Tuesday, June 30, 2015

Newly Built Hyper-V 2012 R2 Server Blue Screening

We experienced an issue with a newly built Hyper-V 2012 R2 server running on Windows Server 2012 R2 Datacentre edition with all the latest critical and security and critical as of 23/06/2015.  The server was built, setup with a number of virtual machines and ran without issues for a period of approximately 1 month.  After approximately 1 month, the server started blue screening on a regular basis, no changes had been made to the Hyper-V Host.

The Hyper-V Host was setup on a Dell PowerEdge R730XD with 192GB of memory.

The Blue Screen error was: KERNEL_SECURITY_CHECK_FAILURE


The cause of the crash as per the original error was from the NT Kernel (ntoskrnl.exe).


We opened a support case with Microsoft to get the full memory dump analysed.  After the memory dump was analysed, we were advised it was a known bug in Windows Server 2012 R2 identified 14th of April 2015.  They pointed us at KB3055343 which resolves a issue with Windows that can cause inconsistent network interface data on the system.

After downloading and installing KB3055343 the issue was resolved.

https://support.microsoft.com/kb/3055343

Tuesday, June 23, 2015

Legacy File Servers with User Profile Disks

I have been involved in a number of Remote Desktop Services 2012 R2 deployments and from my experiences, I recommend to my clients to only utilise Server 2012 R2 file servers.  This is due to two issues which I have experienced with legacy file servers such as Windows Server 2008 R2:
  • Problems using DFS Namespaces
  • Temporary Profiles
DFS Namespaces
DFS Namespaces are supported with User Profile Disks however from my experience both the file server and DFS namespace servers must be Server 2012 R2.  If they are not Server 2012 R2 you will receive this error:
 
Unable to enable user disks on UserVHDShare. Could not create template VHD.  Error Message: The network location "\\domain.local\namespace\foldertarget" is not available.
 
 I have replicated this twice in my lab and at a production site when dealing with 2008 R2 file servers.  If you utilise 2012 R2 file servers with 2012 R2 DFS namespace servers you will not experience this error.

Temporary Profiles

I have seen at a customer sites using 2008 R2 file servers sometimes results in temporary profiles.  This happens when the user logs off and the 2008 R2 file server does not release the file handle to the server.  This results in the VHD being locked and as a result, when users login they receive a temporary profile.

In this scenario we confirmed there was no real time AV scanning on the server or third party products that could be locking the server.  It only happens rarely but enough to get the odd user complain to service desk they are getting a temporary profile.

When the VHD is locked on the file server, restarting the Server service or restarting the file server unlocks the file again (both which result in downtime).

I worked with Microsoft PSS support on this case under 115052712773011 and got no where.  After upgrading the file server to 2012 R2, we had no more issues with user profile disks being locked under a file handle on the file server.  Microsoft said that it could be an issue when dealing with the legacy SMB 2.1 protocol where the legacy protocol fails to remove the file handle on the User Profile Disk after the user logs off.

When a Windows machine connects to a legacy operating system for file shares, it will always use the legacy version of the SMB protocol as shown in the following table.  It is recommended to always utilise SMB 3.02 when using Remote Desktop Services 2012 R2 which means you need a 2012 R2 file server for storing the profile disks.


http://blogs.technet.com/b/josebda/archive/2013/10/02/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-you-are-using.aspx