Vol. 21, #18 - May 2, 2016 - Issue #1078

Disk encryption tools

  1. Editor's Corner
    • Ask Our Readers - Remote Connection attempts timing out (some suggestions)
    • BitLocker Drive Encryption
    • BestCrypt Volume Encryption
    • Kaspersky Endpoint Security for Business
    • Free tools for full disk encryption
    • What about self-encrypting drives?
    • Send us your feedback
    • Recommended for Learning
    • Microsoft Virtual Academy
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. This Week's Tips
    • Active Directory - Finding orphaned domain controllers
    • Windows - Logon hang after password change
    • Active Directory - Finding stale SRV records in DNS
  4. Events Calendar
    • North America
    • Add Your Event
  5. Tech Briefing
    • Azure
    • Enterprise IT
    • Hyper-V
    • Office 365
    • Windows 10
  6. Recommended TechGenix Articles
    • Recommended articles from websites in TechGenix Network
  7. Other Articles of Interest
    • Implementing VMware OpenStack into your vSphere Infrastructure
    • Fed up with your cloud provided: Common red flags that mean it's time to make the switch
    • The newest VMware tool: VMware App Volume
    • Essential policies and best practices for VM configuration in a lab environment
  8. WServerNews FAVE Links
    • How To Spell Compaq
    • The Future Of Computing (1967)
    • Say Goodbye To Your Mouse
    • Tutoring the Computer Illiterate
  9. WServerNews - Product of the Week
    • Deep Packet Inspection for Quality of Experience Monitoring

 

 

Editor's Corner

This week's newsletter is all about tools you can use for encrypting data stored on disks. This is especially important for systems like laptops that range far beyond the corporate network and often contain sensitive business data stored on them. As usual we value your feedback on the products we mention in this issue and seek your recommendations on other disk encryption solutions you have been using in your organization--email your comments to us at wsn@mtit.com

Disk drive technology has certainly evolved over the years, hasn't it? Remember when a gigabyte was a large amount of storage? This Dilbert comic strip from 1994 brings back memories of many useless hours spent in front of my computer:

http://www.wservernews.com/go/grzfmfp9/

Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at wsn@mtit.com

Ask Our Readers - Remote Connection attempts timing out (some suggestions)

Previously in Issue #1076 Hot desking blues we fielded a request for help from a reader named Darby, a Senior Consultant based in North San Diego County area of California, USA who described a problem neither he nor Microsoft Support have been able to successfully troubleshoot:

I am writing this email in hopes that one of your subscribers has run into this problem before as I have been searching every online source I can think of and have been working with MS support for weeks now without a solution.  Needless to say, my users are not very appreciative when this server decides to stop accepting new RDP connections.

A brief bit of history...this is a Windows Server 2008 R2 server (completely up to date with all MS Updates) that hosts a couple different back office solutions...one is delivered via RDP and the other is web based.  This server runs pretty well 24x7 and worked great from early December, when it was created, until about mid February when the first occurrence of this behavior appeared. 

When the issue arises, users attempting to initiate an RDP session are able to enter their login credentials no problem, but the session just hangs on the part where the RDP client says 'Initiating Remote Connection' and eventually just times out saying it cannot connect.  I have let this condition run overnight to see if it was temporary, but it did not appear to be.  Each time this occurs, I must force a reboot of the OS and when the system reboots everything is back to normal and new RDP connections are created just fine. 

What's even more perplexing is that the web based app and some scheduled tasks set up under the Windows Scheduler appear to continue to work fine even during the periods where the server will not create an RDP session from the client.

I don't believe the server itself is hung, as these other tasks work, and work the same as normal in terms of performance.  But whatever is preventing the establishment of the new RDP session(s) has so far always required a reboot.  We have been unable to find anything conclusive in the Terminal Services Event Logs.

Any advice is greatly appreciated at this point.

A number of our readers responded to Darby's request and we're including a sampling here:

Carl, a Citrix Technology Professional based in Nashville, Tennessee, USA suggests:

First thing to do is go through the list of available hotfix and updates and make sure he has all of the ones that apply. For example, he may not need any RemoteFX updates.

http://www.wservernews.com/go/eqibn0o2/

A lot of those are not available via Windows Updates.

Bill, the President of a software and consulting company in Illinois, USA suggests:

Check server memory resources.  Specifically, the Paged Pool and the Non-Paged Pool.  My own Win2008 server has been leaking non-paged pool memory of late, and when it gets to around 650MB in size, some functions fail outright, requiring a reboot to fix it.  I've even written a nightly VBScript process that checks the non-paged pool size every night, and when it tops 450MB, it sends me an Email so that I can proactively reboot the server the next morning to avoid a mid-day outage.  Some day, I'll find the time to research the problem in more detail and figure it out, though I recently upgraded QuickBooks on that server, and the problem doesn't seem quite as bad right now....

William, Manager of Information Technology for a manufacturing company in Massachusetts, USA suggests:

Being a similar company,  multiple RDS servers and many users, we have not experienced exactly what was described, however, we periodically need to correct for the following situations.  Some of these, in specific circumstances could potentially result in a similar occurrence.

First, we have lost connection to our Terminal Server Licensing server.  As a result, while the session is being initiated, a license can not be acquired, and the session would typically be reset.

Second, very common occurrence is the loading of a large profile.  Since this is coming from a network share, the user can sit for an extended period while the files are copied.  If the share gets disconnected mid stream, I can not even speculate what the logon session might experience.

Finally, there have been numerous occurrences here where profile folder (on the RDS platform {c:\users}) becomes cluttered with multiple profiles for the same user.  The folders are named with numeric extensions to allow the users to at least establish the connection.  If the file system is so full that it runs out of space, anything could happen.

Ian from the UK suggests:

I'd seen a similar issue where attempts to connect would completely fail, rebooting the server always cured it – this was actually a Win2003 server.

I stumbled across a route to re-enable the RDP support without a reboot by using the Terminal Services Configuration MMC, selecting the properties on the connection and switching the security level from one setting to another and back hitting apply between each setting. This seemed to force the RDP service to restart (which with W2k3 ran as a process under SvcHost).

Might provide a workaround until a fuller diagnosis/root cause could be found (could even script the change in someway to expedite recovery…

Kevin, the IT Administrator for a company based in Milwaukee, Wisconsin, USA suggests:

I had/have the same problem when connecting from home.  I am able to VPN into my company's network just fine, but when trying to RDP to my PC, it times out.  I had no trouble earlier several months ago.  I brought my home PC into work and connected it to our router with external ip addresses.  I was able to connect both VPN and RDP.  The difference was I use a hard connection (with a cable) and at home I used a USB wireless connection.   I went back home and tried again with wireless with no luck until I used my internal IP address of my PC instead of the DNS name or full computer name and I was able to connect.  Somehow my wireless connection would not recognize DNS or full computer name.  Anyway, no real reason or solution here, but it was a workaround for me.

Matt from Australia suggests:

I have a few ideas that guy with the RDP connection problem may like to try:

In my experience I've found that when log ins take a while to complete, it's due to name resolution problems or the machine looking for network resources that no longer exist such as shared folders, printers etc.

A reader named Jackie suggests:

Check how many simultaneous RDP connections the server allows, you might have hit the limit.

Also, when you get to the point where the server is hanging on more RDP connections, check to see who is already connected. You might have abandoned sessions that never disconnected, service accounts that are logged on instead of actual users, etc. using up the available connections. The fact that only a forced reboot is the only way to resolve the situation leads me to suspect this scenario.

Hopefully one of these readers suggestions will help address whatever the underlying problem is that Darby is experiencing. And if any of our readers have other suggestions not covered here, feel free to email us at wsn@mtit.com

Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at wsn@mtit.com

And now on to our look at some tools you can use for encrypting data stored on disks...

BitLocker Drive Encryption

If you need to implement disk encryption on Windows client or server systems then one obvious approach you could consider is to use the built-in BitLocker Drive Encryption feature of the Windows platform. You can find more info about BitLocker capabilities in the latest versions of Windows in these TechNet articles:

BitLocker (Windows 10)

http://www.wservernews.com/go/iiw159lt/

BitLocker (Windows Server 2012)

http://www.wservernews.com/go/18gvtcke/

What's New in BitLocker (Windows Server 2012 R2)

http://www.wservernews.com/go/gd5ttl3o/

One of the nice things about the BitLocker feature of the Windows platform is that it's encryption capabilities are scriptable using Windows PowerShell. The following posts by guest blogger Stephane van Gulick on Ed Wilson's Hey, Scripting Guy! blog demonstrate some of these capabilities:

http://www.wservernews.com/go/w30hl3u6/

http://www.wservernews.com/go/lns4ae2k/

Stephane is a Microsoft PowerShell MVP, a PowerShell Hero, and founder of the Basel PowerShell UserGroup in Basel, Switzerland, and you can his blog PowerShell District here:

http://www.wservernews.com/go/1bmwymoq/

BestCrypt Volume Encryption

Jetico Ltd. is a company based in Finland that sells products advertised as providing military-standard data protection. One of their products is called BestCrypt Volume Encryption which provides whole disk encryption for all the data stored on fixed and removable disk devices:

http://www.wservernews.com/go/7bxra1bw/

Kaspersky Endpoint Security for Business

The Advanced edition of Kaspersky Endpoint Security for Business from Kaspersky Lab includes support for full disk encryption with a central management console making it easy to manage your encrypted devices:

http://www.wservernews.com/go/v38jwqqz/

Other products like Kaspersky Total Security for Business and various enterprise solutions from Kaspersky also provide support for disk encryption along with many other security capabilities.

Free tools for full disk encryption

Besides the built-in BitLocker feature and commercially-available software packages, there are also several free tools out there you can use for fully encrypting disk drives on your systems. The Admin Toolbox section of this week's newsletter includes links to several of these free tools.

What about self-encrypting drives?

A fairly recent innovation in disk drive storage is the self-encrypting drive (SED), a hard disk drive (HDD) or solid state drive (SSD) whose controller chip automatically encrypts and decrypts data being written to or read from the drive's media. Virtually all HDD and SSD vendors now offer SED functionality in their latest storage hardware products, and while vendors of these products advertise hardware-based drive encryption as more secure than software solutions like BitLocker, some security researchers suggest this is debatable as the following article from The Register indicates:

http://www.wservernews.com/go/qs2n0k85/

If you want to take advantage of SEDs however, you need a good software tool for managing them in your environment. One colleague I've talked with has been using Wave Self-Encrypting Drive Management from Wave Systems Corp:

http://www.wservernews.com/go/80jhzozx/

Not only can you manage SEDs using this tool but you can also use it to manage BitLocker-encrypted drives from the single Wave management console. This is useful if your environment includes older systems whose HDDs or SSDs do not support SED capabilities.

Send us your feedback

There are other products out there for implementing software-based drive encryption and/or managing hardware-based disk encryption. Which do you have experience using in your own environment? Which do you recommend or not recommend? Email us your comments at wsn@mtit.com

Recommended for Learning

If you already own the earlier 21 editions of Scott Mueller's book Upgrading and Repairing PCs then you might want to pick up a copy of the latest edition (the 22nd) here from Amazon:

http://www.wservernews.com/go/qt0g0sdp/

Microsoft Virtual Academy

3D Printing Essentials

Are you interested in 3D Printing? Emmet Lalish and Kris Iverson from the 3D Printing Team (part of the Operating Systems Group at Microsoft) will take you through the essentials of 3D printing. We will explore 3D printer hardware and the print process and then examine the software that enables you to create, modify, and print 3D models. You will also get some insights into 3D scanning technologies and what is coming up in the world of 3D printing:

http://www.wservernews.com/go/97ios8u4/

Quote of the Week

"I can't believe it! Reading and writing actually paid off!" -- Homer Simpson

Until next week,
Mitch Tulloch


Note to subscribers:
If for some reason you don't receive your weekly issue of this newsletter, please notify us at wsn@mtit.com and we'll try to troubleshoot things from our end.

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition:

http://www.wservernews.com/go/bq24uduh/

VeraCrypt is a free disk encryption software based on TrueCrypt 7.1a:

http://www.wservernews.com/go/2yc0piny/

WMI Tools is a free toolkit to access SWMI information both locally and remotely:

http://www.wservernews.com/go/efozkea9/


GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at wsn@mtit.com 

This Week's Tips

GOT TIPS you'd like to share with other readers? Email us at wsn@mtit.com

Active Directory - Finding orphaned domain controllers

From the Ask Premier Field Engineering (PFE) Platforms blog comes this tip by Doug Gabbard of Microsoft:

Finding Orphaned Domain Controllers in Active Directory Sites and Services

http://www.wservernews.com/go/5qkrngsp/

Windows - Logon hang after password change

Brandon Wilson has posted some details on the Ask PFE blog concerning an issue that caused logons to hang after a password change on certain Windows platforms:

Does your win 8.1 /2012 R2/win10 logon hang after a password change?

http://www.wservernews.com/go/6gpz9pbj/

The above blog post includes links to several Knowledge Base articles concerning fixes for this problem.

Active Directory - Finding stale SRV records in DNS

Brandon Wilson posted a tip on the Ask PFE blog on how you can locate any stale SRV records in DNS servers in your Active Directory environment:

http://www.wservernews.com/go/2q2ekabq/

Ashley McGloye also posted a PowerShell script awhile back on his GoateePFE blog that can help you find and remove stale DNS records from your environment:

http://www.wservernews.com/go/cauzmodv/


Events Calendar

North America

2016 Microsoft Worldwide Partner Conference on July 10-14, 2016 in Toronto Canada

http://www.wservernews.com/go/s1hv2esa/

Ignite on September 26-30, 2016 in Atlanta USA

http://www.wservernews.com/go/3u3k3at3/

Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact michaelv@techgenix.com

Tech Briefing

Azure

Step-by-Step: Microsoft Azure Virtual Machine Readiness Assessment Tool (CanITPro)

http://www.wservernews.com/go/ljj9qkac/

Top Solutions for Azure Billing and Subscriptions (Top Solutions from Microsoft Support)

http://www.wservernews.com/go/hgny7y8v/

Enterprise IT

Troubleshooting Activation Issues (Ask the Core Team)

http://www.wservernews.com/go/bze25e90/

Step-By-Step: Removing A Domain Controller Server Manually (CanITPro)

http://www.wservernews.com/go/t35gckg8/

Hyper-V

Hyper-V Optimization Tips (Part 2) (VirtualizationAdmin.com)

http://www.wservernews.com/go/9xm3tjn9/

Virtual Machine Managment Hangs on Windows Server 2012 R2 Hyper-V Host (ntdebugging)

http://www.wservernews.com/go/xh3rg3y3/

Office 365

Office Applications only print 1-2 pages (Ask the Performance Team)

http://www.wservernews.com/go/y8hcrptj/

Step-By-Step: Enabling Customer Lockbox in Office 365 (CanITPro)

http://www.wservernews.com/go/wjtsdq4r/

Windows 10

Windows 10 Deployment Links (Ask the Core Team)

http://www.wservernews.com/go/f675f3sv/

Using the Windows 10 Compatibility Reports to understand upgrade issues (Ask the Core Team)

http://www.wservernews.com/go/x5is4uhw/

Recommended TechGenix Articles

Exchange Server 2016 and Microsoft Cloud - Deployment Guide (Part 1)

http://www.wservernews.com/go/96cuzp17/

Application Security Redux: It’s All about the Apps (Part 1)

http://www.wservernews.com/go/a9sothy4/

Citrix Director - Installation and using the product

http://www.wservernews.com/go/n9rlsq4j/

Building a PowerShell GUI (Part 5)

http://www.wservernews.com/go/cuumh5xz/

Other Articles of Interest

Implementing VMware OpenStack into your vSphere Infrastructure

VMware integrated OpenStack 2.0, the latest version of the software, has provided IT professionals the ability to manage their private cloud on top of a vSphere infrastructure.  Discover which OpenStack services are available with the newest release, and how working with VIO makes OpenStack implementation easier.

http://www.wservernews.com/go/k5lypkgu/

Fed up with your cloud provided: Common red flags that mean it's time to make the switch

The cloud is highly attractive, there's no doubt about that—after all, it's cost effective and brings numerous other benefits to an enterprise.  That being said, the relationship between a company and their cloud provider isn't always a match made in heaven.  Check out the most common warning signs that it's time to switch cloud providers.

http://www.wservernews.com/go/474f8qcp/

The newest VMware tool: VMware App Volume

While the benefits of VMware App Volumes are well documented—such as it can target specifics users, groups or devices—still many IT professionals aren't exactly sure what the technology does, or how it works.  Discover the ins and outs of VMware App Volume and find out how you can drive the most business success through the tool.

http://www.wservernews.com/go/hbjhu6uc/

Essential policies and best practices for VM configuration in a lab environment

Lab VMs can be an effective tool for testing out software in a safe environment. However, if configured incorrectly, lab VMs can pose serious risks to production environments.  Learn which policies you should focus your attention on when configuring VMs in a lab environment.

http://www.wservernews.com/go/2i46cj6s/

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at wsn@mtit.com

How To Spell Compaq

One of many spots John Cleese did for Compaq Computer Corporation in the mid to late '80s:

http://www.wservernews.com/go/9f039374/

The Future Of Computing (1967)

This is how film makers in 1967 envisioned what the home computer of the future would be like in 1999 A.D:

http://www.wservernews.com/go/g07er4tk/

Say Goodbye To Your Mouse

An entirely new way to interact with your computer - more accurate than a mouse, as reliable as a keyboard and more sensitive than a touchscreen:

http://www.wservernews.com/go/a0bhq75a/

Tutoring the Computer Illiterate

Being somewhat tech-savvy has its advantages. But sometimes, like when you are assisting someone who isn't, it's pure torture:

http://www.wservernews.com/go/94w21ipq/

WServerNews - Product of the Week

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.