In addition to the Windows 8 Consumer Preview, Windows Server “8” Beta is also available to test. We would like to encourage you IT Pros and software developers to try it out. Yesterday, Bill Laing, Corporate Vice President of Server and Cloud, announced the beta release of Windows Server “8”. 

On the Windows Server Blog, keep an eye out for upcoming posts by Bill Laing and his team in the coming days and months for deeper dives in all technology areas of Windows Server. In the introduction this time, Bill mentions Hyper-V Network Virtualization, File Server Transparent Failover, and the fact the Windows PowerShell now has 2,300 commandlets built in.

Check it out and enjoy!

- Mike Platts

What are Understand and Troubleshoot Guides (UTG)?

The Windows Server “8” Beta Understand and Troubleshoot Guides (UTG) help IT administrators and architects develop awareness of key technical concepts, functionality, and troubleshooting techniques. This understanding enables a successful early adoption experience during the product evaluation phase.

To access all of the available UTGs, visit the Windows Server 8 Beta Understand and Troubleshoot Guide Portal Page

Here is a list of the Understand and Troubleshoot Guides specific to Networking:

Understand and Troubleshoot DHCP Failover in Windows Server 8 Beta

Understand and Troubleshoot DNSSEC in Windows Server 8 Beta

Understand and Troubleshoot IP Address Management (IPAM) in Windows Server 8 Beta

Understand and Troubleshoot Remote Access in Windows Server 8 Beta

What is a Test Lab Guide (TLG)?

Test Lab Guides (TLGs) allow you to get hands-on experience with new products and technologies using a pre-defined and tested methodology that results in a working configuration. When you use a TLG to create a test lab, instructions tell you what servers to create, how to configure the operating systems and platform services, and how to install and configure any additional products or technologies. A TLG experience enables you to see all of the components and the configuration steps on both the front-end and back-end that go into a single- or multi-product or technology solution.

To access all of the available TLGs, visit the Windows Server 8 Beta Test Lab Guide Portal Page

TLG Base Configuration Guides:

Windows Server 8 Beta Test Lab Guide: Base Test Lab Guide for Windows Server 8 Beta

Windows Server 8 Beta Test Lab Guide Mini-module: Homenet Subnet

Windows Server 8 Beta Test Lab Guide Mini-module: Basic PKI

Windows Server 8 Beta Test Lab Guide Mini-module: Second Corpnet Subnet

Here is a list of Modular Test Lab Guides specific to Networking. These guides require the Base Test Lab configuration linked above as a starting point:

Windows Server 8 Beta Test Lab Guide: Demonstrate DirectAccess Simplified Setup in an IPv4-only Test Environment

Windows Server 8 Beta Test Lab Guide: Demonstrate DirectAccess Single Server Setup with Mixed IPv4 and IPv6

Windows Server 8 Beta Test Lab Guide: Demonstrate DHCP Failover in Windows Server 8 Beta

Windows Server 8 Beta Test Lab Guide: Demonstrate IP Address Management (IPAM) in Windows Server 8 Beta

Windows Server 8 Beta Test Lab Guide: Demonstrate DNS Security Extensions (DNSSEC) in Windows Server 8 Beta

- Tim Quinn

We get questions from customers asking how they can disable a wireless connection when they are connected to a physical network. There can be various reasons for wanting to do this but they are often misguided.

First let me say – Windows does not currently have the ability to disable a Wireless connection when connected to a physical network. There are 3^rd party solutions and some hardware will have this ability in the BIOS/Advanced settings of the NIC.

While there are legitimate reasons for doing this, really what you should be asking first is, “why?” What is it you are really trying to accomplish? The answers usually come down to either performance or security.

First let’s tackle performance

This usually comes across as something like, “We are concerned that users are connecting over a slower wireless connection when there is a faster physical connection available.”

In reality this should not be an issue as the interface is automatically given a metric when a route is added to the route table and that metric helps decide which route to use if there is more than one path.

Here is a KB article about how XP handles this:

299540 An explanation of the Automatic Metric feature for Internet Protocol routes

http://support.microsoft.com/default.aspx?scid=kb;EN-US;299540

Note: It is done the same way in Vista and Windows 7 but the metric is more granular.

If you are experiencing this type of behavior, you should really be looking closer at the route table and gateway configuration to see if there is an issue there.

There can be times where you have, say, a gigabit network and a wireless N connection that will get the same metric because they essentially report the same speed. If the physical and the wireless network are both on the same subnet and they both have the same gateway Windows can’t determine which interface to use because the metric is the same. So it uses the first one listed in the route table. While you could change the bindings it is not really a good solution and is difficult to automate. You could also change the metric manually with the route command but again this is difficult to automate.

Really you should be considering why the wireless network is in the same subnet. If your wireless network is given its own subnet you will have much better control of the routing in your network and you won’t see these types of issues.

So what if they aren’t in the same subnet? Then it will depend on what is returned via name resolution and the Destination IP address selection process documented here.

http://blogs.technet.com/b/networking/archive/2009/04/17/dns-round-robin-and-destination-ip-address-selection.aspx

Now let’s talk about security

This usually sounds something like “We are concerned users will connected to an unmanaged network in the vicinity and expose the physical network to traffic from said network.” In Windows XP this was a more legitimate concern but in Windows Vista and Windows 7 this is not as applicable because of various security improvements but most specifically the strong host model. You can read more about this at the following link:

http://blogs.technet.com/b/networking/archive/2009/04/25/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx

Further, with Windows Vista and Windows 7, administrators can use Network Permissions in the Wireless GPO to prevent connections to Ad Hoc networks, neighboring networks, or any non-GPO mandated network.

Another concern is just that users will connect to the unmanaged network and send sensitive data over it. The problem with this concern is that all a user has to do is unplug the physical network and they could do the same thing. The truth is that if it is possible to reach the resource over the unmanaged network you can never be sure this won’t happen. You need to either address the routing issue or encrypt the sensitive data. Disabling the wireless NIC is not going to be a complete solution and you could break connectivity in other places that you are not in control of.

So when would you want to disable wireless?

As suggested earlier there are legitimate reasons for wanting to disable the Wireless connection. Perhaps you have a limited number of access points and no ability to expand the wireless side of the network so you want to ensure all physically connected machines use the wired connection. Or maybe your wireless connection only has a limited number of IPs. Again there are other ways to address these issues but if this is the solution you want, 3^rd party solutions are currently the best bet.

Summary

In a world that is increasingly connected, disabling connectivity is only going to cause you problems down the road. While there are ways to disable a wireless connection when a machine is plugged into a physical network, you should really think more about why you are trying to do this and address the root of the problem instead. If you find that you do still require this functionality, you will want to research the 3^rd party software/hardware options available.

- David Pracht

I have worked with number of customers who have faced the scenario where few or many (important) DNS records disappear from a DNS zone and they are left only with a question as to who or what deleted those records. There could be a number of scenarios which can result in this situation, to mention a few:

• The computer owning the DNS record was gracefully shut-down and dynamically de-registered its host or SRV records
• A zone transfer deletion bug described in MSKB 953317 deletes virtually the entire contents of the zone immediately following zone transfer on busy W2K8 SP1 computers hosting secondary copies of a DNS zone.
• Systems not able to update their record in DNS.
• Misconfigured scavenging settings prematurely delete records before they can be re-registered by the computer that owns the record
• Someone manually deletes the record from the DNS zone.

For this post, I am going to discuss DNS auditing configuration which can help identify the root cause of DNS record deletion or at least narrow it down.

NOTE: For this discussion I will use contoso.com as the domain as well as the DNS zone name.

A DNS zone can be either stored on the DNS server in form of a file such as contoso.com.dns or it can be integrated in Active Directory for replication.

In the case of Standard Primary or Secondary zone, there is no way to determine who or what deleted the records from the zone. But if the zone is Active Directory-integrated, we can set up Directory Service Access Auditing to learn more about the cause of deletion of the records.
To learn more about AD Integrated zones, please refer to this.
A DNS zone integrated in Active Directory can be stored in 1 of 3 different partitions:

• Default Domain partition : “All domain controllers in the Active Directory domain contoso.com”
• DomainDNSZones partition (Application partition) : “All DNS servers in the Active Directory domain contoso.com”
• ForestDNSZones partition (Application partition): “All DNS servers in the Active Directory forest contoso.com”

To determine which partition your zone is located in:

1. Open the DNS Management Console (DNS MMC).
2. Right click on your zone name and select properties.
3. On the General tab, review the setting for “Replication”.

To configure auditing on the zone, follow these steps:

Enable Directory Service Access auditing

You can enable this on a single Domain Controller or all Domain Controllers as needed to suit your environment. Follow the steps appropriate for your needs below.

Enable Directory Service Access auditing on a single DNS Server (Domain Controller)

Windows Server 2003 and above

1) Click on Start > Run > type gpedit.msc and then press ENTER.

2) In the Group Policy MMC, navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy.

3) Define 'Audit directory service access' for success and failure.

4) Refresh the policy on the computer by typing gpupdate /force at a Command Prompt.

For Windows Server 2008 and above you can also use the following command to enable Directory Service auditing on a DNS Server (Domain Controller):

Auditpol /set /category:“DS Access” /Success:Enable
Auditpol /set /category:“DS Access” /Failure:Enable

Enable Directory Service Access auditing on all DNS Servers (Domain Controllers)

Windows Server 2003

1) Click on Start > Administrative Tools > Domain Controller Security Policy.

2) Navigate to Local Policies > Audit Policy

3) Define 'Audit directory service access' for success and failure.

4) Refresh the policy on computer by typing gpupdate /force at a Command Prompt.

Windows Server 2008 and later

1) Click on Start > Run > type gpmc.msc, and then press ENTER.

2) In the Group Policy MMC, navigate to the Forest: Contoso.com> Domains > Contoso.com > Domain Controllers >Default Domain Controllers Policy.

3) Right click and select “Edit” on the Default Domain Controllers Policy.

4) Navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy.

5) Define 'Audit directory service access' for success and failure.

6) Refresh the policy all Domain Controllers by typing gpupdate /force at an Administrative Command Prompt.

Enable auditing on the DNS zone

1) Open ADSIEdit on any DC that has the DNS role. (Start, Run, type adsiedit.msc, and press ENTER).

2) Right-click ADSI Edit, click ‘Connect to..’

3) On the Connection Settings window that comes up, select the ‘Select or type a Distinguished Name or Naming Context:’ under Connection Point.

4) Depending on your Domain name and the partition where the zone is stored, type the Distinguished Name for the partition and click OK:

• If the zone is stored in default Domain partition, then I will use DC=contoso,DC=com as the Distinguished Name. (This partition is generally loaded in Adsiedit by default).
• If the zone is stored in DomainDNSZones partition, then I will use DC=DomainDNSZones,DC=contoso,DC=com as the Distinguished Name.
• If the zone is stored in ForestDNSZones partition, then I will use DC=ForestDNSZones,DC=contoso,DC=com as the Distinguished Name.

(Screenshot demonstrating how to connect to the DomainDNSZones partition)

5) Navigate to the location of the DNS zone object according to where the zone is stored:

• If the zone is stored in default Domain partition then:
  Expand Domain [(dc name).contoso.com] > DC=contoso,DC=com > CN=System > CN=MicrosoftDNS
• If the zone is stored in DomainDNSZones partition then:
  Expand Domain [(dc name).contoso.com] > DC=DomainDNSZones,DC=contoso,DC=com > CN=MicrosoftDNS
• If the zone is stored in ForestDNSZones partition then:
  Expand Domain [(dc name).contoso.com] > DC=ForestDNSZones,DC=contoso,DC=com > CN=MicrosoftDNS

(Please note that in the case of a ForestDNSZones partition, the DN path will always refer to the forest root domain DN path)

6) Under CN=MicrosoftDNS you will find DC=<your zone name> (DC=contoso.com in my case). Right click on that and select Properties.

7) On the Security tab, click the Advanced button.

8) Select the Auditing tab, and click Add.

9) Under User or Group, type ‘Everyone’ and click on Check Names button. Click OK.
(You may find some already existing entries with the name ‘Everyone’ under the Auditing tab. This may be confusing but please add a new entry as mentioned above.)

10) On the Auditing Entry window that pops up, under the Object tab, select Success and Failure for access types Write All Properties, Delete, and Delete Subtree and click Ok.

Reviewing auditing events using Event Viewer

After you have set up auditing by following the above mentioned steps, an Event ID (566 in Windows Server 2003 and 4662 in Windows Server 2008 R2) will be logged in the Security Event Log whenever a DNS record is modified; for example:

For Windows Server 2003:

Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 566
Date: mm/dd/yyyy
Time: hh:mm:ss
User: Contoso\<account>  (computer account /user account)
Computer: <servername>
Description:
Object operation:
Object Server: DS
Operation Type: Object Access
Object Type: dnsNode
Object Name: DC=test1,DC=contoso.com,CN=MicrosoftDNS,DC=DomainDNSZones,DC=contoso,DC=com (This tells the name of the record that was deleted)
Handle ID: -
Primary User Name:
Primary Domain: contoso
Primary Logon ID:
Client User Name: (This contains the name of the user or the system that removed the record)
Client Domain:
Client Logon ID:
Accesses: (Write property / Deleted)*

For Windows Server 2008 and 2008 R2:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: mm/dd/yyyy hh:mm:ss AM/PM
Event ID: 4662
Task Category: Directory Service Access
Level: Information
Keywords: Audit Success
User: N/A
Computer: <Server Name>
Description:

An operation was performed on an object.

Subject :

Security ID: CONTOSO\Administrator
Account Name: Administrator (computer account /user account)
Account Domain: CONTOSO
Logon ID: 0x1d3d5

Object:

Object Server: DS
Object Type: dnsNode
Object Name: DC=test,DC=contoso.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com (This tells the name of the record that was deleted)
Handle ID: 0x0

Operation:

Operation Type: Object Access
Accesses: Write Property

Access Mask: 0x20
Properties: Write Property
dnsNode

When Active Directory deletes an object from the directory, it does not immediately remove the object from the database. Instead, Active Directory marks the object as deleted by setting the object's isDeleted attribute to TRUE, stripping most of the attributes from the object, renaming the object, and then moving the object to a special container in the object's naming context (NC) named CN=Deleted Objects. This object is called a tombstone and is used to replicate the object’s deletion throughout the Active Directory environment. Over time (default 60 days), the tombstone is removed and the object is truly gone from AD. DNS objects, however, have their own process of deletion - once the DNS zone is integrated in the Active Directory, all the DNS records become Active Directory objects but they get an attribute called “dNSTombstoned” attached to them.
A DNS record gets removed by either of the following methods:

• Scavenging
• Manual deletion
• When it gets a valid TTL update with TTL=0
• An LDAP delete command using interfaces such as ADSIEDIT or LDP

If the DNS record is getting deleted by any of the first 3 ways then the value of the dNSTombstoned attribute attached to it will become “TRUE”. In this scenario the records will still exist in Active Directory but DNS.exe will not load them in the MMC. This is because for DNS they are deleted, but for Active Directory they still exist as a valid AD object. We can still see them using ADSIEDIT. When the record is in this state in the Active Directory the value of dNSTombstoned can change to “FALSE” either when the host machine/DHCP sends an update for the record or by creating another record with the same name manually. When this happens, DNS.exe will start loading the record again in the MMC. If the DNS record is being deleted by the 4^th method or if the record stays in the state of dNSTombstoned=TRUE for more than 7 days then it will be tombstoned (AD tombstoned) like any other AD object.

When the Accesses is “Write property” it means that the value of dNSTombstoned has been either changed to TRUE/FALSE or the time stamp on the record was updated and if the Accesses is “Deleted” then it means that the record has been AD tombstoned.

This table should cover almost all the scenarios.

Please note from the table that for every valid update the Access type would be “Write”. Just by looking at the Event ID we cannot determine whether the record was dnsTombstoned or the time stamp was updated, you may also find multiple events logged (which look the same) for the same record. When an event is logged we need to check in the DNS MMC and see if the record exists or not, if it does then it means the event was logged for renewing the timestamp on the record, if the record does not exist then it would mean that the record has been dnsTombstoned (You can verify this by checking the dnsTombstoned attribute of that record in Adsiedit).

Recommended Microsoft Knowledge Base articles discussing some issues that can cause DNS record deletion:

885279 Net Logon policies are not applied on a high-speed computer that is a Windows Server 2003-based domain controller
306602 How to optimize the location of a domain controller or global catalog that resides outside of a client's site
267855 Problems with many domain controllers with Active Directory integrated DNS zones
953317 A primary DNS zone file may not transfer to the secondary DNS servers in Windows Server 2008
2520155 DNS Host record of a computer is deleted after you change the DNS server assignment

You may also face issues related to partial / full zone loading issues (many times confused as multiple records disappearing issue). In this case please check the Active Directory for any CNF objects which can cause this.

If you have any related questions, please post them here and I will try to answer them as soon as possible.

- Sneh Shah

Like last week, I have only one new article to share this time:

2524478 The network location profile changes from "Domain" to "Public" in Windows 7 or in Windows Server 2008 R2

- Mike Platts

After a deluge of new networking-related articles last week, I have just one to share this time:

2568645 Firewall exceptions not honored after cluster failover

- Mike Platts

Quite a variety of new articles were released this week, covering a number of networking technologies and operating system versions:

2523887 You may encounter file corruption issues when you use the Offline Files feature to synchronize data in Windows 7

2525835 MS11-047: Vulnerability in Microsoft Hyper-V could cause denial of service: June 14, 2011

2535094 Server stops responding when you lock or unlock files on a network by using the SMB2 protocol in Windows Vista or in Windows Server 2008

2535121 IP-HTTPS connections disconnect if the network status is changed on a computer that is running Windows 7 or Windows Server 2008 R2

2536493 Slow SQL Online Transaction Processing performance when SQL database files are stored on an SMB network file share in Windows 7, in Windows Server 2008 R2, or in Windows Storage Server 2008 R2

2537589 SMB/CIFS sessions leak in Windows Vista and in Windows Server 2008

2547057 IP packets are not routed through a Windows Server 2008 R2–based LAN router in a VLAN environment

2548145 The size of the Active Directory increases rapidly on a Windows Server 2008 R2-based domain controller that hosts the DNS Server role

2548470 A WebClient service crashes on a computer that is running Windows 7 or Windows Server 2008 R2 when you connect a WebDav resource

2548491 A SSTP connection to an external SSTP server from a computer that is running Windows Vista or Windows Server 2008 does not work

2548554 Ftp.exe output cannot be redirected to a file in Windows Vista or in Windows Server 2008

2549036 "0x0000000A" stop error occurs when several applications access the same network share file by using the MapViewOfFile() API on a computer that is running Windows 7 or Windows Server 2008 R2

2549268 SNMP threads do not time out correctly in Windows Vista or in Windows Server 2008

2549656 DNS Server service randomly cannot resolve external names and returns a "Server Failure" error if IPv6 is disabled in Windows Server 2008 R2

2550111 Event IDs 34005 and 31004 may be logged in the System event log of Windows 7 when Internet Connection Sharing (ICS) is enabled on an available Network connection

2550719 "Name Error 3" error message when you send a query to an EDNS-enabled forwarding DNS server and the query is resolved by using WINS forward lookup in Windows Server 2008 R2

2551685 Applications or services that rely on local named pipes encounter a connectivity failure in Windows Server 2008 SP2 or in Windows Vista SP2

2553549 All the TCP/IP ports that are in a TIME_WAIT status are not closed after 497 days from system startup in Windows Vista and in Windows Server 2008

2554859 The "skipassource" flag of IP addresses is cleared after you use the GUI to change IP settings of a network adapter in Windows 7 or in Windows Server 2008 R2

2555258 Some files under a WebDAV folder are not listed in Windows 7

2555948 Multicast forwarding is enabled when you restart RRAS in Windows 7 or in Windows Server 2008 R2

2555958 SNMP services returns no attributes for a PID when you monitor services by using SNMP services on a computer that is running Windows 7 or Windows Server 2008 R2

2560598 "The folder you entered does not appear to be valid. Please choose another" error when you use "Add a network connection" to connect to a nested WebDAV subfolder in Windows 7 or Windows Server 2008 R2

- Mike Platts

As discussed in the previous posts in this series, there can be several causes that will prevent the Windows Firewall from starting. In this installment I will cover specifics of checking dependencies.

Checking Dependencies

When checking dependencies you will want to check to ensure that the default dependencies are in place, that there are not additional dependencies, and that the BFE and RPC services are starting.

Checking dependencies in Windows Vista and Windows Server 2008

As seen in the screenshots below, the Base Filtering Engine and the Windows Firewall Authorization Driver are the default dependencies. Use the steps below to view this:

1. Click Start
2. Right-click Computer
3. Click Manage
4. When Computer Management opens, open Services and Applications
5. Click Services
6. Right-click on Windows Firewall in the list of services and click Properties
7. Click the Dependencies tab

In addition, the Base Filtering Engine also has a dependency on RPC, as seen below.

Therefore, we also need to verify that the Base filtering Engine and the RPC service are started and set to start automatically as seen below.

Additional Dependencies

Finally, if there are any dependencies other than the ones mentioned above you will want to remove them.

Checking dependencies in Windows 7 and Windows Server 2008 R2

Windows 7 / Windows 2008 R2 have the same dependencies as Windows Vista but the services that have dependencies on them are different. Fortunately we are not concerned with what has a dependency on these services so we can check the same Base Filtering Engine and RPC services.

Conclusion

This is the last post of my series on troubleshooting issues where the Windows Firewall Service fails to start.

I hope you have found this information useful.

- David Pracht

The Windows Firewall Service Fails to start – Checking Privilege Access

As discussed in the previous posts in this series, there can be several causes that will prevent Windows Firewall from starting. In this installment, part 4 of 5 in the series, I will cover specifics of checking access privileges for both Windows Vista and Windows 7.

Checking Privilege access

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

You can see the privilege access settings by looking at the RequiredPrivileges registry value.

I have listed the values you will find in a default clean install below but it is possible you will have other values.

HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc\RequiredPrivileges

1. SeAssignPrimaryTokenPrivilege
2. SeAuditPrivilege
3. SeChangeNotifyPrivilege
4. SeCreateGlobalPrivilege
5. SeImpersonatePrivilege
6. SeIncreaseQuotaPrivilege
7. 

You can then check the privileges found in the previous step using secpol.msc. Make sure each of the above listed privileges has LOCAL SERVICE listed in them.

You can check this by one of the following methods:

Method 1

Open secpol.msc, right click on root node (Security Settings) and export the data to an .inf file, open the .inf file in notepad.

Note: In the .inf file make sure the above listed privileges contain the SID of the needed object - for LOCAL SERVICE the SID is S-1-5-19

Note: This list below is edited to only contain the values we are looking for. There will be more values in the INF.

[Privilege Rights]
SeChangeNotifyPrivilege = *S-1-1-0,*S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551
SeAuditPrivilege = *S-1-5-19,*S-1-5-20
SeIncreaseQuotaPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544
SeAssignPrimaryTokenPrivilege = *S-1-5-19,*S-1-5-20
SeImpersonatePrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6
SeCreateGlobalPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6

Method 2

Open the Local Security Policy MMC (secpol.msc), then drill down to Local Policies / User Rights Assignment.

Find the Policy for the corresponding privileges (below) and make sure LOCAL SERVICE is listed in them.

Missing privileges can be added via Registry Editor as follows:

1. Browse to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\registry key, right click and select Permissions.
2. In the "Permissions for Creator Owner" window, click the Advanced button, then click Add.
3. 
4. Once the "Select User, Computer, Service Account or Group" box appears, change the "From this location:" to point to the local machine name if it is not already.
5. After changing the search location, enter "NT Service\BFE" for Windows Vista or "NT Service\MpsSvc" for Windows 7 in the "Enter the object name to select" box and click "Check names" - this will allow you to add the account. Click OK to return to the Advanced Security Settings dialog.
6. Check the appropriate privileges from above.

What’s next?

In my next installment, I will cover Firewall service dependencies.

I have just one new networking-related article to mention this week:

2465408 Applications or services cannot update their routing tables after they receive route change notifications in Windows Server 2008 R2 or in Windows 7

- Mike Platts

As discussed in my previous posts in this series, there can be several causes that will prevent the Windows Firewall from starting. In this installment, part 3 of 5, I will cover specifics of checking registry permissions.

Checking Registry Permissions

You can verify the permissions in Registry Editor by right-clicking each of the following registry keys and choosing Permissions. Then, highlight the desired account and click Advanced. Then highlight the desired account (again) and click Edit.

Depending on the operating system version, either NT Service\MpsSvc or NT Service\BFE needs permissions for the following keys as described below (note that HKEY_LOCAL_MACHINE has been shortened to HKLM):

HKLM\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy

• Windows Vista: NT Service\BFE - Query Value, Set Value, Create Subkey, Enumerate Sub Keys, Notify, Read Control
• Windows 7: NT Service\BFE - Query Value, Set Value, Create Subkey, Enumerate Sub Keys, Notify, Read Control

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy

• Windows Vista: NT Service\MpsSvc – Full Control
• Windows 7: NT Service\MpsSvc - Query Value, Set Value, Create SubKey, Enumerate SubKeys, Notify, Delete, Read Control

HKLM\SYSTEM\CurrentControlSet\Services\ShareAccess\Epoch

• Windows Vista: NT Service\MpsSvc - Query Value, Set Value
• Windows 7: NT Service\MpsSvc - Query Value, Set Value

HKLM\SYSTEM\CurrentControlSet\Services\ShareAccess\Epoch2

• Windows 7: NT Service\MpsSvc - Query Value, Set Value

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

• Windows Vista: NT Service\MpsSvc – Full Control
• Windows 7: NT Service\MpsSvc - Query Value, Set Value, Create SubKey, Enumerate SubKeys, Notify, Delete, Read Control

Reviewing registry permissions for Windows Vista:

Reviewing registry permissions for Windows 7:

What’s next?

In my next blog post in this series, I will cover access privileges.

- David Pracht

This is part two in my series on Windows Firewall failing to start. In part one, I covered Windows XP and gave an overview of the issues seen in Windows Vista and Windows 7. As discussed, there can be several causes that will prevent the firewall from starting. In this post, I will cover specifics of checking the logon permissions.

Checking Logon Permissions

First you should verify that the "Log on as:" account is set to Local Service. The Base Filtering Engine, Windows Firewall, and NLA services should all be set to Log on as the "Local Service" account. I'm only including one screenshot as an example because it is the same for all of the services that use Local Service. Note that the Password fields are ignored for this account. For more information on the Local Service account, refer to http://msdn.microsoft.com/en-us/library/ms684188(VS.85).aspx.

IPsec Policy agent uses the "Network Service" account.

Next we will want to verify the security descriptor definition language string, or SDDL string. This string defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe a security descriptor as a text string. Refer to http://msdn.microsoft.com/en-us/library/aa379570(VS.85).aspx for more information.

We can use SC SDSHOW to show the SDDL string for the services of interest.

Syntax: sc sdshow <Service Name>

Note: You will want to run this command against a working machine in your environment for comparison but here are the default settings from a clean install.

Windows 7 default installation

Service Name: NLASVC

D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A

;;CCLCSWRPLORC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPRC;;;S-1-5-80-3141615172-2

057878085-1754447212-2405740020-3916490453)

Service Name: BFE

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Service Name: MPSSVC

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR

RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCRP;;;S-1-5-80-2006800713-1441093265-249754

844-3404434343-1444102779)S:(AU;FA;CCDCKCSWRPWPDTLOCRSDRCWDWO;;;WD)

Service Name: SharedAccess

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Windows Vista default installation

Service Name: NLASVC

D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A

;;CCLCSWRPLORC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPRC;;;S-1-5-80-3141615172-2

057878085-1754447212-2405740020-3916490453)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Service Name: BFE

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Service Name: MPSSVC

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR

RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCRP;;;S-1-5-80-2006800713-1441093265-249754

844-3404434343-1444102779)S:(AU;FA;CCDCKCSWRPWPDTLOCRSDRCWDWO;;;WD)

Service Name: SharedAccess

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Using SC SDSET to set the SDDL string

You can restore the default permissions via the SDDL strings above or get similar data from a working machine in your own environment.

SC sdset <Service Name> <SDDL string>

Example:

SC sdset SharedAccess D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

Notice that the end of each is SY = Local System, BA = Administrator, AU = Authenticated Users, PU = Power Users

What’s next?

In the next installment of this series, I will cover registry permissions as related to Windows Firewall.

- David Pracht

Like last week, I have one new networking-related article to share this time:

2560995 Intel’s My WiFi Technology stops working after resuming from sleep or hibernate in Windows 7

- Mike Platts

There can be several causes that will prevent the Windows Firewall from starting and I will attempt to cover them in this series of five blog posts. In this first post, I will cover Windows XP and Windows Vista / Windows 7 separately as they are two different services. Last I will cover one issue with OneCare. Note: Specifics on Windows Vista and Windows 7will come in a later blog post.

Windows XP

In Windows XP, the firewall service is named "Windows Firewall/Internet Connection Sharing (ICS)", or SharedAccess service.

Typical errors seen as either popups or within event logs when the service fails to start are:

• Cannot start the Windows Firewall/Internet connection sharing (ICS) Service on local computer
• Error 2: The system cannot find the file specified
• Error 1705: While starting windows firewall and internet connection sharing services

Problems starting the Firewall Service in Windows XP are most commonly related to an issue with the Shared Access registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

The quickest resolution is generally to rebuild the key. Instructions for doing this are in the following article, along with a FIXIT link:

You cannot start the Windows Firewall service in Windows XP SP2

Other things you will want to check are:

• Verify that the "Remote Procedure Call (RPC)" service is started
• Verify that the service is configured to logon as Local System Account, as shown below:

The above 3 items cover the vast majority of the issues with starting the Firewall in Windows XP.

Windows Vista and later (Windows 7, Windows Server 2008, and Windows Server 2008 R2)

In Windows Vista and later, the firewall service is "Windows Firewall" (MPSSVC); it combines both Firewall and IPsec functionality.

The first thing to check is that the Base Filtering engine (BFE) is running. There are a number of services dependent on the BFE service (including the Windows Firewall) that may also fail to start:

• IPsec Policy Agent (PolicyAgent)
• Windows Firewall
• IKE and AuthIP IPsec Keying Modules
• Internet Connection Sharing (ICS)
• Routing and Remote Access

In my experience most of the issues starting these services are related to permissions.

Typical errors seen in relation to starting this service are:

• Event ID: 7024 - The Windows Firewall service terminated with service-specific error 5 (0x5)
• Windows could not start the Base Filtering Engine service on Local Computer. Error 5: Access is denied.
• Windows could not start the IPsec Policy Agent service on Local Computer. Error 1068: The dependency service or group failed to start.
• Windows could not start the Network Location Awareness on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -1073741288.
• The Windows Firewall service terminated with service-specific error 87 (0x57)
• Error 0x80004015: The class is configured to run as a security id different from the caller.
• The Windows Firewall service terminated with service-specific error 6801 (0x1A91).
• "net start mpssvc" in cmd.exe returns the system error 1297.

What to look for (specific details will be shared in a future blog post):

• Verify Log On permissions
• Verify registry permissions
• Verify privilege permissions
• Verify Service Dependencies
• Reset the default security permissions
• Verify that the TxR folder exists : %systemroot%\system32\config\TxR
• Verify the following registry keys by comparing them to a default Windows installation:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShareAccess

Windows OneCare

Lastly, I am including information about one issue that may be seen with the Windows OneCare Firewall Service. The following messages may be seen:

The Windows OneCare Firewall Service Could not Start

Urgent - Turn on Firewall

You will see this error in the Windows OneCare interface, with a red status action item asking you to enable the firewall. The action listed does not enable the firewall, however.

This issue is also very specific because the firewall settings in Windows OneCare are grayed out and cannot be modified.

To resolve this issue:

Use the steps below to ensure that the PATH environment variable contains the following path:

%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM

1. Click Start / Control Panel and open the System Icon.
2. In System, click the Advanced tab and then Environment Variables.
3. Ensure that in the lower box "System variables" that PATH exists. If Path does not exist click NEW and type in PATH as the variable name and enter the above path in the variable value.
4. If PATH already exists, highlight it and click Edit.
5. Under variable name, click at the end of the line to append the above mentioned path to the end of the current path. NOTE: BE SURE TO SEPERATE THE OLD PATH AND THE NEW PATH WITH A SEMI-COLON ( ; ).
6. Click OK to close the windows and restart the computer.

If this does not resolve the issue, try the following step:

1. Click Start / Run and type Regsvr32 %SystemRoot%\System32\wbem\wmidcprv.dll and click OK.
2. Restart the computer and test the firewall again.

If this does not resolve the issue, or if the problem does not match the description, please follow the steps in KB article 910659.

Conclusion

This wraps up my overview of how to troubleshoot issues starting the Windows Firewall Service. I will have some future blog posts with more specific details on the Windows Vista/Windows 7 steps.

- David Pracht

Happy World IPv6 Day! I wanted to remind you that various Microsoft sites, among many others, are running IPv6 today to allow ISPs, hardware manufacturers, and various other businesses to test communication in a large scale. If you would like to learn more about what makes today unique for IPv6 or would like to learn more about IPv6 itself, please check out the following:

World IPv6 Day

http://blogs.technet.com/b/microsoft_blog/archive/2011/06/07/microsoft-supports-next-generation-of-the-internet-with-world-ipv6-day.aspx

http://www.microsoft.com/ipv6

- Mike Platts

I have one new networking-related article for this week:

2473489 IP address and default gateway settings are assigned incorrectly in Windows Vista, in Windows Server 2008, in Windows 7, and in Windows Server 2008 R2

- Mike Platts

I have three new networking-related articles to share with you this week:

2533454 Resolving Internet connectivity issues on World IPv6 Day (June 8, 2011)

2550576 STOP 0xC4 may occur in tcpipreg.sys following a reboot after Driver Verifier is enabled on Windows 7 SP1 or Windows Server 2008 R2 SP1

2551021 Initiating a TCP session with Windows Server 2003 using a non-standard flag combination may succeed

- Mike Platts

Christopher Palmer has written a post describing Microsoft’s participation in World IPv6 Day on June 8, 2011. He also has some great introductory information on IPv6 and what differentiates it from IPv4. On World IPv6 Day, a number of companies will enable IPv6 on some of their Internet properties in addition to IPv4 to allow a large scale “test drive” of IPv6.

Check out Christopher’s post here for additional information and links on World IPv6 Day, including who else will be participating!

- Mike Platts

This week, I have two new networking-related articles to share with you:

2524426 MS11-035: Vulnerability in WINS could allow remote code execution: May 10, 2011

2550500 Editing the properties for a network adapter may result in unedited adapters being paused/restarted on Windows Vista and Server 2008

- Mike Platts

Hello all, my name is Mehul and I am with Platforms Networking support. We receive many calls dealing with slow file transfer when copying files using TCP (such as SMB file copying or FTP file transfer). The recommended approach to troubleshoot these scenarios is to take Network Monitor traces at the source and the destination. Analysis of these traces often reveals the following:

• Packets are getting dropped -we will see Retransmits, Duplicate Acknowledgements (DupACKs), and Fast Retransmits. Also:
• ‘The receiver (such as a Windows file server where a client is copying a file or files to the server)’ has a TCP Receive Window Size of Zero.
• Small data packets transferred over a high bandwidth network.

In this post we will be concentrating on DupACKs and Fast Retransmits.

When a Sender sends a segment, it also sends information about the sequence number used. The receiver in return sends an acknowledgment (ACK) – with the ACK flag set, to update sender that it received that segment. For each TCP segment sent there is a retransmission timer bound to it. The value of the retransmission timer is initially defined by TcpInitialRtt and then recalculated to a dynamic value based on connection experience. If the sender does not receive an ACK from the receiver for the TCP segment it sent before the timer expired, the sender retransmits the same TCP segment. If the sender was sending a SYN packet, then TcpMaxConnectRetransmissions would be used to define how many retransmissions are done. For any other type of packet, TcpMaxDataRetransmissions is used to define how many retransmissions are done.

At times, it may so happen that a receiver receives a TCP segment with a sequence number higher than the expected one (out of order segments). The receiver then sends an immediate ACK with the Acknowledgement field set to the Sequence number the receiver was expecting. This ACK is a duplicate of an ACK (DupACK) which was sent previously. This is basically done to update the sender with regards to the dropped/missing TCP segments. After receiving 2 DUPACKs, TCP performs a retransmission of that segment without waiting for the retransmission timer to expire .This is called a Fast Retransmit. The number of ACKs to receive before resending can be set with the TcpMaxDupACKs registry value under the HKEY_LOCAL_MACHINE\System\CurrentControlSetServices\Tcpip\Parameters key.
When a sender has to retransmit, he assumes that network congestion is occurring and goes into a recovery mode on subsequent packets. With Fast Retransmit the recovery is faster. This is known as the Fast Recovery Process.

Let’s take an example where a Windows XP client machine-(Receiver) is copying a 200MB file from a Windows Server 2003 machine (Sender) and some data packets are dropped. When the Receiver receives a packet with a TCP sequence number higher than the expected one, it understands, that some packets were dropped. Receiver then updates the sender about the packet getting dropped as quickly as possible by sending a DupACK, with the ACK number set to the sequence number that is missing. Below is a network trace snippet , taken on the Receiver (192.168.2.4) as it received a stream of data from Sender.

2615 192.168.1.22 192.168.2.4 TCP: Flags=...A...., SrcPort=Microsoft-DS(445), DstPort=1271, PayloadLen=1460, Seq=40444 - 41904, Ack=73803, Win=65535

Server sends data packets with Sequence no’s: 40444 - 41904

2616 192.168.1.22 192.168.2.4 TCP: Flags=...A...., SrcPort=Microsoft-DS(445), DstPort=1271, PayloadLen=1460, Seq=41904 - 43364, Ack=73803, Win=65535

2617 192.168.2.4 192.168.1.22 TCP:Flags=...A...., SrcPort=1271, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=73803, Ack=43364, Win=65535

Receiver acknowledges the data by sending a TCP ACK frame with Ack set to 43364 in frame 2617

The next packet that Receiver expects is with the TCP Sequence starting from 43364.
2618 192.168.1.22 192.168.2.4 TCP: Flags=...A...., SrcPort=Microsoft-DS(445), DstPort=1271, PayloadLen=1460, Seq=44824 - 46284, Ack=73803, Win=65535

However in frame 2618, Receiver receives a packet with sequence starting from 44824. In the next frame(2619,below) Receiver informs Sender that it didn’t receive packets [43364 –44824] by sending a DupACK frame. Note that the AckValue set to 43364.

2619 192.168.2.4 192.168.1.22 TCP: [Dup Ack #2617] Flags=...A...., SrcPort=1271, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=73803, Ack=43364, Win=65535

2620 192.168.1.22 192.168.2.4 TCP:[Continuation to #2609]Flags=...A...., SrcPort=Microsoft-DS(445), DstPort=1271, PayloadLen=1460, Seq=46284 - 47744, Ack=73803, Win=65535

In Frame 2620, above, Receiver gets 46284 –47744, even after sending a DupACK.
Receiver sends back another DupACK frame with ACK set to 43364. After sending 2 DupACK s with the same ACK number, Receiver still receives packets higher than the sequence it was expecting. At this stage Receiver sends Request Fast-Retransmit frame for each frame it receives from the sender here after.

2621 192.168.2.4 192.168.1.22 TCP: [Dup Ack #2617] Flags=...A...., SrcPort=1271, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=73803, Ack=43364, Win=65535

2622 192.168.1.22 192.168.2.4 TCP: Flags=...A...., SrcPort=Microsoft-DS(445), DstPort=1271, PayloadLen=1460, Seq=47744 - 47855, Ack=73803, Win=65535

2623 192.168.2.4 192.168.1.22 TCP: [Request Fast-Retransmit] Flags=...A...., SrcPort=1271, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=73803, Ack=43364, Win=65535

2624 192.168.1.22 192.168.2.4 TCP: Flags=...A...., SrcPort=Microsoft-DS(445), DstPort=1271, PayloadLen=1460, Seq=47855 - 48444, Ack=73803, Win=65535

2625 192.168.2.4 192.168.1.22 TCP: [Request Fast-Retransmit] Flags=...A...., SrcPort=1271, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=73803, Ack=43364, Win=65535

With Selective ACK (SACK) options enabled, the Sender specifies the left edge (starting sequence number of the data stream) and the right edge (ending sequence number of the data stream) in the DupACK frame. This helps Sender in sending only the packets which didn’t make it to Receiver. In the above trace sample, we would see the left edge set to 40444 and right edge set to 43364. Sender then sends the data starting from the sequence 43364 .The receiver continues to use the ACK number to acknowledge the left edge of the receive window, but it also acknowledges other blocks of data individually .SACK options are negotiated during TCP session setup. With SACK options disabled, Sender resends the whole data stream again.

The whole process is treated as a fast recovery mechanism and it has the following advantages:

• With fast retransmit, the sender retransmits the missing TCP segments before their retransmission timers expires
• Only missing/dropped packets are being sent again; NOT the whole data stream.

A point to note, though, is that it’s quite possible that packets may arrive to the receiver out of order and you would see receiver sending DUPACKs.

Note: This behavior is applicable to Windows 2000, Windows Server 2003 and Windows XP. In Windows Vista, Windows 7 and Windows Server 2008 R2, there is a slight change in behavior for fast retransmit which I plan to discuss in my next blog post.

References:

http://msdn.microsoft.com/en-us/library/ms819737.aspx

http://www.ietf.org/rfc/rfc0793.txt?number=793

http://www.ietf.org/rfc/rfc2581.txt

- Mehul Mistry

I had no new articles to present last week, and this week I have just two new ones. Enjoy!

2536720 Third-party applications or services encounter an authentication failure when security update 2478960 is installed in Windows Server 2003

2546625 Operation could not be completed (error 0x00000709) when trying to use a CNAME for your Windows Server 2008 R2 Print Server

- Mike Platts

I have three new networking-related articles to report this week:

2489177 You cannot access a drive that is mapped to a WebDAV share on a web server that uses only certificate authentication after the connection is idle for some time in Windows 7 or in Windows Server 2008 R2

2497787 The Remote Desktop Gateway service crashes under a heavy workload in Windows Server 2008 R2

2512723 DFS Namespace service requires a long time to process a NetDfsRemove request if the specified DFS link does not exist in Windows Server 2008 R2 SP1

- Mike Platts

After a week with no new articles to share with you, we have a surprising amount this week:

2319435 Device Manager does not display a Bluetooth device in Windows 7 or in Windows Server 2008 R2

2508429 MS11-020: Vulnerabilities in SMB Server could allow remote code execution: April 12, 2011

2508835 DNS Server service does not resolve some external DNS names after it works for a while in Windows Server 2008 R2

2509553 MS11-030: Vulnerability in DNS Resolution could allow remote code execution: April 12, 2011

2511455 MS11-019: Vulnerabilities in SMB Client could allow remote code execution: April 12, 2011

2518021 Hyper-V virtual network adapter does not bind to Quality of Service (QoS) in Windows Server 2008

2519646 Some network connections do not work after you connect a PPP-based network interface in Windows Server 2008 R2 or in Windows 7

2519736 Stop error message in Windows Server 2008 R2 SP1 or in Windows 7 SP1: "STOP: 0x0000007F"

2519740 The WWAN service may crash after you resume a Windows 7-based computer from S3 sleep

2520155 DNS Host record of a computer is deleted after you change its DNS server

2521175 An application or a service that calls the closesocket function stops responding on a Windows Server 2008 R2-based or Windows 7-based computer

2522461 Filtering does not work in the DNS Manager snap-in when you reverse lookup DNS zones to filter records in Windows Server 2008 R2

2523974 The DHCP Server service stops responding during the shutdown process when the DHCP Server service is running under a heavy load in Windows Server 2008 R2

2524977 An incorrect value for the ifOutDiscards object is returned when an SNMP application queries the ifOutDiscards object in MIB2 in Windows Server 2008 or in Windows Vista

2525332 You encounter a long logon time after you enable the "Do not automatically make redirected folders available offline" Group Policy setting in Windows 7 or in Windows Server 2008 R2

- Mike Platts

Like last week, I have two new networking-related articles to share this time:

2263829 The network connection of a running Hyper-V virtual machine may be lost under heavy outgoing network traffic on a computer that is running Windows Server 2008 R2 SP1

2530126 Error message "Windows firewall cannot change some of your settings Error code 0x8007042c" when you try to turn on your Windows Firewall

- Mike Platts

I have two new networking-related articles to share with you this time around:

2445570 Slow response working with WebDAV resources on Windows Vista or Windows 7

2496820 Applications that use the Virtual Wi-Fi technology do not work after you restart a computer that is running Windows 7 or Windows Server 2008 R2

- Mike Platts