User Profile
HasanHasib
Copper Contributor
Joined Sep 08, 2019
User Widgets
Recent Discussions
Turn on Memory Integrity through Microsoft Intune
Hi, Question: How to turn on the following setting through Microsoft Intune? Windows Security > Device Security > Core isolation > Memory Integrity (It says: Memory integrity is off. Your device may be vulnerable.) Applied licenses: Microsoft Intune Suite + Microsoft Defender for Endpoint P2 Client OS: Windows 11 It has been weeks since I already applied the following through the Security Baseline Policy for Windows 10 and Later but still the Memory Integrity has not got enabled on any client: Device Guard Credential Guard: (Enabled with UEFI lock): Turns on Credential Guard with UEFI lock. Enable Virtualization Based Security: enable virtualization based security. Require Platform Security Features: Turns on VBS with Secure Boot and direct memory access (DMA). ------ Virtualization Based Technology Hypervisor Enforced Code Integrity: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock. The Windows Baseline Security has got applied successfully on all endpoints without any errors or conflicts. Intune Sync and device restart have been performed 100s of times but in vain. Any suggestions would be highly appreciated.RDMA (RoCE) Test Failed over different Subnet
Hello Everyone, Let's say pSMBNIC1 and pSMBNIC2 are the names of the NICs to be used for RDMA on each node of a 3-node cluster. IP address assignments are as follows: pSMBNIC1 = 192.168.207.31 (N1), 192.168.207.32 (N2), 192.168.207.33 (N3) pSMBNIC2 = 192.168.206.51 (N1), 192.168.206.52 (N2), 192.168.206.53 (N3) RDMA Test is Successful when I run for the following scenarios: From pSMBNIC1 of N1 to pSMBNIC1 of N2 (192.168.207.32) and pSMBNIC1 of N3 (192.168.207.33) From pSMBNIC1 of N2 to pSMBNIC1 of N1 (192.168.207.31) and pSMBNIC1 of N3 (192.168.207.33) From pSMBNIC1 of N3 to pSMBNIC1 of N1 (192.168.207.31) and pSMBNIC1 of N2 (192.168.207.32) From pSMBNIC2 of N1 to pSMBNIC2 of N2 (192.168.206.52) and pSMBNIC2 of N3 (192.168.206.53) From pSMBNIC2 of N2 to pSMBNIC2 of N1 (192.168.206.51) and pSMBNIC2 of N3 (192.168.206.53) From pSMBNIC2 of N3 to pSMBNIC2 of N1 (192.168.206.51) and pSMBNIC2 of N2 (192.168.206.52) However, RDMA Test fails with "ERROR: RDMA traffic test FAILED: Please check ERROR: a) physical switch port configuration for Priority Flow Control. ERROR: b) job owner has write permission at 192.168.206.51 \C$" for the following scenarios: From pSMBNIC1 of N1 to pSMBNIC2 of N2 (192.168.206.52) and pSMBNIC2 of N3 (192.168.206.53) From pSMBNIC1 of N2 to pSMBNIC2 of N1 (192.168.206.51) and pSMBNIC2 of N3 (192.168.206.53) From pSMBNIC1 of N3 to pSMBNIC2 of N1 (192.168.206.51) and pSMBNIC2 of N2 (192.168.206.52) From pSMBNIC2 of N1 to pSMBNIC1 of N2 (192.168.207.32) and pSMBNIC1 of N3 (192.168.207.33) From pSMBNIC2 of N2 to pSMBNIC1 of N1 (192.168.207.31) and pSMBNIC1 of N3 (192.168.207.33) From pSMBNIC2 of N3 to pSMBNIC1 of N1 (192.168.207.31) and pSMBNIC1 of N2 (192.168.207.32) This means that RDMA Tests are passing for the same subnets but failing when run across different subnets. Is it normal? I have already enabled the PFC... But, even if the PFC is not enabled, then how tests are passing for the same subnet? Please guide... Thank you in anticipation.544Views0likes0CommentsRDMA (RoCE) Test Failed over different Subnet
Hello Everyone, Let's say pSMBNIC1 and pSMBNIC2 are the names of the NICs to be used for RDMA on each node of a 3-node cluster. IP address assignments are as follows: pSMBNIC1 = 192.168.207.31 (N1), 192.168.207.32 (N2), 192.168.207.33 (N3) pSMBNIC2 = 192.168.206.51 (N1), 192.168.206.52 (N2), 192.168.206.53 (N3) RDMA Test is Successful when I run for the following scenarios: From pSMBNIC1 of N1 to pSMBNIC1 of N2 (192.168.207.32) and pSMBNIC1 of N3 (192.168.207.33) From pSMBNIC1 of N2 to pSMBNIC1 of N1 (192.168.207.31) and pSMBNIC1 of N3 (192.168.207.33) From pSMBNIC1 of N3 to pSMBNIC1 of N1 (192.168.207.31) and pSMBNIC1 of N2 (192.168.207.32) From pSMBNIC2 of N1 to pSMBNIC2 of N2 (192.168.206.52) and pSMBNIC2 of N3 (192.168.206.53) From pSMBNIC2 of N2 to pSMBNIC2 of N1 (192.168.206.51) and pSMBNIC2 of N3 (192.168.206.53) From pSMBNIC2 of N3 to pSMBNIC2 of N1 (192.168.206.51) and pSMBNIC2 of N2 (192.168.206.52) However, RDMA Test fails with "ERROR: RDMA traffic test FAILED: Please check ERROR: a) physical switch port configuration for Priority Flow Control. ERROR: b) job owner has write permission at 192.168.206.51 \C$" for the following scenarios: From pSMBNIC1 of N1 to pSMBNIC2 of N2 (192.168.206.52) and pSMBNIC2 of N3 (192.168.206.53) From pSMBNIC1 of N2 to pSMBNIC2 of N1 (192.168.206.51) and pSMBNIC2 of N3 (192.168.206.53) From pSMBNIC1 of N3 to pSMBNIC2 of N1 (192.168.206.51) and pSMBNIC2 of N2 (192.168.206.52) From pSMBNIC2 of N1 to pSMBNIC1 of N2 (192.168.207.32) and pSMBNIC1 of N3 (192.168.207.33) From pSMBNIC2 of N2 to pSMBNIC1 of N1 (192.168.207.31) and pSMBNIC1 of N3 (192.168.207.33) From pSMBNIC2 of N3 to pSMBNIC1 of N1 (192.168.207.31) and pSMBNIC1 of N2 (192.168.207.32) This means that RDMA Tests are passing for the same subnets but failing when run across different subnets. Is it normal? I have already enabled the PFC... But, even if the PFC is not enabled, then how tests are passing for the same subnet? Please guide... Thank you in anticipation.Recommendations on Network ATC vs without Network ATC
Hello All. I am following this step-by-step video series: https://www.youtube.com/playlist?list=PLDk1IPeq9PPdd1Al9VitnrFrr5DnTI5sZ Here, they are not using Network ATC. So, I need recommendations on whether should I deviate from the video and use the Network ATC or not? So, far I have just joined the servers to the domain, configured MGMT and Compute switches. I was preparing the script for configuring the Storage switches. But I am not sure (since it's my first deployment of Azure Stack HCI) whether to use Network ATC or not. Please advise. Thank you.600Views1like1CommentUsing Same IP Subnet for Management and Storage
Hello All. For production environments, is it safe to use a single/same IP Subnet for Management and Storage OR should we use different IP Subnets? What is the recommendation/best practice? For example, in a 3-node cluster assigning 10.4.8.51 to 10.4.8.53 to the Management adapters and assigning 10.4.8.61 to 10.4.8.66 for Storage/RDMA adapters? Thank you.689Views0likes2CommentsSR-IOV Recommendations for Azure Stack HCI Cluster
Hi All, We have Marvell FastLinQ 41000 Series 25Gb Ethernet NICs. For Compute/Virtualization: 2 NICs will be used and SET will be configured For RDMA: We are planning to use 2 NICs with iWARP What are the recommendations/best practices to enable or disable the SR-IOV for these intents??? For Compute/Virtualization: Should SR-IOV be enabled or disabled? For RDMA: Should SR-IOV be enabled or disabled? Thank you!1.6KViews1like1CommentRe: Guidance on Network Configurations for Azure Stack HCI Cluster
Hi Darryl van der Peijl Thank you very much for to the point answers! Just 1 more question... Do I need to assign an IP address to the Virtualization NIC as well? In the Windows Server 2012 R2 Hyper-V Failover Cluster, we used to create 2 Teamed NICs. 1 for Mgmt, 2nd for Hyper-V Switch. We just used to assign an IP address to the Mgmt NIC. For the Hyper-V NIC, we wouldn't assign an IP address at the NIC level. It was used for creating the vSwitch and then we used to tag the VLAN ID for the specific VMs. I am confused here... Could you please share the best practice? thomasmaurer Karl-WE Thank you once again!7.5KViews0likes1CommentRe: Guidance on Network Configurations for Azure Stack HCI Cluster
Hi Chandrasekhar_Arya I already checked the https://learn.microsoft.com/en-us/azure-stack/hci/deploy/deployment-tool-install-os It doesn't answer my queries. It just says: "Configure networking as per your environment."7.6KViews0likes0CommentsGuidance on Network Configurations for Azure Stack HCI Cluster
Hello All, I am going to deploy my very first Azure Stack HCI cluster. I need guidance on how to assign the IP addresses to the NICs, what should be IP address scheme, and best practices. Details of network adapters are as follows: 2 NICs of 25 Gbps for compute/Virtualization (VMs) traffic 2 NICs of 25 Gbps for Storage 2 NICs of 1 Gbps for Mgmt Questions: (1) How to assign the IP addresses? since it's my first time with the black screen. (2) How to configure SET for the NICs to be used for virtualization/compute step-by-step? (3) I know that I don't need to configure SET (Switch Embedded Teaming) for the Storage NICs, but what should I do for the Mgmt NICs? Should I configure SET for them OR should 1 NIC be enough for the Mgmt? (4) How to configure SET step-by-step? (5) What is the recommendation for the IP address scheming for all the NICs? Let's say I'm assigning 10.4.8.x to the Mgmt NICs, should I use the same IP address scheme for Storage and Compute NICs as well, or should I assign some different IP schemes like 172.x.x.x (6) There are 2 NICs for Storage and we are not configuring SET for them... So, just to confirm, will I need to assign 2 IP addresses for Storage on each server? (7) How to enable the iWARP RDMA for the Storage NICs? I'm thinking to use iWARP RDMA as I read MSFT engineers recommend/prefer iWARP over RoCE. Please confirm my understanding. (8) For the Mgmt NIC, first I will configure the SET then I will assign the IP address to the SET NIC, just like we used to with the conventional NIC Teaming in Windows Server 2012 R2. Apologies in advance for such basic questions... It's my first time with Azure Stack HCI... Thank you very much!Solved9.4KViews1like9CommentsRe: MDE License Requirements
Hi elieelkarkafi , Thank you very much for replying. (1) What about the 'Enterprise Mobility + Security E5' license? Does it also include the Microsoft Defender for Endpoint P2 license? (2) No, I'm trying to onboard devices thru Intune. Devices are being shown as Co-managed in Intune. EDR policy is in place and is applied to the appropriate group containing the targeted devices. Only 1 test device has got onboarded to MDE so far... it didn't have Kaspersky installed... Rest of the devices have Kaspersky installed and may be blocking the MDE onboarding... I'll check this MDE Analyzer tool. Thanks again...2.7KViews0likes2CommentsMDE License Requirements
Hi All, Just 2 quick questions: (1) If 'Enterprise Mobility + Security E5' license OR 'Microsoft 365 E5' license is already assigned to a user, do we also need to assign the Microsoft Defender for Endpoint P2 license to the user to make his/her device onboarded to MDE? (2) Windows 11 devices are running with Kaspersky Endpoint Security. We've successfully enabled the Co-management for these endpoints but they are not getting onboarded to MDE. Could Kaspersky be the reason and blocking the MDE onboarding? I even tried running the manual script on 3 devices (cmd says script executed successfully and device has been onboarded) but no luck... Do we need to remove the Kaspersky first? Thanks in anticipation for the guidance...Solved3.1KViews0likes4Comments
Recent Blog Articles
No content to show