funds and are willing to pay for it. It’s just $559 at the Microsoft Store 🙂 Not really a home product isn’t it….

Kodi and SMBv1 – how to jump into the 21st century

Kodi logo

What is it?

The Server Message Block (SMB) protocol is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network. The SMB protocol can be used on top of its TCP/IP protocol or other network protocols. Using the SMB protocol, an application or the user can access files or other resources at a remote server. This allows applications to read, create, and update files on the remote server. It can also communicate with any server program that is set up to receive an SMB client request.

What versions are out there?

The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists.

The SMBv2 protocol was introduced in Windows Vista and Windows Server 2008. The SMBv3 protocol was introduced in Windows 8 and Windows Server 2012.

WannaCry

Almost everyone has heard of WannaCry in the recent weeks, an exploit that propagates EternalBlue, made by the NSA and lost by the NSA, an exploit of Windows’ Server Message Block (SMB) protocol.

WannaCry is made less harmful by patching Microsoft’s Operating Systems, disabling SMBv1 and blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

 

How to enable or disable SMB protocols on the Windows SMB server

If you are running Windows Server you can use the Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component. You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

To obtain the current state of the SMB server protocol configuration, run the following cmdlet:

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

To disable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $false
Notes
  • You must run these commands at an elevated command prompt.
  • You do not have to restart the computer after you make these changes.

 

To enable or disable SMB protocols on an SMB Server that is running a Windows Desktop OS use Windows PowerShell or Registry Editor.

To disable SMBv1 on the SMB server-side, run the following cmdlet:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
Notes
  • You must run these commands at an elevated command prompt.
  • You must restart the computer after you make these changes.

 

How to enable or disable SMB protocols on the Windows SMB client

Note

You might think a Windows Server has nothing to do with the client side of SMB but it uses the client to connect to other servers. So if you want to completely disable SMBv1 you also need to do the following on the Server OS.

To disable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi 
sc.exe config mrxsmb10 start= disabled
Notes
  • You must run these commands at an elevated command prompt.
  • You must restart the computer after you make these changes.

 

How to gracefully remove SMBv1 in Windows 8.1, Windows 10, Windows 2012 R2, and Windows Server 2016

If you are sure you do not need SMBv1 and will never need it you can also remove it from the OS.

If you are using Windows Server run the following cmdlet:

Remove-WindowsFeature FS-SMB1

If you are using a Windows Client IS run the following cmdlet:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
Note
  • You must run these commands at an elevated command prompt.

 

 

When does Kodi come into play?

You might have read this so far and asked yourself what has this to do with Kodi? Well after I disabled SMBv1 on my free Microsoft Hyper-V Server 2016 (Blog Post coming soon) I noticed my OSMC Kodi client couldn’t access the libraries anymore.

That’s weird, OSMC is running a fairly new Linux kernel and is normally shipped with up to date packages. Samba 3.6 was the first version that made SMBv2 possible. Released at the end of 2011 this should have worked.

After a lot of time on the Kodi and OSMC forum it turns out that Kodi has some sort of its own smb configuration.

While normal Linux systems have the configuration file located in the /etc/samba/smb.conf file, it turns out that Kodi uses it own configuration file.

While bumping the system wide smb.conf file for Samba up to SMB2 or higher I was still unable to connect my Pi with OSMC to my Ubuntu Server running SMB3.

Using smbstatus you can get a report on current Samba connections

$ sudo smbstatus -b

Note

To get the Windows equivalent of smbstatus use the following PowerShell line:

Get-SmbSession | Select-Object -Property SessionId,ClientComputerName,ClientUserName,NumOpens,Dialect | Format-Table

 

The almost hidden .smb/smb.conf

Kodi has very poorly documented its own smb.conf file in the ~/.kodi/.smb/smb.conf location. This is the file that Kodi uses for its Samba configuration.

I started adding the option client min protocol = SMB2 to bypass SMB1. After this I still couldn’t make a connection with my files. Some people stated client max protocol = SMB3 should go along with the min setting. I also added client NTLMv2 auth = yes since this kinda is the default settings since Windows Server 2008.

After this I was able to connect with my Windows Server 2016 but still not with my Ubuntu Server. I downgraded the server protocol to SMB2 with server min protocol = SMB2 and things started to work.

$ sudo smbstatus -b

Samba version 4.3.11-Ubuntu
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
1741 nobody nogroup 172.16.1.195 (ipv4:172.16.1.195:50393) Unknown (0x0311)
1758 nobody nogroup 172.16.1.187 (ipv4:172.16.1.187:47632) SMB3_00
1758 -1 -1 172.16.1.187 (ipv4:172.16.1.187:47632) SMB3_00

Nice to see the client is connecting with SMB3 while it wouldn’t connect while the server was on SMB3 level… interoperability… jeej! 😉

So after some time I ended with the following configuration file for my Linux computers:

smb.conf

[global]
 client min protocol = SMB2
 client max protocol = SMB3
 client NTLMv2 auth = yes
 server min protocol = SMB2

 

After-effects

Disabling SMBv1 in Kodi breaks the SMB browsing function. You will not be able to use the SMB browser to navigate through your network and shares. If you want to connect to a new source you will have to type smb://MyServer/MyShare/

Android Phones/Tables/Players will not be able to make use of the more secure servers. While the same mechanism is still there the Samba client shipped with Kodi is not able to connect to SMB2/3 shares. According a developer from Kodi their Samba version for Android is not compatible with it.

Android/data/org.xbmc.kodi/files/.smb/smb.conf

A bit snooping arround github shows they are probably using Samba 3.0 with a lot of patches. The good news is that three weeks ago they started some work with Samba 4.1.

Until that work is complete a workaround for Kodi on Android might be switching to NFS or going truly hardcore with mounting cifs on the Android system.

Windows Server 2016 docs are now on docs.microsoft.com

Windows Server logo

Microsoft announced the availability of the IT pro technical documentation for Windows Server 2016 and Windows 10 and Windows 10 Mobile on docs.microsoft.com.

docs.microsoft.com?

Docs is a crisp new design that should work better on your phone, tablet, and PC. You’ll see new ways to engage with Microsoft and contribute to the larger IT pro community on docs.

Performance Tuning Guidelines for Windows Server 2016

When you run a server system in your organization, you might have business needs not met using default server settings. For example, you might need the lowest possible energy consumption, or the lowest possible latency, or the maximum possible throughput on your server. This guide provides a set of guidelines that you can use to tune the server settings in Windows Server 2016 and obtain incremental performance or energy efficiency gains, especially when the nature of the workload varies little over time.

It is important that your tuning changes consider the hardware, the workload, the power budgets, and the performance goals of your server. This guide describes each setting and its potential effect to help you make an informed decision about its relevance to your system, workload, performance, and energy usage goals.

Warning

Registry settings and tuning parameters changed significantly 
between versions of Windows Server. Be sure to use the latest 
tuning guidelines to avoid unexpected results.

You can download the official document here.

Power Throttling your background apps on Windows

Most people have multiple apps running at the same time – and often, what’s running in the background can drain your battery. In the latest Insider Preview build (Build 16176), Microsoft allows you to run background work in a power-efficient manner, thereby enhancing battery life significantly while still giving users access to powerful multitasking capabilities. With “Power Throttling”, when background work is running, Windows places the CPU in its most energy-efficient operating modes – work gets done, but the minimal possible battery is spent on that work.

Microsoft mentioned in January that they where doing some power experiments. Power Throttling was one of those experiments, and showed up to 11% savings in CPU power consumption for some of the most strenuous use cases. This capability should help many of you see a nice boost in battery life!

Background Moderated apps are the Power Throttled ones.

Power Throttling is currently available only for processors with Intel’s Speed Shift technology, available in Intel’s 6th-gen (and newer) Core processors. Processors where the first number after i3, i5 or i7 starts with a 6 are currently available (for example i5-6400, i7-6600). Other processors, read older ones, will likely be added to the support list in the future.

A passage from Microsoft:

How does it work? To give great performance to the apps you’re using, while at the same time power throttling background work, we built a sophisticated detection system into Windows. The OS identifies work that is important to you (apps in the foreground, apps playing music, as well as other categories of important work we infer from the demands of running apps and the apps the user interacts with). While this detection works well for most apps, if you happen to notice an app that is negatively impacted by Power Throttling, we really want to know!! You can do 3 things:

1. Provide feedback! Please run the Feedback Hub and file feedback under the Power and Battery > Throttled Applications category

2. Control power throttling system-wide, using the Power Slider. Windows works hardest to keep the processor in its efficient ranges when you’ve selected “Battery Saver” or “Recommended”, and turns off completely when you’ve selected “Best Performance”.

Power Slider

3. Opt individual apps out from Power Throttling:

  • Go to Battery Settings (Settings >  System > Battery).
  • Click on “Battery Usage by App”.
  • Select your app.
  • Toggle “Managed by Windows” to “Off”.
  • Uncheck the “Reduce work app does when in background” checkbox.

Note that benchmark results may vary with power throttling turned on. While most benchmarks run fine and produce great performance results, some benchmark processes may be affected by throttling. Our general recommendation is to always run performance benchmarks while plugged in, as power throttling does not apply in that case.

I find a few things weird in this text. First of all, why mention music apps? It’s not like an app playing music would need full power of a 6th generation Intel Core processor. Are there some restrictions with apps that use DirectSound or Direct3D?

And as you can read in the final sentence this feature won’t be available on your Desktop. Why? Why wouldn’t I want 11% power-savings (or even more since desktops processors are likely to use more power) on my desktop?

Windows Vista support has ended

As of April 11, 2017, Windows Vista customers are no longer receiving new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft. Microsoft has provided support for Windows Vista for the past 10 years, but the time has come for us, along with our hardware and software partners, to invest our resources towards more recent technologies so that we can continue to deliver great new experiences.

No tears from me about this one 😉

You can read the full story here on Microsoft’s support site.

 

The next ‘bigger’ product to follow this year are Windows Phone 8.1 on 11 July 2017 and Microsoft Office 2011 products for Mac on 10 October 2017.