Almost since there are the Windows Apps in the Microsoft Store, there is also a way to download them as * .appx or now * .appxbundle. All you needed was a small tool to catch the link. As a result we were able to watch apps and test the new features without being in Preview Preview or Fast Ring.
Now Adguard has made it possible for us to download and install Windows 10 apps without the Microsoft Store Apps. All you need is the link to the app from the Microsoft Store website. You then enter it in the new page of Adguard and ca
If the links are displayed, you will need the * .AppxBundle and the * .EAppxBundle file. The former allows the installation. The second is then the update. A prerequisite is, of course, the activation of the developer mode. Who thinks now to come so fast to paid apps, Both packages downloaded, the AppxBundle started by double-clicking and it was then automatically updated via the EAppxBundle. The Store App will also show that you can start the app. So it is installed normally.n choose between Fast, Slow, RP and Retail.
How long the service remains is questionable. But since the Redmonder also deals with the updates so openly, nothing should change here. Whether the developers there are “leaps and bounds”, I can not judge. This will only be interesting to test MS apps from the release ring. Since these come more with new features.
If you want to try it out by clicking here [3.Update 21.07.]
New features for downloading the apps
[Update July 22] The link works again and Adguard has now added more options to select the apps. In addition to the complete link (Url) Adguard has now added the ProductID. This is the number and letter combination from the link after the “/” and before the “?” Example: 9wzdncrdfx92. Also possible is the package name, for example, from the folder WindowsApps. As well as the category ID.
To enable the new Developer features, do the following on build 10122 or greater:
Tap on the Windows-key, type Settings and load Settings – Modern application when the search results are displayed. You can also use the shortcut Windows-I instead which also opens the Settings application on Windows 10.
Switch to Update & Security > For developers to display the new features.
There you may either enable “sideload apps” or “developer mode”.
Sideload apps — Install apps from other sources you trust, like your workplace
Developer mode — Install any signed and trusted app and use advanced development features
The main difference between the options is that “sideload apps” is limited to loading apps from sources other than Windows Store, while developer mode goes beyond sideloading applications.
Enable developers mode through cmd:
Enter the command prompt in the system tray search and open it with the Ctrl + Shift key pressed or right-click as administrator
Like any firewall, the Microsoft software firewall on Windows Server 2016 blocks by default almost all communication ports. Originally, the ping is also denied, even in a WAN local area network / server member. This tutorial explains how to configure the Windows Server 2016 firewall to ping . This is done simply with the WS16 built-in utility for setting advanced firewall security rules.
The procedure is the same under Windows Server 2016 as with previous versions of WindowsServer (2012 / R2, 2008 / R2). Windows Server 1709 and 1803 updates are also affected by this guide.
By default, with the Windows firewall active, a 2016 server does not respond to ping:
Sending a 'ping' request on winserver2016 with 32 bytes of data:
Timeout exceeded the demand.
Timeout exceeded the demand.
Timeout exceeded the demand.
Timeout exceeded the demand.
Ping statistics for 192.168.0.10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
Configure the Windows Server 2016 firewall to accept and respond to ping requests
1. Connect locally or remotely on the Windows Server 2016 machine.
2. Open the Windows Firewall, either by the built-in search or by the Start Menu, Windows Administrative Tools, Windows Firewall with advanced security features .
3. In the left menu, click on ” Inbound Rules “:
4. In the right menu, click on ” New rule “.
5. In the first Rule Type screen, choose ” Custom ” and do Next .
6. Leave ” All Programs ” and then Next .
7. Open the “Protocol Type” list to select ” ICMPv4 ” that corresponds to the Internet Control Message Protocol (ping). Do not change other options on this screen.
8. In the Extended section, leave ” Any IP address ” in both fields if there is no particular constraint. Otherwise, specify the specific IP addresses, IP ranges, or subnets that are allowed to ping the machine.
9. What action to take? ” Allow connection ” to answer ping requests from another extension.
10. Define on which networks this new rule must be applied: check only Domain to prevent the ping from being allowed on another connection than the one of the company (which should not change for a server).
11. Give this firewall rule a name and click Finish to validate it.
12. The ping is immediately functional from another PC on the network.
Sending a ping request on winserver2016.domain.local [192.168.0.10] with 32 bytes of data:
Answer of 192.168.0.10: bytes = 32 times <1ms TTL = 128
Answer of 192.168.0.10: bytes = 32 times <1ms TTL = 128
Answer of 192.168.0.10: bytes = 32 times <1ms TTL = 128
Answer of 192.168.0.10: bytes = 32 times <1ms TTL = 128
Ping statistics for 192.168.0.10:
Packages: sent = 4, received = 4, lost = 0 (loss 0%),
Approximate loop time in milliseconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
This tutorial was useful? Say it in the comments and share this guide to help your friends!
Windows 10, a friend who wants you good? The latest Microsoft OS is much too “sticky” according to many users. In question, the collection of personal data and their sharing at all winds makes cringe. Fortunately, the setup options detailed below significantly reduce the amount of information sent to the outside.
Here are some tips to disable the most intrusive Windows 10 features for your privacy. Some options were implemented during the update Creator’s Update, under the command of the CNIL. Others will prevent some services from running at 100%, like Cortana or AutoComplete. But at the end,
Change the privacy settings of Windows 10
Most of the options to disable are located in the privacy settings. To access it, open the Start menu and click on the wheel icon (to the left of the menu) to open the “Windows Settings”. Then click on “Privacy” . The options below are listed in the left column:
General
This tab allows you to disable the Windows 10 advertising ID . This particularly maligned feature allows advertisers to target their ads when you’re online. Of course, this involves the collection of a lot of personal information. To avoid this, simply disable the advertising ID by clicking on the “Enabled” button.
Location
Do you take your PC everywhere with you? Do you feel that Microsoft and its geolocation services do not need to know where you are in real time? This tab makes it possible to avoid being tracked in your travels .
To turn off geo-tracking for all programs, click the “Edit” button, then the “On” button. If you prefer to customize the permissions, scroll down and clear the option only for the software of your choice.
From the same window, you can access the history of information collected on your geolocation. Some are stored locally: you can delete them by clicking “Delete” below the “Location History” space. For location data stored in the cloud, click ” Manage my location information stored in the cloud ” and manually clear your history.
Camera and Microphone
By default, all Windows 10 applications can access the camera on the PC. If you prefer, it is possible to limit the image taking to the software of your choice (Skype, Viber, etc …). To do this, click on “Camera” on the left column, scroll down and allow only the applications of your choice.
If you prefer to disable the use of the camera for all applications, click the “On” button at the very top of the window.
You can do the same for the microphone of the PC, by clicking on “Microphone” in the left column and repeating the operation.
Account Information, Contacts and Calendar
Windows 10 allows any application to view your personal information , including your account information. The “Account Information” tab allows you to disable this. Click the “Enabled” button to ensure the privacy of your private data on Windows 10 .
Then repeat the operation for each of the following tabs: “Contacts” and “Calendar”.
Comments and diagnostics
This tab is dedicated to telemetry: it is diagnostic data sent to Microsoft to improve your experience. You are free to deactivate this function: to do this, click on the “Activated” button in the “Diagnostic data” area.
Disable information collected by Cortana
Cortana is your personal assistant on Windows 10 : like Siri at Apple, it allows you to perform basic tasks by voice command. It’s also one of the most worrying features of privacy advocates: Cortana can be activated by voice (saying “Hey, Cortana”), the microphone is always open …
If this idea gives you urticaria, know that it is possible to disable this function. First open the voice assistant settings by clicking on ” Cortana ” from the Windows Settings.
In the first tab that appears, go to the “Hey Cortana” option and click the “On” button. This allows the voice assistant to work, but not to be called by voice command.
Cortana itself is a very intrusive option: the assistant collects data about your activity in order to best meet your requests. Do you want to be clear? Click on “Permissions and Logs” in the left column. There, go under the “Permissions” area and click ” Manage information that Cortana can access from this device “. Then deactivate the options of your choice.
Customize Microsoft Edge, which is a little too indiscreet
The new Internet browser from Windows is not devoid of qualities, but it tends to be, too, a little too indiscreet. It collects a large volume of personal data to enhance the user experience by making it more predictive and responsive.
To make it less intrusive, you can disable some minor features by accessing the browser settings. To do this, click on the three small dots at the top right of the window, select “Settings <” and click on “Show advanced settings”.
In order to limit the data collected by Microsoft Edge, it is advisable to disable the following options:
“Save form entries”;
“Allow Cortana to help me in Microsoft Edge”;
“Show search suggestions and sites as I type”;
“Use page prediction to speed up navigation (…).”
Disable synchronization with other devices
Windows 10 offers synchronization of your data between all the devices you use from the same Live account. Concretely, this means that the following information is automatically transmitted from one device to another: theme, settings, ergonomics options, personal info, history …
If this function can be useful for some, it also means that your personal data is stored on Microsoft’s servers . To delete it, it’s very simple: from the “Windows Settings”, click on “Accounts”.
In this window, you can enable or disable the items you want to synchronize, one by one: theme, web browser settings, passwords, language preferences, usability options, Windows settings …
If you prefer, you can also completely disable synchronization between devices . At the very top of the window, click the first “Enabled” button to remove it.
These tips will help you disable the most intrusive options of Windows 10 . This is not enough to prevent it from communicating your personal info to Microsoft servers: other parameters require manipulations reserved for expert users, or the installation of third-party programs, such as DoNotSpy10. That said, by applying these tips, you will have already taken a big step towards improving your privacy under Windows 10 !
A few Months Ago, Microsoft pushed an update on all its OS. This update bearing the name of KB4093492 may cause problems of RDC connection on some servers.
For many customers this was the case, so that will give you a solution if you also encounter this problem.
When you start the connection to the remote server with the Remote Desktop Connection tool , you get the following error:
this could be due to credssp encryption oracle remediation
If you encounter this error, there are several solutions.
You can uninstall the KB4093492 very well , but here we will see a simpler way around it.
Via PowerShell / Regedit
From the impacted computer, launch Powershell in admin and type the following command:
The Check Disk utility can save your hard drive or SSD and it is advisable to use it as soon as your system behaves strangely. Sometimes even if apparently the problem does not come from your hard drive . The chkdsk program can fully scan your hard drive for bad sectors. Two cases arise: either chkdsk can repair the failing sector, or it can not.
In this second case it marks the sector in question so that the system does not try to use it anymore. Beforehand, a faster analysis can be done to find logical errors in the file system. Such an analysis can solve many problems in itself. It is recommended to run the utility regularly to prevent these errors from damaging your data.
If the errors multiply, it is that your disk or SSD arrives at the end of life, it is then necessary to change it. If you opt for a hard drive, check out this list of the most reliable brands !
How to fix the hard drive with Chkdsk under Windows 10
We will see two methods to launch this utility: via File Explorer, since as you will see, the utility is fully integrated into the system, and via the Command Prompt, when you want to force its startup with some parameters .
From File Explorer
Right click on the Start menu and then click on File Explorer
Go to This PC in the left column
Then go to the Tools tab
Click Check to check for errors and follow the instruction
In some cases Windows 10 will tell you that the utility has not found any errors before starting, but you can still click Check Disk .
From the Command Prompt
Launching the utility from the command prompt gives you access to finer options, and among other things allows you to perform a more in-depth analysis, which will require a restart of your computer in order to be able to repair the errors encountered. We will go directly to the most thorough and effective mode to try to repair damaged areas.
Start typing Command Prompt in the Start menu , right-click on the first result, and then Run as administrator.
Type chkdsk / r c: as in the screenshot below and validate by typing Y then Enter
Your drive will be checked at the next reboot, when you choose to restart it. Expect a longer start than usual. If you want to cancel this check, return a prompt in administrator mode command and enter chkdsk / x c: . If you liked this tutorial, you will probably like this one: how to fix all your Windows boot problems .
Microsoft has changed the terms of operating system support for Windows 7, which, despite its venerable age, is still popular.
Initially, it was expected that extended support would end on January 14, 2020. But now for business users terms are shifted.
Microsoft clarified that the support of corporate versions of the system can last until January 2023, but for an additional fee, as part of the service Windows 7 ESU ( Extended Security Updates – extended security updates).
You will need to pay for each PC, and the price will grow every year. Apparently, in Redmond they intend to make money by users by any means: either by demanding payment for an outdated OS, or forcing to switch to Windows 10.
The Windows 7 ESU service will be available for Windows 7 Professional and Windows 7 Enterprise with a corporate license. And owners of Windows 10 Enterprise and Windows 10 Education will be offered a discount. Access to the cloud-based Office 365 ProPlus service will be preserved, but only if the company paid the ESU before January 2023.
It is not yet clear whether the beginning of 2023 will be the final of the “seven”, or the company will still extend support again. Although the latter, given the desire for a billion devices on Windows 10, is unlikely.
The ability to move a virtual machine without downtime put Hyper-V on the same footing with other hypervisors and provided organizations with greater flexibility in hosting and optimizing resources. For most organizations using Hyper-V, live migration has become so important that one of the criteria for developing new features of Windows Server 2012 was the integrity of its mechanism.
n most issues related to computing, the main task is to consolidate shared resources and functions in a single module. In such a consolidation is the main purpose of virtualization technology. The Windows Server 2008 R2 Hyper-V hypervisor had similar priorities, in which it became possible to share NTFS volumes based on SAN storage by all nodes in the cluster. With this approach, all volumes were granted simultaneous access using Cluster Shared Volumes (CSV) technology. Server 2008 R2 has a live migration migration mechanism that allows you to move virtual machines between nodes in a cluster without downtime. Live migration was performed by copying the contents of the RAM and the state of the virtual machine in the process. .
New opportunities
The Server 2012 Hyper-V hypervisor implements several new features, some of which relate to the operation of fault-tolerant clusters. Let’s highlight two important changes in the live migration migration mechanism in a failover cluster.
-In Server 2012, live migration supports multiple simultaneous migration processes between a pair of host servers. In the previous version only one process was supported.
– The mechanism of fault-tolerant servers supports the use of up to 64 nodes and 4000 virtual machines in one fault-tolerant Server 2012 cluster – the figures increased by 400% compared to the fault-tolerant Server 2008 R2 clusters (although this article is not about this).
Server 2012 has a new type of live migration: migration without shared storage. Yes, I did not make a reservation. No shared storage, no shared cluster — all you need is just a Gigabit Ethernet connection between the Server 2012 Hyper-V hosts. Through this connection, you can transfer the virtual machines between the Hyper-V host servers, while moving the virtual disks of the VHD virtual machines, the contents of the memory, the state of the processor and the system without idleness of the virtual machine. If we consider the most extreme scenario, then a virtual machine running on a laptop with VHDs located on a local shared drive can be moved to another laptop connected via a single Gigabit Ethernet network cable.
A word of caution: do not think that using live migration without shared storage means that failover clusters are no longer needed. A failover cluster is a high-availability solution, while hot migration without shared storage is a mobile solution that gives you additional flexibility when you plan to move virtual machines between Hyper-V hosts in your environment. In addition, hot migration can be an addition to a failover cluster. Imagine the ability to move virtual machines without idle work inside the cluster, from the cluster to the outside, between the clusters and between individual host systems. With live migration without a shared repository, you no longer depend on repositories.
Requirements for using live migration without shared storage
The requirements for activating the live migration mechanism are quite simple.
-You need two (at a minimum) instances of a Server 2012 system with the Hyper-V role installed or the free version of Microsoft Hyper-V Server 2012 installed.
-Each server must have access to its own storage for storing virtual machines. This role can be played by local storage, a dedicated SAN storage, or a Server Message Block (SMB) 3.0 share.
– Servers must have processors of the same type or family (that is, Intel or AMD) if you use the Processor Compatibility feature for virtual machines.
Servers must be members of one Active Directory (AD) domain.
– Between servers, a connection of at least 1 Gb / s should be established (it is recommended to organize a separate dedicated network segment for live migration traffic, but this configuration is not mandatory), through which two servers can exchange data. For the network adapter you use, you must activate the Client for Microsoft Networks and File and Printer Sharing services for Microsoft Networks, as they are used for all types of migration between repositories.
– On each Hyper-V server, the same virtual switches should be assigned the same name to avoid errors and manual operations during the migration process. If a virtual switch with the same name as the switch used in the settings of the portable virtual machine is not defined on the target Hyper-V server, an error message will appear and the administrator performing the migration will have to choose which switch on the target server to connect to virtual machine adapter
-The virtual machines for which you plan to perform the migration should not use transit storage.
When your environment meets the listed requirements, you can proceed to the next step — allow outgoing and incoming migrations for Hyper-V hosts.
Host level permissions
To enable live migration on Hyper-V servers, you must enable the Enable incoming and outgoing live migrations checkbox in the Hyper-V hypervisor settings. These settings are available in the Hyper-V Manager wizard. Figure 1 shows the basic settings required to allow migration outside the cluster.
Screen 1. Hyper-V server live migration settings
In the simplest environments, selecting the option Enable incoming and outgoing live migrations, accepting the default setting of Use Credential Security Support Provider (CredSSP) for authentication and using any available network for live migration should ensure that migration is performed without shared storage. The unobvious moment: the Hyper-V integrated exception (MIG-TCP-In) creates a firewall resolution rule for TCP port 6600. If you use an alternate local firewall on the servers or if firewalls are used to filter traffic between servers, manually.
Keep in mind that on the Hyper-V Settings screen you can also set the maximum number of simultaneously running migration processes. Server 2012 removes the limit to one live migration process between any two hosts at the same time, instead the number of simultaneous migrations is now determined by the network transmittance. However, if you want to limit the number of simultaneous migrations to a certain number, set this limit in the Simultaneous live migrations field. You can configure this value using the MaximumVirtualMachineMigrations parameter of the Set-VMHost command in Windows PowerShell.
Although the default settings can work in simple environments or in basic testing, most environments will need to switch to Kerberos authentication and use a dedicated network for live migration traffic, which will include copies of the virtual machine memory and its storage devices. Using the Kerberos mechanism allows administrators to initiate migration processes remotely. Using a dedicated network helps to manage network traffic and ensure that there is sufficient network bandwidth to perform the migration. Let’s look at the authentication process and see why it becomes a source of problems for live migration in non-clustered environments.
Live migration authentication
In clustered environments where the Hyper-V host servers are part of a failover cluster, all the hosts share a common cluster account. This account is used to exchange messages between hosts in the authentication process, simplifying (from the point of view of authentication) operations such as migration within the cluster. Beyond the cluster boundaries, each Hyper-V server has its own computer account — there are no shared credentials. When performing operations, the account of the user who initiates the action is usually used.
During live migration, operations are performed on the source server, on the target server (and on file servers, if the virtual machine is stored in the SMB shared folder), and authentication is required in each case. If the administrator performing the migration connects to the source server or target server and starts the live migration process without shared storage through the local Hyper-V Manager snap-in, then the administrator credentials are used for both local operations and for executing commands on the target Hyper-V V. In such a scenario, CredSSP works correctly, allowing administrator credentials set on the client side to be used on a remote server — usually at a distance of one authentication step between the local machine with which the operation is performed and the remote server.
However, the general ideology of the Server 2012 system (and the general management approach) implies remote control and automation. The need to constantly log in to the source and target Hyper-V servers every time you need to migrate outside the cluster is a huge drawback when remotely managed. If the user is logged on to the local computer running the Hyper-V Manager snap-in and tries to migrate between the Hyper-V A and B hosts, this attempt will fail. The user credentials will be used on host A (which is in one authentication step from the client system), but host A cannot use these credentials on host B to complete the migration. The problem is that the CredSSP protocol does not allow the transfer of credentials to a system that is in more than one step. In this situation, full remote control will ensure the use of the Kerberos protocol: Kerberos supports limited delegation of authentication. Thus, when a user performs an operation on a remote server, this remote server can use the user credentials to authenticate to the second remote server.
Does this mean that the server to which I connect remotely can simply take my credentials and use them on another server without my knowledge? This is where the limiting part of delegation comes into play, despite the fact that you will need to perform certain configuration before you can use the Kerberos protocol as an authentication protocol during migration. You need to configure delegation for each computer account that will be allowed to perform operations on a different server on behalf of the user. To configure delegation, use the Active Directory Users and Computer Management tool and the properties of the computer account for the server that will be given the right to delegate. As Figure 2 shows, the Delegation tab contains settings for the allowed delegation level.
Screen 2. Delegation settings to perform remote start live migration
The only service that requires delegation is the Microsoft Virtual Migration Service, which must be activated on the target Hyper-V server. You need to select only one authentication mode – Use Kerberos. I have two servers SERVERA and SERVERB; the screen shows that I am changing the delegation settings for server SERVERA and setting up Kerberos delegation on my other server SERVERB for the Microsoft Virtual System Migration Service. I will repeat the configuration process for the SERVERB computer account, allowing you to delegate it to the SERVERA server. Also keep in mind that I configured delegation for the Common Internet File System (CIFS) service, which will be needed later when virtual machines hosted in SMB public folders are moved between hosts.
Remember that all hosts participating in the migration must have the same authentication settings. Figures 1 and 2 show the main differences between the CredSSP and Kerberos protocols and the settings required to use each of the protocols. Figure 1 shows the use of the CredSSP protocol; its operation requires that hot migration be started from one of the Hyper-V servers. Figure 2 illustrates the use of Kerberos authentication and the remote launch of a process that requires additional restricted Kerberos delegation. Although the use of Kerberos authentication requires more time-consuming configuration, the additional flexibility obtained justifies these efforts and translates this configuration into the recommended one.
Figure 2. Migrating using the Kerberos protocol
Network settings
Authentication was a difficult step. You must now configure the network to use for inbound migrations (that is, the network on which the host will wait and receive live migrations). By default, live migration is allowed from any network. However, I recommend, if possible, to use a closed network dedicated to migration processes to ensure guaranteed bandwidth and separate migrations from the rest of the network traffic. You can add multiple networks and set the order in which they are used: just enter the address of the corresponding subnet in the network prefix notation, also known as the Classless Inter-Domain Routing (CIDR) notation. For example, to specify a network adapter with an IP address of 10.1.2.1 and a subnet mask of 255.255.255.0, I used the notation 10.1.2.0/24. Alternatively, specify the full IP address with a mask of 32 (for example, 10.1.2.2/32), but in this case, you will need to change the settings every time you change the IP address. Make sure that the source and target servers can communicate with each other using the IP addresses that you specified to use during the live migration process, otherwise the migration cannot be performed. To modify these settings using PowerShell, use the Add-VMMigrationNetwork and Set-VMMigrationNetwork commands.
Apply migration without shared storage
After setting up the Hyper-V host servers, the migration itself is easy. For a virtual machine, select the Move action, and then select Move the virtual machine as the move type. Enter the name of the target Hyper-V server to which you want to move the virtual machine, and to top it up, specify how the elements of the virtual machine, such as VHDs, will be moved to the destination. Screen 3 shows the final motion settings. Since we are interested in a scenario without shared storage, in which there is no shared storage and no shared SMB file folders are used, you need to choose one of two options: items. The first option allows you to specify a single place on the target storage, which will contain the virtual machine configuration, hard drives, and snapshots. In addition to the selection of relocatable elements, the second option allows you to specify the storage location for each virtual machine element.
Screen 3. Selection of a variant of the move operation
After you make your selection, specify the folder on the target server. The move operation will start. The execution time depends on the size of the VHD disks, the amount of memory being moved, and the frequency of changes. However, the operation will be performed without downtime and loss of connection with the virtual machine. You can also initiate a move using the Move-VM PowerShell command.
Troubleshooting Migration Errors
The following steps should help you deal with any obstacles that may arise in the process.
Make sure your infrastructure meets the requirements described at the beginning of this article.
Check the Event Viewer (Applications and Services Logs> Microsoft> Windows> Hyper-V-VMMW> Admin) log for messages describing the problem.
Verify that the IP addressing settings between the source and destination servers are correct. Servers should be able to exchange messages. Check with the ping command for the availability of the destination IP address of the migration from the source server.
Run the following PowerShell command from the session with elevated privileges to view the IP addresses used for the server: gwmi -n root \ virtualization \ v2 Msvm_VirtualSystemMigrationService | select MigrationServiceListenerIPAddressList
Ensure that the target server has a firewall exception enabled for Hyper-V services (MIG-TCP-In).
The name of the target server must be resolvable through DNS. Try running the Nslookup command on the target server. Also run the command
ipconfig / registerdns
on the target server and command
ipconfig / flushdns
on the original.
7. On the target server, use the following command to clear the Address Resolution Protocol (ARP) protocol cache:
command arp -d *
8. To test connectivity, try remotely sending a Windows Management Instrumentation (WMI) request to the target server (the WMI-In firewall exception must be enabled)
9. Change the IP address used for live migration. For example, if you are using a 10.1.2.0/24 subnet, try replacing it with a specific IP address 10.1.2.1/32. Also, check the IPSec encryption or firewall settings between the source and destination servers. Find out if several network cards are connected to the same subnet – this can cause problems. If you encounter this situation, try disconnecting one of the adapters.
10. Configure authentication via CredSSP and start the process locally from the Hyper-V server. If after this error is resolved, then the root of the problem in the delegation of Kerberos.
The most common problems among those I have encountered are related to errors in configuring the Kerberos protocol or IP addresses. Failure to resolve the target server name through DNS service will also cause problems.
Summing up and next steps
Live migration without shared storage is the most radical type of migration with zero downtime. However, there are other types of migration without downtime, such as storing virtual machines in a shared SMB file folder that both Hyper-V hosts have access to. With this approach, the memory and state of the device are moved across the network, and the storage remains in its place. And there is still live migration within a failover cluster — a process that can use shared SAN storage via the CSV file system (CSVFS).
If you move a virtual machine between failover clusters or between a failover cluster and a standalone Hyper-V host, you will have to remove the virtual machine from the cluster before migrating. It is very convenient that in Server 2012 you can add and remove virtual machines from a failover cluster without stopping them — that is, without idle virtual machines, even if migration affects a failover cluster.
Of course, even in a scenario without shared storage, there is a need for a common physical network infrastructure and dependence on the settings of the IP address of the virtual machine during the move. That is why another possibility of Server 2012, Network Virtualization, opens up a new world: now virtual machines can be moved between any hosts without changing the network settings in their operating systems.
NowWindows 10 will determine by itself if any of the installed updates are incompatible with a component of your PC. The company has released a document detailing the procedure that the OS will now follow when the computer does not restart because of a “dubious” update.
The Microsoft support page states: “Windows automatically installs updates to keep your computer safe and efficient. Occasionally, these updates fail because of a [hardware] incompatibility or software problem. Your device has failed a startup failure if you received this notification: “We have removed some recently installed updates so that you can restart your computer after a failed startup “. The company adds that uninstalling a problematic update is only the last resort.
On its website, Microsoft says that Windows will prevent the reinstallation of this update during the month following the incident , which should allow time for the company and its partners to find the root of the problem. The Redmond giant also adds that the most effective way to trace an incident report is to fill out the “comment hub” form available on all Windows 10 PCs .
The SDN capabilities of Microsoft Windows Server 2019 have been significantly enhanced to improve the security of virtual machines and make network administration tasks less cumbersome.
Microsoft has extended software-defined network capabilities ( Software-Defined ) in its latest version of Windows Server to meet the requirements of modern data centers.
More and more companies are expecting greater flexibility in their IT infrastructure and increased security of the network component to prevent breaches and downtime . The Software-Defined Network (SDN) is one way to meet these requirements by applying software-based infrastructure management methods and the use of a centralized management interface.
Microsoft has strengthened Windows Server 2019 with four key SDN features to extend the network capabilities of previous versions of Windows Server. These new SDN features – network encryption , firewall auditing , virtual network peering, and metrics availability on outbound traffic – should address network security issues and ease the overall workload. of the administrator.
Windows Server 2019 SDN Security Has Multiple Improvements
Windows Server 2019 includes two new SDN features directly related to security: network encryption and firewall auditing.
Windows Server 2019 can now encrypt virtual network traffic between virtual machines on the same encrypted subnet. This SDN uses Datagram Transport Layer Security (DTLS) to encode packets, which prevents malicious actors from causing damage or stealing data even if they can access the physical network.
The Windows Server 2019 firewall audit provides administrators with a convenient logging feature when it comes to troubleshooting or ensuring traffic compliance. Windows Server 2019 maintains a registry of traffic managed by the SDN firewall, which administrators and compliance officers can analyze and evaluate for certain events, such as potential intrusions.
New SDN features that simplify infrastructure management
The virtual network peering feature of Windows Server 2019 lets you group multiple virtual networks together to make them work as a single virtual network. Both networks have the advantage of communicating with each other’s resources without gateways and without increasing latency. In addition to this flexibility, administrators avoid all downtime during the login process.
Output counting metrics track the status and usage of data by virtual devices. This Microsoft SDN function measures outgoing data transfers, which allows tracking of packets sent outside the IP range of the virtual network.
Output counting helps administrators track the amount of traffic that goes out of the network , identify where the traffic is going and who the business person or entity is responsible for. Used in a private cloud , this count of outputs allows administrators to set up a chargeback system.
