Translate

Wednesday, December 8, 2021

Windows Performance Analyzer (WPA) & Recorder (WPR)


Recently I got a mail from someone who is complaining about bad logon performance on RDS hosts. To diagnose something like this and many other performance related issues it's great to make use of the Microsoft Performance Toolkit which is part of the Windows ADK.




It contains 2 important tools:

Windows Performance Recorder (WPR),
which is used to record the performance in a binary ETW file. (Event Trace for Windows).

Windows Performance Analyzer (WPA),
which is used to examine the ETW file generated by the WPR.

These tools are extremely helpful to nail down the root cause for performance issues. Nevertheless they are not really designed for newbies and you need a solid understanding of the Windows architecture to deal with them.

See it more likely as a combined super ProMon & Process Explorer on steroids. 




This Build Conference video here is explaining the toolset with demos.



Here is a good tutorial to start with. 

Other cool side effect the WPA can open any ETL file. So if you do some other tracing with built-in tools creating ETL files you can open them with WPA either.

Also checkout the rest of the comprehensive WPA/WPR resources on docs.microsoft.com

Actually the learning curve is very steep. Especially if you try to catch up with a series of videos. There was a pretty good one in the old & retired Microsoft virtual academy with 8 hours of content (Chell Sterioff & Milad Aslaner). There is paid copy available via: Windows Performance Jump Start (trainingvideocenter.com)

But a book might be better to dig deeper into this matter. Fortunately Michael Milirud and Alex Kirshenbaum wrote a new book about it. Actually Michael you already met in the build 2011 video above. ;-)

So checkout their new book here:  
Fundamentals of… by Alex Kirshenbaum et al. [PDF/iPad/Kindle] (leanpub.com)

Tuesday, November 30, 2021

Easy dealing with different identities in Edge Chromium

When it comes to deal with different identities in the browser (Edge Chromium) then its sometimes hard to keep track which one is used in which browser window. To here is my ultimate tip to simplify this. 

Simple make use of color themes. Its pretty simple but very effective.

Due to the nature of different functions and also different demo environments I need to keep track which credentials where used where. So the "good old times" of having 2 different browsers (using InPrivate mode there) to have 3 different identities are gone. And also 3 are not enough in our days.

See here mine different ones:




How to make this working? - Simply select the color themes in the browser settings.


This is very simple, safe and effective. Just try it. I won't miss it now!

And yes what you see in the first screenshot isn't a leak. Now its official that Win365 Enterprise gets also AAD Only (now in private preview but officially announced.)

Friday, August 27, 2021

Windows365 is there

Update from 09/14/2021 (at the end of the article)!

Yeah I know from a timing perspective Windows365 is already here since July 15th 2021. But I had not yet time to write about it. I am glad to be a tester for Windows 365 since October last year. This was the most confidential TAP program we were ever involved. We were even not allowed to talk to German techy Microsofties about it. ;-)

So to make a long story short and demystify the "Windows got streamed to your device" marketing story. Yes it felt like something is "streamed" to your device. But in reality its:

  1. A Microsoft managed virtual machine 
  2. Sitting on Azure
  3. Dedicated for you
  4. Running all the time
  5. Enabled for regular management with Microsoft Endpoint Manager
  6. Part of your your own domain (hybrid domain joined, Azure AD only is on the roadmap)
  7. Paid on a single flat price (n $ per month)
  8. Accessed via RDP protocol on any device (Windows, IOS, macOS, Android, Browser, Linux)
  9. Very simple to setup and maintain!
And it is for whom?

Actually its not a default device you would give everybody in the whole company. But its a great complementary solution for specific use cases and that could be:

  • Regulated scenarios like banking, healthcare, government (outside of Germany ;-))
  • Changing demands like mergers & acquisitions, temps, contractors or partners
  • Bring your own device scenarios (very popular e.g. in Switzerland)
  • New hires (day one) until you get your real device
  • Device shortages (while you wait until your new or replacement device is there)
  • Working scenarios like retail workers or call center.
  • Special LOB applications
  • Design  & Development (even with hardware accelerated VMs for CAD)
  • Software testing
  • Pandemic situations

You may have heard of Azure Virtual Desktop. How is that related to Win365?



To learn more about it I gave 2 webcasts including demos:

GERMAN webcast held with my colleague Karsten Kleinschmidt in our own glueckkanja-gab AG webcast studio.
YOUTUBE - Windows 365 Cloud PC - German

ENGLISH webcast held with Ragnar Heil together from home office & vacation bus ;-)
YOUTUBE - Windows 365 Cloud PC - English



Pricing and plans are found here:
Windows 365 Plans and Pricing | Microsoft


Windows 365 Documentation found here:
Windows 365 Enterprise documentation | Microsoft Docs

And yes there is also a Business version available. Difference here:
  1. Azure AD only
  2. No network connection to on-premises
  3. No custom images
  4. Limited to max 300 users
So not really an option a larger enterprise would think of.

If you want to know what's new and currently available:
What's new in Windows 365 | Microsoft Docs

If you are interested in what's coming next then look here:
In development - Windows 365 | Microsoft Docs

In another post later I will talk about tips & tricks for deployment & troubleshooting. Stay tuned!

PS: Microsoft stopped the trial temporary due to overwhelming success and a large amount of requests for it. You can still "try" with a paid subscription. If you are seriously interested then the probably 32 US$ per month aren't too much for a paid test machine.

(UPDATE 9/14/2021):
To get a first glimpse here you get access to a interactive demo experience!
Interactive Demo (azureedge.net)

And if you want to see current feature requests, upvoting or adding a new one.
Windows 365 feature requests - Microsoft Tech Community

Tuesday, May 4, 2021

MS deprecates TLS 1.0 and TLS 1.1 in AzureAD

Microsoft announced they will deprecate TLS 1.0 and TLS 1.1 as authentication mechanism in AzureAD. This was already done with Office 365 with less impact. This time the impact will be much bigger!

Reason for this is security as there are serious vulnerabilities out there like Heartblead, POODLE, BEAST and others. Also other major vendors will deprecate the usage of TLS 1.0 and TLS 1.1 as also specified in RFC8996!

The MS cloud application catalog is reporting already more than 2.700 apps from the 17.000 apps not supporting TLS 1.0 or TLS 1.1.  If Azure AD is used for authentication for one of the affected apps they may fail after June 30th 2021!

Also old on-premises stuff will fail when used in combination with Azure Active Directory e.g. but not limited to: 

  • Use of outdated operating systems (Windows 7 / Window 8 without "extension", Servers older as Windows Server 2012 R2
  • Use of outdated browsers (used for app compat reasons)
  • New AzureAD device registration on older OSes
  • Older Versions of Azure AD connect, PTA agents oder AppProxy connectors
  • MFA extensions on ADFS servers with older OSes
  • NPS extensions for Azure MFA on older OSes
  • Azure AD integrated applications and PowerShell scripts based on older .Net Framework version not configure for use of TLS 1.2
  • Software as a Service (SaaS) applications or other Line of Business applications hosted on platforms without TLS 1.2 support
  • Webproxy with SSL inspection which are not supporting TLS 1.2
This list may not be complete but should show the full impact on this!

How you can solve this issue in certain scenarios you find here more information's:



You can do some testing on this also on: https://www.ssllabs.com/ssltest/
(Please keep in mind that more than one URL might be involved in an authentication process!)


If you have Microsoft's Cloud App Security you find with this advanced filter all the affected software!



And last but not least you can find for all authentications on your tenant a report showing outdated authentications. How reliable this report is, judge on your self in your environment. We found still some strange reports.

TLS deprecation report (every 2 days you see a new one. You only see the last 3 reports!)
https://servicetrust.microsoft.com/AdminPage/TlsDeprecationReport/Download

Wednesday, January 20, 2021

PSexec failing with no process on the other end of the pipe

Recently we had a new strange issue with current Windows versions and PSExec.



If you execute something like PSExec -s -i cmd.exe 

which is creating a CMD under local system context you may receive an error like this

Error communicating with PsExec service on [MACHINE_NAME]:
No process is on the other end of the pipe.

Solution: Simply update PsExec to the latest version!
Minimum here is 2.32!

Monday, January 11, 2021

Surface device - driver and firmware support lifecycle

Recently a friend ask me for an updated driver for an issue with an older device in the surface family. So I thougth it would be a good idea first to check if the device is still supported. As we have the row of devices now for a couple years.



The good news were the devices up to Surface 3 are still under "firmware and driver" support. So in this case I could open a case for this driver issue and still believe it may be served. Actually its not a guarantee that PG agrees with my issue and will fix it. But there is some how a legal basis for it according to their own support policies.

Checkout here the list!

DeviceRelease DateEnd of Servicing Date
Surface RT1October 26, 2012April 11, 2017
Surface Pro1February 9, 2013April 11, 2017
Surface 21October 22, 2013April 10, 2018
Surface Pro 21October 22, 2013April 10, 2018
Surface Pro 3June 20, 2014November 13, 2021
Surface 3May 5, 2015November 13, 2021
Surface BookOctober 26, 2015November 13, 2021
Surface Pro 4October 26, 2015November 13, 2021
Surface Book with Performance BaseNovember 10, 2016November 13, 2021
Surface Studio (1st gen)December 15, 2016November 13, 2021
Surface Laptop (1st gen)June 14, 2017November 13, 2021
Surface Pro (5th gen)June 15, 2017November 13, 2021
Surface Book 2November 17, 2017November 17, 2021
Surface Pro LTE (Model 1807)December 1, 2017December 1, 2021
Surface GoAugust 2, 2018August 2, 2022
Surface Studio 2October 2, 2018October 2, 2022
Surface Laptop 2October 16, 2018October 16, 2022
Surface Pro 6October 16, 2018October 16, 2022
Surface Go with LTE AdvancedNovember 20, 2018November 20, 2022
Surface Laptop 3October 22, 2019October 22, 2023
Surface Pro 7October 22, 2019October 22, 2023
Surface Pro XNovember 5, 2019November 5, 2023
Surface Go 2May 6, 2020May 6, 2024
Surface Book 3May 26, 2020May 26, 2024
Surface Pro X SQ2October 13, 2020October 13, 2024
Surface Laptop GoOctober 13, 2020October 13, 2024

1. Indicates devices with a previously declared end of firmware/driver servicing support date.


More details especially also the differentiation on device support and OS version support you will find here: https://docs.microsoft.com/en-us/surface/surface-driver-firmware-lifecycle-support


To dig deeper its also very helpful to checkout the surface update history which is found here: https://support.microsoft.com/en-us/help/4036283