Quantcast
Channel: TechNet Blogs
Viewing all 17778 articles
Browse latest View live

Diving into the Netlogon Parser (v3.5) for Message Analyzer

$
0
0

Brandon Wilson here again talking to you about the next generation of the Netlogon parser for Message Analyzer, which is available with the installation of Message Analyzer 1.3.1. Some of this is going to sound familiar if you read my blog on the v1.1.4 parser…you’ll also notice the format of this blog is pretty much the same, but there are some additions on how to properly filter when using the parser (for the better, I promise). Before I continue on, if you for some reason can’t move to Message Analyzer 1.3.1, I should also mention that the link at the bottom of this page can be used to download the Netlogon parser v3.5 as well as the “Netlogon View” for the analysis grid so you can implement the changes into Message Analyzer 1.1, 1.2, or 1.3.

This next generation version of the Netlogon parser (v3.5) was developed with significant enhancements to both performance and problem diagnosis/troubleshooting. When I say significant improvements, I mean just that! I would like to take the opportunity to give a shout out to the Message Analyzer product group for all of their assistance with everything from development to sanity checks to blog reviews as well! As with the release of the Netlogon parser v1.1.4, this version is compatible with Message Analyzer 1.3.1, and is backwards compatible with Message Analyzer 1.1, 1.2, and 1.3 (with some caveats that are explained below). Since the test platform for this particular version of the parser was Message Analyzer 1.3.1, we will use that for examples in this blog.

The interface for Message Analyzer 1.3 and 1.3.1 has changed a bit since, and I’ll try to touch on the areas pertinent to the Netlogon parser here, but outside of the GUI changes the pertinent methods for troubleshooting and parsing using the Netlogon parser are the same as we’ve went over in the previous blog posts, however some of the updates include the ability to easily filter out account warnings and problem identification. If you haven’t reviewed the previous blog posts, these are essential reading for proper usage of the Netlogon parser, and you should review the Introduction blog , the Troubleshooting Basics for the Netlogon Parser for Message Analyzer blog, and the New Features in the Netlogon Parser (v1.1.4) for Message Analyzeras pre-requisites, which cover some of the main features and troubleshooting techniques that were available in v1.0.1 (the initial public release) and v1.1.4 of the Netlogon parser.

It would also be a good idea to get a handle on Netlogon error codes from the Quick Reference: Troubleshooting Netlogon Error Codes blog and troubleshooting MaxConcurrentApi issues in the Quick Reference: Troubleshooting, Diagnosing, and Tuning MaxConcurrentApi Issuesblog, both of which can help guide you to proper troubleshooting and root cause analysis for Netlogon related issues.

As I said in my last blog on v1.1.4, I talk about versions a lot when it comes to the Netlogon parser but in reality, as of the date of this post, they are all named Netlogon.config, and the only way for you to truly know the version you have is to open the file and look at the version table at the top. Trust me, I keep that table up to date (if I didn’t, I would lose track of what I’m working on….again)! The previous versions (1.0.1 and 1.1.4) had many features to help you understand and diagnose Netlogon issues (with v1.1.4 having significant advantages). I’ve said it already, but because it excites me for some oddball reason, I can’t stress how significant the updates are in this version.

As with all of our parsers, this is provided as is, however there are a few different feedback mechanisms for you to use (and I DO want to see your feedback). You can use the feedback link/button in Message Analyzer, reach out in the Message Analyzer forum, you can send an email to MANetlogon@microsoft.comwhere you can submit ideas and any problems or buggy behavior you may run across, or of course you can leave a comment here. I highly recommend reaching out through one of the available methods to provide your suggestions for additional detections to add, problems you encounter, etc.

You can also read up more on Message Analyzer itself at http://blogs.technet.com/MessageAnalyzer

In this walkthrough, we will cover the following:

GUI changes in Message Analyzer 1.3 and 1.3.1

Updates and New Detection Features in the Netlogon Parser v3.5

Known issues

Filtering your output

How to update the Netlogon parser manually to v3.5

How to add the new "Netlogon Analysis" grid view

Reference links

GUI changes in Message Analyzer 1.3 and 1.3.1

The primary UI in Message Analyzer 1.3 and 1.3.1 is much the same as Message Analyzer 1.2. The “Hide Operations” function is, ironically, hidden a bit more and has been renamed to “Show Messages Only”. BUT, with the Netlogon parser v3.5, it becomes unnecessary to use. That’s because in this iteration, very few operations are used. With that being said, here’s a basic view of the GUI before you open any logs:

image

The “Show Messages Only” option is found in the Tools menu under Windows à Viewpoint. Once you select it, the Viewpoint tab will now appear in the bottom right. As you can see in the below screenshot, all you need to do is click on the Operations dropdown and select “Show Messages Only”.

image

 

Updates and New Detection Features in the Netlogon Parser v3.5

As I mentioned, there are numerous new features and updates added to v3.5 of the Netlogon parser. That being said, I also had to remove some functionality unfortunately. We will be adding these features later using another mechanism, so you will get the option back in the future.

Before I show you the guts of the new features, I want to give you an idea of the updates:

1. First, the things we had to remove…

a. It was with a lot of hesitation, and a lot of frustration in trying to work around problems, that I removed the feature for authentication attempts to be brought together by an operation. There was a catch 22 in the function in that, while it worked flawlessly, there are certain backend items that need to be addressed before it can be re-instituted in order to accomplish the expected performance (unrelated to Message Analyzer).

2. No more 100MB log size limitation!

3. Significantly improved performance!

4. Slight changes to the wording for NO_CLIENT_SITE detection

5. Added multiple error code identifications (and provide the meaning of these codes in the summary output)

6. Evaluate inconsistent/unexpected format lines to still provide valid output for errors and account warnings detected

7. Adjusted wording for multiple summary messages

8. Provided an easier method for filtering to identify problems and account “discrepancies”

9. Adjusted summary wording for Netlogon service startup from “SVC STARTUP” to “SERVICE STARTUP”

10. New analysis grid layout added to the “Layout” dropdown for Netlogon Analysis

So, let’s go over the additions in a bit more detail:

1. No more 100MB log size limitation!

a. Previous versions of the Netlogon parser struggled with file sizes beyond 100MB. Although you could run the parser against larger files, doing so meant it was time to put Message Analyzer in the background and fix something else. That is no longer the case!

2. Significantly improved performance!

a. When I say significant, I do mean significant. To give you an idea, on my test machines, what used to take 24 minutes and some change (on my test machines) to parse took just over a minute!

3. Slight changes to the wording for NO_CLIENT_SITE detection

a. This is where your input comes into play! There was a request to add some wording to indicate lines were related to no client site identification being made. Since the no client site detection is still an operation, wording has been added to the summary of each detection to state “no client site detected” in order to simplify spotting these lines when showing messages only and not using operations.

4. Added multiple error code identifications (and provide the meaning of these codes in the summary output)

a. Most error codes added relate to identifying account issues (including helping you hunt down account lockouts) and potential attempts to compromise security (using invalid accounts for instance). However there are also a couple of new error codes added for troubleshooting purposes. Here is a listing of the errors added for this version (this list also includes a few non-error code related detections that have been added):

Status/Return Code

Technical Meaning

0xC000006D

STATUS_LOGON_FAILURE

0xC002001B

RPC_NT_CALL_FAILED

0xC0000072

STATUS_ACCOUNT_DISABLED

0xC0020030

RPC_NT_UNKNOWN_AUTHN_SERVICE

0xC000006F

STATUS_INVALID_LOGON_HOURS

0xC0000193

STATUS_ACCOUNT_EXPIRED

0xC0000001

STATUS_UNSUCCESSFUL

0xC000006A

STATUS_WRONG_PASSWORD

0xC0000064

STATUS_NO_SUCH_USER

0xC0000071

STATUS_PASSWORD_EXPIRED

0xC0000199

STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

NeverPing setting detection

This detects whether or not the NeverPing registry value is set in the Netlogon\Parameters key. In order to make this determination, a service restart must have occurred while Netlogon logging is enabled.

“error” detection

Generic parsing for the word “error”. NOTE: This may come up with some false positives due to its generic nature and it is not case sensitive. For instance, if the phrase “ERROR_SUCCESS” was in a line, this would be flagged by this parsing mechanism. All detections flagged by this parsing operation will have a prefix of “DIAGNOSIS:” in the summary wording.

“failed” detection

Generic parsing for the word “failed”. NOTE: This may come up with some false positives due to its generic nature and it is not case sensitive. A real example within a Netlogon log would be during service startup when the DnsFailedDeregisterTimeout value is read; although this is NOT a problem indicator, it registers with a “DIAGNOSIS:” prefix in the summary wording because the word “failed” was detected.

5. Evaluate inconsistent/unexpected format lines to still provide valid output for errors and account warnings detected

a. In previous versions of the parser, the unexpected formats/inconsistent log lines would be brought into an operational grouping together. With this version, we now break out some of the specifics and identify errors within those lines so you don’t miss a beat!

6. Adjusted wording for multiple summary messages

7. Provided an easier method for filtering to identify problems and account “discrepancies”

a. While the old methods of filtering still work, you are now able to filter on “DIAGNOSIS”, “WARNING”, “failure”, “failed”, and “error” to bring back account warnings or problems that have been identified. We’ll talk about that a bit more later on in the blog.

8. Adjusted summary wording for Netlogon service startup from “SVC STARTUP” to “SERVICE STARTUP”

9. New analysis grid layout added to the “Layout” dropdown for Netlogon Analysis

a. Starting with Message Analyzer 1.3.1, the Layouts menu will now contain the “Netlogon Analysis” grid view as shown below in the “How to add the “Netlogon Analysis” grid view” (note that section is for implementing the Netlogon Analysis grid view on Message Analyzer 1.3 and below). The Netlogon Analysis grid view will provide a streamlined analysis grid that contains only the columns needed for reviewing Netlogon logs in order to save you from adjusting columns each time you open a Netlogon log to review!

So now with some of the explanations of the updates out of the way, let’s take a look at the new detections that are available, along with the new view of the new and existing detections. If you need a recap on the other detections not listed in this blog, please review the Introduction blog , Troubleshooting Basics for the Netlogon Parser for Message Analyzer blog, and the New Features in the Netlogon Parser (v1.1.4) for Message Analyzerblog.

First, let’s take a look at the one item that does still perform operational grouping; the detection of NO_CLIENT_SITE entries in the Netlogon log. As I mentioned before, the change made here is only to reflect that no client site was detected in the summary wording. You can of course use this information to determine where you may be missing proper site/subnet assignments within Active Directory, which can lead to slow or failing authentication attempts.

image

image

Before we move onto the new items that are included, let’s take a look at the new look in the Netlogon parser v3.5 for the detections that were already available in v1.1.4:

image

image

As you can see, the way the information is presented has changed a bit. This is especially true of authentication attempts. The way the look is broken down now, in simplistic terms, is that if an error is detected that is NOT in an authentication (but may be in response to an authentication), then the error is reported back with the reason for the error, and in some cases some potential problem areas to look at. For example, in the first screenshot (2 screenshots above this paragraph), you can see RPC call cancellation detections, along with no logon server available detections, RPC bad stub data, etc. All lines now contain the real text from the log after the meaning of the error/failure identified with the exception of authentication requests, which still provide you a translated view that has now been enhanced to also provide the meaning of the error code within the line.

The key to note here though, is that all of these are preceded with the word “DIAGNOSIS”. This can greatly ease finding problems, because now we can simplify filtering to find all problems, essentially at a glance. We will get more into filtering through the logs later in the blog.

Another thing to note here is the lines that state “ACCOUNT WARNING”. Many of the new additions to the parser have this at the beginning of the lines. Filtering on “WARNING” or “ACCOUNT WARNING” can show you all the authentication problems. This includes possible security or account compromises (attempting to use an invalid username, an invalid password, attacks resulting in account lockouts, etc). An additional account related prefix added to the summary that you can see above is “WRONG PASSWORD”, which is pretty self-explanatory…

For authentication attempts, the format is a tad different as problems do not contain the “DIAGNOSIS” key at the beginning (however filtering on “DIAGNOSIS” should still point you to the account logon failure reasons). Instead, you will be informed that an authentication was entered, and that an authentication failed, along with the reason for the failure, followed by a simplified translation of the authentication attempt. However, there is an exception to this, and that exception is the authentication failures that are due to account issues, which will still contain the “ACCOUNT WARNING” or “WRONG PASSWORD” wording prefix in the summary. This was done in order to filter out account problems or possible security risks in their entirety.

The highlighted frames in this screenshot show a successful authentication with the new look:

image

A failed authentication will look similar to the highlighted lines below:

image

So what are you seeing here? As mentioned above, it shows you that the authentication attempt was entered. The next line tells you that there was an authentication failure, and what the error code translation for the error code is. After that is the actual line from the Netlogon log. Notice though how the line is not prefixed by any “DIAGNOSIS” wording. This was done primarily because it seemed easier to read through authentication attempts without the additional wording (not to mention that filtering on “DIAGNOSIS” will bring back these failures anyways).

As far as authentications that come back with a warning regarding the account, this is shown in the highlighted frames below (it is also shown in the screenshot above as well if you were looking closely):

image

There is one more status I briefly mentioned above, and that is if an authentication attempt is returned with the wrong password. Those returns will be prefixed by the words “WRONG PASSWORD” in order to make them stand out as seen below:

image

image

There is also one more change in this version of the Netlogon parser. There is some code to capture inconsistencies/unexpected syntaxes within the Netlogon log which occurs with some versions of the Netlogon.dll binary versions. In previous versions of the Netlogon parser, these lines would be captured and compiled into an operational grouping titled "The lines grouped here are typically not useful for troubleshooting! Please expand grouping for details", which contained all the detected lines. This version of the parser expands significantly on that. Now the parser is coded to go through these lines to identify authentication attempts and to search for indication of any problems in those lines as well. These lines are now reported with a prefix of “LOG INCONSISTENCY”. If an “account warning” (or potential security risk) occurs, the line will be prefixed with “LOG INCONSISTENCY ACCOUNT WARNING”. If a non-account related error is identified, those lines will be prefixed with “LOG INCONSISTENCY DIAGNOSIS”. All of these lines will be moved to the top of analysis grid due to a lack of a timestamp. So, if you are filtering, the same filtering methods discussed above will ALSO bring back these other lines as well.

Here is a screenshot to provide an example of what these lines look like:

image

Above, I also mentioned a change to the wording for Netlogon service startups. The syntax is still the same, only the wording has changed:

image

NOTE: The service startup lines is also where the NeverPing status is detected!

image

Rather than bore you with 9 million more screenshots of examples of the new functionality, I will provide a few screenshots that contain the new detection feature frames highlighted. Hopefully by this point in the blog, you have a decent understanding of how the format has changed, and what to look for. Later in the blog, we will also take a look at more filtering techniques.

In the below screenshot, you can clearly see that we found some log inconsistencies that contain both account warnings as well as problems, as well as lines with expected syntax that contain problems and account warnings. If we look closer at this example, we can see that an unknown authentication service is attempting to authenticate a user, a disabled account is attempting to authenticate, that we have an RPC call failure, a failure to find a logon server, a failure to share SYSVOL, an account lockout, and a couple more RPC errors. Can you spot these issues?? Never mind the fact that the lines are highlighted, the wording is pretty straight forward as to what was identified.

image

The next few screenshots show both new and existing functionality with the new wording format for the summary:

image

image

image

Oh and before I forget, I did want to show you an example of the “false positive” detection due to the generic filters to look for “failed” or “error” (in this case, “failed”). I admit, it’s somewhat annoying at times, but is pretty easy to identify typically (I’ve only seen the false positive with service startup so far), and the benefit outweighs the false detection risk.

image

I think that about covers the new features ramp up....

Are you still with me? Asleep? Drooling from boredom yet?? Let’s just assume you’re still awake and have some interest shall we…!

Known issues

Although the parser is significantly improved, there are still a few known issues:

1. Message Analyzer performance

a. There are known issues with using Message Analyzer on single core virtual machines where the CPU can (and will) spike up to 99-100%.

b. Message Analyzer, when used with the Netlogon parser, can have a decent memory footprint. I recommend having at least 4GB of RAM, but as we all know, the more RAM the better!

2. Netlogon parser performance

a. In certain (rare) scenarios, Netlogon parser performance and functionality can be impacted if there are non-contiguous timestamps within the log file being reviewed. Put another way, if you have temporarily enabled Netlogon logging in the past, and then re-enable it later, you may impact performance and functionality due to the differing timestamps.

i. If you experience this situation, you can stop the Netlogon service, delete or rename Netlogon.log, then start the Netlogon service once again to start from scratch with your file. NOTE: For application servers and domain controllers, this will push authentication and requests over to other servers so make sure you don’t do this during production hours!

3. Timestamps (only when used with Message Analyzer 1.1)

a. When using the Netlogon parser v3.5 with Message Analyzer 1.1, the timestamp -UTC time issue that is corrected when the parser is used with Message Analyzer 1.2 and above still exists. You still gain the additional functionality.

4. False positive “DIAGNOSIS” detections due to the generic queries

a. This is a known issue, but the benefit seems to outweigh the risk in ensuring that no stone is left unturned!

Filtering your output

First things first…you need to know what fields are available so you know how to fine tune your filters. My goal here is not to show you every single way to filter, as there are various methods, but to get you started on how to do some simple and more advanced filtering with the Netlogon parser. The syntax in some cases can be changed to simplify even complex filters, but as I said, this is to get you started. As you become more familiar with Message Analyzer, or if you are already familiar with Message Analyzer, then you will learn the ins and outs of filtering even better.

Variable (Typical Filtering Method)

Explanation

Msgtype

EX: *msgtype == “CRITICAL”

EX: *msgtype contains “CRITICAL”

Contains the type of message being conveyed within the log file such as CRITICAL, MAILSLOT, SESSION, LOGON, PERF, MISC, etc. This will be found in nearly all messages, but isn’t quite as useful for filtering given the other capabilities of the parser.

RemainingText

EX: *RemainingText contains “failed”

Can contain many variations of text; anything from a complete line from the log, to random portions of the text that aren’t very interesting for troubleshooting and problem analysis. This can be found in nearly all messages, but may be rare to use given the other capabilities of the parser.

domainName

EX: *domainname == “CONTOSO\”

EX: *domainName contains “CONTOSO”

Contains the domain name for the user attempting to authenticate. For null authentication attempts that do not contain a domain name, this variable will be unpopulated. This is useful to use as a filter to trend authentication failures when they are failing to a specific trusted domain.

NOTE: When filtering on the domainName value, you must include the backslash “\” character in the filter if using “==”. This is not required if using “contains” in place of “==”.

userName

EX: *userName == “User1”

EX: *userName contains “User1”

Contains the user attempting to authenticate. This is extremely useful to identify any trending patterns for specific users that are failing authentication.

originMachine

EX: *originMachine == “Win7Client22”

EX: *originMachine contains “Win7Client22”

Contains the name of the device the user is attempting to authenticate from (ie; the source machine or device). Note that this value is not always provided (some authentications from 3rd party operating systems for example). This is useful to trend on a specific source device or machine.

relayMachine

EX: *relayMachine == “USEXCHCAS01”

EX: *relayMachine contains “USEXCHCAS01”

Contains the machine that is proxying the authentication on behalf of the user and source machine. This will typically be an application server (Exchange, IIS, SharePoint, SQL, etc) or a domain controller in a trusted domain. This is useful to help trend authentication attempts from a specific application server in order to identify where bottlenecks may be occurring.

otherText

EX: *otherText contains “Package”

Contains additional text such as flags for authentication (ExFlags), or in the case of non-NTLM authentication, the authentication package being used (ie; Kerberos, Microsoft Unified Security Protocol Provider, etc). This is useful for narrowing out non-NTLM authentication requests.

errorCode

EX: *errorCode == “0x0”

EX: *errorCode == “0xC000005E”

EX: *errorCode contains “C000005E”

Contains the error code returned for the authentication attempt. Use “0x0” to identify successful authentications, or use the specific error code to identify specific failed authentication attempts. While you can use this method, it is typically unnecessary due to other methods provided to filter out specific errors as outlined below in this blog.

Summary

EX: *Summary contains “LOCKED OUT”

EX: *Summary contains “user1”

EX: *Summary contains “SOME-MACHINE”

EX: *Summary contains “failure”

This is a general filtering method provided by Message Analyzer. The Netlogon parser (all versions) exposes the information necessary for all filter areas mentioned above within the summary area. The takeaway regarding this filtering method is that you can use *Summary contains “<any string>” to find nearly all items of interest, however it may provide more information than you are looking for. An example of this would be if there is a user and machine with the same name; filtering on *Summary contains “samename” would bring back all items related to the user and to the machine with the same name of “samename”, which may not be the desired output.

In this version of the parser, I have put notes directly into the parser to help you with some very basic filtering; but so you don’t have to actually go open the parser. Here is the breakdown for filters related to accounts and potential security risks:

Filter

What the filter finds

*Summary contains "WARNING"

Filters for account issues (expired passwords, disabled account authentication attempts, invalid username, etc.)

*Summary contains "WRONG"

Filters "wrong password" authentication attempts

*Summary contains “LOCKED”

Filters for account lockout events

The table above, as mentioned, is only very basic filtering. So if we look at an example of filtering on “WARNING”, this is what we get:

image

Or if we filter on “WRONG”, this is what we get:

image

Now, let’s look at filtering a little more deeply. Let’s say we want to filter out account warnings specific to Kerberos PAC validation or Schannel authentication, in which case the username would be “(null)”. We can do that by using a simple filter of: *Summary contains "WARNING" and *Summary contains "(null)"

Alternatively you can adjust that filter to: *Summary contains "WARNING" and *userName contains "(null)"

Here is an example:

image

And if we wanted to filter this down even further to look only at Kerberos PAC validation account warnings, we could use the filter *Summary contains "WARNING" and *Summary contains "(null)" and *Summary contains "Kerberos". Alternatively, you could use the filter *Summary contains "WARNING" and *userName contains "(null)" and *otherText contains "Kerberos" as seen in the below example:

image

Here is the breakdown for basic items related to potential problems identified by the parser:

Filter

What the filter finds

*Summary contains "DIAGNOSIS"

Filters for all potential problems found

*Summary contains "failure"

Filters authentication failures

*Summary contains "authentication"

(can also use: *Summary contains "SamLogon:")

Filters all authentication calls

*Summary contains "failed"

General query for the term "failed"

*Summary contains "error"

General query for the term "error"

Filtering the output for troubleshooting issues is basically the same as we discussed above for some more basic scenarios. But let’s say we want to dig deeper and review multiple accounts….

Let’s say for instance we want to try to filter out account lockout issues (this could also be tied into the above topic of course) for a user named “user1” or for any Kerberos or Schannel authentication attempts. In that case, I would need to supply some parenthesis around some of the filter, which would result in a filter of:

*Summary contains "WRONG" and (*userName == "user1" or *userName == "(null)") or *Summary contains "LOCKED" and (*Summary contains "user1" or *Summary contains "(null)")

-or you could use-

*Summary contains "WRONG" and (*userName == "user1" or *userName == "(null)") or *Summary contains "LOCKED" and (*userName == "user1" or *userName == "(null)")

What does this filter do you might ask? Well, it looks for the “WRONG” in “WRONG PASSWORD” or it looks for the “LOCKED” in the summary wording of “ACCOUNT LOCKED OUT”, then, in the case of the first filter example, specifies that the words “user1” or “(null)” must be included in the summary as well. In the second example, it’s a bit more refined. It still looks for “WRONG” or “LOCKED” in the summary field, but it then looks specifically at the username variable to see if there are users named “user1” or “(null)” in those fields.

Now, and this is a bit outside of the scope of this blog, keep in mind that in the case of an account lockout, the DC you are looking at may not be the source of the lockout, so it may not contain all (or any) of the wrong password attempts that actually led to the account lockout. In that case, you will need to determine the DC that the account was locked out from and review the Netlogon logs on that DC as well. Here is a simple example:

image

In this example, you can see 2 wrong password requests for a user named user1 in the child.domain.com domain, followed by an account lockout. If your account lockout threshold is, let’s say 10, then the wrong password must have also been passed to other domain controllers as well, so there may be more hunting to do because this only accounts for 2/10 of the bad attempts.

The bottom line:

For simple filtering where you have known values you are looking for, you can use a simple filter with “and” or “or” separating what you are looking for. But if there are multiple constraints, such as searching for multiple string potentials in the summary, and then narrowing that view only to a specific machine/device (or more than 1) or user, you have to “and” the filter, open parenthesis, put in your additional constraints, then close the parenthesis.

Looking at the previous example provided you can see this syntax:

*Summary contains "WRONG" and (*userName == "user1" or *userName == "(null)") or *Summary contains "LOCKED" and (*userName == "user1" or *userName == "(null)")

Notice in the example there are constraints to look for any summary containing “WRONG”, with the additional constraint that the line also must contain the userName of “user1” or “(null)”, which is then followed by the search for the phrase “LOCKED” with the same userName constraints. You have to be specific!

Now, let’s look at the same example, but this time let’s say I don’t want to include the “(null)” user account, but I do want to see all other locked out accounts. For this, we use a syntax like this:

*Summary contains "WRONG" and (not *userName == "(null)") or *Summary contains "LOCKED" and (not *userName == "(null)")

-or-

*Summary contains "WRONG" and (not *userName contains "(null)") or *Summary contains "LOCKED" and (not *userName contains "(null)")

-or-

*Summary contains "WRONG" and (not *Summary contains "(null)") or *Summary contains "LOCKED" and (not *Summary contains "(null)")

A lot of options there, right! The result of this type of query, using the same sample file as we’ve been using, is this:

image

Notice in this example how we get only the authentication attempts for “user1”, BUT we also get back other lines for wrong passwords being submitted and account lockouts. That happens because those summaries contain the same keywords we are searching the summary for. It’s a bit of noise, but you could reduce that noise a bit by altering the filter to something like this:

*Summary contains "WRONG" and (not *userName == "(null)") and (*Summary contains "failure") or *Summary contains "LOCKED" and (not *userName == "(null)") and (*Summary contains "failure")

NOTE: You can also use other variations as discussed above!

This method results in output such as this:

image

 

How to update the Netlogon parser manually to v3.5

If you are using Message Analyzer 1.1, 1.2, or 1.3, but still want to take advantage of the new features introduced in the Netlogon parser v3.5, then you can follow the below 4 steps to implement the updated Netlogon parser. Please keep in mind that the Netlogon parser v3.5 is written for Message Analyzer 1.3 and beyond, so there may be bugs that were not identified in testing and are not covered in the above known issues list!

NOTE: No version of the Netlogon parser will function on any Message Analyzer version less than Message Analyzer 1.1. It is highly suggested to find a way around your deployment blocker so that you can upgrade to Message Analyzer 1.3.1 as soon as possible!

With that being said, here’s how you manually update the parser:

1. If Message Analyzer is running, please shut it down and ensure the process is no longer listed in Task Manager

2. Download the Netlogon-35-config.zip file in this blog (this zip file contains v3.5 of the Netlogon parser, as well as the “Netlogon Analysis” grid view files)

a. The files within Netlogon-35-config.zip are: Netlogon.config, Netlogon-Analysis-View.asset, and Netlogon-Analysis-View.metadata

3. Unzip Netlogon-35-config.zip to a location of your choosing

4. Copy the Netlogon.config file that you unzipped into:

a. If using Message Analyzer 1.2 or 1.3: %userprofile%\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\TextLogConfiguration\DevicesAndLogs (when prompted to overwrite the file, select the option to replace the file in the destination)

b. If using Message Analyzer 1.1: %userprofile%\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\TextLogConfiguration\AdditionalTextLogConfigurations (when prompted to overwrite the file, select the option to replace the file in the destination)

After following the above 4 steps, the Netlogon parser v3.5 should now be implemented and available for use once you reopen Message Analyzer.

How to add the new “Netlogon Analysis” grid view

As an added bonus to the new parser, an analysis grid view that contains a more refined view specific for the needs of analyzing Netlogon logs is available to download in this blog. This analysis grid contains the message number, the diagnosis (ie; diagnosis types), time elapsed, summary, trace source (the name of the source Netlogon log), and the trace source path (the path to the source Netlogon log).

Here is how you manually import the Netlogon Analysis grid view (assumes you have already imported v3.5 of the Netlogon parser and are running Message Analyzer 1.3 or 1.3.1):

1. Open Message Analyzer

2. Open a Netlogon log to begin a new session (you can drag and drop the file in or open it using the File menu or shortcuts on the start page); select the Netlogon parser and click Start

3. Above the analysis grid, click the Layout dropdown (or use the Session|Analysis Grid|Layout option)

4. Select Manage Layouts, then click Manage…

image

5. In the Manage View Layout screen, select Import

image

6. Browse to the path where you unzipped Netlogon-35-config.zip to find the file Netlogon-Analysis-View.asset, then select it and click Open, or simply double click the .asset file

7. In the Select Items to Import screen, just click the OK button

image

8. You should now be back in the Manage View Layout window; if you scroll down, you should see a new Netlogon category, with the Netlogon Analysis grid view listed

image

9. Click the OK button

10. You should now be able to select the Netlogon Analysis grid view. You can select this view from the “Layout” selection available above the analysis grid when opening a log file (1st screenshot) or from the Session à Analysis Grid à Layout menu (2ndscreenshot).

image

image

 

Reference links

Message Analyzer v1.3.1 download (highly recommended!)

http://www.microsoft.com/en-us/download/details.aspx?id=44226

New Features in the Netlogon Parser (v1.1.4) for Message Analyzer

http://blogs.technet.com/b/askpfeplat/archive/2015/01/19/new-features-in-the-netlogon-parser-v1-1-4-for-message-analyzer.aspx

Introducing the Netlogon Parser (v1.0.1) for Message Analyzer 1.1 (By: Brandon Wilson)

http://blogs.technet.com/b/askpfeplat/archive/2014/10/06/introducing-the-netlogon-parser-v1.0.1-for-message-analyzer-1.1.aspx

Troubleshooting Basics for the Netlogon Parser (v1.0.1) for Message Analyzer (By: Brandon Wilson)

http://blogs.technet.com/b/askpfeplat/archive/2014/11/10/troubleshooting-basics-for-the-netlogon-parser-v1-0-1-for-message-analyzer.aspx

Quick Reference: Troubleshooting Netlogon Error Codes (By: Brandon Wilson)

http://blogs.technet.com/b/askpfeplat/archive/2013/01/28/quick-reference-troubleshooting-netlogon-error-codes.aspx

Quick Reference: Troubleshooting, Diagnosing, and Tuning MaxConcurrentApi Issues (By: Brandon Wilson)

http://blogs.technet.com/b/askpfeplat/archive/2014/01/13/quick-reference-troubleshooting-diagnosing-and-tuning-maxconcurrentapi-issues.aspx

Message Analyzer Forum

http://social.technet.microsoft.com/Forums/en-US/home?forum=messageanalyzer

Message Analyzer blog site

http://blogs.technet.com/MessageAnalyzer

Memory usage with Message Analyzer

http://blogs.technet.com/b/messageanalyzer/archive/2015/07/06/memory-usage-with-message-analyzer.aspx

Just to recap; please send us any suggestions or problems you identify through the comments below, the Message Analyzer forum, via email to MANetlogon@microsoft.com, or using the integrated feedback button in Message Analyzer as seen below (circled in green at the top right)!

image

image

 

Thanks, and talk to you folks next time!

-Brandon Wilson


Outlook 起動時や利用中に 「Microsoft Outlook は動作を停止しました」 というエラーが表示され強制終了する (ビューの破損による事象)

$
0
0

こんにちは。日本マイクロソフト Outlook サポートチームです。

様々な原因により Outlook が強制終了してしまう問題が発生いたしますが、今回はビューの破損が原因でOutlook を起動時や利用中に、「Microsoft Outlook は動作を停止しました」 というエラーが表示され、Outlookが強制終了するという問題と回避策についてご紹介いたします。

現象
Outlook を起動する際やOutlook 使用中のフォルダーの選択時などに、「Microsoft Outlook は動作を停止しました。」 というエラーが表示され、Outlook が強制終了します。

事象発生時に以下のトラブルシューティングを行っても回避することができません。
・ 受信トレイ修復ツール (SCANPST.EXE) による PST ファイル や OST ファイルの修復の実施
・ Outlook プロファイルの再作成
・ OST ファイルの再作成
・ セーフモードによる Outlook の起動
・ Office の再インストール
・ 別の PC での Outlook プロファイルの作成

また、事象発生時に Outlook Web Apps (OWA) では事象が発生しません。

 
原因
Outlook は、ビューと呼ばれる画面のレイアウトの情報 (メッセージ一覧でのソート順序や各列の表示幅、フォント幅などの設定) をメールボックスに保存しますが、このビューの情報が破損した場合に Outlook が強制終了する事象が発生します。

回避方法
Outlook のメールボックスが保持する破損したビューの設定を初期化することで回避することが可能です。

破損したビューの設定を初期化するために、Outlook 起動時に /cleanviews コマンドライン スイッチを付けて起動します。

- 手順

  1. Outlookを終了します。
  2. Windows の画面左下のスタートボタンをクリックします。 (Windows 8/8.1/10 では Windows キー + Q を押下します。)
  3. [プログラムとファイルの検索] 欄に以下のように入力し Enter を押下します。
    Outlook.exe /cleanviews
  4. Outlook を起動し、事象が発生していたプロファイルでログオンする際に現象が回避するかご確認ください。
  5. 効果が確認できない場合、Outlook のキャッシュ モードの有効/無効を切り替えて改めて手順 1. から実施してください。

補足事項
/cleanviews オプションによる初期化の動作について

  1. /cleanviews オプションで Outlook を起動した場合、ログオンするメールボックス、PST ファイル、およびアクセスを行ったパブリック フォルダーのうちアイテムを削除する権限を持つフォルダーのビューが初期化されます。
    メール以外の予定表や連絡先、タスクも初期化の対象となります。
  2.  /cleanviews オプションで Outlook を起動した場合、既定のビューを復元します。作成したユーザー設定のビューはすべて失われます。
     設定値をバックアップファイルなどに出力するといった機能はないことから、再度初期化後に手動にて再設定いただく必要がございます。
  3. ビュー情報とは、メッセージ一覧でのソート順序や各列の表示幅、フォント幅などの設定です。
    Outlook 2010 / 2013 の [表示] - [ビューの変更] や [ビューの設定] からカスタマイズが可能な設定やアイテムの並び順などが該当いたします。

参考情報
Title : Outlook 2010 のコマンド ライン スイッチ
URL : http://office.microsoft.com/ja-jp/outlook-help/HP010354956.aspxf
 
Title : Outlook 2013 のコマンド ライン スイッチ
URL : https://support.office.com/ja-jp/article/Outlook-2013-%e3%81%ae%e3%82%b3%e3%83%9e%e3%83%b3%e3%83%89-%e3%83%a9%e3%82%a4%e3%83%b3-%e3%82%b9%e3%82%a4%e3%83%83%e3%83%81-079164cd-4ef5-4178-b235-441737deb3a6?ui=ja-JP&rs=ja-JP&ad=JP

Připravte se pro nasazení Windows 10 ve vaší škole

$
0
0

Windows 10 je dostupný ve 190 zemích. Nyní nastal správný čas, abyste upgradovali zdarma na Windows 10 Home nebo Windows 10 Pro své soukromé počítače a začali plánovat nasazení Windows 10 ve své škole. Ke stažení je 90denní zkušební verze Windows 10 Enterprise. Na webu TechNetje k dispozici nový obsah popisující funkce ve Windows 10 a nové scénáře nasazení a správy zařízení. Připravují se i kurzy na Microsoft Virtual Academy.

V rámci nasazení Windows 10 je dobré začít plánovat využití služby Windows Update for Business, která zjednoduší správu a distribucí aktualizací.

Pokud jste již členem programu Windows Insider, budete mít i na dále příležitost ovlivňovat vývoj Windows. V současnosti zároveň můžete pomoci s testováním Windows 10 Mobile pro telefony.

Porovnání edic Windows 10
V tomto dokumentu ke stažení najdete porovnání jednotlivých edic (Home, Pro, Enterprise a Education).

Nejčastější dotazy IT odborníků týkající se Windows 10
Získejte odpovědi na časté otázky týkající se kompatibility, instalace a podpory Windows 10 Enterprise.

Plán nasazení Windows 10
Úspěšné nasazení začíná dobrým plánem. Seznamte se možnostmi upgradu, jak funguje distribuce aktualizací a začněte plánovat nasazení. Vyzkoušejte si doporučené nástroje pro nasazení a projděte si scénáře nasazení Windows 10 a začněte se zabývat upgradem nebo migracíse zaměřením na kompatibilitu aplikací, migraci uživatelů a hromadnou aktivaci.

Nasazení Windows 10
Získejte podrobný návod, jak nasadit Windows 10 v prostředí školy pomocí Microsoft Deployment Toolkit (MDT) nebo využitím kombinace MDT a System Center Configuration Manageru. Podívejte se, kdy a jak použít Windows Assessment and Deployment Kit (Windows ADK) v rámci vašeho projektu na nasazení Windows, včetně nasazení Windows To Gosideloadingu interní aplikací,aktivace Windows 10 a konfigurace Windows 10 pomocí zřizovacích balíčků (provisioning).

Správa Windows 10 
Seznamte se s možnostmi správy zařízení s Windows 10 a zabezpečte svou infrastrukturu s využitím funkcí Device Guard a Microsoft Passport.

Podpora Windows 10
Ve fórech Windows 10 IT Pro najdete řešení nejčastějších incidentů. Můžete také položit nový dotaz.

Microsoft Edge a Internet Explorer 11
Microsoft Edge je nový výchozí prohlížeč ve Windows 10, který uživatelů přináší funkce jako režim pro čtení a podporu přidávání rukopisných a textových poznámek přímo do webů. IT odborníci mohou Edge spravovat pomocí zásad. Zároveň je k dispozici i Internet Explorer pro zajištění kompatibility se staršími interními weby.

Cool Stuff about PowerShell 5.0 in Windows 10

$
0
0

Summary: Ed Wilson, Microsoft Scripting Guy, talks about cool stuff in Windows PowerShell 5.0 for Windows 10.

Microsoft Scripting Guy, Ed Wilson, is here. Over the weekend, I installed Windows 10. It is way cool. I love what we have done with the charms bar…it is gone. I also like the streamlined user interface, the new Edge browser, and especially Windows PowerShell 5.0. I mean, it is awesome. It rocks.

By the way, the easiest way to upgrade to Windows PowerShell 5.0 right now, is to upgrade to Windows 10—which by the way, is a free upgrade from Windows 7, 8, and 8.1. For now, that is what I am going to be doing—talking about Windows PowerShell 5.0 on Windows 10. And this brings me to Cool Stuff Week...

What is so cool about PowerShell 5.0?

Well, first of all, what’s not cool? Pretty much nothing. I love it. When I install Windows 10, I have Windows PowerShell 5.0. As Teresa explained yesterday, the next step is to pin Windows PowerShell to the Start page and to the Taskbar (see Exploring Windows PowerShell 5.0). I do this for the ISE and for the Windows PowerShell console.

I am not going to enable scripting right now. I will do that later. For now, I am exploring. I also need to open Windows PowerShell as an Administrator and update Help. Teresa also talked about how to do that yesterday.

The Clipboard

I will admit that when I first heard about Get-Clipboard and Set-Clipboard, I figured they would be pretty lame. I mean, I have been piping to Clip.exe for years. In addition to that, there are Clipboard cmdlets in the PowerShell Community Extension Project, so I figured this was just some low hanging fruit that was easy for the Windows PowerShell team to add.

Really, though, it is pretty cool.

First of all, I can pipe strings to Set-Clipboard and then get it back via Get-Clipboard. It works as expected.

But, when I pipe a directory list to Set-Clipboard, and then I use Get-Clipboard, I don’t get anything back—until I specify the format I want as a FileDropList. As shown here, I then get back a collection of objects:

Image of command output

Of course, it should come as no surprise that we have an object-oriented Clipboard. I mean, everything in Windows PowerShell is an object, so why not the Clipboard? This also means that I can index into the Clipboard, and return a FileInfo object. This is shown here:

Image of command output

At this point, I am starting to think, “You have got to be kidding. Really? Objects on the Clipboard?” Dude, dude, dude."

I know how to use objects and how to work with collections of objects. I mean, this is awesome stuff. I can grab only the base names from the collection of objects, or I can create a table with the base name and the last access time—all from the same Clipboard content. This is shown here:

Image of command output

So, yeah. The Clipboard cmdlets are cool. Way cool. And that is just two of the 1,285 Windows PowerShell cmdlets in Windows 10.

That is just scratching the surface of Windows PowerShell 5.0. Join me tomorrow when I will talk about more cool stuff.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy

Microsoft Dynamics AX: планы разработки 08/2015

$
0
0

Уважаемые коллеги!

Подготовлен документ с планами разработки Microsoft Dynamics AX и информацией по выпущенной функциональности по состоянию на 1 августа 2015 года.

Файл в приложении.

最新培训

$
0
0

为了更好地提升微软合作伙伴的解决方案能力,更好地帮助技术团队构建蓝图式提升阶梯,微软合作伙伴技术部门将在8月份推出如下在线课程。如果您对某些课程感兴趣,请直接发送课程名联系我们,并提供您的合作伙伴ID或名称,合作伙伴专员将及时跟进。

 

注:若课程名称带有(4h)字样,这门课程将使用您4小时的咨询时间;未标注则为免费课程。

周一周二周三周四周五
8/3/20158/4/20158/5/20158/6/20158/7/2015
 14:00-16:0014:00-16:0014:00-16:0014:00-16:00
数据库基础入门(2h)介绍Windows 10 Skype for Business 混合部署SharePoint Online 企业内容管理
  14:00-16:00 
  SQL Server 2014 AlwayOn  
8/10/20158/11/20158/12/20158/13/20158/14/2015
 14:00-16:0014:00-16:0014:00-16:0014:00-16:00
微软大数据平台hdinsight概述Windows 10 安装与部署迁移Public Folder到Exchange OnlineSharePoint Online混合部署
8/17/20158/18/20158/19/20158/20/20158/21/2015
14:00-16:0014:00-16:0014:00-16:0014:00-16:0014:00-16:00
Windows 10 介绍Windows客户端部署 Demo(2h)SQL Server 2014 混合云平台介绍ADFS验证机制Dynamics CRM Online和SharePoint Online的整合 
8/24/20158/25/20158/26/20158/27/20158/28/2015
  14:00-16:0014:00-16:0014:00-16:00
Windows 10 安装与部署Office 365技术分享Exchange Online 存档功能
 14:00-16:00 
 深入探索微软大数据解决方案-HDInsight  

集成Microsoft Dynamics CRM Online与Office 365系列课程

$
0
0

该系列课程旨在帮助您了解CRM Online如何满足与增长现有Office 365云业务的机会。完成本次课程后,您将会解释如何保证客户最大化Office 365功能,例如Exchange Online, SharePoint Online, Yammer, Power BI以及添加Dynamics CRM Online到云服务的更多功能。

完成本次课程后,您将会能够:

  • 了解在整合Dynamics CRM Online和Office 365时增长您的业务的现有机会
  • 清楚的表达Dynamics CRM Online如何满足您客户的需求
  • 最大化Offcie 365的功能,例如Exchange Online, SharePoint Online, Yammer, Power BI以及更多的添加Dynamics CRM Online的云组合

课程内容

  • Dynamics CRM Online介绍
  • Dynamics CRM Online概览、管理、价格、许可以及内部使用权
  • Dynamics CRM Online与SharePoint Online集成
  • Dynamics CRM Online与Exchange Online集成
  • Dynamics CRM Online与Yammer, Lync和Skype集成
  • Dynamics CRM Online与Power BI集成
  • Microsoft Social Licensing概览

关于更多信息,请参考链接 https://support.microsoft.com/en-us/kb/3041841

课程安排

我们会尽快更新面向中国区合作伙伴的时间。如果您需要,请联系我们

하나의 Windows 10, 두개의 보안 영역, Windows 10 엔터프라이즈 데이터 보호(Enterprise Data Protection, EDP)

$
0
0
지난 주, Windows 10이 공식적으로 사용자들에게 다운로드가 시작되면서, 전 세계 1,400만 사용자가 다운로드를 받아, Windows 10을 설치하였다는 소식이 전해지고 있습니다. 하나 둘씩, Windows 10의 IT Pro와 관련된 포스팅을 정리하고 있는데, 오늘은 EDP(Enterprise Data Protection)으로 알려진 기술을 살펴보겠습니다. 일반적으로 기업에서는 업무용 디바이스에 대한 보안을 위해 망분리나 디바이스 분리라는 측면의 접근을 많이 사용합니다. 실제 업무를 보는 디바이스와, 개인용 디바이스에 대한 물리적, 혹은 가상화 기술을 이용한 논리적 분리를 하여, 상호간의 보안 침범을 원천적으로 막기 위함이지요. 사용자 입장에서 2가지 디바이스의 사용은 이용에 대한 불편함을 초래하게 됩니다. 다른 측면에서 운영 체제 위에 하나의 소프트웨어를 설치하고 이를 통해 분리를 하는 기술 역시, 개인적인 의견에서는 운영 체제의 처리 방식은 결국 하나이기 때문에, 해당 소프트웨어의...(read more)

SharePoint Roles and Responsibilities (On-Premises and Azure IaaS)

$
0
0

SharePoint is a platform that I have found to be surrounded by a lot of misconception. Many people assume as it is a web site therefore should be managed by the web team. Others see it consuming database storage and thus to be managed by the SQL team. Others see that is platform to be developed against, and thus managed by the development team. The truth is SharePoint is all three, it’s a web site/service with a SQL backend which I highly customizable. Therefore it is important to get an understanding as to what are the roles and responsibilities to manage a SharePoint environment. The following is for roles and responsibilities that are required for both on premises and Azure Infrastructure as a Service (IaaS).

Server/Platform Admin

The server administrator is responsible for providing the core resources required for the running of the server. They will manage the CPU, Disk and Memory allocation. It is important that for any changes to requirements they are informed ahead of time so that they can play resource allocation for any given service/component. SharePoint system requirements change between versions and a common mistake is using the same hardware requirements form an old version of SharePoint on the new servers. You can find the latest hardware requirements here.

Network Admin

The network admin is responsible for ensuring the data gets across the network in the most optimized manner possible. They usually also manage the network load balancers which is used to balance traffic between SharePoint web frontends. Therefore any changes to the web frontends, roles or services on those severs need to notify the network admin so that they can ensure traffic is routed accordingly. Also they would be responsible to ensure internet traffic to servers are routed correctly and meet security requirements such as proxy and firewall configuration. SharePoint has a number of ports required to be open these can be found here.

 

Database Admin

Whilst SharePoint runs on SQL Server it does not use the good practises for SQL Server, but rather has its own good practice guide. It is paramount that SQL is configured accordingly to ensure good performance and reliability of the backend. As SharePoint uses SQL not only for storage but also processing some queries and thus an optimised backend will lead to performance gains. For a view on SQL databases maintenance for SharePoint I recommend the following articles:

SharePoint Admin

This is a role that is the least defined and in my experience varies from customer to customer. In some instances the SharePoint admin maintains full control of every aspect of Sharepoint dependencies including Active Directory, SQL and SharePoint. Whilst in other cases the SharePoint admin only has control of Central Administration with the server lockdown for complete minimum server requirements i.e. not Local Admin. However what they all have in common is the ability to manage SharePoint. On a daily basis the SharePoint Admin should be aware of:

 

  • Consumption of  Resources on SharePoint Server (CPU, Disk, Memory)
  • Availability of Sites and Service Applications
  • Errors in the Event Logs
  • Status of SharePoint Health Analyzer
  • Status of Service Applications
  • SharePoint Backups 

Fortunately all of the above can be monitored with tools such as Microsoft System Center Operations Manager. The benefit of using System Center Operations Manager is that Microsoft have a management pack to monitor SharePoint. However always ensure that these are tuned to meet your organizational SLAs.

 

The SharePoint administrator is also be responsible for the management of the Service Applications in SharePoint such as Search, User Profile Service, Managed Metadata Service etc. Whilst many of the service applications are setup once, they still needed to be managed and maintained to ensure a good level of system performance.

 

The SharePoint administrator is also responsible for applying updates to SharePoint such as Service Packs and Cumulative Updates. This will be arranged through change management as it will require down time.  

Developer

The developer for SharePoint is a broad spectrum as they can be a web designer in configuring the look and feel of a SharePoint site. A .Net developer extended the capabilities of SharePoint with farm based and sandbox solutions (sandbox solutions have been marked as deprecated). To a Linux, Apache, MySQL, PHP (LAMP) developer who creates a separate web service but then connects to the SharePoint API using all or some of the following OAuth, OData and REST.  

Whilst the technology or tools that the developer uses are different one thing is important, the developer must have an understanding of how SharePoint works. SharePoint also has good practices when it comes to development and how objects are to be called, used and disposed is important in terms of management of resources. There are tools available to help ensure code meets requirements for good codding practice for SharePoint Microsoft Code Analysis Framework, you can also look at SharePoint Code Analysis framework which gives a more in depth analysis of your code for the Office 365 and On-Premises. However these tools will only validate coding practices and not whether the code itself is malicious. The deployment of the code must go through change management so that the changes are tracked and recorded. Also any changes that make changes to the web.config will result in an Application Pool recycle which disrupts the service.

Site Collection Administrators

The site collection administrator is a person who manages a site collection and all of the sub-sites within that collection. There is a misconception that a SharePoint Admin and a Site Collection admin are the same. Whilst in some unique cases this is true, in most cases this is not. The purpose of a Site Collection admin is to delegate the management of a site or group of sites to people who better understand the need and requirement of a site. This helps empower workgroups to have more control over their web sites and less reliant on core IT services. It is paramount that multiple Site Collection Administrators are setup to provide cover so that management of sites can continue in the absence of the main site collection administrator. This role remains pivotal both on Premises and in Office 365.

Information Architect

The assets stored in SharePoint can be from just personal documents stored in OneDrive for Business to entire corporate documentation. Therefore it is important that the data is classified, and architected as to how the document is to be stored, when to be archived/disposed. Also the information architect can provide some insights on how long backups are to be retained depending on legislation. It is important that the Information Architect and the SharePoint Administrator establish a relationship as a SharePoint admin can better plan storage requirements when they are away of the documentation plans of the organisation, and the information architect can be sure that when their proposals are rolled out the infrastructure is in place to accommodate the workload.

Technical Architect

The technical architect will usually design the solution whether it be intranet, internet and/or document collaboration. The technical architect usually has the outline of what is the purpose of the system and the vision of how it is to be used. Therefore it is important that their vision is aligned to the Information Architect data requirements, as well as the Infrastructure requirements with regards to scaling to accommodate the load of the requirements.

Governance Team

The governance team should be the glue between the different roles and responsibilities ensuring that each role has the required information they need in order to complete their role. As can be seen by the brief description of roles, all roles have dependencies on other roles.

Neue Funktionen im Azure Marketplace

$
0
0

Der Azure Marketplace wurde um eine Reihe neuer Funktionen und Features bereichert: So wurden Onboarding- und Deployment für Multi-VMs wurden erweitert, die neue Kategorie Developer Service (Dienste für Entwickler) hinzugefügt und DockerHub integriert.

Die neuen Multi-VMs-Angebote reduzieren deutlich die Zeit und Ressourcen für die Bereitstellung komplexer Software und minimiert die Kosten für die Entwicklung und Integration. Anwender können Services besser managen, die Leistung verbessern und deutlich den Prozess zur Einrichtung virtueller Cluster unter Azure vereinfachen. Multi-VMs bieten zudem Redundanz und Failover-Funktionen. Darüber lässt sich nun die programmatische Bereitstellung virtueller Maschinen mit Anwendungen des Marketplace von Drittanbietern (Azure Resource Manager) über das Abonnement einfacher aktivieren und verwalten.

Die neue Kategorie Developer Services (Dienste für Entwickler) bietet Funktionen über die Azure Platform hinaus und erleichtert es, komplexe Dienste in Anwendungen zu integrieren. Anwender erhalten damit mehr Auswahl, Flexibilität und Funktionen für die Entwicklung von Anwendungen und den Ausbau ihres Businesse mit Azure. Dabei stehen sowohl bekannte Developer Services im Azure Classic Management Portal zur Auswahl als auch neue Developer Services im Azure Management Portal von Bing Maps, SendGrid, New Relic, ConexLink und Trend Micro.

Aufbauend auf der Partnerschaft mit Docker stehen nun auch Container Apps im Azure Marketplace bereit. Container-Apps helfen dabei, die Bereitstellung von Anwendungen mithilfe isolierter Software-Containern, die in einer einzigen virtuellen Instanz laufen, zu automatisieren. Damit können Kosten, die mit dem Starten und Verwalten von virtuellen Maschinen zusammenhängen, reduziert und die Ausnutzung der eigenen Cloud-Instanzen erhöht werden.

Weitere Informationen zu den Neuerungen im Azure Marketplace können Sie hier (in englischer Sprache) nachlesen. Oder Sie erkunden diese direkt im Azure Marketplace.

Microsoft Advanced Analytics: Schutz vor Schadsoftware und Cyber-Angriffen

$
0
0

Ab 01. August 2015 ist die neue Security-Lösung Microsoft Advanced Threat Analytics (kurz: ATA) verfügbar, mit denen IT-Verantwortliche in Unternehmen Eindringlinge in und Angriffe auf das Netzwerk zielgerichtet zu blockieren können.

ATA analysiert hierfür das Nutzerverhalten und ermittelt mithilfe von maschinellem Lernen normales und abnormales Verhalten. Darüber hinaus nutzt ATA eine rollenbasierte Analyse, um auch hochentwickelte Angriffe wie Pass-the-Ticket, Pass-the-Hash, Overpass-the-Hash, Golden Ticket, Skeleton Key Malware und ähnliche Attacken in Echtzeit zu erkennen. Auch bekannte Fehler in der Konfiguration, die ein Sicherheitsrisiko darstellen können, können identifiziert werden.

Weitere technische Details lesen Sie in diesem Technet-Blogbeitrag.

ATA wird als Stand-Alone-Lösung  über eine Client-Management-Lizenz sowie als Teil der Enterprise Mobility Suite (EMS), der Enterprise Cloud Suite (ECS) sowie der Enterprise Client Access License (ECAL) angeboten werden. Informationen zu Preisen und Lizenzierung finden Sie hier.

SharePoint Roles and Responsibilities (SharePoint Online)

$
0
0

Further to my blog regarding SharePoint Roles and Responsibilities (On-Premises and Azure IaaS) this is a follow up on how roles and responsibilities differs when moving to Software as a Service (SaaS).  

Network Admin

Network administration is a crucial component for using SharePoint Online. The network needs to be configured optimally to ensure good performance between users and the data in SharePoint Online. There are a number of steps that can be taken to optimize network performance. But also there are factors that exist outside of the internal network that can affect performance to SharePoint online. Most commonly are related to how long does it take for DNS to resolve traffic to Microsoft network. Paul Collinge has some great tips that I have called out in an earlier blog post, but still of benefit:

Global Admin

This is the gate keeper account to your Office 365, and by thus give you full administration access to SharePoint Online. This account can also be used to set global settings for external sharing feature and capabilities for Sharepoint Online.

SharePoint Online Administrator

This SharePoint Online administrator is still responsible for the operation of SharePoint online, but now does not have to manage the following:

 

  • Hardware Resources (CPU, Memory)
  • Patch Management
  • Backups and DR

 

However the SharePoint Online administrator will still need to track storage, whilst SharePoint Online will provide limitless storage in the future. The site collections will still need to be monitored in Sharepoint Online to ensure that sites are not close to exceeding boundaries, thresholds and supported limits.

 

The SharePoint Online administrator is also responsible for the management and configuration of the service applications such as Search, User Profile Service, and Managed Metadata Service etc. Whilst many of the service applications are setup once, they still needed to be managed and maintained to ensure they provide the organization with the data and service they expect.

 

Auditing is a new feature being rolled into Office 365 and is important for an organization to track how the data in Office 365 and SharePoint online is being used via the compliance center. The following video gives a great Overview to the feature in the compliance center. The SharePoint administrator can track for number of active users to ensure licenses are optimized for usage, check sites that are shared externally and generally help keep track of company assets in SharePoint online.

The SharePoint Online admin can also has access to a number of PowerShell cmdlets to better help them manager there SharePoint Online service.  

 

Developer

The developer for SharePoint is a broad spectrum as they can be a web designer in configuring the look and feel of a SharePoint site. Whilst you cannot deploy farm based solutions in SharePoint online you can still use sandbox solutions (sandbox solutions have been marked as deprecated) as well as SharePoint Apps. Which can either be squired from the SharePoint Online store or built for purpose to connect to SharePoint using all or some of the following OAuth, OData and REST.  

Code going into SharePoint online must meet a standard that is measured with Microsoft Code Analysis Frameworkyou can also look at SharePoint Code Analysis framework which gives a more in depth analysis of your code for the Office 365 and On-Premises. However these tools will only validate coding practices and not whether the code itself is malicious. The deployment of the code is limited to sandbox solutions, as SharePoint Apps are self-contained programs.  

Site Collection Administrators

The site collection administrator is a person who manages a site collection and all of the sub-sites within that collection. There is a misconception that a SharePoint Admin and a Site Collection admin are the same. Whilst in some unique cases this is true, in most cases this is not. The purpose of a Site Collection admin is to delegate the management of a site or group of sites to people who better understand the need and requirement of a site. This helps empower workgroups to have more control over their web sites and less reliant on core IT services. It is paramount that multiple Site Collection Administrators are setup to provide cover so that management of sites can continue in the absence of the main site collection administrator. This role remains pivotal both on Premises and in Office 365.

Information Architect

The assets stored in SharePoint can be from just personal documents stored in OneDrive for Business to entire corporate documentation. Therefore it is important that the data is classified, and architected as to how the document is to be stored, when to be archived/disposed. Also the information architect can provide some insights on how long backups are to be retained depending on legislation. It is important that the Information Architect and the SharePoint Administrator establish a relationship as a SharePoint admin can better plan storage requirements when they are away of the documentation plans of the organisation, and the information architect can be sure that when their proposals are rolled out the infrastructure is in place to accommodate the workload.

Information Architecture is critical in on-premises, Azure IaaS and SharePoint online. As no matter where the data is hosted the data still belongs to your company and must be managed according to your business requirements for data. SharePoint Online does not provide automated document management service for document disposal and archiving, all of the requirements will need to be manually configured but the SharePoint Online administrator.

Technical Architect

The technical architect will usually design the solution whether it be intranet, internet and/or document collaboration. The technical architect usually has the outline of what is the purpose of the system and the vision of how it is to be used. Therefore it is important that their vision is aligned to the Information Architect data requirements. The Technical Architect can set the tone of how SharePoint online is to be used.  

Governance Team

The governance team should be the glue between the different roles and responsibilities ensuring that each role has the required information they need in order to complete their role. As can be seen by the brief description of roles, all roles have dependencies on other roles.

Microsoft Azure wird Teil des Cloud Solution Provider Programms

$
0
0

Microsoft öffnet das Cloud Solution Provider (CSP)-Programm für eine größere Zahl von Partnern und erweitert es um neue Cloud-Dienste und Plattform-Funktionen. Auf der Worldwide Partner Conference 2015 in Orlando Mitte Juli kündigte Microsoft an, dass in Zukunft neben Microsoft Office 365 und Microsoft Enterprise Mobility Suite (EMS) auch Microsoft Dynamics CRM Online und Microsoft Azure über CSP-Programm bezogen werden kann.

CSP: Ihre Chancen auf Up-Sell und neue Kunden

Als Teilnehmer im Cloud Solution Provider-Programm erhalten Sie die Möglichkeit, die Microsoft-Cloud-Dienste in Kombination mit Ihren eigenen Angeboten und Diensten zu vertreiben. Generell verwalten Sie als Partner im CSP-Programm den gesamten Kundenlebenszyklus und sind verantwortlich für die direkte Abrechnung mit den Kunden, die Bereitstellung, die Verwaltung und den Support.

Ob Sie die Cloud-Dienste unverändert oder als Bundle mit individuellen Zusatzangeboten vermarkten, liegt aber ganz bei Ihnen. Mit der Integration von Cloud- und On-Premise-Diensten bieten Sie aber auf jeden Fall Mehrwerte und erhöhen die Kundenbindung. Die Teilnahme am CSP-Programm eröffnet Ihnen somit neue Möglichkeiten, Up-Sell-Potenziale mit bestehenden Kunden zu realisieren oder neue Kundengruppen zu erschließen.

Ausführliche Informationen zum Cloud-Solution Provider-Programm finden Sie hier im Microsoft Partner Network.

Cortana goes Business: Cortana Analytics Suite sagt Trends und Risiken voraus

$
0
0

Vielen ist Cortana als digitale Sprachassistentin bekannt, die Anwender von PCs, Tablets und Smartphones Anwender bei der Erledigung alltäglicher Aufgaben unterstützt. Nun hält Cortana auch Einzug in die Unternehmenswelt: Mit der Cortana Analytics Suite (kurz: Cortana AS) bringt Microsoft ein umfassendes Set von Services und Anwendungen für die Vorhersage von Trends und Geschäftsentwicklungen sowie die weitgehend automatische Entscheidungsfindung auf den Markt. Oder in den Worten von Hans Wieser, Business Lead Data Platform bei Microsoft Deutschland, ausgedrückt: „Die Cortana Analytics Suite ist digitale Vorstandsreferentin, Einkaufsberaterin und Risikomanagerin in einem.“

 

Cortana AS soll im Herbst 2015 auf den Markt kommen. Für ihre Trendanalysen und Verohersagen verknüpft die Suite Big Data Cloud-Technologien wie HDInsight, Machine Learning oder Event Hubs mit Werkzeugen für "Perceptive Intelligence", also für intelligente Auffassungsgabe und Datenverarbeitung, beispielsweise im Rahmen von Text- oder Sprachanalysen.

Unter anderem umfasst Cortana Analytics folgende Azure Services Power BI und API’s:

  • vorkonfigurierte Azure-Dienste wie Recommendations, Forecasting und Chum
  • die persönliche digitale Assistentin Cortana
  • Datenverarbeitungswerkzeuge mit intelligenter Auffassungsgabe im Rahmen von Text- oder Sprachanalysen mit Tools zur Sprach- und Gesichtserkennung und zur Analyse von Texten, Bildern und komplexen Daten: Face, Vision, Speech und Text Analytics
  • Dashboards und Visualisierungen mit Power BI
  • Azure Machine Learning, Azure HDInsight für Hadoop-Operationen und Azure Stream Analytics für komplexes Event-Processing
  • Azure Data Lake als Big Data-Repository sowie Azure SQL Data Warehouse als flexibles Data Warehouse
  • Azure Data Factory, Azure Data Catalog und Azure Event Hub für das Informationsmanagement

Weitere Informationen können Sie auch auf dem Microsoft Azure Blog (in englischer Sprache) nachlesen.

Surface 3 jetzt auch mit LTE für Geschäftskunden

$
0
0
Seit 17. Juli ist das Surface 3 auch mit 4G LTE für Geschäftskunden verfügbar. Ausgestattet mit einem Nano-SIM-Kartenslot ermöglicht es auch ohne WLAN den mobilen Internetzugang über die SIM-Karte eines Mobilfunkanbieters. Das Surface 3 mit LTE gibt es in zwei Ausführungen ohne SIM-Lock mit 4 GB RAM und entweder 64 GB SSD oder 128 GB Speicher. Surface 3 – Das Tablet, das Ihren Laptop ersetzen kann. Das Surface 3 ist das ideale Tablet für Ihr Unternehmen...(read more)

New Teacher Academy Online Courses Now Available

$
0
0

Microsoft has published a set of new online courses called Microsoft Teacher Academies, which are available for free to teachers looking for training and professional development. The online courses are designed to empower educators with the ability to effectively integrate Microsoft’s tools in teaching and learning. Courses help bring 21st century technology including Microsoft Office 365, Microsoft OneNote, Skype for Business, and OneDrive into classrooms.

...(read more)

Produktivität to go: Die neuen Office Mobile Apps für Windows 10

$
0
0

Mit dem weltweiten Release von Windows 10 stehen ab sofort auch die Office Mobile Apps Word, Excel, PowerPoint, die neue Outlook, Calender App und OneNote über den Windows Store kostenlos zum Download bereit.

Speziell für eine mobile Produktivität haben wir die Apps von Grund auf neu entwickelt. Dabei haben wir die von mehr als einer Milliarde Anwendern in der ganzen Welt vertraute Umgebung und das Menü beibehalten. Unser Ziel: Ein einheitliches Office-Erlebnis auf allen Plattformen und mobilen Endgeräten.

Einheitliches Office-Erlebnis

Windows 10-Nutzer können Dokumente auf allen Geräten anschauen, bearbeiten und neu erstellen. Die enge Integration der Office Mobile Apps mit dem Cloud-Speicher OneDrive sorgt dafür, dass sie von überall und zu jeder Zeit Zugriff auf ihre Dokumente haben. Nutzer können dort weiterarbeiten, wo sie zuletzt aufgehört haben und ihre Arbeit problemlos mit anderen teilen. Speichern müssen sie ihre Dokumente nicht mehr, das übernehmen die Office Mobile Apps automatisch. Zudem sorgt die Integration der bereits aus Office Online bekannten Direkthilfe „Tell me“ (auf Deutsch „Was möchten Sie tun?“) dafür, dass die produktive Arbeit mit Office Mobile Apps noch schneller und einfacher von der Hand geht.

Die Office Mobile Apps im Überblick

Word Mobile verfügt über verschiedene Schriften und Gestaltungsmöglichkeiten sowie eine Rechtschreibprüfung für Dokumente. Das Einfügen von Tabellen, Bildern, Textfeldern und Hyperlinks sowie von Fußnoten, Kopf- und Fußzeilen ist problemlos möglich. Für das gemeinsame Bearbeiten und Teilen von Dokumenten bietet Word Mobile Kommentar- und Nachverfolgungsfunktionen. Speziell für das mobile Arbeiten auf kleinen Bildschirmen hat Microsoft Word Mobile mit einem Lesemodus ausgestattet, bei dem ein Dokument mit optimierter Schriftdarstellung auf jeder Bildschirmgröße angenehm lesbar ist. Dazu gehört auch eine Zoom-Funktion für Bilder und Grafiken.



Excel Mobile
ist ebenfalls für das mobile Arbeiten optimiert und verfügt über alle wichtigen Basisfunktionen von Excel wie z.B. und das Hinzufügen von Spalten, das Ändern von Diagrammtypen sowie das Filtern von Daten per Touch. Das Feature „Recommended Charts“ empfiehlt automatisch die für mobile Geräte und kleine Bildschirme passenden Diagrammtypen und macht es so einfach, Daten mit nur wenigen Eingaben ansprechend zu visualisieren.



PowerPoint Mobile
bietet alle wichtigen Funktionen für das Einfügen und Bearbeiten von Folien, Bildern, Tabellen, Formen und SmartArt-Objekten sowie für Folienübergänge und Animationen. Mit der Mobile App lassen sich Präsentationen auch drahtlos mit nur einem Klick vorführen. Dabei helfen ein neuer Laser Pointer sowie Funktionen zum Markieren und Hervorheben einzelner Elemente. Über den „Presenter View“ lassen sich zudem die Sprechernotizen zur Präsentation und die nächste Folie für das Publikum unsichtbar auf dem Tablet anzeigen.



OneNote Mobile
hilft dabei, Ideen zu erfassen, zu organisieren und zu teilen – von jedem beliebigen Gerät mit Windows 10 aus. Notizen lassen sich durch Tippen, Schreiben oder Zeichnen festhalten, mit Tabellen und Bildern ergänzen und einfach wiederfinden. Das gilt sogar für handschriftliche Notizen. OneNote speichert Ideen automatisch und synchronisiert seine Inhalte laufend über die Microsoft Cloud, so dass sie auf jedem Gerät zeitgleich zur Verfügung stehen. OneNote ist auf Geräten mit Windows 10 bereits vorinstalliert.



Office für Windows Desktops, Tablets und Phones

Die Veröffentlichung der Mobile Apps ist der erste von drei wichtigen Office für Windows 10 Releases dieses Jahres. Office 2016 für Windows wird im September dieses Jahres folgen, Office Mobile für Windows Phone im Herbst. Die Office Apps gibt es auch für iOS und Android-Geräte und erst vor kurzem haben wir Office 2016 für Mac veröffentlicht. Damit bietet Microsoft über alle gängigen Geräte und Plattformen hinweg produktives Arbeiten in einer einheitlichen Umgebung und Benutzerführung – Produktivität to go auf gängigen mobilen Endgeräten.


Lizenzierung der Office Apps für Windows 10

Das Ansehen von privaten und geschäftlichen Dokumenten ist kostenlos gestattet, auf Geräten mit Bildschirmen bis zu 10,1 Zoll auch das Erstellen und Bearbeiten privater Dokumente. Für die Erstellung und Bearbeitung von privaten Dokumenten auf Geräten mit Bildschirmen größer 10,1 Zoll sowie für die Nutzung von Premiumfunktionen ist ein gültiges Office 365 Abonnement erforderlich. Jegliche geschäftliche Nutzung (für Geschäftszwecke und/oder geschäftliche Dokumente) setzt für die Erstellung und Bearbeitung von Dokumenten ein gültiges Office 365 Abonnement für Unternehmen voraus, welches zur Nutzung von Office auf Tablets und Smartphones berechtigt.

Nutzer mobiler Geräte können die Office Mobile Apps aus dem Windows Store direkt herunterladen. Voraussetzung ist Windows 10 als Betriebssystem.

Für Anwender, die über die Basisfunktionen der mobilen Office Apps hinaus die umfangreicheren Funktionen von Office nutzen möchten, empfehle ich Office 365 ProPlus als Bestandteil von Office 365. Mit Office 365 ProPlus bleibt Office immer auf dem neuesten Stand und Nutzer können neue Funktionen sofort produktiv nutzen. Selbstverständlich lässt sich Office 365 ProPlus auch ohne Internetverbindung verwenden. Anwender haben ihre Daten auch offline immer dabei.

 

 

 

 


Ein Beitrag von Ulrike Grewe (@UlrikeGrewe)
Product Manager Office & Office auf mobilen Geräten bei Microsoft Deutschland

 

(SQL) Tip of the Day: XEvents in SQL Azure V12 and V1

$
0
0

Today’s (SQL) Tip…

Extended events for SQL Azure are and have been quietly available in SQL Azure V1. Currently they work by having several preconfigured xevents sessions available for you to capture. You can see the sessions available by using this query:

select * from sys.event_sessions

To capture the events first you need a storage account setup to gather the files. To do that you can use Azure Storage Explorer 5  http://azurestorageexplorer.codeplex.com/

Connect to your storage account and the setup the security on the container:

  1. Click on the container and hit the Blob Security button.
  2. Create a Shared Access Signature
  3. For permissions, select Read/Write/Delete/List
  4. Pick Start and Expiry
  5. Go to the Shared Access Signatures tab
  6. Click Generate Signature and copy to the clipboard

Next we need to add this storage credential to your SQL Azure database. Connect to your db and run this query, make sure to replace the place holders.

exec sp_create_azure_storage_credential N'EverythingBeforeTheQuestionMarkInTheAccessSignature' ,  N' EverythingAfterTheQuestionMarkInTheAccessSignature '

Now run this query to start the azure_xe_query_detail session, charge start to stop to end the session.

alter event session [azure_xe_query_detail] on database state=start;

Vermeintliches Windows-10-Update: Kriminelle verteilen Malware

$
0
0

Online-Kriminelle missbrauchen die Aufmerksamkeit, die Windows 10 seit seinem Start in der vergangenen Woche auf sich zieht: Laut Cisco versprechen sie Anwendern per Spam-Nachricht, sofort an das – ohnehin kostenfrei von Microsoft an den Großteil der Nutzer von Windows 7 und Windows 8.1 – erwartete Upgrade zu gelangen. Da Microsoft nicht alle Systeme, deren Besitzer sich für das Gratis-Upgrade registriert haben, gleichzeitig mit Windows 10 versorgt, kann es zu Wartezeiten kommen – die Kriminelle für ihre Zwecke ausnutzen wollen.

Klickt der Anwender auf den vermeintlichen Windows-10-Installer im Anhang der Nachricht, installiert er einen Crypot-Locker. Diese Art von Schadsoftware verschlüsselt den Inhalt der Festplatte und gibt die Sperre erst gegen Zahlung eines Lösegeldes wieder frei. Crypto-Locker, auch Ransomware (ransom steht für Lösegeld) genannt, sind kein neues Phänomen, aber leider immer noch sehr wirksam. Im aktuellen Fall bleiben dem Opfer nur 96 Stunden, um die Forderung zu erfüllen. Zahlt er nicht in diesem Zeitraum, kommt er nicht mehr an die auf dem Windows-Rechner gespeicherten Dateien.

Die von Cisco gefundenen E-Mails sind zum Glück vergleichsweise leicht als Fälschung zu erkennen, da diverse Zeichen nicht korrekt dargestellt wurden. Wenngleich man den Kriminellen zugute halten muss, dass sie mit tatsächlich vorhandenen, neuen Windows-10-Funktionen wie dem Browser Edge locken.

Erneute Warnung vor Support-Anrufen

An dieser Stelle zudem noch einmal der Hinweis auf eine seit langem laufende Betrugskampagne: Nach wie vor rufen Kriminelle Menschen auf der ganzen Welt an und geben sich als Microsoft-Support-Mitarbeiter aus (ich habe die Masche früher bereits ausführlich geschildert). Im Lauf des Gesprächs schleusen sie dann Schadsoftware auf den Rechner der Opfer.

Hier eine Sammlung von Punkten, anhand derer Kunden einen solchen betrügerischen Anruf erkennen können:

  • Microsoft schickt unaufgefordert weder E-Mails, noch fordern wir per Telefonanruf persönliche oder finanzielle Daten an
  • Microsoft unternimmt keine unaufgeforderten Telefonanrufe, in denen wir anbieten, den Rechner zu reparieren.
  • Gibt sich der Anrufer als Mitarbeiter der Microsoft Lotterie aus, dann lügt er. Es gibt keine Microsoft Lotterie.
  • Microsoft fragt nicht aktiv nach Kreditkarteninformationen um die Echtheit von Office oder Windows zu verifizieren.
  • Microsoft kontaktiert Nutzer nicht ungefragt, um über neue Sicherheitsupdate zu informieren.

Gastbeitrag von Michael Kranawetter, Chief Security Advisor (CSA) bei Microsoft in Deutschland. In seinem eigenen Blog veröffentlicht Michael alles Wissenswerte rund um Schwachstellen in Microsoft-Produkten und die veröffentlichten Softwareupdates.    

Boot Image Missing Additional Tabs In The Properties Dialog After Installing Windows 10 ADK and Updating Default Boot Images

$
0
0

Overview:

After upgrading to Configuration Manager 2012 SP2, I ran across the below issue related to boot images. First a little background on the scenario and why this happens.

I was running a Configuration Manager 2012 R2 standalone primary site. I ran the Configuration Manager 2012 SP2 media to update the site to Configuration Manager 2012 SP1 R2 without initially upgrading the Windows 8.1 ADK to the Windows 10 ADK since Configuration Manager SP2/SP1 R2 supports the Windows 8.1 ADK.

After deciding I wanted to deploy Windows 10 in my Configuration Manager 2012 SP1 R2 site, I decided to uninstall the Windows 8.1 ADK and install the Windows 10 ADK and reboot the server so Configuration Manager detects the new Windows 10 ADK.

After the rebooting Configuration Manager server, I noticed the extra tabs on the boot image (e.g. Drivers, Customization, Images, Etc.) were missing. I expected this to happen since the installed ADK has to match the boot image version in order to get the extra options in boot image properties dialog box.

image

Since the Windows 10 ADK was installed after the SP1 R2 upgrade (Usually if you install a new ADK before an upgrade setup will automatically update the default boot images), I needed to manually replace the boot.wim files (x64 and i386) in the OSD folder in Configuration Manager. I grabbed the WinPE (winpe.wim) from the Windows 10 ADK install folders (C:\Program Files (x86)\Windows Kits\10\Assessment andDeployment Kit\Windows Preinstallation Environment) in my lab. I replaced the existing Windows 8.1 WinPE (boot.wim) files in the OSD folder in the Configuration Manager install folder (D:\ConfigMgr\OSD\boot) in my lab.

After replacing the default boot image WIMs (x64 and i386) in the OSD folder, I choose to Update Distribution points expecting to see the version increment to 10.0.10240.16384 and have the extra tabs in the boot image properties. I noticed even after updating the boot image it still detected the boot image OS Version as 6.3.9600.16384 and I didn’t see the extra tabs in the boot image properties.

image

This is because Updating Distribution Point will not check and update the OS Version it simply rebuilds the boot image and updates the distribution point.

Resolution:

In order to get the OS Version to update you need to Reload the boot image from the boot image properties. This will check the boot WIM file and refresh all the below information in the Configuration Manager UI.

image

The issue was since Configuration Manager thought my boot image was a WinPE 8.1 boot image and the current ADK installed was Windows 10, I didn’t get the Images tab were I could Reload the boot image from the Configuration Manager UI.

To work around this you can run a PowerShell script on the Site Server that will invoke a WMI method from the SMS Provider to Reload a boot image.

When running the script, you should see the followingdialog box to know the boot image was reloaded:

image

You will have to edit line 9 (With your SiteCode) and line 10 (With the PackageID of the boot image to Reload) before running the script.

After running the PowerShell Script, I was all set and the Configuration Manager boot images node detected the boot image was WinPE 10, and I got all the extra options in the properties!

image

image

The PowerShell script to Reload the boot image is available for download here.

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of any included script samples are subject to the terms specified in the Terms of Use

Viewing all 17778 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>