versions windows – Sempati Kopek Oteli http://sempatikopekoteli.com/ Sun, 20 Mar 2022 23:33:17 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://sempatikopekoteli.com/wp-content/uploads/2021/11/icon-30-120x120.png versions windows – Sempati Kopek Oteli http://sempatikopekoteli.com/ 32 32 Microsoft Previews Brute-Force NTLM Login Attempt Delay in Windows Server https://sempatikopekoteli.com/microsoft-previews-brute-force-ntlm-login-attempt-delay-in-windows-server/ Fri, 18 Mar 2022 21:14:35 +0000 https://sempatikopekoteli.com/microsoft-previews-brute-force-ntlm-login-attempt-delay-in-windows-server/ News Microsoft Previews Delaying Brute-Force NTLM Login Attempts in Windows Server Microsoft this week announced a preview of its upcoming enhancements to Windows Server (“VNext”), which includes a new approach to deter brute-force attempts to guess system passwords and gain network access. This new approach is known as the Windows NT LAN Manager (NTLM) Server […]]]>

News

Microsoft Previews Delaying Brute-Force NTLM Login Attempts in Windows Server

Microsoft this week announced a preview of its upcoming enhancements to Windows Server (“VNext”), which includes a new approach to deter brute-force attempts to guess system passwords and gain network access.

This new approach is known as the Windows NT LAN Manager (NTLM) Server Message Block (SMB) Authentication Rate Limiter. The rate that this feature limits is the period of time between attempts to guess passwords for NTLM logins. Microsoft is now previewing this feature in its new Windows Server Insider build 25075 for use by testers.

The idea behind the SMB Authentication Rate Limiter is to thwart attackers who use automated “dictionary” methods to guess NTLM connections. NTLM is an older challenge-response authentication protocol that is still supported for use with Windows system authentications, although Microsoft recommends using Kerberos instead.

To invoke the SMB Authentication Rate Limiter, IT pros use a PowerShell commandlet. It allows them to specify the delay between NTLM login attempts in milliseconds. Microsoft has already specified a default timeout of two seconds (2,000 milliseconds) for Windows Insider Program testers, affecting Windows 11 and Windows Server 2022 operating systems.

“As of Windows Insider build 25069.1000.220302-1408 and later on Windows 11 and Windows Server 2022, the SMB Server service now implements a default delay of 2 seconds between each NTLM-based authentication failure,” explains the announcement.

IT pros can set the timeout however they like, but Microsoft is experimenting with the default two seconds. He wants feedback on using the SMB Authentication Rate Limiter Preview, as “some third-party apps may experience issues with this new feature.” Microsoft may also change the default timeout, based on user feedback it receives.

Kerberos users can relax, because “this behavior change has no effect on Kerberos, which authenticates before an application protocol like SMB connects,” the announcement explains.

Frustrate attackers
Essentially, Microsoft is trying to make life difficult for brute-force password guessers with the SMB Authentication Rate Limiter feature.

Attackers can typically use “common open source tools” to send NTLM login attempts at a rate of “hundreds of login attempts per second,” said Ned Pyle, senior program manager for the Windows Server engineering group, in this Microsoft Tech Community post (which includes a demo).

When 300 brute-force password guessing attempts per second are sent by an attacker over five minutes, that’s 90,000 password attempts in a relatively short period of time. However, adding a default two-second delay between such password attempts would lengthen such an attack period to “a minimum of 25 hours”, Pyle explained. Such a delay can make Windows Server less attractive as a target.

Microsoft plans to add the SMB Authentication Rate Throttling feature to its next new versions of the Windows operating system, both server and client, this year, and the feature may also be backported to older Windows Server products. , according to Pyle, in this discussion on Twitter. Here’s how Pyle put it:

Functionality [SMB authentication rate limiter] will come in the next major server and client OS release, in the WS2022 Azure Edition Annual Update later this year, and likely as a backport in WS2022 and possibly 2019. It will take see how the preview goes.

Pyle referred to the SMB Authentication Rate Throttling feature as another SMB security enhancement Microsoft has made since the release of Windows 11 and Windows Server 2022. “Legacy” or older behaviors of SMB will be covered in future versions of the Windows operating system, Pyle added. .

We will change, deprecate, or remove many legacy SMB and pre-SMB protocol behaviors in future major operating system releases as part of a security modernization campaign, similar to the removal of SMB1. I will have a lot more to share over the coming year, stay tuned.

Windows Server Insider Programs from Microsoft
The Windows Server Insider program allows IT professionals to test and provide feedback on features that may or may not come in a future Windows Server update release. This release of build 25075 is a preview of the next server release, and not necessarily the current Windows Server 2022 product, Microsoft’s announcement pointed out.

“The brand has not yet been updated and remains Windows Server 2022 in this preview – when reporting issues, please refer to ‘VNext’ rather than Windows Server 2022 which is currently in the market,” said explained the announcement.

Microsoft plans to launch an Insider program specifically for Windows Server 2022 Datacenter Azure Edition users, followed by another for Azure Stack HCI Azure Edition users, Pyle noted, in this March 15 tech community post.

About the Author


Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.



]]> Microsoft Explains How Windows Server Hotpatching Works https://sempatikopekoteli.com/microsoft-explains-how-windows-server-hotpatching-works/ Tue, 22 Feb 2022 06:09:29 +0000 https://sempatikopekoteli.com/microsoft-explains-how-windows-server-hotpatching-works/ Last year, Microsoft described its work on hotpatching Windows Updates to apply updates on the fly to Windows systems and remove the need to restart systems to install updates. A new blog post on the Microsoft Tech Community website announces the introduction of Hotpatching support in Azure Automange for Windows Server. Microsoft recently released Windows […]]]>

Last year, Microsoft described its work on hotpatching Windows Updates to apply updates on the fly to Windows systems and remove the need to restart systems to install updates. A new blog post on the Microsoft Tech Community website announces the introduction of Hotpatching support in Azure Automange for Windows Server. Microsoft recently released Windows Server 2022.

Hotpatching offers several advantages over traditional means of installing updates on Windows machines. Microsoft highlights the three main benefits in the blog post:

  • Fewer restarts, which improves availability.
  • Faster deployment, as update packages “are smaller, install faster, and have easier patch orchestration.”
  • Improved protection, as security updates can be installed immediately instead of scheduling a reboot.

Hotpatching works by “establishing a baseline with a latest cumulative update from Windows Update” according to Microsoft. The company plans to periodically release patches that build on this baseline, and these updates will not require a reboot. The baseline is refreshed with new cumulative updates and then periodically as well.

Windows Server Hotpatching

Patches could be released every Patch Tuesday (once a month) and new baselines could be released every three months. Ideally, servers should be restarted four times a year, when new baselines are applied.

Microsoft distinguishes between planned and unplanned baselines. Planned baselines are released at a regular cadence to move the system to a new baseline. Patches can then be installed between these planned base releases.

Unplanned baselines are needed to patch systems if hotpatching cannot be used for a particular patch. Microsoft mentions patches for 0-day vulnerabilities in particular. These base unplanned releases require a restart and include all content from the latest Cumulative Update.

Updates can be installed outside of the Hotpatch program according to Microsoft, but this requires disabling and unregistering hotpatching to return to the default update behavior for Windows Server. Re-registration is possible at any time.

The rest of the announcement offers implementation details for server administrators.

Closing words

Hotpatching improves Windows Server availability by reducing the number of update-related restarts over time. Additionally, security updates deployed via hotpatching are applied immediately instead of requiring a reboot (immediate or scheduled); this reduces the time the machine is vulnerable to potential attacks targeting the vulnerability.

Microsoft is working to bring hotpatching functionality to a “wider set of Windows clients”. It’s unclear if this will include consumer versions of Windows.

Now you: what do you think of hotpatching? Would you use it? (via Deskmodder)

Summary

Microsoft Explains How Windows Server Hotpatching Works

Article name

Microsoft Explains How Windows Server Hotpatching Works

The description

A new blog post on the Microsoft Tech Community website announces the introduction of Hotpatching support in Azure Automange for Windows Server.

Author

Martin Brinkman

Editor

Ghacks Technology News

Logo

Advertising

]]> Windows Server-based VPN/RRAS does not receive domain credentials for file sharing https://sempatikopekoteli.com/windows-server-based-vpn-rras-does-not-receive-domain-credentials-for-file-sharing/ Fri, 11 Feb 2022 00:39:27 +0000 https://sempatikopekoteli.com/windows-server-based-vpn-rras-does-not-receive-domain-credentials-for-file-sharing/ Salvation, I’m a school’s sysadmin and since the January 2022 VPN updates + patches, all users running up-to-date versions of Windows 10 (couldn’t test on 11) can connect to the VPN/RRAS server but cannot access network resources. UseRasCredentials is still enabled, so that’s not the problem. I recreated the connection as well as the server […]]]>

Salvation,

I’m a school’s sysadmin and since the January 2022 VPN updates + patches, all users running up-to-date versions of Windows 10 (couldn’t test on 11) can connect to the VPN/RRAS server but cannot access network resources. UseRasCredentials is still enabled, so that’s not the problem.

I recreated the connection as well as the server configuration. I even created a new server using a fresh install of Server 2022 to see if it works (main server works in 2019). I’ve been using a machine that hasn’t been updated recently tonight and was able to map drives with no problem, then apply updates, then lost the ability to do so.

From what I can understand, usually credentials are entered into the credential manager so that those credentials are used for file sharing and SQL queries, but without that, the local user is used, which obviously has no permissions on the network, so you get an incorrect password message.

I can’t find much about it online other than someone on the Microsoft Tech Community forum (https://techcommunity.microsoft.com/t5/windows-servicing/january-2022-quality-update-breaks -passing-domain-identifiers/mp/3072773). They suggested a workaround, but it won’t work for my users because their passwords are updated regularly and also need me to do everything for them, and that’s exactly what a workaround is.

Does anyone have any idea why this is happening or what I could do to investigate the cause?

Thank you,

Paul

]]> New Windows 8.1 Patch Tuesday update tackles Windows Server VM bug https://sempatikopekoteli.com/new-windows-8-1-patch-tuesday-update-tackles-windows-server-vm-bug/ Wed, 09 Feb 2022 09:51:42 +0000 https://sempatikopekoteli.com/new-windows-8-1-patch-tuesday-update-tackles-windows-server-vm-bug/ through Alexandre Poloboc news editor With an irresistible desire to always get to the bottom of things and find out the truth, Alex has spent most of his time working as a journalist, presenter, as well as on television and radio… Read more Thought Windows 10 and 11 were the only ones getting Patch Tuesday […]]]>

through Alexandre Poloboc

news editor

With an irresistible desire to always get to the bottom of things and find out the truth, Alex has spent most of his time working as a journalist, presenter, as well as on television and radio… Read more

  • Thought Windows 10 and 11 were the only ones getting Patch Tuesday updates?
  • Nothing could be further from the truth, in fact, as outdated versions such as Windows 8.1 also do.
  • However, unlike the patches for new versions of the operating system, this one contains more fixes.
  • We’ve included the full list of fixes, improvements, and known issues in this article.

Windows 8.1

Yes, we’re back with another Patch Tuesday goodie bag, but this time we’re going to be talking about Windows 8.1, instead of the usual Windows 10 or 11.

And, if you’re wondering if these outdated OS versions are still getting security patches and updates, the answer is yes, they still are.

While we’re talking about Patch Tuesday and updates, be sure to check out Adobe’s monthly software bundle, the list of Windows 10 CVEs addressed, the Windows 11 section, as well as the article with direct download links .

What’s new in Windows 8.1?

During this month’s security patch rollout, Microsoft also announced the release of KB5010419, which is the cumulative update for Windows 8.1 and Windows Server 2012 R2.

However, unlike the Windows 11 Patch Tuesday Update, which has a slim set of release notes, the Windows 8.1 Update has a rather long list of release notes and issues.

According to many users, the highlight of this release is the fix that resolves an issue in which virtual machines (VMs) on a Windows server with Unified Extensible Firmware Interface (UEFI) enabled do not boot after installing Windows January 11, 2022. update.

Other improvements and fixes added this month include:

  • Updates DST to start in February 2022 instead of March 2022 in Jordan.
  • Addresses an issue in which Windows stops running with an IRQL_NOT_LESS_OR_EQUAL error.
  • Addresses an issue in which a Lightweight Directory Access Protocol (LDAP) modify operation that contains the SamAccountName with the User Account Control fails with “Error: 0x20EF The directory service encountered an unknown failure.”

Known issues

Symptom Workaround
Some operations, such as Rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This happens when you perform the operation on a CSV owner node from a process that does not have administrator privileges. Perform one of the following operations:Perform the operation from a process that has administrator privileges.Perform the operation from a node that does not have CSV ownership.Microsoft is working on a resolution and will provide an update in a future release.
After installing updates released on January 11, 2022 or later updates, applications that use the Microsoft .NET Framework to acquire or set Active Directory forest trust information may fail, close, or you may receive an application or Windows error. You may also receive an access violation error (0xc0000005).Note for developers: Affected applications use the System.DirectoryServices API. To resolve this issue manually, apply out-of-band updates for the version of .NET Framework used by the application.To note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, find the Knowledge Base number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For instructions on WSUS, see WSUS and the catalog site. For instructions on Configuration Manager, see Import updates from the Microsoft Update Catalog. For instructions on how to install this update for your operating system, see the Knowledge Base articles listed below: KB5011257.NET Framework 4.7.2 KB5011259Windows Server 2016: .NET Framework 4.8 KB5011264. NET Framework 4.6.2, 4.7, 4.7.1, or 4.7.2 KB5011329Windows Server 2012 R2: .NET Framework 4.8 KB5011266.NET Framework 4.6, 4.6, 4.6. KB5011263.NET Framework 4.5.2 KB5011261Windows Server 2012: .NET Framework 4.8 KB5011265 .2 KB5011262.NET Framework 4.5.2 KB5011260

If you are still using Windows 8.1 and want to install this update, just open Windows Update and apply all available updates.

You will also be offered the latest servicing stack update (KB5001403) automatically, which should improve the reliability of the update installation process.

Have you downloaded your Patch Tuesday-specific security update yet? Let us know in the comments section below.

]]> Network security is enhanced in Windows Server 2022 https://sempatikopekoteli.com/network-security-is-enhanced-in-windows-server-2022/ Tue, 01 Feb 2022 08:00:00 +0000 https://sempatikopekoteli.com/network-security-is-enhanced-in-windows-server-2022/ Cyberattacks come from every conceivable angle in the data center, but several improved and new network security features in Windows Server 2022 aim to thwart these breach attempts. The past few years have seen numerous data breaches in organizations of all sizes, highlighting the need for better network security. Due to the importance of […]]]>

Cyberattacks come from every conceivable angle in the data center, but several improved and new network security features in Windows Server 2022 aim to thwart these breach attempts.

The past few years have seen numerous data breaches in organizations of all sizes, highlighting the need for better network security. Due to the importance of Windows Server as a key component of the enterprise infrastructure, it is essential to implement all the means available to the administrator to reduce the risk of falling victim to a intrusion. For organizations that want to improve their defensive posture, using Windows Server 2022’s enhanced network security features can help limit their exposure to a wide range of attacks.

Transport Layer Security 1.3

In addition to its secure server defensive measures, one of the biggest security enhancements Microsoft added to Windows Server 2022 is native support for Transport Layer Security (TLS) 1.3, which was released in 2018. version of the protocol used to encrypt network traffic fixes vulnerabilities found in TLS 1.2 and provides better performance, especially during the handshake process.

Microsoft enabled TLS 1.3 by default in Windows Server 2022, but the operating system can still use earlier versions of TLS to support incompatible clients.

HTTP/3

HTTP has been around since 1989. Developed to transfer content from the World Wide Web to clients, its creators may not have anticipated the rapid pace of its adoption. The last major HTTP update in 2016 addressed security and performance issues and now the third HTTP/3 revision has been implemented in Windows Server 2022.

HTTP/3 is currently in development but is already used by Google and Facebook. HTTP/3 uses the QUIC transport protocol based on the User Datagram Protocol. In addition to better performance, HTTP/3 uses encryption by default to maintain a secure connection.

Enabling HTTP/3 requires adding the following registry key:

reg add “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesHTTPParameters” /v EnableHttp3 /t REG_DWORD /d 1 /f

Microsoft recommends that administrators configure Windows Web Service to advertise service availability over HTTP/3. Clients connecting with an older protocol will be notified of HTTP/3 support and will switch to the more secure protocol. To enable HTTP/3 advertising, add the following registry key:

“HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesHTTPParameters” /v EnableAltSvc /t REG_DWORD /d 1 /f

Restart the server for the registry keys to take effect.

secure DNS

Microsoft has enhanced Windows Server 2022 network security with support for Secure DNS, which is an industry standard that goes by a variety of other names such as DNS-over-HTTPS (DoH).

DoH keeps DNS queries private. If someone is monitoring network traffic, they will see DNS queries in progress, but the contents of those queries will be hidden. Some organizations use secure DNS to hide their online activities from the ISP. Secure DNS can also help prevent DNS manipulation attacks.

Organizations need to determine if it is in their best interest to use secure DNS. Although it has security benefits, secure DNS can also make it more difficult for malicious activity to be detected from the network because it masks the DNS queries generated by these attacks.

SMB AES-256 encryption

SMB encryption encrypts Server Message Block (SMB) traffic on the network. SMB is the protocol used by Windows devices to access Windows file shares. SMB is also commonly used for connectivity to NAS appliances and other storage arrays.

Microsoft added SMB encryption to Windows Server 2012 and enhanced it in Windows Server 2022 by adding support for AES-256-GCM and AES-256-CCM encryption.

Administrators enable SMB encryption from the Windows Admin Center by connecting to the server hosting an SMB share, clicking Files and File Sharing, then the File Shares tab. From there, select the share to encrypt and check Enable SMB encryption.

To perform the same procedure but from PowerShell, enter the following command to use SMB encryption on a Windows file share:

Set-SmbShare –Name -EncryptData $true

When using SMB encryption, understand the difference between enabling and requiring SMB encryption. Enabling means that clients connecting to an SMB share will use encryption if possible, while requiring SMB encryption will reject all unencrypted connections.

Windows Server 2022 and Windows 11 are currently the only Windows operating systems that support AES-256 encryption. Legacy Windows clients connecting to an SMB share hosted on a Windows Server 2022 host will revert to an older encryption standard, such as AES-128.

Windows Server 2022 also supports SMB encryption for East-West traffic, which refers to SMB traffic that flows between Windows Failover Cluster nodes and a Cluster Shared Volume. If the failover cluster uses Storage Spaces Direct, this option enables encryption of cluster communications for better overall security.

The easiest way to force a cluster node to encrypt all SMB traffic is to enter the following command in PowerShell:

Set-SMBServerConfiguration -EncryptData $True -Force

Verify that the operation was successful by checking the EncryptData value after running the Get-SMBServerConfiguration command.

SMB Direct and RDMA encryption

Microsoft has expanded support for encryption with SMB Direct in Windows Server 2022. This protocol uses Remote Data Memory Access (RDMA) to transfer large amounts of data without the CPU overhead normally required for these types of operations.

In previous versions of Windows Server, enabling SMB encryption disabled direct data placement, which significantly slowed the performance of SMB Direct, making it comparable to a normal SMB session. Microsoft addressed this issue in Windows Server 2022 to provide organizations with high-speed encrypted transfers by encrypting data before placement. Although the encryption process requires some CPU resources, the performance impact is usually very minor.

Microsoft covers these SMB improvements at the following link.

]]> Best Free Windows Server Backup Software https://sempatikopekoteli.com/best-free-windows-server-backup-software/ Sun, 30 Jan 2022 08:00:00 +0000 https://sempatikopekoteli.com/best-free-windows-server-backup-software/ windows server is very popular in the market and rightly so. It is secure and based on the world’s most popular mainstream operating system. However, when it comes to backing up server content, it is not a simple matter. Not everyone wants to use the WSB backup tool offered by Microsoft, so we decided to […]]]>

windows server is very popular in the market and rightly so. It is secure and based on the world’s most popular mainstream operating system. However, when it comes to backing up server content, it is not a simple matter. Not everyone wants to use the WSB backup tool offered by Microsoft, so we decided to look at several free backup software for windows server it should work pretty well. These programs were free at the time of writing, so if any changes have been made, please let us know in the comments section.

Best Free Windows Server Backup Software

The information below will help you choose the best free backup software designed to back up your Windows Server data:

  1. Windows Server Backup
  2. Bacula Business Backup Software
  3. AOMEI Backup
  4. Hasleo Backup Suite
  5. Enterprise-grade backup PC
  6. Backup Iperius.

1]Windows Server Backup

You still have Microsoft’s default backup tool called Windows Server Backup (WSB). It’s a built-in tool, but it’s not automatically configured, so you’ll have to do it the first time you open it.

With this tool, users can easily backup their entire drive to a server. Additionally, the backup can be created on a local drive or a network drive. Also, when restoring data, you have the choice to restore only Exchange data. This data, according to Microsoft, can be restored to its original location or to another location.

2]Bacula Enterprise Backup Software

Best Free Windows Server Backup Software

One of the best free backup software for Windows Server is a tool called Bacula. From what we gathered, Bacula has a lot of users, but not only that, it’s open-source, although that doesn’t mean it will stay free forever.

Now, when it comes to databases, the following are supported by Bacula:

  • MSSQL
  • Oracle
  • mysql
  • To exchange
  • PostgreSQLName
  • SAP, and many more.

What about virtual servers? Yes, the Bacula tool supports them, and they are:

  • Hyper-V
  • vmware
  • Red Hat
  • Xen server
  • KVM
  • Proxmox

Bacula also supports deduplication technology from cloud storage providers, and more. You should feel comfortable using this tool, but be aware that some users have said that the program is not the easiest to use on Windows, but much better on Linux.

Download Bacula from SourceForge.

Related: Best free backup software for VMware and Hyper-V virtual machines.

3]AOMEI Backup

AOMEI Backupper Standard is a free backup software for Windows 11/10

Another option to consider here is the standard version of AOMEI Backupper which is available for free. You can use it to back up an entire hard drive if you want, but not only that, but the option is there to clone the operating system for use on another hard drive.

People who want to back up to network-attached storage (NAS) can do just that. So, as you can see, AOMEI Backupper free version is a competent tool, but it is not perfect. If you want more features, you will have to pay.

4]Hasleo Backup Suite

In terms of features, well, you can backup an entire drive, and the same goes for cloning. Also, if you want to encrypt your backup, go ahead and do it with no problem.

You want to split backups into chunks instead of a whole file, so be it, the option is there for that. Not to mention, we find the Hasleo backup suite to be simple to use, more so than the ones above.

Download Hasleo Backup Suite through EasyUEFI.

Read: How to backup a network drive to a local drive in Windows.

5]Enterprise level backup PC

Have you ever heard of Backup PC? Probably not, but it’s very useful and definitely a tool you should check out.

So what are some of the features you should look forward to? Well, Backup PC has a web interface that allows administrators to easily view log files, current status, configuration, etc. Not only that, but it has a data deduplication feature that stores identical files once if they are on multiple computers.

Users who want to compress files have come to the right place. The company claims that there is only a modest impact on the CPU process when compression is used, but we cannot officially say if this is true or not. Moreover, the tool is open source and currently hosted on Github.

Keep in mind that Backup PC is also available for Linux computers. Download this tool from Github.

6]Iperius Backup

Free Iperius backup

Iperius Backup is a free backup software for Windows PC and Windows Server. The free version lets you back up to any mass storage device, such as external USB hard drives, RDX drives, NAS, and networked computers.

If you’re looking for more options, read our article on the best free backup software for Windows PC.

Does Windows Server have backup software?

Yes, and it’s called Windows Server Backup. It’s a powerful tool, and since it’s the default, most users have little reason to download a third-party backup program.

POINT: If you’re looking for cloud options, you might want to check out these free online backup services.

What is a full server backup?

OK, so as far as what it is, it’s basically a complete backup of all data on a hard drive for future use. A full backup means that if the server goes down, the owner will have a full backup for restoration as soon as possible.

Related link: Best professional data backup and recovery software for Windows.

]]> Compare features of Windows Server 2022 editions https://sempatikopekoteli.com/compare-features-of-windows-server-2022-editions/ Fri, 28 Jan 2022 15:05:50 +0000 https://sempatikopekoteli.com/compare-features-of-windows-server-2022-editions/ Windows Server 2022 arrived without the trappings of previous versions of Windows Server, but organizations with specific needs will appreciate the improvements in this version of the server operating system. Microsoft has offered Standard and Datacenter editions of its Windows Server operating systems for several years, which continued with Windows Server 2022. However, the company […]]]>

Windows Server 2022 arrived without the trappings of previous versions of Windows Server, but organizations with specific needs will appreciate the improvements in this version of the server operating system.

Microsoft has offered Standard and Datacenter editions of its Windows Server operating systems for several years, which continued with Windows Server 2022. However, the company has introduced a new product called Windows Server 2022 Datacenter Azure edition. As the name suggests, this edition ties server workloads more tightly to the Microsoft cloud platform and offers unique features to tempt customers who want easier fixes and other benefits.

Microsoft has decided to abandon the Windows Server Semi-Annual Channel, which was aimed at organizations interested in emerging server technologies, and stick with the Long-Term Servicing Channel, which produces a major feature release approximately every two years. All editions of Windows Server 2022 follow Microsoft’s fixed lifecycle policy and will receive five years of general support followed by five years of extended support. Although Microsoft always recommends a fresh installation of its server operating system, Windows Server 2022 supports in-place upgrades from the previous two versions of Windows Server.

Hardware requirements and limitations of Windows Server 2022

Windows Server 2022 Standard and Datacenter editions share the same hardware requirements. Both require a 1.4 GHz, 64-bit processor and 512 MB of RAM; for the Desktop Experience GUI-based version, the system needs 2 GB of RAM. Additionally, 32 GB of disk space is required.

These minimum hardware requirements will not be enough to run a workload with decent performance. Even Microsoft’s own documentation states that the minimum system requirements to install Windows Server 2022 require at least 800MB of RAM. Once Windows Server is installed, the RAM can be reduced to 512MB if needed. As a best practice, organizations should match the server hardware to the workload.

The Standard edition and Datacenter edition can run on an unlimited number of cores, but both editions are limited to a total of 64 sockets, which must be 64-bit. Likewise, both editions support a maximum of 48TB of RAM.

All Trusted Platform Module (TPM) features, such as BitLocker Drive Encryption and Secure Server, will require the hardware to come with a TPM 2.0 chip.

Deprecated features from Microsoft in Windows Server 2022

Every time Microsoft releases a new Windows Server product, certain features are deprecated. In the case of Windows Server 2022, Microsoft removed the Internet Storage Name Service, the protocol used to find and use iSCSI systems on the network.

Microsoft has also stopped development on the Shielded Fabric and Shielded Virtual Machines introduced with Windows Server 2016, but will continue to support these features.

Administrators deploying the main server version of Windows Server should note that Microsoft plans to discontinue development of the Server Configuration Tool (sconfig) and remove it from the next version of Windows Server. The sconfig utility will still run on login, but Windows Server 2022 will use PowerShell as the default shell rather than the command prompt.

Other features that Microsoft will not develop further include deploying the Windows Deployment Services boot.wim image and disabling the Local Security Authority Remote Protocol interface used to connect to encrypted files in the Microsoft file system. network encryption.

What’s in Windows Server 2022 Standard Edition?

Microsoft designed Windows Server 2022 Standard for physical machines or minimally virtualized environments. Retail price for the Standard Edition is $1,069 for up to 16 core usage. Systems with more than 16 cores will require additional licenses to cover each physical CPU core. Additionally, each client accessing a Standard Edition server requires a Client Access License (CAL).

Windows Server 2022 Standard has largely the same feature set as the Datacenter edition with some minor variations. For example, the Standard edition limits the Storage Replica feature to a single partnership with a resource group and a 2 TB volume. Similarly, the Standard edition only supports legacy activation if it is running in as a guest on a Datacenter edition server. The standard edition also does not support software-defined networking and the Storage Spaces Direct software-defined storage feature.

The biggest difference between Standard and Datacenter editions is in virtual machine licensing. Both editions support an unlimited number of Windows Server containers. However, the Standard edition limits this to two operating systems per license, which means that a Standard edition server can run a parent operating system and a single Hyper-V virtual machine or a single Hyper-V container. V. In contrast, a Datacenter Edition license allows an unlimited number of Hyper-V virtual machines or Hyper-V containers.

What’s in the Windows Server 2022 Datacenter edition?

Microsoft is releasing Windows Server 2022 Datacenter for use in highly virtualized environments, such as data centers and clouds. A Datacenter license has a retail price of $6,155.

Like the Standard edition, this license allows Windows Server to run on up to 16 cores with additional licenses required for processors with more cores. CALs are also required for each client that accesses the server.

What’s included in Windows Server 2022 Datacenter Azure edition?

Windows Server 2022 Datacenter Azure edition runs as an Azure VM or on an Azure Stack HCI cluster. It cannot be installed on bare metal, nor can it be installed and run as a Hyper-V virtual machine. Microsoft did not disclose the price of this edition.

Windows Server 2022 Azure Edition offers several new features that are not available on the Standard or Datacenter editions of Windows Server 2022. Microsoft calls this unique combination of features “Automatic Management for Windows Server”.

SMB over QUIC provides encrypted access to SMB file shares without the need for a VPN. This feature uses the TLS 1.3 protocol and administrators cannot disable encryption in the settings. Microsoft said this feature uses certificates rather than public key infrastructure authentication.

The hotfix is ​​also unique to the Windows Server 2022 Datacenter Azure edition. With this feature, administrators can patch Windows Server 2022 Datacenter Azure virtual machines without the reboot typically required by Windows, which causes downtime.

The Datacenter Azure edition supports a wide area network in Azure so that virtual machines retain the IP address when migrating from the datacenter to Microsoft’s cloud.

For smaller organizations, Essentials editions are another option

Microsoft also offers an Essentials edition of Windows Server 2022 that it targets for small businesses with up to 25 users and 50 devices. Windows Server 2022 Essentials retails for $501 and does not require a CAL but is limited to 10 cores, a single socket, and a single VM. The feature set is the same as the Standard edition. Windows Server 2022 Essentials is only available through select server hardware partners.

Microsoft compares the different editions of Windows Server 2022 on its website at this link.

]]> Microsoft releases emergency fixes for Windows Server, VPN bugs https://sempatikopekoteli.com/microsoft-releases-emergency-fixes-for-windows-server-vpn-bugs/ Mon, 17 Jan 2022 22:46:17 +0000 https://sempatikopekoteli.com/microsoft-releases-emergency-fixes-for-windows-server-vpn-bugs/ Microsoft has released emergency out-of-band (OOB) updates to address several issues caused by Windows updates released during the January 2022 patch on Tuesday. “Microsoft is releasing out-of-band (OOB) updates today, January 18, 2022, for certain versions of Windows,” the company said. “This update resolves issues with VPN connectivity, restarting Windows Server domain controllers, virtual machine […]]]>

Microsoft has released emergency out-of-band (OOB) updates to address several issues caused by Windows updates released during the January 2022 patch on Tuesday.

“Microsoft is releasing out-of-band (OOB) updates today, January 18, 2022, for certain versions of Windows,” the company said.

“This update resolves issues with VPN connectivity, restarting Windows Server domain controllers, virtual machine startup failures, and ReFS-formatted removable media failure to mount.”

All OOB updates released today are available for download from the Microsoft Update Catalog, and some of them can also be installed directly through Windows Update as optional updates.

You will need to manually check for updates if you want to install emergency patches through Windows Update, as these are optional updates and will not install automatically.

The following updates can only be downloaded and installed through the Microsoft Update Catalog:

Updates for these versions of Windows are also available through Windows Update as an optional update:

  • Windows 11, version 21H1 (original release): KB5010795
  • Windows Server 2022: KB5010796
  • Windows 10, version 21H2: KB5010793
  • Windows 10, version 21H1: KB5010793
  • Windows 10, version 20H2, Windows Server, version 20H2: KB5010793
  • Windows 10, version 20H1, Windows Server, version 20H1: KB5010793
  • Windows 10, version 1909, Windows Server, version 1909: KB5010792
  • Windows Server 2019: KB5010791 (released 1/18/22)
  • Windows 10, version 1607, Windows Server 2016: KB5010790
  • Windows 10, version 1507: KB5010789
  • Windows 7 SP1: KB5010798
  • Windows Server 2008 SP2: KB5010799

Windows January Updates Issues and Fixes

As BleepingComputer reported after this month’s Patch Tuesday, the latest Windows Server updates were causing a series of serious problems for administrators.

According to admin reports, Windows domain controllers were plagued with spontaneous reboots, Hyper-V no longer started on Windows servers, and Windows Resilient File System (ReFS) volumes were no longer accessible after the updates were deployed. updated January 2022.

Windows 10 users and administrators have also reported issues with L2TP VPN connections after installing recent Windows 10 and Windows 11 cumulative updates and seeing “Unable to connect to VPN”. Errors.

Those who can’t immediately install today’s out-of-band updates can remove updates KB5009624, KB5009557, KB5009555, KB5009566, and KB5009543 causing these issues from an elevated command prompt with the following commands:

Windows Server 2012 R2: wusa /uninstall /kb:5009624 
Windows Server 2019: wusa /uninstall /kb:5009557 
Windows Server 2022: wusa /uninstall /kb:5009555
Windows 10: wusa /uninstall /kb:5009543
Windows 11: wusa /uninstall /kb:5009566

However, since Microsoft also bundles all security updates with these Windows Cumulative Updates, removing them will also remove any patches for vulnerabilities fixed in the January 2022 Patch Tuesday.

Windows administrators and users should consider the risk of unpatched vulnerabilities affecting their systems versus the disruption caused by issues resulting from this month’s Windows updates.

]]> Microsoft resumes rolling out January Windows Server updates https://sempatikopekoteli.com/microsoft-resumes-rolling-out-january-windows-server-updates/ Fri, 14 Jan 2022 21:28:14 +0000 https://sempatikopekoteli.com/microsoft-resumes-rolling-out-january-windows-server-updates/ Windows Server January 2022 Cumulative Updates are once again available through Windows Update after being pulled yesterday for no official reason from Microsoft. On Tuesday, Microsoft released the cumulative updates for January 2022 Patch Tuesday, with update KB5009624 for Windows Server 2012 R2, KB5009557 for Windows Server 2019, and KB5009555 for Windows Server 2022. After […]]]>

Windows Server January 2022 Cumulative Updates are once again available through Windows Update after being pulled yesterday for no official reason from Microsoft.

On Tuesday, Microsoft released the cumulative updates for January 2022 Patch Tuesday, with update KB5009624 for Windows Server 2012 R2, KB5009557 for Windows Server 2019, and KB5009555 for Windows Server 2022.

After Windows admins installed the updates, some found that their Windows servers went into boot loops, ReFS volumes became inaccessible, and Hyper-V wouldn’t start.

After the many issues, Windows administrators told BleepingComputer, and our own tests showed that Windows Update no longer offers new Windows Server updates. However, they were still available through WSUS and through the Microsoft Catalog.

Windows Server 2019 does not offer the January 2022 Update
Windows Server 2019 does not offer the January 2022 Update

When we asked Microsoft why they removed updates from Windows Update, we were only told that “Microsoft is aware of and investigating the issue”.

Starting today, Windows Server updates are once again available through Windows Update without any reason from Microsoft for initially removing them.

Windows Server updates in Windows Update
Windows Server updates in Windows Update

Microsoft has also officially confirmed boot loop and Hyper-V issues as “known issues” in Windows Message Center.

“After installing KB5009557 on domain controllers (DCs), affected versions of Windows servers may restart unexpectedly,” explains a new known issue with domain controller restarts.

“To note: On Windows Server 2016 and later, you are more likely to be affected when domain controllers use Shadow Principals in Enhanced Security Admin Environment (ESAE) or environments with Privileged Identity Management (PIM).

For Windows Server 2012 R2, Microsoft has also created a new known issue for Hyper-V issues, stating that it affects devices using UEFI.

Microsoft says they are investigating both issues and will release a fix in a future update.

]]> Microsoft Pulls Windows Server Updates Causing Domain Controller Boot Loops and Hyper-V Issues https://sempatikopekoteli.com/microsoft-pulls-windows-server-updates-causing-domain-controller-boot-loops-and-hyper-v-issues/ Thu, 13 Jan 2022 08:00:00 +0000 https://sempatikopekoteli.com/microsoft-pulls-windows-server-updates-causing-domain-controller-boot-loops-and-hyper-v-issues/ January’s Patch Tuesday left many Windows Server administrators in dire straits: domain controllers in boot loops, ReFS volumes unavailable, and Hyper-V refusing to boot. BeepComputer reports that administrators described domain controllers on all versions of Windows entering boot loops because the LSASS.exe process consumed all CPU resources and crashed the system, which automatically restarted. He […]]]>

January’s Patch Tuesday left many Windows Server administrators in dire straits: domain controllers in boot loops, ReFS volumes unavailable, and Hyper-V refusing to boot.

BeepComputer reports that administrators described domain controllers on all versions of Windows entering boot loops because the LSASS.exe process consumed all CPU resources and crashed the system, which automatically restarted.

He also notes that, at least on Windows Server 2012 R2, the Hyper-V hypervisor does not start, causing virtual machine launches to fail. It says that other unverified reports have reported the problem on newer versions of Windows Server.

The third issue is that Windows Resilient File System (ReFS) volumes are no longer accessible or are seen as RAW (unformatted) after installing updates. NTFS volumes are not affected.

So far, the only fix for these issues is to uninstall the entire update package, removing not only the fixes to the problem, but all included security updates as well.

Microsoft says it is aware of the issues and is investigating.

Update: BleepingComputer now reports that the company has pulled updates; these are KB5009624 for Windows Server 2012 R2, KB5009557 for Windows Server 2019, and KB5009555 for Windows Server 2022.

We’ll update this story when more information becomes available.

]]>