[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] THE OFFICIAL BLOG OF THE SBS DIVA

(broken record here just making it clear) Unmanaged systems - those not behind WSUS/Intune/System center still have a May 13th deadline of getting 2919355 installed.

Spotted a post in the forum with some interesting debugging:

Windows 8.1 update fails to install - KB2919355 - Microsoft Community:

Success at last. I have been researching and working on this for over a week and have attempted every single "fix" or "repair" proposed here and via MS troubleshooting pages with absolutely no success.

sfc /scannow reported no errors. I used Dism which indicated the store was repairable however RestoreHealth always provided the following message:

The restore operation failed. Either the repair source was not found or the component store cannot be repaired.
Error: 0x800f081f
DISM failed. No operation was performed.

I reviewed the CBS.log file and found a report of missing files (mshtml.tlb, mshtml.dll and F12.dll) which I tracked down via the log file to update KB2909921. I downloaded the KB2909921.msu and used 7-Zip to extract the files contained in the msu to a folder on a USB drive. I then expanded the cabinet archive to the same folder. After locating the above files I restored them to the appropriate containers using the information found here:

http://technet.microsoft.com/en-us/library/ee619779(v=ws.10).aspx <http://technet.microsoft.com/en-us/library/ee619779%28v=ws.10%29.aspx>

and here:

After making the repairs dism /restorehealth continued to indicate the restore operation failed with the same message, *HOWEVER now the CBS.log file reported everything appeared to be ok* other than a reference to a problem with meta data.

Operation: Detect and Repair
Operation result: 0x0
Last Successful Step: Entire operation completes.
Total Detected Corruption:0
CBS Manifest Corruption:0
CBS Metadata Corruption:0
CSI Manifest Corruption:0
CSI Metadata Corruption:0
*CSI Payload Corruption:**0*
Total Repaired Corruption:0
CBS Manifest Repaired:0
CSI Manifest Repaired:0
CSI Payload Repaired:0
CSI Store Metadata refreshed:True

Previously it was reporting "CSI Payload Corruption: 3" which was apparently related to the missing files referred to above and which previously indicated was not repaired, presumably because the files could not be found.

I had previously been unable to install KB2939087 and KB2919355 and always received error 80073712 after trying every fix mentioned in the forum. I ran Windows Update Diagnostic again and received the same messages I had always received, but because the CBS log showed things were ok, I decided to try to download and install again using Desktop Windows Update.

I first attempted to install KB2939087 which installed, asked for a restart and was successful. I then attempted to install KB2919355 which likewise installed, asked for a restart and was successful.



Posted Wed, Apr 23 2014 23:33 by bradley | with no comments
Filed under:

21 days before unmanaged 8.1 systems are locked out of getting security updates.  And I'm still seeing issues with folks trying to get the update installed.

I worked with Robert (the PowerShell genius) to build a PowerShell tool that let's you run some of the commands in the post in the answers forum as well as checking on the free space in the C drive and in the reserved partition.


This however is very disturbing.  I can confirm that after installing KB2919355 and running that dism command you get a failure


Seeing what I can find about it now.

Posted Tue, Apr 22 2014 21:42 by bradley | with no comments
Filed under:

For those running default SBS 2003 R2/2008 and 2011 with WSUS - it auto approves security updates to servers and workstations.  If you have an 8.1 or R2 deployed in that network, KB2919355 will be automatically approved and probably automatically installed tonight.

Just be aware and watch your patch settings.

2919355 is deemed a critical security update and thus will automatically be installed if you have not changed the settings.

Posted Thu, Apr 17 2014 16:05 by bradley | with no comments
Filed under:

For those of you behind WSUS, Intune or System center the less than 30 days before KB2919355 has to be installed has been extended.


Folks who patch with WSUS/Intune or System center have until August to roll out KB2919355

The issue with WSUS has now been fixed.  You'll see on your manually or WU updates boxes that already have KB2919355 ANOTHER KB2919355 this time a much smaller update that fixes just the issue with the WSUS deployment


Posted Wed, Apr 16 2014 21:44 by bradley | 1 comment(s)
Filed under:

Tuesday! SMBKitchen ASP Chat | Third Tier:

Join us today at the SMBKitchen chat.  Remember that you can sign up and get a sneak peak of the documents we've released before April 30.

I'll be sending out a revision to the Heartbleed client facing communication to reflect some latest developments.  Hope to see you there this afternoon!

Posted Tue, Apr 15 2014 7:55 by bradley | with no comments
Filed under:

Only 29 days-ish to get KB2919355 installed.  And we're starting to see people getting their issues resolved (yea) and starting to see the support engineers move from the fishing expeditions to where they can start giving out canned responses to the problems. 

Still Microsoft is in it's offering up mode and not pushing out the door mode (you can tell this in the USA as the update is offered up but not yet checked). 

I'll be starting my roll out this week and I'll let you know how it goes.

One Surface/one 2012 r2 server.


Posted Mon, Apr 14 2014 22:11 by bradley | with no comments
Filed under:

Hectic week this week between the Windows 8.1 issues and the Heartbleed - which is not a virus btw.


Up on the ASP kitchen project I've placed client facing communication you can use to help guide them.  If you have any questions - like I have had - please feel free to ask and we'll help to get clarity.

Right now it's still in it's month free trial time.  So check it out, see if the information is helpful and join us.


Posted Thu, Apr 10 2014 23:24 by bradley | with no comments
Filed under:

KB2919355 issues being investigated/tracked:

Windows 8.1 Update prevents interaction with WSUS 3.2 over SSL - WSUS

Product Team Blog - Site Home - TechNet Blogs:


*Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update scanning against all supported WSUS configurations. Until that time, we are temporarily suspending the distribution of the Windows 8.1 Update to WSUS servers.*

You may still obtain the Windows 8.1 Update from the Windows Update Catalog or MSDN. However, we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue. You may also find the workarounds discussed in this article to be useful for testing the Windows 8.1 Update for your organization. Thank you for your patience during this time

A note from Joe Raby about the impact of 8.1 update on 2012 R2 Essentials:

 You might want to post this note about updating "Windows Server Essentials 2012 R2 with Update":

Manual upgraders might want to update their Client Restore Service WinPE images on WDS (and USB sticks) so that they match the new baseline code version.  A folder must be deleted for it to recreate the WinPE images, and it's located at ProgramData\Microsoft\Windows Server\Data\ClientRestore\(big long version string)\(codepage language), eg:

C:\ProgramData\Microsoft\Windows Server\Data\ClientRestore\8.100.25984_8_100_25984_6.3.9600.16384\0409

After updating WSe to "Update 1", you need to get the new version of the ADK.  When you run the installer on the server, it just checks to see what's installed and only current components will be updated by default (nothing else is checked - I know you like that, Sue).  When the ADK is updated, just delete the codepage folder in it's entirety, delete the WinPE Boot images in WDS, and then go back into the Dashboard, to Home|Setup|Set up Client Restore Service, and click the Restart button.  It will use the new ADK to create new WinPE images and put them into WDS for you just like it always did, but now they'll have the new codebase revision (WinPE 5.1).

Note: MSDN does NOT have an updated ISO for "WSe 2012 R2 with Update" yet - only the single image for Standard & Datacenter.  The update package with the supplemental updates are available now.

Also note: I only mention this because I DID upgrade my server already....no don't start screaming yet.  My server only has tech stuff on it (OS's and Office installation files and such), so I want it to be bleeding edge (without being in beta) to cater to customers with all the new tech goodies from day one.  There is no "business data" on it in the conventional sense.  My "line-of-business software" is software deployment packages.

Posted Tue, Apr 8 2014 8:32 by bradley | with no comments
Filed under:

Windows 8.1 Update: The IT Pro Perspective:

I'm copying a comment that I agree with completely.  In the zeal of Paul Thurrott and Mary Jo Foley today on the TWIT web cast talking about BUILD no one talked about the risk of this update and the fact that this isn't an optional update, it's a mandatory one.  We HAVE to get this installed.

So far I'm seeing issues with moving folders (don't do that - expected honestly as I saw it with the 8 upgrade), issues with possible system corruption (run the DISM command if it gets stuck), and finally a concerning issue with 2012 R2 and Veeam backup software.

"The KB2919355 article states "All future security and nonsecurity updates for Windows 8.1 and Windows Server 2012 R2 require this update to be installed".  

What happened to Microsoft’s Lifecycle policy with providing customers with a 24 month timeframe before ending support of a superseded operating system RTM / Service Pack level ??

This update is effectively equivalent to a Service Pack, if not more so as it also contains functionality changes for both the operating system and browser.  According to the KB article it is a hefty 768mb in size.  

By immediately withdrawing all future security updates for Windows 8.1 RTM in the eyes of most enterprise customers you are effectively performing an immediate End-of-Life on Windows 8.1 RTM itself.

This places enterprise customers who are in the midst of a Win8.1 RTM rollout in a very precarious position given that they are now forced to introduce this very large update into their SOE in a very short timeframe.

There’s always a higher risk of introducing breakages with an update of this size as well, and by dropping patch support with little notice Microsoft is not leaving any time for enterprises to conduct a reasonable QA effort on ‘Update 1’ or deal with any subsequent issues/defects that arise.  So the enterprise customers are faced with a dilemma, either deploy this major update immediately with a reduced level of QA, or run the risk of being unpatched if a major security incident occurs.

I know that Microsoft wants its customer base to adopt updates to its Windows platform faster, but immediately dropping security patching on the Win 8.1 RTM release is just plain crazy."

Posted Fri, Apr 4 2014 22:46 by bradley | 4 comment(s)
Filed under:

Windows 8.1 update just announced at the BUILD conference today is on MSDN/TechNet now, on Windows update on April 8th.  In the read me file from MSDN is states

Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 Update

Recommended Install Order
1.  KB2919442
2.  KB2919355
3.  KB2932046
4.  KB2937592
5.  KB2938439
6.  KB2949621

A servicing stack update is available for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2: March 2014:

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update April, 2014:
*Included in 2919355 is this statement:*
/Important /*/All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require this update to be installed. We recommend that you install this update on your Windows RT 8.1, Windows 8.1, or Windows Server 2012 R2-based computer in order to receive continued future updates.

We have until May 13th to get this 700Meg plus file installed on Windows 8.1 otherwise you will not be offered up security updates in May.

If you are running 8.0 you will still get security and non security updates installed.

If you have access to TechNet or MSDN download and test it now.  Come next Tuesday it will be  needed update to your 2012 R2 servers and 8.1 workstations.

Windows 8.1 Update: The IT Pro Perspective:

Test now.

Posted Wed, Apr 2 2014 18:52 by bradley | 2 comment(s)
Filed under:

Yes it was a TPM chip and you have to also anchor it down to the computer with this little plastic screw.

After the 15th I'm going to put the TPM chip in the Microserver.

Posted Tue, Apr 1 2014 23:40 by bradley | with no comments
Filed under:

Okay...take a guess at what that is?

Posted Tue, Apr 1 2014 0:04 by bradley | 7 comment(s)
Filed under:

Windows 8.1 Update May Arrive April 8:

"The latest rumor surrounding Windows 8.1 Update 1 is that Microsoft plans to release the upgrade on April 8 to consumers, the same day Microsoft pulls the plug on Windows XP."


If that's true, here's my ask for anyone who manages or maintains Server 2012 R2 or Windows 8.1 machines:

This week make sure any Server 2012 R2 or Windows 8.1 machine has a good backup.  A GOOD backup.  For any consumer workstation this means MORE than just the file history.  I would recommend if they do not have a backup provided by an image based backup (Essentials server client backup, Storagecraft, or other image based backup) that they need either buy the consumer version of Acronis http://www.acronis.com/en-us/personal/pc-backup  or ensure that they backup using the full System image.
(see instructions here : http://winsupersite.com/windows-8/windows-81-tip-use-system-image-backup   )

An external usb harddrive is cheap and a full backup image is just good to have and will always let you be the hero.

Microsoft to Live Stream the Launch of Windows 8.1 Update:

Posted Mon, Mar 31 2014 0:23 by bradley | with no comments
Filed under:

Another thing you'll see when there is an 8.1 or a Server 2012 R2 in your network is this error:

EVENT # 3279
SOURCE Microsoft-Windows-DNS-Client
DATE / TIME   3/29/2014 10:43:44 PM

The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:

Adapter Name : {2228D0D8-DFEC-4673-B8E3-C8913948C8FD}
Host Name : TPDF
Primary Domain Suffix : domain.lan
DNS server list :
Sent update to server : <?>
IP Address(es) :

The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

I have yet to figure out what exactly triggers this.. .but it's another "ignore this until I track down why it's doing this" error

Posted Sat, Mar 29 2014 22:58 by bradley | with no comments
Filed under:

Event ID 157 "Disk # has been surprise removed" - Ntdebugging Blog - Site Home - MSDN Blogs:

it's my removable usb external hard drive I'm using for backup.

EVENT # 2238
DATE / TIME   3/27/2014 9:03:40 PM
MESSAGE Disk 5 has been surprise removed.
BINARY DATA   0000: 00 00 00 00 02 00 30 00 00 00 00 00 9D 00 04 80
0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00  


On a recently deployed 2012 R2 system it looks like these warnings were generated during (or immediately after) a "Windows Server Backup". I noticed that the backups are stored in VHD's. Also, the disk numbers the error refers to (2 and 3) do not exist when I examine the Disk Manager. I assume this is normal behavior and can be ignored, correct???

[This message may be generated with a VHD is removed.  We are aware of customer feedback regarding this message and it's applicability for VHDs.]

I'm getting this just as the backup starts.  I think there's a bug that hasn't been squashed on.  Anyone else seeing this and what hardware are you running it on?

Posted Thu, Mar 27 2014 23:09 by bradley | 1 comment(s)
Filed under:

So before I get back to our SMBKitchen project, here's what I did to my Gen8 Microserver:

1.  Forget the intelligent provisioning.  The 1.5 version will not autoupdate to 1.6.  While 1.6 does support 2012 R2, it won't auto update to that version.

2.  I gave up on the autoprovisioning and just did an install from the operating system and the plain driver. In order to do that I went into the bios and disabled the smart raid adapter and put it back to normal SAS with ACHI setting.  A smart raid may be a good thing for the bigger servers, for this one the drive layout was never what I wanted.  I tried to set the four 2T drives as a Raid 1+0 and it wasn't giving me a large 4 logical place to then partition out, and when I did two 2T logical drives that also ended up in a weird config.  Bottom line I gave up and went back to the more Gen7 like experience where I let the operating system see merely DRIVES and then I did what I wanted up in the software.  This raid card may work in other servers, it wasn't doing what I wanted it to do/expected it to do.

3.  I'm still looking for a good balance of encryption with management and remote rebooting.  I bought a TPM module to install and see if I will use bitlocker to encrypt the drive.  I'll report back once it's arrived and installed.

4.  The new HP boot up process... you can make yourself a Mountain Dew on the rocks and get a second with the time the bios boots up.  All of those folks that talk about fast ssd drives. honey you won't even know you have them as it takes forrrreeeeverrr to get past the bios boot screen.  I really wish someone would sit down Meg and tell her engineers to speed up that process because it's a bit painful and adds boot time.

Bottom line I still like the form factor and size of the Gen8, but I really wish they would go back and revisit the Gen8 bios software.  The current intelligent provisioning process wasted a day for me fitzing around with the server and it not doing what I wanted it to do.

I'll be blogging about the encryption I'll be doing It later on... in the meantime back to my proof of concept migration series.

Posted Wed, Mar 26 2014 22:28 by bradley | 2 comment(s)
Filed under:

AH HA we've found (courtesy of Oliver Sommer) a grid that lists what platforms are supported on what HP servers

Windows Server Certification and Support:

Posted Tue, Mar 25 2014 23:32 by bradley | with no comments
Filed under:

and if this is that intelligent of provisioning, why then do I have to go to Program files/HP/HPSSA/Bin and enable the ability for the storage controller configuration to show up in the HP management console?

Anyway make sure you click on that enable otherwise you open up the management console and go... uh...?

Posted Sat, Mar 22 2014 14:38 by bradley | with no comments
Filed under:

To get a 2012 R2 version of Windows on a Gen8 server you'll need to install the 1.6 intelligent provisioning software.  If you attempt to do so with the shipped 1.5 it will blue screen on you.

You can't even get the unit to download the 1.5 from inside the server intelligent provisioning update process.  It appears the only way this works is to manually download the iso and flash the system.


Downloading the iso now and I'll let you know how this goes.  It doesn't want to use the Win7iso burner tool.

(As an aside another way to do this is to do the plain Windows 2012 r2 and use the Server 2008 driver (not the 2008 r2 or 2012) and it works.

Now trying this tool:  https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrp-navigationalState=idx=%7cswItem=MTX_2aa85604194243afbdb1c29a34%7citemLocale=%7cmode=%7caction=driverDocument&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Using that tool worked. 

Once you get 1.6 on there, and make it find the usb that has the Windows OS

Once there it then picks up the Windows r2 operating system


But bottom line you'll need the 1.6, a usb flash drive or dvd, and a bit of patience as this is a less than great installation experience.

Posted Sat, Mar 22 2014 11:43 by bradley | 2 comment(s)
Filed under:
More Posts Next page »