Category Archives: IT Pro

Back from Experts Live Europe 2019

Posted on by
Reply

Back from Experts Live Europe 2019

I am back from Experts Live Europe 2019. The conference was very well organized and a great success. The speakers and attendees alike were passionate, drive and inquisitive IT professionals. We all came there to learn from each other. To talk shop and share our experiences and war storage. There were plenty of opportunities to network to do exactly that.

k from Experts Live Europe 2019
Back from Experts Live Europe 2019

I call these types of conferences “boutique conferences”. They are open to all who want to learn and be part of the community. The real-world content is not driven by marketing but by people sharing their experience and knowledge. People like you and me, who practice IT on a daily basis.

A big thank you to the attendees of my session Hyper-V Backups – The good, the bad, the ugly. I had fun presenting and the vibe in the room felt good. It enjoyed seeing that I was pointing out some of the problems some of my attendees encountered. It was even better to able to help them out. I sent the slide deck (pdf) to the conference organizers and it will be shared with you shortly. If you found my contributions helpful and enjoyed the session and the talks we had let the conference organizers know via your feedback. Also, note if something could have been done better. It helps us improve.

Well done!

Finally, dear Isidora and Marcel, well done. We all felt so welcome and appreciated at the conference. This made it easy to share with each other and learn how to become better technologists together. I hope to make it back next year! Thank you!

I can only advise you to try it out and attend or speak in order to learn with the community. Be part of it and advance professionally as well as personally.

November 2019 updates caused Windows Server 2012 reboot loop

Posted on by
29

Introduction

Some laggards that still have some Windows Server 2012 virtual machines running got a bit of a nasty surprise last weekend. A number of them went into a boot loop. Apparently the November 2019 updates caused Windows Server 2012 reboot loop. Well, we have dealt with update issues before like here in Quick Fix Publish : VM won’t boot after October 2017 Updates for Windows Server 2016 and Windows 10 (KB4041691). No need to panic.

Symptoms

Not all Windows Server 2012 virtual machines were affected. We did not see any issues with Windows Server 2012 R2, 2016 or 2019. Well the symptom is a reboot loop and below I have a sequence of what it looked like visually.

November 2019 updates caused Windows Server 2012 reboot loop
Restarting
Looking good so far …
OK, stage 2 of 4 … stlil seems OK.
November 2019 updates caused Windows Server 2012 reboot loop
Could still be OK … but no, its starts again in an endless loop.

So what caused this Windows Server 2012 reboot loop?

Fix

We turned of the virtual machines on which the November 2019 updates caused Windows Server 2012 reboot loop. We started them up again in “Safe mode” which completed successfully. Finally, we then did a normal reboot and that completed as well. All updates had been applied bar one. That was the 2019-11 Servicing Stack Update for Windows Server 2012 (KB4523208).

We manually installed it via Windows update and that succeeded.

When reading the information about this update https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=5fa2a68f-e7cd-43c7-a48a-5e080472cb77 its states it need to be installed exclusively.

Maybe that was the root cause. It got deployed via WSUS with the other updates for November 2019.

Anyway, all is well now. I remind you that we have at least 2 ways of restoring those virtual machines. In case we had not been able to fix them. Have known good backups and a way to restore them people.

Conclusion

We fixed the issue and patched those servers completely. So all is well now. Except for the fact that they now , once more, have been urged to get of this operating system asap. You don’t go more than N-2 behind. It incurs operational overhead and risks. They did not test updates against this old server VM and got bitten. Technology debt without a plan is never worth it.

Attend or present at VeeamON 2020

Posted on by
Reply

Attend or present at VeeamON 2020

VeeamON 2020 is taking place in Las Vegas, Nevada, USA from May 4th till May 6th, 2020. It is the place to be to learn about Veeams (and yours) Cloud Data Strategy. This is an opportunity to learn from industry experts on how to leverage the cloud for scalable, efficient data protection to accelerate your business. You can actually attend or present at VeeamON 2020. Every year I encourage people to invest in attending VeeamON. This year is no different.

Attend or present at VeeamON 2020
Register for VeeamON 2020

Why attend?

You can enjoy hands‑on intensive training from industry experts. There is ample of opportunity to educate yourself on the latest technologies from Veeam and our partners. To help you do that you can choose from 50+ breakout sessions, featuring top experts in the industry. On top of that, you can attend the Veeams VMCE training course to ensure that your business’s Cloud Data Management strategy is ready for what’s next.

Learn from these industry heavyweights

Conferences are also a superb place to network. Where else will you find yourself in a community of over 2,000 IT visionaries and leaders, tech trainers and cloud backup experts? All ready and eager to support your perpetual journey in search of data protection and management on-premises, in private, hybrid and public clouds as well as in hosted services.

Last but not least, celebrate your newfound knowledge, insights, and inspiration with that network at the legendary Veeam Party.

Become a presenter

You can do even more than all that. Veeam has launched its call for presentations (CFP). This is your opportunity to become a presenter at VeeamON 2020. If you have something to share and think it is interesting enough for the target audience of VeeamON 2020, please submit.

Really, go for it. You have nothing to lose and maybe you’ll be on stage presenting in Las Vegas. I mean, come on, that’s called an opportunity!

You can submit your proposals right here by clicking on the button. It will open the official Veeam CFP page in a new tab. Good luck! I hope you make it and attend or present at VeeamON 2020.

The Darwin award with MFA push notifications

Posted on by
Reply

Introduction

Recently in a talk with a pen tester I was demoing an end-user security risk that is relatively new on the scene. Apps that automatically confirm MFA push notifications. This effectively bypasses conscious user interaction and approval of any login attempt secured with a push notification. Hence the Darwin award with MFA push notifications phrase was born.

The Darwin award with MFA push notifications

Just when some security people worried more about the people with push notification suffering from security fatigue as being the biggest risk we go step further. Never mind people accepting any notification like Pavlov’s dog in a semi-unconscious, conditioned action. They have even grown tired of this an turn to MFA bypass apps to handle this for them.

The Darwin award with MFA push notifications
Yes, the Darwin award is only one approval away!

More then ever it seems that disabling any kind of self-service for device registration with MFA is key. On top of that, it is a sobering reminder that a strong password and conscious user actions are still very much key to providing security via MFA. I am not bashing DUO here. This was just the one I tested and it worked shockingly well.

Conclusion

I think for some people and organizations one or more FIDO2 keys will be the better option. Unless mobile device management can prevent people from installing auto-responder apps for push notifications you might have an issue. Or, they need to find a way to block such tools. Whatever I can come up with breaks the ease of use of push notifications but there are smarter and more knowledgeable people out there than me, so who know what they come up with. Microsoft Authenticator seems to have some capabilities to prevent this. I don’t know if you can enforce it 100% and if this cannot be bypassed in code as well.

Approve sign-in box on computer
You get a number challenge …
Approve sign-in box on device
… and you need to tap the correct number.

This, however, does nothing against conditioned responses of pushing a button or scanning a fingerprint on a FIDO2 key. So, remain vigilant. The sobering fact is that the adoption of MFA is disappointingly low. And no matter how many scary MFA bypass stories your read MFA is a key aspect of securing access today. It puts you far ahead of the curve. If done well and with well thought out procedures it is a formidable barrier for but the most determined attackers. Actually MFA bypass attacks are very rare still. Most of us are not that interesting targets but it can help keep out the majority of casual or professional thieves looking for quick wins on easy targets.