Consider the following scenario that takes Microsoft Exchange Server 2013 as an example:
- The Mailbox server role is enabled in Exchange Server 2013.
- Exchange mailboxes use extended MAPI to communicate with the Exchange Server.
- The extended MAPI uses Microsoft RPC over HTTP (remote procedure call over HTTP) protocol.
- Many clients (such as mobile devices) are dropping connections to the Exchange Server.
In this scenario, the CPU usage on the Exchange server may reach 100 percent.\
Microsoft Remote Desktop Team get customer enquiries asking which RDS updates are available for a particular Windows Server platform; or when providing support we need to verify if certain hotfixes and servicing rollups are installed on the customers’ servers. To make it easier for customers and ourselves, we regularly revise KB articles that list all of the available updates specific to Remote Desktop services for each Windows Server release:
I thing i see at many client’s where i come is. Enable Automatic scavenging of stale records is forget to enable. This is a best practise. See: https://technet.microsoft.com/nl-nl/library/ff807390(v=ws.10).aspx
Use the Microsoft Best Practice Analyzer
Set-DnsServerScavenging –ScavengingState $True –RefreshInterval 7:00:00:00 –NoRefreshInterval 7:00:00:00 –ScavengingInterval 7:00:00:00 –ApplyOnAllZones –Verbose
This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
This security update is rated Important for all supported editions of Windows. For more information, see the Affected Software section.
The update addresses the bypass by adding an additional authentication check that will run prior to a password change. For more information about the vulnerability, see theVulnerability Information section.
For more information about this update, see Microsoft Knowledge Base Article 3105256.
Windows 10 will be available on July 29th 2015. Microsoft has prepared for this by already making an Update(KB3058168) that enables Windows 8.1, Windows Server 2012 R2, Windows 8, and Windows Server 2012 Key Management Service (KMS) hosts to activate a “later version of Windows”. This must means Windows 10. I do not know if this means that is even for Windows Server 2016. Windows 10 will be activated by a KMS server running this update but it might.
Select the version you need for the KMS server or servers you use and install them.
Microsoft released a new KB article about a performance issue with Exchange 2013
When you connect to a Microsoft Exchange Server 2013 server that is installed in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 in which Microsoft .NET Framework 4.5 is included, you may experience delays to access email messages or disconnections to the Exchange server. When this issue occurs, the CPU or memory usage on the server is high for some services that include one or more of the W3wp.exe processes.
This issue occurs because too many objects are pinned on the .NET Framework 4.5 garbage collector heap. It causes heap fragmentation in addition to an increase in CPU and memory usage by the garbage collector.
Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
For Exchange Server 2013 that is installed in Windows Server 2012
Apply hotfix 2803755 that needs a restart, and then use one of the following methods to enable the hotfix:
Then, restart the computer.
For Exchange Server 2013 that is installed in Windows Server 2012 R2
Create a DWORDvalue of the DisableRetStructPinning entry at the following registry subkey, and set the DWORD value to1:
Then, restart the computer.
For Exchange Server 2013 that is installed in Windows Server 2008 R2 or Windows Server 2008
Apply hotfix 2803754 that needs a restart, and then use one of the following methods to enable the hotfix:
There is a known issue which causes some PCs updated with the Windows 8.1 Update (KB 2919355) to stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2) servers which are configured to use SSL and have not enabled TLS 1.2.
The problem is specific to the following scenario when all of the following are true
- Client PC has installed Windows 8.1 Update KB 2919355
- Windows 8.1 with Windows 8.1 Update KB 2919355 attempts to scan against WSUS 3.2 running on any affected platform:
- Windows Server 2003 SP2, or
- Windows Server 2003 R2 SP2, or
- Windows Server 2008 SP2, or
- Windows Server 2008 R2 SP1
- HTTPS and Secure Sockets Layer (SSL) are enabled on the WSUS server
- TLS 1.2 is not enabled on the server
Only users who have enabled HTTPS and have not enabled TLS 1.2 on their WSUS 3.2 servers and who are also using these WSUS 3.2 servers to manage PCs running the Windows 8.1 Update KB 2919355 are affected by this issue. Please note, while we do recommend the use of HTTPS on WSUS servers, HTTPS and TLS 1.2 are not enabled by default.
If you are using WSUS 3.2 on Windows Server 2008 R2, you may perform either of the following steps to restore the scan functionality if you have deployed the Windows 8.1 Update KB2919355.
- Enable TLS 1.2 (follow the instructions under More Information > SCHANNEL\Protocols subkey), or
- Disable HTTPS on WSUS
If you are using WSUS 3.2 on an operating system other than Windows Server 2008 R2, you may perform the following step to restore the scan functionality.
When Microsoft releases an update that resolves the issue, you may re-enable HTTPS on WSUS.
Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update KB 2919355 scanning against all supported WSUS configurations. Until that time, we are delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.
You may still obtain the Windows 8.1 Update (KB 2919355) from the Windows Update Catalog or MSDN. However, we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue. You may also find the workarounds discussed in this article to be useful for testing this Windows 8.1 Update for your organization. Thank you for your patience during this time.