User Profile
Karl-WE
MVP
Joined 7 years ago
User Widgets
Recent Discussions
Windows Admin Center (Modernized Gateway)
Hi everyone, just to avoid confusion. The product of "Windows Admin Center" listed in the Windows Server Insider webpage is obsolete. Please use aka.ms/wacdownload to obtain the latest. There is no public preview at the time of writing. https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserverRelease of Windows Server 2025 Datacenter Azure Edition
Hi all, I am happy to see there are still Insider versions of Windows Server Datacenter Azure Edition vNext Is there any ETA for a release for the next iteration after 2022? What are the feature benefits that justify Azure Edition "2025" to be ahead of WS 2025 Thank you for your help!Re: Windows 11 Insider Preview 10.0.26200.5516 (ge_release_upr) installing Failure
That is not much todo with AI. Windows 11 is most modular. If you need a very compact version then consider GitHub Tiny11.ps1. You can also upgrade your rig with a larger SSD, they are not expensive. NVMe (via sabrent PCI-E to NVMe Adapter) would be an option but since you have two 980, the PCI-E slots are blocked. Is there a specific reason why using the Insider version? It has more experimental features and eventually debug code.Re: Windows 11 Insider Preview 10.0.26200.5516 (ge_release_upr) installing Failure
Try Windows Key +X > Terminal (Admin) Powercfg -h This disables hibernation and should free up good amount of space. Otherwise in the same Terminal session use winget to search and install treesizeview.free Often it's Apple phone Backups eating up disk space. Using OneDrive? You can setup folders with large rarely used files to be on demand only. Check your OneDrive sync settings and file Explorer settings. Please mark as solution if this helped, otherwise reply and tag me. Usually the 120 GB can serve well enough.BLOG: Guidance for Windows Recovery partition (WinRE) patching and why you would need it
This is an extended blog, which continues in comments. Why WinRE partition is controversly discussed on the web? You want to enlarge the C (OS Partition) in a VM and WinRE partition is in the way, the most common advice is to delete the WinRE Partition to resolve this limitation. And this is a bad advice imho. Why keeping the WinRE partition? The WinRE partition enables you for different to access different options including uninstalling Updates *pre-boot* that prevent a system startup. This doesn't happen very often but it can happen. This feature has been added to WinRE starting with Windows Server 2022, and Windows 10 22H2 / Windows 11 22H2, or newer. It is quite unknown, though. Leverage Quick machine recovery, perfectly described by Rudy Ooms in this blog. Direct UEFI setup (BIOS) access, even with fast boot enabled. Use Shift +Restart when in Windows. Device restore or other troubleshooting steps like access to Safe Boot. GPT / UEFI required and recommended anyway for both Windows Server and Client. What's the correct location of WinRE partition? Ideally you only have one WinRE Partition on your OS disk. If you find that your WinRE it is located left of the OS boot drive (C) it has been installed by a bugged release (old ISO). I am sure it was Windows Server 2019 when we noticed that. Aka Windows 10 1809. See below why the certainty. When installing Windows or especially Windows Server always use the lastest ISO for fixes like this or for in-place upgrades. There is no such updated ISO for Windows Server 2016, very unfortunately. They started patching them on a monthly basis with Windows Server 2019. You can access your latest ISOs either via my.visualstudio.com (Dev / Test use only), or admin.microsoft.com for VLSC or CSP production More information can be found in the comment below. Why do I have more than one WinRE partition? This often happened when the existing could not be enlarged during in-place upgrade. Maybe also a bug. Haven't seen this long time. It was common before Windows 10 1809. When installing more than one Windows on one or different physical disks, unfortunately Windows Setup will not use existing WinRE Partitions but create another for each Windows instance. This is known as side-by-side installation or more commonly "Windows OS multi-boot". Each OS instance will create and maintain its own WinRE Partition (by design). Windows OS Multi-boot is a common scenario for users, using designated Windows Installations for specific use cases, like Windows Insiders to test different Insider branches on one physical machine and disk. Speaking for myself I use multi-boot for Windows 11 to seperate gaming from productive work and to evaluate Windows Server Insider. Please mind, each instance requires a seperate license. Why patching Windows RE is important? There is a 2024 CVE that needs to addressed. Please find more information in the comments below on the "How-to".patching the WinRE CVE and remediate the 01-2024 LCU failing. More information on how to actually fix this can be found in this comment below How to relocate the WinRE partition? A WinRE Partition left of C (OS Partition) makes no sense as Windows still may not move partitions to the right or left (while technical possible). Windows can only shrink partitions. But not move them. Mind, that if you change / delete WinRE partitions you need to inform Windows about it via reagentc.exe These tools can be used: Windows Diskpart Settings App > Storage Settings > Advanced Storage Settings > Disks and Volumes Windows 10 22H2 / Windows 11 22H2 / Windows Server 2022 or newer. diskmgr.mmc all legacy OS Windows Key + X > Disk Management Trusted 3rd party tool for Home Use (Windows 10 / 11) or paid for Windows Server use: Minitools Partition Wizard (Free). Available through winget. Formerly recommended Minitools Partition Wizard but they now have a paywall. If you are ok I would still recommend it. Legacy tools like Acronis Partition Wizard is no longer optimized for or SSD / NVMe. Bonus: Use Partitioning tools for Windows Server / expanding WinRE / resize or move OS Drive Create a PAWS VM Client or Server on Azure Local, Azure, Hyper-V, VMware etc. Buy the Tool (aquire a license, required for Windows Server) Install the license on the PAWS Shutdown affected VM Attach affected virtual disk to the PAWS VM, do the resize job Attach modified disks back to the original VM Pro: easy and licensing costs efficient. Cons: Downtime and manual task Hope this is helpful to you. Appreciate your likes, spreading the word.Re: BLOG: CVE-2024-38063 - Disabling IPv6 binding = fix - or not?
Another issue with Disabling IPv6 arises with Domain Controllers that would cause the networking profile errornously set to public,rendering this Domain Controllers isolated and useable for the purpose of ADDS and DNS, unless one actives IPv6 and restart NIC, or with IPv6 disabled run a GPO PowerShell startup script that restarts the netadapter. When is Network Profile Issue for Domain Controllers going to be at least acknowledged? | Microsoft Community HubBLOG: CVE-2024-38063 - Disabling IPv6 binding = fix - or not?
Dear community, in today's LinkedIn Stream and other social media you might have noticed a recent CVE and the recommendation to disable IPv6 in Windows Server and Windows Client. We are talking about this one: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 Reading the advisory carefully, Microsoft, strictly speaking, does not directly recommend disabling (technically remove binding) of IPv6. Citing: "Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: Systems are not affected if IPv6 is disabled on the target machine." Maybe I am a bit nitpicking here about old experiences and would greatly appreciate a refreshed Microsoft statement on the disablement (unbinding) of IPv6 and the side-effects in 2024. What we have learned in the past - do no disable IPv6 easily. - yes, you can face issues with IPv6 being on by default and unexpected or misconfiguration. Often caused by DHCPv6, especially in the combination of critical domain controllers, Dual Stack ISPs and SoHo routers messing up your DNS. What's the fuss about IPv6? I am not actively using it in corporate / at home. IPv6 is being used in Windows. More specifically non-routable fe80 addresses and loopback ::1 for internal purposes of Windows or other software. One may complain use cases are - unrightfully - not well and transparent documented. Have a read in the past Here are some references that Copilot brings up. Trust my memory, I've read more like this. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ipv6-for-the-windows-administrator-why-you-need-to-care-about/ba-p/256251 https://community.spiceworks.com/t/is-it-a-bad-practice-to-disabe-ipv6/781811/9 https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows My personal conclusion Hold on, we need patches for this CVE, but we should not disable IPv6 easily. Please disable IPv6 temporarily, when you cannot patch this CVE immediately / in time. Take notes which system you have had to disable and consider re-enabling once patches have been tested and applied. If you are using IPv6 knowingly, note the NIC configs. They will be lost when using static settings rather DHCPv6. I am sad to see that NetSec people, undoubtedly experts in their area, jump on the bandwaggon esp. on Social Media to easily disgrace the IPv6 by default enablement of Windows Client and Windows Server, telling you the easier story: "Disable IPv6 and you are good / if you do not need it." Let me counter: You might not know you're "needing it" it in the first place. Whenever you are changing system defaults in Windows, mind that Microsoft and other software vendors may not consider these changes in their testing. And the Crowdstrike Black Friday showed us clearly how outlier system configs and unwell testing goes along. Not very well. IPv6 usage and defaults today One of the most recent example that Microsoft is using IPv6 can be found in the Azure Arc Agent (Connected Machine Agent) changelog: "Better handling when IPv6 local loopback is disabled" source: https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes How can I disable IPv6, if required? Many roads led to Rome. Windows + X > Terminal / PowerShell (Admin) #save current NIC config into a simple text file Get-NetAdapterBinding -ComponentID "ms_tcpip6" | where Enabled -eq $true | Out-File $env:temp\original-ipv6-config.txt #disable IPv6 on all adapters Get-NetAdapterBinding -ComponentID "ms_tcpip6" | where Enabled -eq $true | Disable-NetAdapterBinding And how to revert the change? Windows + X > Terminal / PowerShell (Admin) #enable IPv6 on all adapters (mind the text file) Get-NetAdapterBinding -ComponentID "ms_tcpip6" | where Enabled -eq $true | Enable-NetAdapterBinding TL:DR Microsoft is using fe80 addresses and loopback ::1 addresses for internal reasons. IPv6 is preferrably used over IPv4 when it is bound to a network adapter, including said special non- routable addresses. Please disable IPv6 temporarily, when you cannot patch this CVE immediately / in time. Take notes of current config. Please share the word and mind that disabling IPv6 can turn your OS into an outlier system, causing immediate or later issue due lack of testing by Microsoft or other software vendors, assuming the defaults, which is IPv6 being turned on.Re: BLOG: Guidance for Windows Recovery partition (WinRE) patching and why you would need it
Patching Secure Boot Next to the situation that resolves around WinRE Patching since January 2024, there is a new vector that requires low level patching and actions Please consider this article about Secure Boot patching, in addition to the original post. This article itself offers more links to deep dive into the topic. Please read these carefully, to avoid making your device non-bootable. Read on why https://techcommunity.microsoft.com/t5/windows-it-pro-blog/updating-microsoft-secure-boot-keys/ba-p/4055324 Read on How-To patching Secure Boot https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revoking-vulnerable-windows-boot-managers/ba-p/4121735 How-to update Secure Boot certificate with a PowerShell script (official Microsoft solution) https://support.microsoft.com/en-us/topic/updating-windows-bootable-media-to-use-the-pca2023-signed-boot-manager-d4064779-0e4e-43ac-b2ce-24f434fcfa0f Learn about the Microsoft timeline and technical dependencies https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d Great reference on Secure Boot: https://nbviewer.org/github/microsoft/MSRC-Security-Research/blob/master/presentations/2024_05_OffensiveCon/OffensiveCon24_Booting_With_Caution_BDemirkapi.pdf Thank you SusanBradleyGeek !Re: ISSUE: Adding or changing links is impacted on my end
I have not used a different browser. How does it work for you if you add a link and wait a little 2-3 before proceed with editing or post / reply? Just a theory: I could imagine that this delay is caused in the backend. As links and words are checked. I have tested two type of links in this message and what's also unclear why sometimes it adds a external link sign and sometimes it does not. I can imagine that the sign indicates the link will leave the platform.Re: Unable to verify phone on MS 365 or Azure
Enter any phone number at the moment. The wizard has issues with short numbers. They assume everyone is living in the US. If you have a shorter phone number you get stuck. You can change the number later in your (billing) profile. Please reply with tagging me or mark as solved if that helped.Re: ISSUE: Adding or changing links is impacted on my end
Thank you for your reply Allen. The first issue with the link rendering, for me, happens on PC and likewise on Android using Edge. Please let me know if the recording attached is helpful to get an understanding of it. Appreciate your hint about the ideas board. Wasn't aware about it.
