CPU usage is high when you use RPC over HTTP protocol in Windows 8.1 or Windows Server 2012 R2

Consider the following scenario that takes Microsoft Exchange Server 2013 as an example:

  • The Mailbox server role is enabled in Exchange Server 2013.
  • Exchange mailboxes use extended MAPI to communicate with the Exchange Server.
  • The extended MAPI uses Microsoft RPC over HTTP (remote procedure call over HTTP) protocol.
  • Many clients (such as mobile devices) are dropping connections to the Exchange Server.

In this scenario, the CPU usage on the Exchange server may reach 100 percent.\

Hotfix: https://support.microsoft.com/en-us/hotfix/kbhotfix?kbnum=3041832&kbln=en-US

IIS Crypto the best tool to configure SSL/TLS cipher suites

IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012 and 2016. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click, create custom templates and test your website.

Features

– Single click to secure your website using best practices
– Create custom templates that can be saved and run on multiple servers
– Stop DROWN, logjam, FREAK, POODLE and BEAST attacks
– Disable weak protocols and ciphers such as SSL 2.0, 3.0 and MD5
– Enable TLS 1.1 and 1.2
– Enable forward secrecy
– Reorder cipher suites
– Built in Best Practices, PCI, PCI 3.1 and FIPS 140-2 templates
– Site scanner to test your configuration
– Command line version

Screenshot1

WMI Filters for OS version

DESKTOPS

ANY WINDOWS DESKTOP OS

  • Any Windows Desktop OS – 32-bit
    select * from Win32_OperatingSystem WHERE ProductType = “1” AND NOT OSArchitecture = “64-bit”
  • Any Windows Desktop OS – 64-bit
    select * from Win32_OperatingSystem WHERE ProductType = “1” AND OSArchitecture = “64-bit”

WINDOWS 7

  • Windows 7
    select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″
  • Windows 7 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
  • Windows 7 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″ AND OSArchitecture = “64-bit”

WINDOWS 8.1

  • Windows 8.1
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″
  • Windows 8.1 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
  • Windows 8.1 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND OSArchitecture = “64-bit”

WINDOWS 8.1

  • Windows 8.1
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″
  • Windows 8.1 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit”
  • Windows 8.1 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND OSArchitecture = “64-bit”

WINDOWS 10

  • Windows 10
    select * from Win32_OperatingSystem WHERE ‘Version like ‘10.0.%’ AND ProductType=”1″
  • Windows 10 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like “10.0.% AND ProductType=”1” AND NOT OSArchitecture = “64-bit”
  • Windows 10 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like “10.0.%””6.3%” AND ProductType=”1″ AND OSArchitecture = “64-bit”

SERVERS

ANY WINDOWS SERVER OS

  • Any Windows Server OS
    select * from Win32_OperatingSystem where (ProductType = “2”) OR (ProductType = “3”)
  • Any Windows Server OS – 32-bit
    select * from Win32_OperatingSystem where (ProductType = “2”) OR (ProductType = “3”) AND NOT OSArchitecture = “64-bit”
  • Any Windows Server OS – 64-bit
    select * from Win32_OperatingSystem where (ProductType = “2”) OR (ProductType = “3”) AND OSArchitecture = “64-bit”
  • Any Windows Server – Domain Controller
    select * from Win32_OperatingSystem where (ProductType = “2”)
  • Any Windows Server – Domain Controller – 32-bit
    select * from Win32_OperatingSystem where (ProductType = “2”) AND NOT OSArchitecture = “64-bit”
  • Any Windows Server – Domain Controller – 64-bit
    select * from Win32_OperatingSystem where (ProductType = “2”) AND OSArchitecture = “64-bit”
  • Any Windows Server – Non-Domain Controller
    select * from Win32_OperatingSystem where (ProductType = “3”)
  • Any Windows Server – Non- Domain Controller – 32-bit
    select * from Win32_OperatingSystem where (ProductType = “3”) AND NOT OSArchitecture = “64-bit”
  • Any Windows Server – Non-Domain Controller – 64-bit
    select * from Win32_OperatingSystem where (ProductType = “3”) AND OSArchitecture = “64-bit”

WINDOWS SERVER 2008 R2

  • Windows Server 2008 R2 – 64-bit – DC
    select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”2″
  • Windows Server 2008 R2 – 64-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”3″

WINDOWS SERVER 2012 R2

  • Windows Server 2012 R2 – 64-bit – DC
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”2″
  • Windows Server 2012 R2 – 64-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”3″

WINDOWS SERVER 2016

MS15-122 Security Update for Kerberos to Address Security Feature Bypass (Bitlocker)

This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.

This security update is rated Important for all supported editions of Windows. For more information, see the Affected Software section.

The update addresses the bypass by adding an additional authentication check that will run prior to a password change. For more information about the vulnerability, see theVulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 3105256.

Windows 8.1 with Hyper-V external switch – 802.1x will not work

I have Windows 8.1 with installed Hyper-V and virtual machines connected via Hyper-V Switch – External. 802.1x wired authentication is not working in host or in guest machine (computer is not responding to switch requests).
If I will change switch mode to Internal/Private it will start working.

Windows 8.1 with a Hyper-V external switch with 802.1x will not work!!!

From https://social.technet.microsoft.com/forums/windows/en-US/341cbe70-3fa7-4991-a7e4-4f1af63df4d0/windows-8-hyperv-8021x-eapol-request-missing i read that “official” statement from Microsoft is that 802.1x with Hyper-V on Windows 8.1 is not working by design. #Fail Microsoft.

Windows 10 build 10240 has released to the Fast Ring… Release To Manufacturing (RTM) build???

Windows 10 build 10240 has been released to the Fast Ring. That’s what I’m running on my laptop now. There were heavy rumors yesterday that this is the to Release To Manufacturing (RTM) build and is the one to be publically available on July 29th. But there is no hard confirmation on this by Microsoft yet Build 10240 now available for Windows Insiders in Fast and Slow rings.

“Over the past few days we’ve been preparing our release pipelines and processes, and this build is one step closer to what customers will start to receive on 7/29 …

On Monday we announced that builds from here on will only be available through Windows Update, so to get this one you can either wait and it will be installed automatically.”

Here’s how you prepare to roll it out in your company.

In a previous blog post I wrote about the update you needed for your KMS server to be able to activate Windows 10 clients. Read about that in KB3058168: Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows

Meanwhile Microsoft has also published the Windows 10 client KMS activation which keys can be found here Appendix A: KMS Client Setup Keys

Windows 10

Operating system edition
KMS Client Setup Key

Windows 10 Professional: W269N-WFGWX-YVC9B-4J6C9-T83GX
Windows 10 Professional N: MH37W-N47XK-V7XM9-C7227-GCQG9
Windows 10 Enterprise: N: NPPR9-FWDCX-D2C8J-H872K-2YT43
Windows 10 Enterprise N: DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4
Windows 10 Education: NW6C2-QMPVW-D7KKK-3GKT6-VCFB2
Windows 10 Education N: 2WH4N-8QGBV-H22JP-CT43Q-MDWW
Windows 10 Enterprise 2015 LTSB: WNMTR-4C88C-JK8YV-HQ7T2-76DF9
Windows 10 Enterprise 2015 LTSB N: 2F77B-TNFGY-69QQF-B8YKP-D69TJ

Do note this is the key you use when you activate the Windows 10 Client against a KMS server. It is not the KMS license server key. That one you’ll need to obtain from your valid Microsoft licenses.

Update that enables Windows 8.1, Windows Server 2012 R2, Windows 8, and Windows Server 2012 Key Management Service (KMS) hosts to activate a later version of Windows.

Windows 10 will be available on July 29th 2015. Microsoft has prepared for this by already making an Update(KB3058168) that enables Windows 8.1, Windows Server 2012 R2, Windows 8, and Windows Server 2012 Key Management Service (KMS) hosts to activate a “later version of Windows”. This must means Windows 10. I do not know if this means that is even for Windows Server 2016. Windows 10 will be activated by a KMS server running this update but it might.

Select the version you need for the KMS server or servers you use and install them.

image

How to add a driver to the DriverStore

All drivers are stored in the so called DriverStore, which is located under %SYSTEMDRIVE%\Windows\System32\DriverStore.

With the built-in command line tool pnputil you can add or remove drivers.

How does it work?

  1. Start an elevated command prompt (Start, type CMD, hit Ctrl+Shift+Enter)
  2. Adding a driver:
    • Pnputil.exe -a c:\LOCATION_OF_DRIVER\DRIVER_NAME.inf
      The location can be either local or remote
    • Pnputil.exe -a C:\LOCATION_OF_DRIVER\*.inf
      Copy all drivers from that folder
  3. Deleting a driver:
    • Pnputil.exe -d DRIVER_NAME.inf

MDT v.Next Coming….

New core tools

Windows 10 ADK supports Windows 7, Windows 8.1 and Windows 10 deployments.

Windows Image Configuration Designer (WICD), pronounced Wicked ?   🙂  Is supposed to be able to build a customized mobile or desktop image, and also create provisioning packages that allow you to customize a Windows device, without re-imaging.

Microsoft Deployment Toolkit v.Next (MDT) (standalone)

New upcoming version of MDT is in development, not much info presented yet, but a few items were mentioned in the session:

Windows 10 Deployment and Upgrade Support, as well as updated Task Sequence binaries

Removed deprecated components from Deployment Workbench, and making OSD more accessibility compliant.

MDT documentation will be on TechNet (removed legacy help file and DOCX)

Clean Up your template before Sysprep and Capture a reference image in MDT

When you create a reference Image it will in most cases it will be updated with patches. That will make the image bigger and bigger and there fore the deployment of that image will take longer and consume more network resources & unneeded disk space. That can be corrected by getting rid of superseded patches, junk, temp files and much more.

The Solution

Since MDT is the preferred method to create reference images you can download the script, import it as an application and then run the application just before the Sysprep and Capture step. The Script works for the following versions of Windows:

  • Windows 7 SP1
  • Windows 8
  • Windows 8.1 Update
  • Windows Server 2008 2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2

To make this work in Windows 7 and Windows Server 2008 R2 you need to add a hotfix to Packages in MDT. http://support.microsoft.com/kb/2852386

Download the script

Download the script from here: Mirror Mirror 2

Action-CleanupBeforeSysprep Applicationimage

Task Sequenceimage

Created a Group Clean.
Add install a application –> Action-CleanUpBeforeSysprep
Restart Computer (Very Important) without it will not work

image

Source