Platform Engineer

이번 Windows Server 2008 R2의 업데이트 중 중요한 내용을 정리해 보았습니다..

November 14, 2017—KB4048958 (Monthly Rollup)

• Addressed issue in which AD FS can no longer ignore "prompt=login" during authentication. A "Disabled" option was added to support scenarios in which password authentication is not used. For more information, see AD FS ignores the "prompt=login" parameter during an authentication in Windows Server 2012 R2.
• Addressed issue in AD FS in which MSISCookies in request headers could eventually overflow the headers size limit. This caused a failure to authenticate and return HTTP status code 400: “Bad Request - Header Too Long."

• Addressed issue in which adding user rights to an RMS template caused the Active Directory RMS management console (mmc.exe) to stop working and return an unexpected exception.

• Addressed issue in which USBHUB.SYS randomly caused memory corruption that caused random system crashes that are extremely difficult to diagnose.

• Addressed issue where Miniports that make 64-bit DMA requests from a single 4 GB region may fail, preventing the system from booting.

December 12, 2017—KB4054519 (Monthly Rollup)

• Addressed issue to provide complete transparency about Replication Health. Replication Health represents the state of replication based on the following criteria: low free disk space, the Hyper-V Replica Log (HRL) reaching its maximum size, and violation of the Recovery Point Objectives (RPO) threshold.

• Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.

February 13, 2018—KB4074594 (Monthly Rollup)

• Addresses issue where servers running AppLocker stop working.

• Addresses issue where an unexpected system restart occurs because of exception code 0xc0000005 (Access Violation) in LSASS.exe, where the faulting module is cryptnet.dll.

• Addresses multiple symptoms that occur during power transitions including a stop error 0x9F (0000009F) when a device tries to enter sleep mode or restart. USB PnP devices may also be unusable after waking from sleep.

• Addresses issue where a race condition in memory management may lead to Error 0x50 or 0x149 when trimming sparse files.

• Addresses the following issues with the WinRM service:
  
• - A threading issue that may cause the WinRM service to crash under load. This is a client-side solution, so you must apply it to the affected computers(s) and the computers that communicate with the WinRM service.
  - A system performance issue that may cause logon to stop responding with the message, "Please wait for the Remote Desktop Configuration". This was caused by a deadlock in the WinRM service.

• Addresses issue where when SharePoint writes to a SQL Server filestream share with SMB3 encryption enabled, the write may fail or execute very slowly.

Windows Team에서 Linux VM에 대한 지원을 향상시키고 있는 것으로 보입니다. 최근 Hyper-V를 서버로서 사용하는 시나리오보다 워크 스테이션으로 사용하여 개발자들의 개발 환경으로 선택 되게 하려는 움직임이 많이 보입니다.

이번에 가상화 팀에서 나온 블로그를 보면 Windows에서 RDP로 접속을 하거나 Enhanced mode 로 접속을 한 경우 Copy & Paste를 자유롭게 사용할 수 있는 기능을 Linux VM에도 적용하는 것으로 보입니다.

직접 개발한 것은 아닌 것으로 보이며 Microsoft의 RDP 프로토콜을 Linux에서 구현해주는 XRDP open source를 사용하여 Canonical과 함께 Ubuntu 18.04에 적용하는 것을 목표로 하고 있는 것으로 보입니다. 18.04에 기능을 넣기 전에 16.04에 설치해서 (Bug는 아직 있다고 합니다.) 미리 살펴볼 수 있다고 합니다. (Windows Insider Build 17063 을 사용해야 합니다.)

설치 방법은 Ubuntu 16.04를 설치한 후 아래 명령을 실행하면 됩니다.

#Get the scripts from GitHub
$ sudo apt-get update
$ sudo apt install git
$ git clone https://github.com/jterry75/xrdp-init.git ~/xrdp-init
$ cd ~/xrdp-init/ubuntu/16.04/

#Make the scripts executable and run them...
$ sudo chmod +x install.sh
$ sudo chmod +x config-user.sh
$ sudo ./install.sh

재부팅이 완료된 후 아래 명령을 다시 실행 합니다.

$ sudo ./config-user.sh

VM을 종료 한 후 PowerShell을 실행해서 RDP 관련 설정을 합니다.

Set-VM -VMName <your_vm_name>  -EnhancedSessionTransportType HvSocket

Linux VM을 실행한 후 Hyper-V connect를 통해서 연결을 하면 아래 기능들을 사용할 수 있습니다.

• 향상된 마우스 기능
• 클립보드 통합
• 윈도우 크기 변경
• 드라이브 리디렉션

참고 : https://blogs.technet.microsoft.com/virtualization/2018/02/28/sneak-peek-taking-a-spin-with-enhanced-linux-vms/

Windows Server 2016 중요 update

August 23, 2016 — KB3176934 (OS Build 14393.82)

• Addressed issue that was causing nodes to be disconnected from a Cluster service intermittently.

September 29, 2016 — KB3194496 (OS Builds 14393.222)

• Improved reliability of the Windows Update Agent, shared drives, virtual private network (VPN), clustering, HTTP downloads, Internet Explorer 11, Hyper-V platform, multimedia playback, and Microsoft Edge.
• Improved performance of push and local notifications, Hyper-V platform, and some social media websites using Microsoft Edge.

December 9, 2016 — KB3201845 (OS Build 14393.479)

• Addressed issue that causes the loss of optional component (OC) state information, including all Hyper-V virtual machines, after upgrade.

December 13, 2016 — KB3206632 (OS Build 14393.576)

• Addressed an issue with PCI.SYS saving and restoring invalid data for the Virtual Channel (VC) that was causing system errors during reboot cycles as well as failures to enumerate devices, that may lead to bugchecks.
  
• Addressed issue where a Catalog-signed module installation does not work on Nano Server.

March 14, 2017—KB4013429 (OS Build 14393.953)

• Addressed issue in KB3213986 where the Cluster Service may not start automatically on the first reboot after applying the update.
  
• Addressed an issue which improves the reliability of Enable-ClusterS2D PowerShell cmdlet.
  
• Addressed an issue where the Virtual Machine Management Service (Vmms.exe) may crash during a live migration of virtual machines.
  
• Improved the bandwidth of SSD/NVMe drives available to application workloads during S2D rebuild operations.
  
• Addressed an issue where Remote Desktop Servers crash with a Stop 0x27 in RxSelectAndSwitchPagingFileObject when RDP clients connect and utilize redirected drives, printers, or removable USB drives.
  
• Addressed issue that occurs whenever the multipath IO attempts to log I/O statistics with no paths present.
  
• Addressed issue that may decrease performance by up to 50% when Ethernet adapters that support receive side scaling (RSS) fail to re-enable RSS after a fault or system upgrade.
  
• Addressed issue with multipath I/O failure that can lead to data corruption or application failures.
  
• Addressed issue that occurs when a Network Driver Interface Specification function NdisMFreeSharedMemory() is not called at the correct Interrupt Request Level.
  
• Addressed issue where SQL server takes 30 minutes to shut down on machines with a lot of RAM (>2TB).

April 11, 2017—KB4015217 (OS Build 14393.1066 and 14393.1083)

• Improved the Host Network Service (HNS) to support an overlay network driver for use on Windows Server 2016 to connect containers across hosts using Docker Engine in Swarm Mode.
  
• Addressed issue that causes virtual machines to fail during high I/O scenarios where the user may log in multiple times.
  Improved the reliability of Load Balancing/Failover (LBFO) whenever there is a resource rebalance, a device failure, or a surprise removal of a device.

May 9, 2017—KB4019472 (OS Build 14393.1198)

• Addressed issue where multipath I/O did not properly restore service after the check condition "Illegal request, LUN not available (sense codes 05/25/00)" occurs.
  
• Addressed issue where a Stop 0x27 error occurs after a user provides the domain username and password.
  
• Addressed an issue with a paging file space leak that leads Windows to a crash, blue screen, or data loss.

June 13, 2017—KB4022715 (OS Build 14393.1358)

• Addressed an issue where the network interface description name of a network adapter is not updated in Hyper-V after a device driver update.
• Management of a NIC Team or vSwitch within Hyper-V Administrator or System Center Virtual Machine Manager may be affected.
  
• Addressed issue that was causing devices to crash when hot plugging USB 3.0 Network Adapters
  
• Addressed an issue where Cluster health service fails to report fault event to MAS HM component.

June 27, 2017—KB4022723 (OS Build 14393.1378)

• Addressed issue where multipath I/O does not use other available paths during a failover scenario.
  
• Addressed issue where Page faults for Demand Zero Pages are significantly slower (> 10%), which causes many applications to run slower.
  
• Addressed issue with the Server Message Block Bandwidth limiting feature not working.
  
• Addressed issue where the storage replication driver (wvrf.sys) is in an infinite loop.
  
• Addressed issue where a 2012 R2 or below Remote Desktop License Server causes the 2016 Remote Desktop Services Host to crash and stop giving sessions to clients.
  
• Addressed issue where you may lose access to storage disks when there are still available paths if there is an error on one of the multipath I/O paths.
  
• Addressed issue where the creation of virtual disks fails in Windows Server 2016 storage spaces when the physical disk allocation is set to manual for all the selected disks.

July 11, 2017—KB4025339 (OS Build 14393.1480)

• Addressed issue with race condition that causes Lync Edge servers to randomly crash (Stop Error D1). Any active, open session within a federated domain loses connectivity for conference calls, instant messaging, etc.
  
• Addressed issue with memory leaks in the nonpaged pool with the "NDnd" tag, which causes the OS to crash.

July 18, 2017—KB4025334 (OS Build 14393.1532)

• Addressed issue with a port and thread leak that can cause a broad array of symptoms including unresponsive systems and iSCSI target connection failures. This occurs after installing monthly updates released between April 11, 2017 (KB4015217) through July 11, 2017 (KB4025339).
• This issue was called out as known issue in the corresponding release notes for these updates.
  
• Addressed issue where faulty silicon in Solid-State Drives impacted the performance of the Microsoft Standard NVM Express Driver (stornvme).
  
• Addressed issue where the Windows NVDIMM driver will attempt to dismount any volumes on the device and transition into a read-only state when NVDIMM devices lose persistence.
  
• Addressed issue where when you use SCVMM to manage virtual servers, if any CSV is offline, SCVMM cannot enumerate or locate the CSVs on the clusters.
  
• Addressed issue where when you enable deduplication on a volume larger than 10 TB, optimization may stop prematurely and never complete.
  
• Addressed issue where a LUN connection that was received after the buffer allocation during iSCSI statistic collection overflowed the buffer and caused error 0x19. A UI issue that hides the iSCSI targets will be addressed in an upcoming release.
  
• Addressed issue where an MPIO path failure on a Hyper-V host might lead to complete loss of disk access.
  
• Addressed issue where a missing break statement might cause an MPIO LUN to be unexpectedly removed.
  
• Addressed issue where NTFS referenced an invalid parameter when using Task Scheduler, resulting in Stop Error 0x24.
  
• Addressed issue where the system would throw an error when attempting to mount a corrupt ReFS volume in Read-Only mode.
  
• Addressed performance issues in ReFS when backing up many terabytes of data.
  
• Addressed issue where a stuck thread in ReFS might cause memory corruption.
  
• Addressed issue where the health of S2D clusters was inconsistently reported.

August 16, 2017—KB4034661 (OS Build 14393.1613)

• Addressed issue where a black screen appears when launching an application on Citrix XenApp that was deployed from Windows Server 2016. For more details, read CTX225819.
  
• Addressed issue where third-party directory structures caused Disk Cleanup to render a boot drive inaccessible.
  
• Addressed issue where unsynchronized access in NtfsQueryLinksInfo led to a system crash.
  
• Addressed issue where an extremely high number of I/O flushes might lead to an error.
  
• Addressed issue by increasing the time out window when starting Docker for Windows to avoid 0x5b4 errors.

September 12, 2017—KB4038782 (OS Build 14393.1715)

• Addressed issue where Windows Error Reporting doesn't clean up temporary files when there is a redirection on a folder.
  
• Addressed issue where some Windows clients receive a 0xc0000005 ACCESS_VIOLATION error when trying to install drivers.

September 28, 2017—KB4038801 (OS Build 14393.1737)

• Addressed issue where the size of a cloned file was improperly calculated by ReFS.
  
• Addressed error STOP 0x44 in Npfs!NpFsdDirectoryControl.
  
• Addressed error 0x1_SysCallNum_71_nt!KiSystemServiceExitPico.
  
• Addressed issue that may occur when you inspect a corrupted VHDX file on a Hyper-V host; the error is “Multiple Bugcheck BAD_POOL_CALLER (c2) 0000000000000007; Attempt to free pool which was already freed”. However, when Special Pool is enabled, the error is “0xCC PAGE_FAULT_IN_FREED_SPECIAL_POOL”.
  
• Addressed issue where ksecdd.sys causes LSASS to leak kernel memory in paged pool. This most commonly affects servers that host an HTTPS service and handle a heavy load of TLS handshakes from clients.
  
• Addressed issue where attempting to extend a Clustered Shared Volume (the source disk) beyond 2 TB using Disk Management in the Storage Replica feature of Windows Server 2016 Datacenter Edition fails. The error is “There is not enough space available on the disk to complete this operation”. The same problem may occur when using the Resize-Partition PowerShell cmdlet. In this case, the error is “Not enough available capacity”.

October 17, 2017—KB4041688 (OS Build 14393.1794)

• Improved M.2 NVMe SSD throughput when the queue size increases.
  
• Addressed issue where running Event Tracing for Windows with Volsnap may result in error 0x50.
  
• Addressed issue where Miniports that make 64-bit DMA requests from a single 4 GB region may fail, preventing the system from booting.
  
• Addressed issue where a disk losing communication with its S2D cluster may lead to a stale fault domain descriptor for the enclosure.
  
• Addressed issue where, if an update to a pool config header occurs when it’s performing a read function, a stop error may occur in a Windows Server 2016 Storage Spaces Directory (S2D) deployment.

November 27, 2017—KB4051033 (OS Build 14393.1914)

• Addressed issue where a Storage Spaces Direct (S2D) drive that is failing or being removed from a node is incorrectly reported as healthy in admin tools. These tools include Get-Physical Disk, Server Manager, and Failover Cluster Manager.
  
• Addressed issue where a repair job could be suspended indefinitely after re-adding a node to an S2D cluster.
  
• Addressed issue where an incomplete Storage Spaces repair could lead to faulty metadata causing future repairs to stop working.
  
• Addressed a token leak in services.exe that occurs after applying MS16-111/KB3175027. This results in a kernel session object leak that degrades system performance over time. This especially affects Terminal Server implementations, where more user logons typically occur.
  
• Improved performance when launching applications that use Virtual Disk Service to manage volumes.
  
• Addressed issue that causes the VmCompute process to stop working when you reset the Virtual Machine (VM) after Dynamic Memory (DM) changes its memory footprint. This occurs when Non-Uniform Memory Access (NUMA) spanning is disabled and DM is enabled.

December 12, 2017—KB4053579 (OS Build 14393.1944)

• Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.

January 17, 2018—KB4057142 (OS Build 14393.2034)

• Addresses issue where some customers on a small subset of older AMD processors get into an unbootable state.
  
• Improves compatibility with U.2 NVMe devices, specifically in hot-add/removal cases.
  
• Addresses issue where the iSCSI Initiator Properties Devices list doesn't display certain targets.
  
• Addresses synchronization issue where backing up large Resilient File System (ReFS) volumes may lead to errors 0xc2 and 7E.
  
• Enables IT administrators to scientifically troubleshoot I/O failures using a comprehensive event log for the resiliency state transition.