Hey y’all, Mark here with a post about an issue we’re seeing with many of our customers lately. Hopefully, we’ll save you a couple hours of head-scratching and Bing searches.
You deploy a shiny new Windows Server 2012 Virtual Machine on Hyper-V or VMWare, and then you notice that no file shares are accessible. For example, on a Domain Controller you can’t access the SYSVOL share. You tend to get an error message like so:
You may notice other puzzling things such as services failing to start when they are on removable or hot pluggable drives, maybe even some SBSL issues with logon scripts, loading user profiles, etc. Windows 8 modern apps might throw the error “app didn’t start”. So what is the cause of all this seemingly unconnected things?
You are the unfortunate victim of two specific configurations. First, you have a specific auditing setting turned on. Second, the drive that where your shared folder resides, or service launches, shows up as a removable or hot pluggable drive.
You have Audit Removable Storage explicitly enabled for Success and/or Failure. This configuration can be found at Windows Settings, Security Settings, Advanced Audit Policy Configuration, System Audit Policies, Object Access, Audit Removable Storage
Or, you have Audit Object Access Policy Success and or Failure, which implicitly enables all object access. This setting is found at Windows Settings, Security Settings, Local Policies, Audit Policy, Audit Object Access
Fantastic, we identified two seemingly innocent configurations. How can we fix our problem? VMWare has two KBs that suggested work-arounds by disabling the audit policy and/or disabling the HotAdd/HotPlug capability. These will indeed make the issue go away but what if you are unable to do either of these two actions?
The recommended solution to this is actually apply the hotfix in KB 2811160 – which, by the way, is included the Windows Server 2012 April 2013 update rollup. If you look closely at the April 2013 Update Rollup at what’s included we’ll find KB 2811670 “Issues when the Audit object access policy is enabled on Removable Storage in Windows 8 or Windows Server 2012”. Looking through the details of the KB pretty much hits the nail on the head of our issues. (We are reaching out to VMWare to have them update their KB as well.).
A Friendly Reminder:
For many of you, this might be the first time hearing about update rollups. However, regular readers of the blog (hint: you should subscribe if you haven’t already) know we covered this topic way back in May. Read “Update Rollups for Windows Server 2012 and Windows 8 Explained” by Steve Mathias. His hard work is already paying off on this. And for those of you who are proactively applying the Windows 8/Server 2012 Update Rollups, you’ve already dodged this issue, plus a couple past and future problems. So pat yourselves on the back.
If you found this post helpful please let us know in the comments. It’s what keeps this blog running. Until next time.
Mark “Another Holiday Issue Averted” Morowczynski