Hyper-V Error 32791

I had this issue and my resolution was found here:

https://blog.workinghardinit.work/tag/mismatch-in-virtual-sizes-the-parent-virtual-hard-disk-and-differencing-disk/

As long as that link still works you should be fine. If not I’ll have to write my own version of the article. In essence, you probably have a checkpoint enabled on the VM and there is a failed relationship between the differencing disk file and the disk file for that VM if it fails to start with error 32791.

Microsoft OS Deployment Layers

Just a quick view at the types of configurations that you might consider depending on your budget and the scale of your infrastructure.

Layer 1 (Small Deployments (OS)) FREE:

  • The ADK
  • MDT
  • WDS – Enable in Windows Server Features
  • High Time Cost

Layer 2 (Medium Deployments (OS + APPS + UPDATES) PAID $$:

  • SCCM $$
  • WSUS – up to you
  • Lower time cost
  • Higher cash cost

Layer 3 (Cloud Based Management (OS + APPS + UPDATES + SETUP DIRECT FROM MANUFACTURER) PAID $$$:

  • Azure AD – Free
  • If you have on-premise Active Directory then you need the Azure Active Directory sync tool on your Primary Domain Controller. -Free
  • AutoPilot – Free
  • Intune – PAID $$$
  • Lowest time cost
  • Highest cash cost

You will notice that it goes in order from FREE as in BEER, to you buy it you own it, and then a subscription service based model. It is important to perform a cost analysis because if you’re scale is large enough the PAID options can have a lower total overall cost.

Sage 300 ERP Performance Issues

After sifting through the internet I finally found something that resolved our performance issues with Sage 300. It seems that the issue in my case had to do with Windows AutoTune. The resolution was to disable it. I used a registry edit via GPO to apply to all Sage 300 ERP clients.

Here are the commands to

Check Status

netsh interface tcp show global

Disable AutoTune

netsh int tcp set global autotuninglevel=disabled

Enable AutoTune

netsh int tcp set global autotuninglevel=normal

This way you can at least check if this resolves your issue or not before deploying a GPO.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

Set to “0” for off and “1” for on. In my case the entry wasn’t there so it needed to be created.

For more info check the sources:

https://www.thewindowsclub.com/window-auto-tuning-in-windows-10/

https://support.microsoft.com/en-us/help/947239/description-of-the-receive-window-auto-tuning-feature-for-http-traffic

How to send messages using CMD on Windows 10 pro

  • Turn on File and Printer Sharing

Open a command prompt window and enter

msg * /server:<REMOTE NETBIOS HOSTNAME OR IP ADDRESS> "<insert text message>"

The asterisk (*) means all user sessions on specified server. This is helpful if you don’t know which user to specify and just want to reach any user on the remote host.

Full Syntax:

C:\WINDOWS\system32>msg /?
Send a message to a user.

MSG {username | sessionname | sessionid | @filename | *}
[/SERVER:servername] [/TIME:seconds] [/V] [/W] [message]

username Identifies the specified username.
sessionname The name of the session.
sessionid The ID of the session.
@filename Identifies a file containing a list of usernames,
sessionnames, and sessionids to send the message to.

* Send message to all sessions on specified server.
/SERVER:servername server to contact (default is current).
/TIME:seconds Time delay to wait for receiver to acknowledge msg.
/V Display information about actions being performed.
/W Wait for response from user, useful with /V.
message Message to send. If none specified, prompts for it
or reads from stdin.

Installing Disk Cleanup on Windows Server 2008R2 in 2020

Firstly, some of us still have some legacy servers running. For example, there are some 2008R2 servers that we still have in our environment. As you probably already know if you’re reading this that Windows Server 2008R2 has already gone end of life. However, that doesn’t mean that any of the problems with them have gone away until you have the opportunity to upgrade. I’ll be moving a couple of databases from the 2008R2 server to a 2019 (rolled back to 2016) server. However, in the meantime there is a shortage of storage on the C:\ drive and most of it is being taken up by C:\Windows\Temp. Firstly, I would typically run the disk cleanup utility but the disk cleanup utility isn’t available by default. To configure it for use follow these steps.

Disclaimer: Since we have automated backups and fail-over the next steps can be made in production. If you’re using a physical server I recommend using the P2V (physical to virtual) software called Disk2VHD by Sysinternals to create a VM and enable Hyper-V replication between the 2 Hyper-V hosts. Also, Hyper-V as it’s free! Note: You need a domain environment. I strongly recommend against trying to run hyper-v that hasn’t been joined to a domain. I’ve tried and you would be making extra work for yourself. You can also enable clustering but that requires a shared storage medium such as a SAN. Also, enable backups as that isn’t the same as fail-over and clustering. Assuming that you would be using Hyper-V core because that’s the free one if you need GUI access just use another server with a GUI and add it to the server manager. Now you can use the GUI to control anything in compmgmt.msc for example. In this case, Windows Server Backup. I recommend connecting to the Hyper-V host itself and performing the backup from there as you can then restore based on the Virtual Machine VM) rather than each individual server. It easier on the admin and works better too.

Step 1:

Copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe to %systemroot%\System32 which for most of us will be C:\Windows\System32

copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe %systemroot%\System32

Step 2:

Copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui to %systemroot%\System32\en-US where again %systemroot% is usually C:\Windows.

copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui %systemroot%\System32\en-US

If you want to know what your %systemroot% is just open an elevated command prompt and type “echo %systemroot%”.

start cleanmgr.exe

If you have 2008 instead of R2 or a 32 bit system please see the official microsoft document on this procedure.

Source: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff630161(v=ws.10)?redirectedfrom=MSDN

After running disk cleanup which didn’t locate the C:\Windows\Temp folder and therefore performed no cleaning which I verified with a fantastic utility for determining what is consuming your storage space is TreeSize Free. It can be downloaded here: https://www.jam-software.com/treesize_free

The next step is to perform a regular deletion process. The only files that we don’t want to delete are ones that have active file handles or file locks. Since they do have file locks you will receive an error message when trying to delete those specific ones. Just choose not to delete them when prompted.

Highlight all of the data in C:\Windows\Temp by using the keyboard shortcut “ctrl + a” and press “delete”. I would recommend sending this to the recycle bin instead of performing a permanent delete to give you recovery availability as a general good practice to do. However, you decide your risk and can choose to permanently delete the files. Since these files are temporary to begin with the expectation is that they will be deleted at some point.

You will see a prompt asking if you are sure you want to move the data to the recycle bin. Click “yes”.

When you receiving the prompt for files that are in use by active programs select the checkbox “Do this for all current items” and click on “skip”.

You will now only be left with the temporary files that are actively being used by current active programs because they have file handles on those temporary files.

Unlike newer operating systems that have the feature to perform automatic cleanup of the recycle bin 2008R2 doesn’t include this feature and will either need to be manually cleaned at a later date or a utility or script would have to be used to manage the automated clearing of the recycle bin.

For options that have been voted up on ServerFault to perform the automated cleanup you can see here: https://serverfault.com/questions/330776/clear-the-recycle-bin-for-all-users-in-windows-server-2008-r2

Fixing the root cause:

Now that the issue had been resolved it was necessary to find a way to prevent it from occurring again.

I found another great article that covered this exact same issue and you can check the source here: https://www.infopackets.com/news/10173/how-fix-permanently-hundreds-cabxxx-files-cwindowstemp Here are the commands that will fix the issue from occuring a second time pulled directly from the blog post. Note that if making into a script you will have to include wait times to allow the services to stop before they can be restarted and that you may also encounter file handle locks and need to script a way to deal with that situation when it may occur.

net stop wuauserv
cd %systemroot%
rename SoftwareDistribution SoftwareDistribution.old
rmdir /q /s c:\windows\temp
net stop trustedinstaller
c:
cd c:\windows\logs\CBS
del *.cab
del *.log
rem regenerate cab files
c:\windows\system32\wuauclt.exe /detectnow
net start wuauserv
echo this is a dummy line

Delete EFI Partition with Command Line Interface

You can use powershell if you want to by using the following format to run the CLI commands

PS> cmd.exe /c "<insert command prompt command here>"

Be sure to be in an elevated command prompt

diskpart
list disk
select disk <whichever one is your disk>
list partition
select partition <whichever partition number>
(Continue doing this for each partition you want to clear)
delete partition override
exit

Microsoft Best Practice Analyzer Lies Today

I ran the BPA scan on one of my servers and it had said that SMB v1.0 should be installed since it is not in a default configuration.

Other than to support legacy hardware and on a completely disjointed VLAN from everything else should you bother to enable SMBv1.0. There have been vulnerabilities in that version of SMB for many years. Specifically, does anyone remember WannaCry? This BPA scan doesn’t seem like it’s been updated since before WannaCry and this is on a Windows Server 2019 Standard system. It make me “wanna cry”.

Just search google for “smb v1 exploit” and thousands of articles pop up.

https://cyware.com/news/what-is-smb-vulnerability-and-how-it-was-exploited-to-launch-the-wannacry-ransomware-attack-c5a97c48

I suppose I shouldn’t be so surprised that Microsoft has become complacent in updating their BPA software.

So, with that in mind when you run your BPA scan just remember to take it with a grain of salt as the BPA scan doesn’t know everything and that you might be better off going away from what the analyzer utility says. It’s good to give you a hint of what to check out but not a task list.

Hyper-V 2019 Core On Lenovo TS430 in 2020

Firstly, let me just say that I’ve recently encountered a disaster where a Windows Update wreaked havoc on a Hyper-V Core 2019 server. This update was intended to break compatibility with the set of CPUs that have known vulnerabilities to Spectre and Meltdown. However, we have protection against such threats using the Malwarebytes Cloud Endpoint on the Hyper-V host. Regardless, during a regular maintenance period a standard reboot was done and then this happened:

Luckily, this was restored from backups that we had.

The resolution was to re-install the Hyper-V 2019 Core and disable the automatic updates. We set it to “manual” for updates to prevent this issue in the future as we currently intend on using the TS430 for a little while despite its age.

If anyone else is having this issue wouldn’t it be nice if there was some type of pop-up before the reboot like “Are you sure you want to break the CPU compatibility by installing this update?”. At least for now manual updates is the current path for this instance and reviewing the necessary KB articles before updating.