Windows 2008

From vwiki
Revision as of 16:09, 2 August 2012 by Sstrutt (talk | contribs) (Removed "Memory Counters" content (moved to own page))
Jump to navigation Jump to search

Build

Best practice for VMware VMs (take with a pinch of salt, one man's best practice can be another man's gotcha)

Disable ASLR

Address space layout randomisation is a feature which involves randomly arranging the positions of key data areas, in order to mitigate memory snapshot image vulnerabilities (which is generally not a problem). There are suggestions that this can reduce reduce VMware's page sharing between VM's, increasing overall physical memory usage. However, its probably true that whilst memory page locations will be randomised, the VMkernel will still be able to match up identical pages between different OS instances.

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\"MoveImages"=dword:00000000

Procedures

Sysprep

  1. Start sysprep from C:\Windows\System32\sysprep\sysprep.exe
  2. Leave action as Enter System Out-of-Box Experience (OOBE) and tick the poorly spelt Generalize tick-box, then hit OK
  3. Sysprep will run and reboot the OS
    • You'll need to provide a new password, and any hostname and IP details will need updating

NTP Client

Machines that are part of a domain will synchronise their time with the domain controllers, but standalone machines (or domain controllers) need to be configured to behave as NTP clients.

The server's NTP config in the registry hive HKLM\SYSTEM\CurrentControlSet\Services\W32Time needs to be updated as follows to enable the server's system clock to update via NTP. Restart the NTP service to apply.

Key Name Value Notes
Parameters Type NTP
NtpServer 192.168.206.25,0x1 192.168.206.26,0x1 Space separated list, each name/IP must have ,0x1 appended to the end
TimeProviders \ NtpServer Enabled 1 Only required if you wish other servers to be able to poll your server for time
TimeProviders \ NtpClient SpecialPollInterval 1800 Secs. Interval between successive NTP polls
Config AnnounceFlags 5
MaxAllowedPhaseOffset 30 Secs. If clock if off by more, its' abruptly set rather than incremented
MaxPosPhaseCorrection 5400 Secs. Maximum positive phase correction allowed (if greater, no change occurs)
MaxNegPhaseCorrection 5400 Secs. Maximum negative phase correction allowed (if greater, no change occurs)

Once completed, restart the Win32 Time service

  • net stop w32time
  • net start w32time

To locate suitable NTP servers to use, see http://www.pool.ntp.org/

See http://support.microsoft.com/kb/816042 for further info on setting the above parameters

Memory Counters

Updated and moved to its own page: Memory Management and Metrics

Network Connectivity Status Indicator (NCSI)

NCSI is the feature that causes the "No Internet Access" alert pop-up that can appear over your network connection.

  • An HTTP request for http://www.msftncsi.com/ncsi.txt
    • Which returns a single line Microsoft NCSI
  • A DNS request for dns.msftncsi.com
    • Which is expected to resolve to 131.107.255.255

To disable NCSI checks

  1. Start the relevant Group Policy editor (gpmc.msc or GPEdit.msc)
  2. Browse through to Internet Communication settings
    • Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings
  3. Set Turn off Windows Network Connectivity Status Indicator active tests to Enabled
  4. Run gpupdate to apply

To disable the "No Internet Access" pop-up

  1. Start the relevant Group Policy editor (gpmc.msc or GPEdit.msc)
  2. Browse through to Network Connections
    • Computer Configuration > Administrative Templates > Network > Network Connections
  3. Set Do not show the “local access only” network icon to Enabled
  4. Run gpupdate to apply

The underlying settings that govern how NCSI operates can be found in the following registry key

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet

Further reading... http://technet.microsoft.com/en-us/library/ee126135%28WS.10%29.aspx http://defaultreasoning.wordpress.com/2010/05/14/disable-%E2%80%9Cno-internet-access%E2%80%9D-notification-on-windows-server-2008-r2/

Troubleshooting

Default Gateway Loss

Known bug in Windows 2008 SP2 causes the default gateway of a machine to disappear on reboot. Resolved by resetting the IP stack and re-entering the IP config

  1. Record IP details
    • ipconfig/all > C:\ipconfig.txt
  2. Reset the IP stack
    • netsh int ip reset
  3. Restart server
  4. Re-enter IP config
  5. Reboot to confirm its held

There's a bugfix available from http://support.microsoft.com/kb/973243

Scheduled Tasks

  • Error 2147943712
    • You're trying to save a task that wants to save credentials (maybe because you want the task to run even when the user is logged off), but credential saving has been disabled by a GPO.
  • Error 2147943785
    • Logon failure: the user has not been granted the requested logon type at this computer. Grant the user log on as a batch job rights in Local Security Policy, User Rights Assignment

Extend Partition Fails

Disk looks to have extended in disk manager, but file manager/windows explorer still show the old size

  1. Start diskpart from a command line
  2. List the volumes, then select the appropriate one
    • list volume
    • select volume 2
  3. Extend the volume
    • extend filesystem
  4. If this fails, select the partition and extend
    • list partition
    • select partition 1
    • extend filesystem
  5. This can sometimes throw up disk errors, in which case you'll need to a check disk on the affected partition (if there are open file handles you'll either need to stop the applications or schedule after a reboot, and reboot)
    • EG chkdisk d: /f
  6. Then re-attempt the partition extension