Direct Access not working with Windows Firewall Enabled on Client

We had an interesting issue with Microsoft Direct Access on Windows 10 latest build 1909.

• When Windows Firewall is disabled, Direct Access works on the client.
• Enabling Windows Firewall on the client breaks Direct Access resulting in no connection.

Symptoms of Issue

Here is the symptoms we were receiving:

Get-DAConnectionStatus returned "CouldNotContactDirectAccessServer"

netsh interface httpstunnel show interface shows the Interface is Active

IPHTTPS interface active
Last Error Code 0x0

The issue appears to be with Name Resolution Policy Table (NRPT).  When Windows Firewall was enabled on the client, you were able to ping IPv6 addresses on the Direct Access server through the tunnel but all name resolution failed.

For example, you can ping the tunnel endpoints discoverable using the Get-DAClientExperianceConfiguration cmdlet on the client.  You can also ping IPv6 addresses of hostnames previously resolved when the Windows Firewall was in a disabled state.  For example, whilst Windows Firewall was in a disabled state, ping domain.local (your AD forest name), copy the IPv6 address, re-enable Windows Firewall and you will notice you can resolve it by the IPv6 address, not by hostname using NRPT.

Resolution

The issue was caused by Windows Firewall set to a disabled state on the server.

What we found was when the Windows Firewall is disabled on the server, Windows Firewall must be disabled on the client.

If DA Server Firewall is disabled, but DA client Firewall is enabled - Direct Access breaks.
If DA Server Firewall is enabled, but DA client Firewall is disabled - Direct Access breaks

You must have Windows Firewall disabled on both the DA Server and DA Client, or enabled on both the DA Server and DA Client.

We also identified another issue on the DA server with regards to Windows Firewall being disabled.  In our environment, disabling Windows Firewall on the DA Server breaks Direct Access reporting in the "Remote Access Management" console.

As a result, it is strongly recommended to keep Windows Firewall enabled on both the DA Server and DA clients.

Remote Desktop Services 2016 Microsoft Office Not Aligning

I came across an issue with Remote Desktop Services 2016 on Server 2016 where Microsoft Office applications did not align properly when deployed via a RemoteApp.

A small bar on the left and top of the applications is present and whilst not a big deal, was annoying for users.  I have shown this in the following screenshot, notice the black bar on the top and left of the window.

This issue was flagged as a bug in Server 2016.  Microsoft released the fix under KB4013429 along with a whole lot of other updates. 

https://support.microsoft.com/kb/4013429

The patch can be downloaded from here:

http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows10.0-kb4013429-x64_ddc8596f88577ab739cade1d365956a74598e710.msu

After installing this patch and rebooting the server, the users will not longer experience this issue.

Hope this post has been helpful.

KMS Activation Error 0xc004f074

I recently had issues deploying a new KMS server to activate Windows 10 LTSB 2016 at a customer.  We deployed LTSB to remove all the bloatware from the Windows Store, Edge and other unwanted items like candy crush saga which Microsoft believes enterprise organisations should have in an enterprise version of Windows!

After setting up the KMS server, the following error were experienced on the endpoints:

We can't activate Windows on this device because we can't connect to your organisation's server. Make sure that you're connected to your organisation's network and try again. If you continue having problems with activation, contact your organisation's support person. Error code: 0xC004F074.

Activating Windows(R), EnterpriseS edition

Error: 0xC004F074 The Software Licensing Server reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.

License Activation (slui.exe) failed with the following error code:
hr=0C004F074

Event ID: 8198
Source: Security-SPP

The KMS Server we deployed was running "Windows Server 2012 R2 Datacentre edition".

The key we used from our Microsoft VLSC portal was "Windows Srv 2012R2 DataCtr/Std KMS for Windows 10" - the key recommended for Activating Windows 10.

After liaising with Microsoft with regards to the error, Microsoft advised me that the KMS Key "Windows Srv 2012R2 DataCtr/Std KMS for Windows 10" can only be used for "Windows 10 LTSB 2015".

In order to activate Windows 10 LTSB 2016, you need to use the "Windows Svr 2016 DataCtr/Std KMS" Key.  This will also activate all other builds of Windows 10, Windows 8.1 and Windows 7.  This is what it should look like in your Microsoft VLSC Portal.

In order to install this Server 2016 KMS Key on Windows Server 2012 R2, you must first install the KB3172614 patch.  This can be downloaded from the following URL:

https://support.microsoft.com/en-us/help/3172614/july-2016-update-rollup-for-windows-8-1-and-windows-server-2012-r2

Once this patch is installed, perform the following:

1. Uninstall any current KMS keys on the KMS server with the following command:

slmgr.vbs /upk

2. Install the new "Windows Svr 2016 DataCtr/Std KMS" Key from the your VLSC Portal.

slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

3. Activate the KMS Server

slmgr.vbs /ato

4. Check the key was installed correctly

slmgr/vbs /dlv

Next on your workstation's install the correct KMS Client Key which can be viewed here:

https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys

To install use the same command on the server, just using the KMS Client Key instead:

slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

Then activate it against the KMS Server:

slmgr.vbs /ato

I hope this post has been helpful.

WSUS Clients not Reporting or downloading updates

I had a large customer where all clients stopped downloading updates in November 2016.  Even after building a new WSUS server, clients would not update.

Clients were reporting the following error:

Code: 80244008 Windows Update encountered an unknown error.

The newly built WSUS server had all clients coming up in the "All Computers" list however no clients were reporting.

To resolve the issue, we had to delete the "C:\Windows\SoftwareDistribution" folder on each workstation.  This can be done with the following batch script:

net stop wuauserv
rd /s /q %windir%\SoftwareDistribution
net start wuauserv
wuauclt /detectnow /reportnow

After running this, the client then reports into WSUS and begins downloading updates.

 

Now this client has approximately 1000 computers on their network.  We do not want to go around to every workstation to run the batch script and delete the SoftwareDistribution.

 

You can use psexec from SystemInternals to do this across all computers in one batch script.  Save the batch script above to \\domain\netlogon as shown below:

 

@ECHO OFF

For /f %%i in (c:\computers.txt) do (
Echo ************************
Echo %%i
Echo ************************
psexec \\%%i -h -u domain\username -p password "\\domain\netlogon\resetsoftwaredistribution.bat"
)
pause

 

You will need to get a list of all computers from WSUS that are not reporting.  As you can not export lists from WSUS Management Console, you will need to install SQL Management Studio and connect to the Windows Internal Database (WID) hosting WSUS - or an external database in the event your not using WID!

 

 

Use the following TSQL query to get the first 1000 rows from the tbComputerTarget table in the SUSDB database.

 

SELECT TOP (1000) [TargetID]
,[ComputerID]
,[SID]
,[LastSyncTime]
,[LastReportedStatusTime]
,[LastReportedRebootTime]
,[IPAddress]
,[FullDomainName]
,[IsRegistered]
,[LastInventoryTime]
,[LastNameChangeTime]
,[EffectiveLastDetectionTime]
,[ParentServerTargetID]
,[LastSyncResult]
FROM [SUSDB].[dbo].[tbComputerTarget]

 

Use the following TSQL query to get the first 1000 rows from the tbComputerTarget table in the SUSDB database.  All the computers who have never reported or synced will have status NULL.

 

Use the FullDomainName column to copy and paste the hostnames of the computers into the c:\computers.txt text file on your PSEXEC computer.

 

 

 Running the script against all the remote workstations will fix your issue!

WSUS Console Freezes when the Server Cleanup Wizard

A common administration task of maintaining a WSUS server is cleaning up old legacy updates no longer required running the Server Cleanup Wizard.

If you have a large amount of updates which need cleaning, the Server Cleanup Wizard often freezes making it impossible to clean old updates from the WSUS Database.

If this happens, install SQL Management Studio onto the server an connect to the Windows Internal Database used by WSUS.

Run the following query to clean up old updates (this can take hours to run):

exec spGetObsoleteUpdatesToCleanup

DECLARE @var1 INT

DECLARE @msg nvarchar(100)

CREATE TABLE #results (Col1 INT)
INSERT INTO #results(Col1) EXEC spGetObsoleteUpdatesToCleanup

DECLARE WC Cursor
FOR
SELECT Col1 FROM #results

OPEN WC

FETCH NEXT FROM WC
INTO @var1
WHILE (@@FETCH_STATUS > -1)
BEGIN SET @msg = 'Deleting ' + CONVERT(varchar(10), @var1)
RAISERROR(@msg,0,1) WITH NOWAIT EXEC spDeleteUpdate @localUpdateID=@var1
FETCH NEXT FROM WC INTO @var1 END
CLOSE WC
DEALLOCATE WC
DROP TABLE #results

After a few hours the query should finish.  Once finished, you will need to run a "wsusutil reset" from an elevated command prompt.

"wsusutil reset" will also take a few hours to complete as it needs to scan every update on disk against the database and delete any that no longer exist in the database.

Hope this post has been helpful.

Error 0x800f0922 attempting to reprovision DHCP Server

We needed to re-provision a DHCP server running Windows Server 2012 R2 which was recently demoted and the role removed.  When attempting to re-add the role the following error was experienced:

The request to add or remove features on the specified server failed.  Installation of one or more roles, role services, or features failed.  Error: 0x800f0922

After much misleading information on the Internet, to resolve this error we simply needed to remove the "dhcp" folder from C:\Windows\System32\

For fast effective IT Support in Perth, contact Avantgarde Technologies.

Disable RC4 on Windows Servers

The 13 year old RC4 cipher exploit is enabled by default on Server 2012 R2.  If you have a IIS server using a digital certificate facing the Internet, it's recommended to disable RC4 cipher.

There are numerous security concerns documented on the Internet about this vulnerability including:

https://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628/

http://www.securityweek.com/new-attack-rc4-based-ssltls-leverages-13-year-old-vulnerability

To disable this vulnerability, add the following to the registry on your Server 2012 R2 operating system:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

To disable this vulnerability, add the following to the registry on your Server 2012 R2 operating system:

This was put in place on a customers RDS  Gateway and Web Access server after conducting a penetration test and finding this vulnerability enabled by default.

How to Patch Windows Server 2003 with Error 0x80072EFF

I have a customer who has 3 forests all running Exchange 2003 on Windows Server 2003... yes in the year 2016 (almost 2017).  Before moving to Exchange 2010 --> 2016 we are required to consolidate with some cross-forest migrations.

I need to test some things in my lab before performing this migration in production so I built some 2003 servers... been ages!

After running the installation I had issues patching the servers and I found no information online around Error Number: 0x80072EFF - surprising as it seems like such a common error (is there really no one out there installing Server 2003 now?)

When clicking start and selecting Windows Update, this is the error I received.

After playing around for a good 15 minutes googling this error, I decided to upgrade Internet Explorer to version 8 (the highest supported on 2003 server).  This is downloaded from the following website for 32bit.

https://www.microsoft.com/en-au/download/details.aspx?id=20335

Note you will not be able to browse this website on Internet Explorer 6 so you will have to download the upgrade file from another computer then copy it onto the 2003 server.

After upgrading Internet Explorer to 8, I was able to follow the bouncing ball and install all the latest patches up until 2003 server went end of life.

Hopefully this has been helpful for anyone out there still needing to install Server 2003 (for non production use hopefully).

IT Support in Perth by Avantgarde Technologies, Contact us now.

Direct Access Server not displaying Connection Statistics

A customer of mine had an issue with a Direct Access Server not displaying connection statistics.  My clients are connecting to the server without issues using IPHTTPS but we have no visibility to who is connected and for how long.

All connections and total bytes display 0 in both PowerShell and "Remote Access Management Console".

 

 

Also on the Remote Client Status page, no active clients are displayed.

This issue occurs when Windows Firewall is disabled on a Direct Access server.

Re-enable Windows Firewall and reboot the server.  After rebooting the server, wait 24 hours and you will notice statistics will start generating again.

Hope this post has been helpful.

Need IT Support or IT Services in Perth?  Contact Avantgarde Technologies.

The Danger of the Local Administrator Account

The local administrator account resides on every Windows Server and is usually in an enabled state.  This account is a major security vulnerability and is commonly prone to hacking attempts.

Security flaws with this account include:

• This account cannot be locked out and does not adhere to local or domain account lockout password policies.  This allows brute force attacks to be conducted against the account.
• The local administrator account is a well known SID, it always begins with S-1-5- and end with -500.  There are also tools allowing you to login with a SID rather then an account name so an attacker could launch a brute force without knowing the account!

Quote from Microsoft https://technet.microsoft.com/en-us/library/jj852165.aspx"

"The built-in Administrator account cannot be locked out no matter how many failed logons it accrues, which makes it a prime target for brute-force attacks that attempt to guess passwords. Also, this account has a well-known security identifier (SID), and there are non-Microsoft tools that allow authentication by using the SID rather than the account name. Therefore, even if you rename the Administrator account, an attacker could launch a brute-force attack by using the SID to log on. All other accounts that are members of the Administrator's group have the safeguard of locking out the account if the number of failed logons exceeds its configured maximum."

If security if your top concern, my recommendation is to disable this account and always create a new Administrator account regardless if it is the default domain Administrator account or default local Administrator account.

Need IT Support in Perth, give me a call now on 08 9468 7575

Error downloading unsupported File Types with IIS

A customer of mine was complained that when users attempted to download unknown file types, they received a "404 - File or directory not found" error message.

The file type my user was attempting to download was a ".indd" file.

This error is caused when the filetype is not a supported "MIME" an IIS Web Server.

In the event you want to add a new unknown file type under the IIS Website, click MIME Types.

Add the unknown file extension users are attempting to download.

After adding the mime, do an "iisreset".

Users will now be able to download the unknown file type.

DFSR Event ID 6404 - The Replicated Folder has an Invalid Local Path

I was attempting to add a new DFSR node to an existing DFSR Replication Group consisting of 17 file servers.  When adding the server the following error was experienced.

DFS Replication cannot replicate the replicated folder REPLICATEDFOLDER because the local path E:\replicationgroup is not the fully qualified path name of an existing, accessible local folder. This replicated folder is not replicating to or from this server. Event ID: 6404

This particular error is generally experienced when people attempt a non NTFS volume such as ReFS to a DFSR replication group as documented on the following forum.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/8860b354-3bf2-43ed-9acf-07fa43931046/dfsr-replication-cant-be-used-on-a-refs-volume?forum=winserver8gen

 In my case, I experienced this error with DFSR setup on NTFS volume on a new branch server.

The customer moved the DFSR node from one office, to another office.  The C:\ "SYSTEM" volume was formatted and reloaded with a fresh copy of 2012 R2 with latest patches, however the E:\ "DATA" volume was not formatted.  As a result it has its legacy DFSR Database, Staging data etc.

To clean up the staging data I created a new directory in C:\ called "empty":

C:\Empty

I then ran the following commands after stopping the DFSR Replication service on the spoke server:

Robocopy "C:\Empty" "E:\System Volume Information\DFSR" /MIR

Followed by

rmdir "E:\System Volume Information\DFSR"

Starting the DFSR replication service resulted in the error above.

After playing around a bit more, I found that in addition to flushing all data in System Volume Information\DFSR you must also remove the DfsrPrivate link which points to the System Volume Information\DFSR sub directory for DfsrPrivate data.

After doing this, starting the DFS Replication service kicks of its normal DFSR Initial Sync shown by a state of 2:

Wmic /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo get replicationgroupname,replicatedfoldername,state

State Values (Uninitialized, Initialized, Initial Sync, Auto Recovery, Normal, In Error), ValueMap (0, 1, 2, 3, 4, 5)}

Need help with DFSR In Perth?  Click for IT Support.

DFSR Backlog Count Not Reducing - Server 2012 R2

Microsoft recently released an update which causes DFSRS.exe CPU usage to hit 100%.

https://support.microsoft.com/en-us/kb/3156418

I wrote about this problem on the following blog post:

http://clintboessen.blogspot.com.au/2016/07/dfsr-service-100-cpu-usage.html

Since installing this update and removing this update, one of our spoke servers failed to replicate back to the primary hub server.  All data from the spoke server replicated correctly to the hub, however data from the hub was not propagating down to the spoke.

The backlog count continued to increase.

 

DFSR Hotfix https://support.microsoft.com/en-us/kb/2996883 was not installed on the affected hub server.

We knew there was no issue with our hub server as this was replicating successfully to 16 other DFSR spoke servers.

On the affected spoke server, I worked with the Directory Services team from Microsoft who made the following changes to the Network Interface.


C:\Windows\system32>netsh int tcp set global chimney=disabled
Ok.

C:\Windows\system32>netsh int tcp set global rss=disabled
Ok.

C:\Windows\system32>netsh int ip set global taskoffload=disabled
Ok.

C:\Windows\system32>netsh int tcp set global autotuninglevel=disabled
Ok.

C:\Windows\system32>netsh int tcp set global ecncapability=disabled
Ok.

C:\Windows\system32>netsh int tcp set global timestamps=disabled
Ok.

C:\Windows\system32>netsh advf set allp state off
Ok.

Microsoft then disabled the following Offload features on the HP Network Interface card on the spoke server:

• IPv4 Large Send Offload
• Large Send Offload V2 (IPv4)
• Large Send Offload V2 (IPv6)
• TCP Connection Offload (IPv4)
• TCP Connection Offload (IPv6)
• TCP/UDP Checksum Offload (IPv4)
• TCP/UDP Checksum Offload (IPv6)

 

After disabling these components of the network interface card and restarting the DFS Replication service, the backlog count from the hub server to the spoke server slowly started decreasing.

 

TCP offload engine is a function used in network interface cards (NIC) to offload processing of the entire TCP/IP stack to the network controller. By moving some or all of the processing to dedicated hardware, a TCP offload engine frees the system's main CPU for other tasks

DFSR Service 100% CPU Usage

I had an enterprise DFSR customer of mine with 17 File Server nodes complaining that CPU utilisation was at 100% on numerous DFSR nodes in the cluster.

In addition to the DFSR.exe process maxing out CPU on the file server, the following error was being generated on a regular basis:

Log Name:      Application
Source:        ESENT
Date:          7/07/2016 2:33:18 PM
Event ID:      623
Task Category: Transaction Manager
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERVER.DOMAIN.LOCAL
Description:
DFSRs (1696) \\.\E:\System Volume Information\DFSR\database_5AAC_EEEA_ACEE_C01D\dfsr.db: The version store for this instance (0) has reached its maximum size of 127Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
Possible long-running transaction:
 SessionId: 0x00000032FFE94EC0
 Session-context: 0x00000000
 Session-context ThreadId: 0x00000000000012BC
 Cleanup: 0
 Session-trace: 32997@2:32:18 PM

 

After speaking with the Directory Services team at Microsoft, this was due to a bug with KB3156418.  This was documented on the knowledge base website:

 

https://support.microsoft.com/en-us/kb/3156418

 

Symptoms
If you installed update rollup 3156418 on Windows Server 2012 R2, the DFSRS.exe process may consume a high percentage CPU processing power (up to 100 percent). This may cause the DFSR service to become unresponsive to the point at which the service cannot be stopped. You must hard-boot affected computers to restart them.

Workaround
To work around this problem, uninstall update rollup 3156418.

Status
Microsoft is aware of this problem and is working on a solution.

Make sure you do not install KB3156418 on any DFSR nodes until this issue has been fixed by Microsoft.

 

Need assistance with this issue?  Contact Avantgarde Technologies for IT Support in Perth.

Bug with Windows 7 and Access Based Enumeration

I encountered an interesting bug with Windows 7 workstations with Access Based Enumeration enabled on a SMB Share and DFS Namespace running on Windows Server 2012 R2.

When a user tries to create a file or folder under a location which they have "Full Modify Rights" in Windows Explorer they receive the following error:

Drive Mapping refers to a location that is unavailable. It could be a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet on your network, and then try again. If it still cannot be located, the information might have been moved to a different location.

This issue occurs under the following circumstances:

• Access Based Enumeration is enabled on a Network Share or DFS Namespace
• If a Mapped Network Drive is created to the Share
• The user is connecting from a Windows 7 workstation.

The Windows 7 client works under the following circumstances:

• If the user creates a file from an application such as Microsoft Word (not Windows Explorer) using a mapped network drive to the folder share, it works corrctly.
• If the user opens the UNC Path of the share \\server\share\folder, not via the mapped network drive it works correctly.

Note: If the user connects from 2008 R2, Windows 8.1 or Windows 10 it connects without issues.

When setting up Access Based Enumeration, the root folder should have:

• List Folder / Read Data
• Applies to "This Folder Only"

This ensures that users have the rights to list all folders at the base level folder for Access Based Enumeration, but requires additional rights to all sub folders hence the folders "hidden" as expected.

The root level permissions are shown below.  All sub folders are provided with full modify permissions for the respective security groups.

This works with 2008 R2, Windows 8.1 and Windows 10.

 

With Windows 7 clients they need additional permissions granted at the root level folder including:

• Transverse folder / execute file
• List folder / read data
• Read Attributes
• Read extended attributes
• Read permissions

 

These extra permissions at the root level folder are only required if:

• You run Access Based Enumeration
• You have Windows 7 Clients on the network

Need IT Support in Perth?  Contact Avantgarde Technologies on 08 9468 7575

Windows 7 Computers Rebooting During Day for Updates

A customer was having an issue where Windows 7 computers randomly rebooted during the day for Windows Updates without providing a prompt for users the option to postpone updates.  This was resulting in frustrated users with computers rebooting in the middle of sending important emails, word processing tasks etc.

We checked Group Policy Windows Update settings, all was configured correctly however computers still rebooted.

After troubleshooting further, we found that a deadline in WSUS was set to "Same day approval at 5:00AM".  This meant as a deadline was set at 5:00AM in the morning, as soon a computers received the update upon boot, they already missed the deadline and immediately installed without prompting users to postpone the reboot.

We removed the setting for same day approval and this resolved the problem.

Avantgarde Technologies, a leading IT Support Perth based company.

Remove Run menu from Start Menu - Policy Bug

Today I stumbled across a bug with Windows 8.1 / 2012 R2 with the Group Policy setting:

User Configuration ->Policies -> Administrative Templates -> Start Menu and Taskbar-> Remove Run menu from Start Menu

I had this policy applied to a Remote Desktop Session Host through Loopback in a user session lockdown policy.

When this policy was applied, I could not access any network share on my 2012 R2 file servers and received the following error message:

Accessing the resource \\fileserver\share has been disallowed.

I could received the same error when attempting to access the file server shares through a DFS namespace.

After removing this policy setting from my RD Session Hosts, the issue was resolved.

Windows DNS Forwarder Population

A customer contacted me today asking why when they promoted all these domain controllers, they had old DNS forwarders automatically configured on each server.

When DCPROMO installs the DNS Server service it also activates, by default, the auto-configuration of the DNS Server service. This auto-configuration process configures the forwarders list, the root-hints and the resolver, among other things, like creating the zones if required.

During the automatic configuration of the Forwarders, the following process occurs:

1. Try to copy the forwarders list from a peer DNS server. A peer DNS server is any DNS server that has a copy of this DC domain’s zone. To get the peer server list the process queries for the NS list of the domain’s zone and then contacts each server returned on the list until it finds one from which it can copy the forwarders list. Once the process finds a peer from which it can copy the forwarders list it skips the next step. If no peer is found (because the NS query returned empty), none of them could be contacted, or none of them has forwarders configured, then move to step #2.
2. If the previous step was not able to provide a forwarders list, then use as forwarders all the DNS Servers that are currently listed in the resolver for all the adapters, without any specific order.
3. If none of the previous two steps can provide a forwarders list, then the new DNS server will not have forwarders configured.

If you have different DNS Forwarders configured for various sites on your network, the DNS server will automatically configure itself to one at random so make sure you check the forwarders after promoting a new server!

Data Deduplication Enhancement in Windows Server 2012 R2

Windows Server 2012 R2 has a new feature which I can see very handy in the real world especially with VDI environments which have lots of Virtual Hard Disk files (VHD's) of similar nature.

In Server 2012 R2, Data Deduplication is now supported on VHD data stores.  This was not supported with the initial release of Server 2012.

Data Deduplication is also supported on Cluster Shared Volumes (CSVs) with file servers configured in scaled-out for high availability.

For companies that run a Microsoft-based VDI pool with multiple hosts, Data Deduplication can reduce the storage requirements of the VDI environment up to 90%.

Event Viewer Tasks

I just want to touch against a feature in Windows Server 2008 R2 - 2012 which I believe is very cool.  Windows Event Viewer has the ability to launch tasks automatically when a particular error occurs.  This is great for companies that do not have System Center (or similar) tools in the environment to perform remediation tasks when problems occur on server infrastructure.

The button in Event Viewer is called "Attach Task to This Event"

Clicking it we can see that it actually relies on the Task Scheduler service to monitor the event logs.

Select Start a Program then associate it with cscript.exe or powershell.exe to launch a script that performs remediation tasks whenever the event error reoccurs.  You can instruct your script to also notify administrators via email which is very easy with PowerShell using the Send-MailMessage cmdlet.