IMPORTANT ANNOUNCEMENT FOR OUR READERS!
AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at https://techcommunity.microsoft.com). Please bear with us while we are still under construction!
We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either https://aka.ms/askpfeplat as you do today, or at our new site https://aka.ms/CISTechComm. Please feel free to update your bookmarks accordingly!
Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.
If you have never visited the TechCommunity site, it can be found at https://techcommunity.microsoft.com. On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.
NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at https://aka.ms/PFETechComm!
As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!
Hey y’all, Mark here with a post about an issue we’re seeing with many of our customers lately. Hopefully, we’ll save you a couple hours of head-scratching and Bing searches.
You deploy a shiny new Windows Server 2012 Virtual Machine on Hyper-V or VMWare, and then you notice that no file shares are accessible. For example, on a Domain Controller you can’t access the SYSVOL share. You tend to get an error message like so:
You may notice other puzzling things such as services failing to start when they are on removable or hot pluggable drives, maybe even some SBSL issues with logon scripts, loading user profiles, etc. Windows 8 modern apps might throw the error “app didn’t start”. So what is the cause of all this seemingly unconnected things?
You are the unfortunate victim of two specific configurations. First, you have a specific auditing setting turned on. Second, the drive that where your shared folder resides, or service launches, shows up as a removable or hot pluggable drive.
The Auditing settings are as follows:
You have Audit Removable Storage explicitly enabled for Success and/or Failure. This configuration can be found at Windows Settings, Security Settings, Advanced Audit Policy Configuration, System Audit Policies, Object Access, Audit Removable Storage
Or, you have Audit Object Access Policy Success and or Failure, which implicitly enables all object access. This setting is found at Windows Settings, Security Settings, Local Policies, Audit Policy, Audit Object Access
Fantastic, we identified two seemingly innocent configurations. How can we fix our problem? VMWare has two KBs that suggested work-arounds by disabling the audit policy and/or disabling the HotAdd/HotPlug capability. These will indeed make the issue go away but what if you are unable to do either of these two actions?
The recommended solution to this is actually apply the hotfix in KB 2811160 – which, by the way, is included the Windows Server 2012 April 2013 update rollup. If you look closely at the April 2013 Update Rollup at what’s included we’ll find KB 2811670 “Issues when the Audit object access policy is enabled on Removable Storage in Windows 8 or Windows Server 2012”. Looking through the details of the KB pretty much hits the nail on the head of our issues. (We are reaching out to VMWare to have them update their KB as well.).
A Friendly Reminder:
For many of you, this might be the first time hearing about update rollups. However, regular readers of the blog (hint: you should subscribe if you haven’t already) know we covered this topic way back in May. Read “Update Rollups for Windows Server 2012 and Windows 8 Explained” by Steve Mathias. His hard work is already paying off on this. And for those of you who are proactively applying the Windows 8/Server 2012 Update Rollups, you’ve already dodged this issue, plus a couple past and future problems. So pat yourselves on the back.
If you found this post helpful please let us know in the comments. It’s what keeps this blog running. Until next time.
Mark “Another Holiday Issue Averted” Morowczynski