Windows 10: No Internet Access after Windows Fall Creators Update

Background

  • I am running Windows 10 with Hyper-V enabled
  • My Hyper-V has a virtual switch: an external adapter connecting to my wireless network adapter.
  • Windows Update just installed version 1709, i.e. Fall Creators Update on 11/19/2017.

Problem

  1. My host PC’s wireless connection now has NO internet connectivity.
  2. One of my virtual machines no longer shows up in Hyper-V Manager.

Solution

To regain internet access right away, the following works for me:

  1. Launch Hyper-V Manager
  2. under Actions, select Virtual Switch Manager
  3. Verify that there is a Default Switch, installed by Windows Update – Fall Creators Update.
  4. Select the virtual switch that connects to the wireless network adapter. 
  5. Remove it.
  6. image
  7. My host PC got back Internet access.  The wireless network adapter was no longer “bridged” using the external virtual adapter.

At this point, I can use Default Switch as the virtual switch for all my guest virtual machines under NAT.

If I want to use the old setup, I just recreate a virtual switch with an external network that connects to the host PC’s wireless network adapter.

For the missing virtual machine, I had to recreate the virtual machine (i.e. configuration):

  1. Launch Hyper-V Manager
  2. Actions –> New –> Virtual Machine
  3. Connect to my existing Virtual Hard Disk

Summary

The loss of internet connectivity and a virtual machine is scary after a Windows Update.  I hope this post helps.

Advertisements

How to Auto Download Windows Update for Windows Server 2016

Goal:

I like to configure my servers to download windows update automatically ahead of time.

When I can choose to manually install them later, I can install them right away without waiting for the download.

Problem:

To do this in Windows Server 2016 is not straight forward, I haven’t found a way to do it using the desktop UI.

Solution:

I have to do it via command line.

  1. Run a command line prompt as an admin.
  2. Type “sconfig”
  3. Type “5” to select “Windows Update Settings”
  4. Type “D” to select DownloadOnly

 

Reference:

https://blogs.technet.microsoft.com/mu/2016/10/25/__trashed/

Ring Central–Forwarding Calls

RingCentral has this feature that can forward an incoming extension call to your cell phone.  However, it does not work for me.  My cell phone never rings and the caller goes into Ring Central voice mail.

Solution:

  1. Go to the user setting
  2. Choose “Call Handling & Forwarding
  3. Choose “Incoming Call Information
  4. Under “Play announcement …”, select “Never
  5. Save

SNAGHTML7259cf85

 

 

Reference:

http://www.prrcomputers.com/blog/ringcentral-call-forwarding-not-working-solved/

How to Troubleshoot Audit Failure Event 4625

If you get hundreds of these 4625 events, it is probably because your server has remote desktop enabled and your server is facing the internet.  For example, your server may be on the AWS or Azure with RDP port 3389 allowed for any public source IPs. 

 

Cloud Network Firewall Fix:

Assuming you keep remote desktop service running, then you should configure AWS / Azure Security Group’s inbound rules to allow only your IP to connect to port 3389.  All these events should stop occurring.   In summary, you are blocking all IP addresses except yours.

Windows Server Firewall Fix:

As usual, please backup your servers.  If you block your own IP from accessing server’s remote desktop port using Windows Server firewall, you need to do a restore.

What if you cannot just do block all and except? or maybe you want to find out the specific IP that is causing that event?

If you examine the event, you will see that there is no network info: workstation name, source network address, source port.  I will show to how to find out the source network address.

In fact, there is little useful info.  We know Logon Type: 3 means a “network logon”.

We know Account Name: “ADMIN1” does not exist on our server and so it is a guessed account name.  The Sub Status: 0xc0000064 confirms that.

If you see Account Name: “Administrator” and the Sub Status: 0xc000006a means the hacker guess the wrong password.

You need to write a key info and that is the event date time (in Event Xml), down to the sub seconds level.

You download and run Process Monitor (not Process Explorer).  You run it and let it start capturing data.  When you see a new event 4625, you can stop the capture and start looking through the big log.  You locate the log entries closest to the event date time.  You may see errors such as LOGON FAILURE or NAME NOT FOUND.  Go backward in time, you may come across some logs regarding remote desktop connection.  Note “ms-wbt-server” is port 3389, used by RDP.

SNAGHTML653973

It tells you the source IP of the machine trying to connect and logon.  That is the source IP you can add to Windows Firewall and block.

Again, DO NOT BLOCK your own IP.  Otherwise, you cannot remote desktop to the server any more.

An account failed to log on.

Subject:
    Security ID:        NULL SID
    Account Name:        –
    Account Domain:        –
    Logon ID:        0x0

Logon Type:            3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:        ADMIN1
    Account Domain:       

Failure Information:
    Failure Reason:        Unknown user name or bad password.
    Status:            0xc000006d
    Sub Status:        0xc0000064

Process Information:
    Caller Process ID:    0x0
    Caller Process Name:    –

Network Information:
    Workstation Name:   
    Source Network Address:    –
    Source Port:        –

Detailed Authentication Information:
    Logon Process:        NtLmSsp
    Authentication Package:    NTLM
    Transited Services:    –
    Package Name (NTLM only):    –
    Key Length:        0

 

 

Reference:

https://www.mcbsys.com/blog/2014/10/use-process-monitor-to-find-event-4625/

Setup IIS FTP Service Passive Mode Ports

If you have an IIS with FTP passive mode enabled, you probably want to specify the port range for data channels.  That way, you can specify the port ranges in your firewall.

SNAGHTML5c5e5e85

For example, you can specify IIS server’s “FTP Firewall Support”.  For example, you can specify The Data Channel Port Range to go from port 5000 to port 5100.

Click “Apply”.  You must restart your Microsoft FTP Service in order for the port range to take effect.  Doing “iisreset” is not be sufficient.

Troubleshooting Tip:

If you test it using FileZilla client, you should set the debug to level 3 verbose in order to see the data channel port requested by the server.

The key info you are looking for is the following:

SNAGHTML5c62643e

227 Entering Passive Mode (a1,a2,a3,a4,p1,p2).

The data channel post is p1*256 + p2. 

Thus,

227 Entering Passive Mode (54,20,20,88,228,225). would mean using port 58593.

Make sure that port is specified by IIS FTP and it is allowed by the firewall inbound rules.

Reference:

http://slacksite.com/other/ftp.html

http://www.serv-u.com/respcode.asp?resp=227

How to Reduce Spam Mail

 

To opt out of credit card/insurance offers, go to www.optoutprescreen.com.  It is free.  You need to fill out your date of birth and social security #.

To reduce incoming telemarketing calls, go to www.donotcall.gov.  It is free.

To opt out of mail catalogs, magazines, etc, go to www.DMAchoice.org. The cost is $2 for 10 years.

Reference:

Here is the official instructions from FTC:

https://www.consumer.ftc.gov/articles/0262-stopping-unsolicited-mail-phone-calls-and-email

Entity Framework Core – Code First

For Entity Framework Core, the code first migration commands are slightly different.

remove-migration

It will remove / undo the migration script generated by the command “add-migration <scriptname>”

 

update-database –migration:0

It will rollback all the migration scripts you deployed to a database (i.e. update-database ),