Category Archives: Windows 2008

autorun.inf AV blocking gotcha

Discovered this today from within Windows 7. …Any software process that involves copying, moving, or even deleting the autorun.inf file can fail as a result of current default antivirus software (aka AV) behavior.  This file is at the root of every Windows drive.

In preparation for an SBS 2011 install I wanted to create a bootable USB drive of the install media.  To start I attempted to clean off the drive of all its contents but that process failed with the autorun.inf file.  Then I realized that I should’ve just reformatted so to be thorough; of course that sledge-a-matic action worked.

I’ve done this before for SBS 2011 and WHS 2011 which can require this type of USB drive install media on headless servers.  The odd thing is that never before was this an issue so this must be something new that has emerged behind the security scenes but of which I was not aware.  What I uncovered was the Trend Micro WFBS Agent settings were blocking both ‘delete’ and ‘copy’ actions to the autorun.inf file.  This isn’t specific to just TM though as the Google search result I found pointed to a different AV vendor.  If you hit this error, disable the AV temporarily as the workaround. 

Initially I opted to go the Windows 7 USB/DVD Download tool method (creates a bootable USB drive from ISO or DVD) but hit an issue when it failed during the copying process.  After trying variations and getting the same failed result, I opted to go the longer manual creation route as detailed by Tim Barrett in his www.NoGeekLeftBehind.com blog.  During that process I hit the root issue in a way that gave me a usable error message to find the solution.  After disabling the AV I hit success.

The System Properties UI quick command

From a Run prompt (winkey+R) enter sysdm.cpl.  This will invoke the System Properties UI in Server 2008 or Vista without any clicking.

This can be useful as from here you can gain access to the Device Management UI.  If you are installing a virtual OS in Hyper-V sometimes a critical driver isn’t installed from the install media (such as the NIC in SBS 2008).  Through this method you can invoke the Device Management UI and manually install the needed driver.  First though you would need to get to a Run prompt and to do this you bring up Task Manager Ctrl+Alt+End (Hyper-V) and from File menu choose the “New Task (Run)” option.

In the example of SBS 2008 you need to run the Integrated Services Setup Disk to gain virualized networking hardware functionality.  First from the Run prompt type “Explorer.exe” to open Explorer.  Next, with any previous ISO ejected, you choose from the Action menu to Insert this ‘Disk’.  With Explorer now running, the mounted disk will Autorun and install.  A restart will be needed and afterwards you can finish the SBS 2008 installation.

The location of this is at “C:\Windows\System32\sysdm.cpl ” in case you want to create a shortcut.

Drive Formatting 16K Cluster to Avoid Loss of Volume Shadow Copy Snapshots

Recommended Reading: Shadow copies may be lost when you defragment a volume
http://support.microsoft.com/kb/312067/ – MS document on VSS 16KB cluster best practice

Well, after seeing System Error 25 VolSnap too many times and realizing each time it appears all  Volume Shadow Copy snapshots were being dumped, I decided to dig into this.  Why?  Because those VSS snapshots are very valuable safety nets that users rely on.  Things like redirected My Documents …etc are highly valuable and worth having an extra version to fall back to.

What I discovered is that whenever a defragmenter runs against the default 4 KB (SBS/Win2k3) cluster size these events occur.  I experienced this testing out Diskeeper and then PerfectDisk (Raxco) but also see this when running the native Microsoft defragmenter.  Further research shows that the cluster size needs to be 16 KB for VSS.

So next time you create a data partition my best practice advise to you is to raise the cluster size up from the default to 16 KB (or a greater size).

Although this blog was written a couple of years ago for Windows Server 2003 this still applies in the Server 2008 product.  How do I know?  I asked the Server 2008 VSS team in their blog at the time of launch earlier this year.  What was amazing is that they gave me the impression by the tone of their response that didn’t seem to understand that this issue was relevant or significant.

Here’s the 3/24/2008 response I got from Greg Jacklin via Jim Benton:

“Although volsnap and defrag/ntfs do their best to get along, it is still
best to format with a 16K cluster size for performance.
-Greg”

BTW if you think your heard about this before but you can’t remember where perhaps it was via Wayne Small or Microsoft.  Below are these historical references:

 

    There are some other planning & “hot fix” articles from MS that address some aspects of snapshot dumping; nevertheless, remember that the root cause is that your cluster size isn’t large enough.

Overview Info:

 

Hotfixes:

Reserving a TCP Port in Windows

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ReservedPorts

Above is the registry key that needs tweaked in order to reserve a TCP port. This will protect this port from any inadvertent randomn future assignment by software, patch, or service as what has happened over this past week with the DNS patch.

  • http://blogs.technet.com/sbs/archive/2008/07/17/some-services-may-fail-to-start-or-may-not-work-properly-after-installing-ms08-037-951746-and-951748.aspx
  • http://support.microsoft.com/kb/812873
  • Remote Desktop Connection 6.1 client update for Terminal Services in Windows XP Service Pack 2

    This should work nicely for those that want to wait to deploy XP SP3 a little longer but need to connect to Server 2008 TS Remote App.  Link is at the bottom of brief overview.

    Description of the Remote Desktop Connection 6.1 client update for Terminal Services in Windows XP Service Pack 2

    View products that this article applies to.

    Article ID: 952155

    Last Review:  June 24, 2008

    Revision:  2.1

    INTRODUCTION

    This article discusses the Remote Desktop Connection (RDC) 6.1 client update that helps you use the new Terminal Services features. These features are introduced in Windows Vista and in Windows Server 2008 and are available from a computer that is running Windows XP Service Pack 2 (SP2).

    Description of the Remote Desktop Connection 6.1 client update for Terminal Services in Windows XP Service Pack 2