IIS 8 through IIS 10 don’t respect CTL list for client side certificate filtering

So lets say you’re moving from Windows 2008 R2 IIS 7.5 to something newer and you have Certificate Trust List (CTL) you use for CAC authentication.  You’re used to that CTL being passed down to the client to then filter the user certificates on their system to only be the ones available that you want them to be.  You migrate to Windows 2019 with IIS 10 and instead of that nice filtered list you instead get ALL certificates on a user’s system instead.

Continue reading “IIS 8 through IIS 10 don’t respect CTL list for client side certificate filtering”

McAfee ENS + Windows 10 1903 + AMD GPU = Borked drivers

So you run McAfee ENS + Windows 10 1903 + AMD GPUs well you’ll discover that in this scenario the video drivers and AMD control software fail to load on your systems resulting in the default video driver loading.  This results in the loss of multiple monitors and enhanced graphics capabilities.  We worked with McAfee on this with an official case and in the end they blamed AMD even though if you uninstalled McAfee ENS the AMD drivers began loading.  The solution in the end was AMD updating their drivers to resolve something that was having issues with the McAfee ENS software.  You need to be running AMD Radeon Adrenaline 19.9.2 or newer to resolve this issue.

IIS 10 not serving (404.7) default document with File Name Extensions enabled

If you disable Allow unlisted file name extensions in IIS using the Request Filtering module you’ve always had to then allow “.” (just a period by itself) in the File Name Extensions to then allow IIS to feed up the default document without it being in the URL.  For example http://www.google.com versus http://www.google.com/index.htm which without the . added won’t work.  In IIS 10 on a couple of websites we found they would throw 404.7 errors when this was configured even with the . in the allow list.

Continue reading “IIS 10 not serving (404.7) default document with File Name Extensions enabled”

Intermittent 404.19 even though an extension is allowed

I noticed this for the first time on a Windows Server 2019 system when I was migrating websites from Windows Server 2008 R2 using Web Deploy 3.6 from Microsoft.  I started loading websites to test them and was greeted by IIS Error 404.19 – Denied by filtering rule.  If you hit refresh it might then load successfully and do so a couple of times then fail again with another 404.19 error.  In IIS this is the website -> Request Filtering -> Rules area for a website.

Continue reading “Intermittent 404.19 even though an extension is allowed”

Windows Server 2016 versus 2019 WMI Filtering

Microsoft let us get soft for a while with WMI filtering.  WIndows 2008, 2008 R2, 2012, and 2012 R2 were all WHERE Version like “6.%” in WMI filtering.  Our WMI filters kept plodding along without anyone having to care.  Then Windows 2016 hit and we had to start updating our filters for a new WHERE Version like “10.%” so we could target these new systems and so our filters would continue to work.  Well now we have Windows Server 2019 which is also 10.0 version string so we can’t easily do like we did in the 2008-2012 era of 10.1, 10.2, etc.  Now we have to care about WHERE Version like = “10.0.XYZ”

Continue reading “Windows Server 2016 versus 2019 WMI Filtering”

Windows 2019 Hyper-V fails to send initial replica…

We’ve been having a very odd issue with new Windows 2019 server running Hyper-V in that some of them will fail to enable Replication for VMs.  You get to the very end and and click the last button to start and the Replica VM is created on the other system and all the place holder files exist but then it errors  with an message about not being able to send the initial replica.  We’ve tried all kinds of suggestions on the web related to ACLs and firewall configuration but none of them worked.  I found a solution though.  If you make a Checkpoint of the system having issues and then delete the Checkpoint after its completed you can now enable Replication.  It seems the issue resides on the system where the VM currently lives and not the location it’s going to and forcing a Checkpoint corrects whatever is going wrong during Replication configuration.

Test.VerifyDcPromoCore.DCPromo.General.103 WTF is 103…

We were working on migrating our Domain Controllers from Windows 2008 R2 to Windows 2019 and I got to the point where I was running the PowerShell “Test-ADDSDomainControllerInstallation -DomainName MyDomain.Name” command to test migration requirements.  The process was  kicking out an error for part of it with a context of Test.VerifyDcPromoCore.DCPromo.General.103 so I started the hunt for what that meant.  Well both the Bings and Googs came back with no results at all for the exact search value.  Plenty of other items with different numbers at the end but not specifically 103.

Continue reading “Test.VerifyDcPromoCore.DCPromo.General.103 WTF is 103…”

Convert MAK licensed Windows system back to KMS

The back and forth Windows licensing from KMS to MAK can be so frustrating.  Today I had to take a system that had been KMS and then made MAK back to KMS again.  Of course this process involves searching for a variety of various scripts to run but you have to put a KMS key in even if you’re going to network provided KMS.  Continue reading “Convert MAK licensed Windows system back to KMS”