NET USER -password expires not showing the password expire time
We have a fine grained policy with max pwd age as 14 in test environment. I added a test user to the password policy group and I ran the NET USER username \DOMAIN command, the password expires values is still showing as never. What am I missing? screenshots attached.
Reply:
Hi,
Can you check user properties and see if "Password never expires" checkbox is ticked?
Regards
------------------------------------
Reply:
Don [doesn't work for MSFT, and they're probably glad about that ;]
------------------------------------
Reply:
Dear All,
Use below power shell script to find password expiry while utilizing fine grained password policy.
get-aduser "AD user" -Properties samaccountname,PasswordLastSet,"msDS-UserPasswordExpiryTimeComputed" | Select-Object samaccountname,PasswordLastSet,@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Replaced AD user with actual user name.
------------------------------------
Dropbox suspected incompatibility
HELP: Windows Clients Loop Round When Changing An Expired Password
Hi,
Something in the last few months has caused all of our Windows clients to be unable to change passwords remotely when they expire. When a users password expires, they are prompted to change it upon logon, when they press enter after filling this out they get the original "a password has expired and must be changed" error message again and again.
The same thing happens when I change a users password and tick the box that says "User must change password upon next logon". However the client will then loop with the error message "The user's password" must be changed before logging on for the first time.".
This is affecting Window 7 and Windows 10. We do have a Windows 2000 DC but this has only started happening in the last few weeks which hints at the fact that either a Client end or Server end Windows update has caused some kind of mess up.
Any suggestions would be great.
Joel Wraight
MTA
Reply:
I've been starting to notice an increase in problems like these on various Microsoft forums, and have been trying to discern a pattern. Your problem statement sounds like this might be due to KB3179574, especially when you say that the problem only started happening around the last few weeks. Please remove the KB3179574 patch and see what happens. Reference: ADFS 3.0 - "Your password has expired. Type your updated password and try again." Ignore the fact that ADFS was cited in the thread title.
Best Regards, Todd Heron | Active Directory Consultant
------------------------------------
(from microsoft upload/download host ) in task manager
hello body i do all ways and solutions any your tech supports cant help me when i play dota2 on steam or another a task open in task manager its name is (from microsoft download/upload host ) it fkd my bandweight and my ping go to 2000 and make me time out from game server i try all soloutions from gpedit.msc and services.msc and another they dont work and its runnig any way any 5 time i must open task manager and end task that and again 5 min later its running already just help me fix that
i have a link if u want same problem
User cannot change password when trying to log in from a RDP session 2012 R2 server
I know this topic has been floating around the internet for a long time and with a 100 % work around here https://mssec.wordpress.com/2015/12/26/forced-password-change-at-next-logon-and-rdp/
but i have yet to find a professional fix for this. Has anyone narrowed down the culprit of this? I logged into all the environments and there is not a RDP host or role installed so those steps are no use to me. I was getting a major DFS error and thought maybe because there was a replication error that would be it but nope. I fixed it and its still the same. Could this be a GPO setting, a corrupt certificate, ........ this is really consuming me. Any help, suggestions is much appreciated. Thanks in advance.
- Edited by jcarab Sunday, September 25, 2016 6:26 AM info update
Opening a 64 bit Outlook Archive on a 32 bit Version of Outlook
Hello Everyone;
Recently I installed the 64-bit version of Outlook 2013 on my PC running Windows 7 Pro. Unfortunately I have a program that interfaces with Outlook but no longer runs because it was built on a 32-bit architecture. To solve this, I'm thinking I uninstall the 64-bit version of Outlook, and clean install the 32-bit version (both 2013). I also want to archive my entire Outlook library before uninstalling so I don't lose my emails.
Does anyone know if I'll be able to open the 64-bit archive on the 32-bit version of Outlook? If I can't, I'm thinking I either convert the archived .pst file to a single pdf, or I download software to view the archived .pst file. If you guys have any thoughts of those alternatives let me know as well.
Thanks,
Jon
Reply:
Does anyone know if I'll be able to open the 64-bit archive on the 32-bit version of Outlook?
Outlook data stores are not dependent on the bit version of Outlook in use. Any pst file can be opened by any current version of Outlook (OL'2003 forward) using any bit level.
Also, uninstalling and reinstalling Office (Outlook) does not impact Outlook profiles which persist any uninstall/reinstall regardless of bit level uninstalled/reinstalled.
Karl Timmermans [Outlook MVP] "Outlook Contact Import/Export/Data Mgmt" http://www.contactgenie.com
------------------------------------
Hyper-V Slow performance + GPU?
Hi,
I'm using Hyper-V to install multiple OS and use them, not all at the same time but when I need to. I'm currently using Windows 10 PRO 64 bit as the host.
The problem is that I have successfully installed windows 7 professional but the performance is really slow and I cannot go above 1024x768 resolution despite having a 4K TV, is there any solution to this problem?
I'm also curious if I can get my GPU working on the virtual machine, I know there's RemoteFX but when I configured it, Windows 7 (VM) tried to install a driver on reboot then it failed to install.
Help, please!
- Edited by XxRaPiDK3LLERxX Saturday, September 24, 2016 8:58 AM
- Moved by BrianEhMVP Monday, September 26, 2016 2:58 PM
Reply:
Hi,
Answer to your second question, the Hyper-V on windows server OS only support virtualization of GPU on RemoteFX, and not Windows 10.
About performance of VM, you need to consider the physical machine's processor, memory and had disk I/O performance, some desktop models are not really compatible for virtualization. Plus, desktop OS runs multiple applications in background consumed a lots of memory. You can tweak the host windows 10 startup and reduce the background applications. Desktop memories are not ECC, and all applications are sharing the memory. One another application like visual studio etc. if open in the host machine, it will affect to the running virtual machine.
Thanks
Prabodha
------------------------------------
Reply:
A newly installed Windows 7 machine will be very slow for a while because of the way windows updates works. It is usually a good idea to leave it running overnight to sort itself out.
Bill
------------------------------------
Writing HTML in Word 2016.
Hi I was writing a simple html code HTML Head Title etc. and when I opened it in NotePad a WHOLE bunch of other stuff found
EG.
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]-->
<link rel=themeData
href="Testing%20two%20bodies%20in%20HTML_files/themedata.thmx">
<link rel=colorSchemeMapping
href="Testing%20two%20bodies%20in%20HTML_files/colorschememapping.xml">
<!--[if gte mso 9]><xml>.
I did not write or know what it goes on here. Would it be that I wrote the code first on Word 2016 then opened in notepad? or is there something wrong completely?
Reply:
------------------------------------
Reply:
------------------------------------
Yahoo! Mail High CPU Usage
I've always had this issue with Internet Explorer and hoped it would be resolved with the IE9 (RC) but it has not. Specifically, when I have a tab open with my Yahoo! Mail inbox, my computer consumes a steady minimum of at least 50% CPU when idle. Any further user interaction with Yahoo! mail causes my CPU to spike upwards to 100%, making navigation around my inbox extremely sluggish.
I do not have this issue with the Google Chrome browser which leaves my CPU idling around 0% when a tab is left open in my Yahoo! Mail inbox and navigation is easy when I interact with it.
This is just one example of a site where there is a very noticeable performance difference between Google Chrome and Internet Explorer. Performance issues have been the main reason I switched from IE to Chrome within the past year. I was hoping to see significant improvements in performance with the IE9 (RC), but this is not the case, especially with Yahoo! Mail.
I'm under the impression that Yahoo! Mail is script intensive and that I'm seeing the difference between the script engines of these two browsers, but this is only a guess on my part.
If anyone else has noticed this issue or can offer additional insights, I'd appreciate any feedback you can contribute, thanks.
Reply:
I've always had this issue with Internet Explorer and hoped it would be resolved with the IE9 (RC) but it has not. Specifically, when I have a tab open with my Yahoo! Mail inbox, my computer consumes a steady minimum of at least 50% CPU when idle. Any further user interaction with Yahoo! mail causes my CPU to spike upwards to 100%, making navigation around my inbox extremely sluggish.
I do not have this issue with the Google Chrome browser which leaves my CPU idling around 0% when a tab is left open in my Yahoo! Mail inbox and navigation is easy when I interact with it.
This is just one example of a site where there is a very noticeable performance difference between Google Chrome and Internet Explorer. Performance issues have been the main reason I switched from IE to Chrome within the past year. I was hoping to see significant improvements in performance with the IE9 (RC), but this is not the case, especially with Yahoo! Mail.
I'm under the impression that Yahoo! Mail is script intensive and that I'm seeing the difference between the script engines of these two browsers, but this is only a guess on my part.
If anyone else has noticed this issue or can offer additional insights, I'd appreciate any feedback you can contribute, thanks.
I've noticed the same thing - not very helpful, but at least you know you're not alone.
IE8 / Vista
------------------------------------
Reply:
------------------------------------
Reply:
The problem is not caused by IE, it also occurs using other web browsers (although the impact may be less severe).
For example I use Chrome and if I open a tab with Yahoo Mail it will start using CPU constantly so at the end of the day if I check the Windows Task Manager Chrome will be the top user. When I close the Yahoo Mail tab the CPU usage will drop.
I believe it is caused by yahoo mail constantly pooling, checking if emails or IM need sending or receiving, and also to rotate the ads.
Unfortunately I can't see any parameter you could change to improve performance, maybe the paid version alleviates those problems.
------------------------------------
Reply:
A SIMPLE SOLUTION: Yahoo mail was using 100% of my CPU preventing me from reading or responding to emails in Chrome. I tried Firefox and IE and found the same thing. Although this has been a problem for several months it has gotten worse when Yahoo started video ads. These ads, sometimes two at the same time, download first and continue to run, one right after the other. They hog 100% of CPU resources and my computer sounds like an airplane on the runway getting ready to take off. I couldn't do anything like even read my emails since they wouldn't load. Fortunately Google has several add-ons to stop these ads from running. I downloaded one called "AdRemover" since it had good reviews. Several are listed and I don't know if one is better than the other. WOW!! NO MORE ADS! My computer is so quiet now. And I can read and respond to emails with no problems. And all web pages now load without ads, especially those video CPU hogs. What a difference. Hope this helps others like it helped me.
One word of caution: Before I tried AdRemover I downloaded a highly rated ad blocker from the web. Within an hour I got a warning "Your computer needs an update to prevent a virus attack." Needless to say I didn't "update." I wrote the company. They never responded. I would ONLY recommend an ad blocker from Google.
- Edited by Ed Lyon Friday, May 20, 2016 1:06 PM
------------------------------------
Reply:
A SIMPLE SOLUTION: Yahoo mail was using 100% of my CPU preventing me from reading or responding to emails in Chrome. I tried Firefox and IE and found the same thing. Although this has been a problem for several months it has gotten worse when Yahoo started video ads. These ads, sometimes two at the same time, download first and continue to run, one right after the other. They hog 100% of CPU resources and my computer sounds like an airplane on the runway getting ready to take off. I couldn't do anything like even read my emails since they wouldn't load. Fortunately Google has several add-ons to stop these ads from running. I downloaded one called "AdRemover" since it had good reviews. Several are listed and I don't know if one is better than the other. WOW!! NO MORE ADS! My computer is so quiet now. And I can read and respond to emails with no problems. And all web pages now load without ads, especially those video CPU hogs. What a difference. Hope this helps others like it helped me.
One word of caution: Before I tried AdRemover I downloaded a highly rated ad blocker from the web. Within an hour I got a warning "Your computer needs an update to prevent a virus attack." Needless to say I didn't "update." I wrote the company. They never responded. I would ONLY recommend an ad blocker from Google.
_____________________________________________________________________________________________________________________
Thank you for suggesting Google AdRemover. I was having the same problem and was considering resetting to the factory settings to get rid of whatever was causing this. With all of those CPU hogging/disk writing Yahoo ads gone, things are a lot faster and my fan a lot quieter. I hope that post Verizon Yahoo fixes the problems with the out of control, resource consuming ads.
------------------------------------
Windows 10 1607 - Hardware BitLocker (eDrive) Wake from Sleep Issue
I'm having an issue with the Windows 10 Aniversary Update (1607) build 14393.10. I'm running Windows 10 Pro x64 with BitLocker enabled on the OS drive. I am using the hardware encryption with BitLocker (also called eDrive). The issue is that when resuming from sleep the system will lock up for several minutes on a black screen with cursor and then blue screen. So far I've seen the "Critical_Process_Died" error on the BSOD. I am seeing the issue on two different systems. The first is a custom PC that was upgraded from 1511 and has a Samsung 850 EVO SSD. The second is a Lenovo ThinkPad X230T that was clean installed with 1607 and has a Samsung 840 EVO SSD. Both systems have the latest UEFI (BIOS) version and hardware BitLocker worked properly with 1511. If I disable BitLocker the system will wake from sleep without issue.
***UPDATE: This issue has been fixed in 14393.187 released 13 September 2016
- Edited by NateSomers Saturday, October 1, 2016 11:49 PM
Reply:
------------------------------------
Reply:
Make that three (Samsung 850 EVO).
eDrive is Microsoft's baby. Why this?
------------------------------------
Reply:
Hi,
I can confirm this as well with a Dell E7470, Samsung 850 EVO SSD and Win 10 1607. It has been a clean install on this new notebook, so I'm not sure if the same hardware would work without the Anniversary Update. Though similar setup worked on my previous notebook with Win 1511.
I'm using the Microsoft SATA driver since the intel RSAT still doesn't support bitlocker hardware encryption. This is really sad,
BR
Johannes
------------------------------------
Reply:
I have this exact same issue. 850 EVO. Used to work fine with edrive on Dell E6540 then one day sleep stopped working just as you describe. I think I "disabled" bitlocker to see if it would fix the solution. It did not. Now I can't enable "edrive" again. When I enable bitlocker again it want's to do software encryption.
Another big problem is When trying to install the 1607 upgrade it asks me for the bitlocker recovery key like it's still enabled.. I input the key.. it boots to recovery.. I reboot.. and it says the install failed.
What the heck MS.. why is this edrive stuff so cryptic. You don't even document it well on your site or tech docs.
Again.. this USED to work. Then after some upgrade or patch to Win10 it killed sleep. Now I'm stuck in this screwed up config. edrive is still somehow working as I have to input recovery key to enter recovery.. but enabling bitlocker wants software... and my sleep is wrecked!
------------------------------------
Reply:
I can confirm the issue on my Lenovo X230 with two Crucial MX200 SSDs, both eDrive-encrypted.
After I've disabled bitlocker, sleep started working again, but I can also confirm junk430s problem, that it's not possible to reenable eDrive after that. Bitlocker wants to use software encryption then.
- Edited by Drakenson Tuesday, August 9, 2016 7:16 AM
------------------------------------
Reply:
Same here - no waking from sleep for our Dell 7348 - which has uses a Samsung 850EVO SSD with hardware bitlocker enabled.
On wake the laptop appears to be powered up, keyboard lights up, but the display stays black and only a hard power-off/power-on cycle will bring it back.
We have not tried disabling bitlocker nor can we for compliance reasons.
------------------------------------
Reply:
Reinstalled OS today and after a clean Win 10 1607 Enterprise install,
-registered, joined domain,
-enabled bitlocker, ran test, reboot.
-Boom bitlocker is enabled. Shows hardware enabled
-Sleep then wake.. hung at all blue screen. mouse moves. I'm sure it will BSOD in a bit. can't do anything other than move mouse.
Microsoft help please.
------------------------------------
Reply:
Can confirm similar symptoms on the following configuration:
- Dell E7450
- Samsung 850 PRO
- Microsoft AHCI drivers
- Bitlocker in eDrive mode
------------------------------------
Reply:
Confirmed here also with a clean install of 1607 Pro on a freshly PFID reset and secure erased Samsung 850 EVO. All system BIOS and firmware updated to the latest versions, system and driver updates installed, the system can not wake from sleep. Lock screen appears, mouse moves, but no interaction is possible and the system will eventually BSOD with one of the following errors (some of these are from 1511):
KERNEL_DATA_INPAGE_ERROR (ntfs.sys)
IRQL_NOT_LESS_THAN_OR_EQUAL (storahci.sys)
CRITICAL_PROCESS_DIED
- Lenovo W540 (UEFI BIOS 2.27, Secure Boot)
- Samsung 850 EVO (firmware EMT02B6Q)
- Microsoft AHCI drivers
- Bitlocker eDrive hardware encryption (1.3.111.2.1619.0.1.2)
Related threads:
http://answers.microsoft.com/en-us/windows/forum/windows_10-performance/bitlocker-with-edrive-results-in-system-not-waking/458a3167-3b5d-4f8c-9b90-3c56e7345a51
https://forums.lenovo.com/t5/ThinkPad-P-and-W-Series-Mobile/W540-consistent-blue-screen-when-waking-from-sleep-AHCI-problem/m-p/3359179
https://communities.intel.com/thread/77885
------------------------------------
Reply:
Could this be due to the TPM 2.0 requirement that was mentioned in the 1607 release? I understood this was more of a certification requirement for systems shipping with 1607.
My Lenovo W540 only has TPM 1.2, manufacturer STM (apparently integrated on Intel QM87 chipset), version 13.12.
------------------------------------
Reply:
I did a PSID revert last night, wipes all data and reinstalled everything AGAIN! To my horror Bitlocker enabled without asking how much of the disk to encrypt so I knew it went into hardware encryption again!! @#($(%*$% yep.. sleep is again broken.
I 100% agree there is some issue with the disk not re-connecting. I can see the drive light flickering like mad as it tries to read the drive.
If I was a betting man.. I'd say the drive is not re-connecting or authenticating after sleep. Anyone from MS want to contact me about this? It's 100% repeatable.. and it USED to work so you guys broke it.
The joy of Win10 and the never ending upgrade.. you never know when your computer will BRICK because they hosed encryption.
MS if you want to run this fast and loose development model you need to support us when you kill things like this!. The clock is ticking...
------------------------------------
Reply:
One more post with the same problem:
http://de.community.dell.com/support_forums/laptops/f/103/p/15590/25817#25817
------------------------------------
Reply:
Same Problem here with a Cruical MX300 and eDrive enabled, after I updated to Anniversary Update.One more post with the same problem:
http://de.community.dell.com/support_forums/laptops/f/103/p/15590/25817#25817
------------------------------------
Reply:
For now, try setting your system to hibernate instead of sleep. To see if this will work on your system, hold the windows key, press r, and type "shutdown -h" (no quotes) and click "OK" to hibernate your system. If it wakes without crashing, the following instructions will make that the default behavior for the various ways your system will transition to sleep.
Right click on your start button, choose "power options" then "change plan settings" for your active power plan. Make sure that "put computer to sleep" is set to "never" for both battery and AC power. Then, click "change advanced power settings" and change all of the options under "Power buttons and lid" to "hibernate". Similarly, you may want to change "Sleep > Hibernate after > on battery" to a shorter time (15-45 minutes).
I'm talking with the bitlocker team to get an official response, but I did find that hibernate has been an effective workaround on my systems.
- Edited by Tim HermannMicrosoft employee Sunday, August 14, 2016 8:28 PM Forgot the 'h' in the hibernate command
------------------------------------
Reply:
similiar problems here.
I´m using an HP zBook 14 G2 with two SSDs and Windows 10 Enterprise.
The OS resides on the first SSD (Crucial MX200 M.2), which is bitlocker software-only encrypted (AES128).
The second SSD, which is being used for data storage only, is a Samsung EVO 850 Pro with bitlocker enabled hardware encryption.
This configuration worked fine for one year now until I did the upgrade to Windows 10 1607 EE.
After the upgrade (which went fine without any problems) I discovered an issue with the Samsung EVO 850 Pro.
When the laptop returns from sleep mode, the data on that disk is not accessible anymore, and the system event log is beeing spammed with the message:
"The IO operation at logical block address 0xadbef8 for Disk 0 (PDO name: \Device\00000034) was retried." (Event-ID 153)
and
"The system failed to flush data to the transaction log. Corruption may occur in VolumeId: D:, DeviceName: \Device\HarddiskVolume5.
(The I/O device reported an I/O error.)" (Event-ID 140)
After a reboot everything is working fine until the laptop goes to sleep again.
The Crucial MX200 (software-only encryption) is not affected.
I replaced the Samsung EVO 850 Pro with a brand-new one (same model) and initialized/configured it for bitlocker hardware encryption (edrive), which resulted in exactly the same problems.
After that I initialized the disk again, but this time for software-only encryption, and everything works fine when the system returns from sleep mode.
I did these tests several times and my conclusion is that "only" hardware-encrypted bitlocker configurations are affected; this is 100% reproducable.
Hopefully MS is coming up with a solution ASAP; I don´t want to rely on software-only - encryption.
Thanks
------------------------------------
Reply:
------------------------------------
Reply:
For now, try setting your system to hibernate instead of sleep. To see if this will work on your system, hold the windows key, press r, and type "shutdown -h" (no quotes) and click "OK" to hibernate your system. If it wakes without crashing, the following instructions will make that the default behavior for the various ways your system will transition to sleep.
Right click on your start button, choose "power options" then "change plan settings" for your active power plan. Make sure that "put computer to sleep" is set to "never" for both battery and AC power. Then, click "change advanced power settings" and change all of the options under "Power buttons and lid" to "hibernate". Similarly, you may want to change "Sleep > Hibernate after > on battery" to a shorter time (15-45 minutes).
I'm talking with the bitlocker team to get an official response, but I did find that hibernate has been an effective workaround on my systems.
I am suffering from the same issues as the rest of the commenters (Samsung 850 EVO, MSI Z87-G43 motherboard). I can confirm that the system will hibernate properly. In fact, if hybrid sleep is enabled, the system won't wake out of sleep, but will wake from the hybrid sleep's backup hibernate image if the reset button is hit.
I recall on Windows 10 version 1511, even after a normal sleep the system would still power on to the UEFI splash screen, as though it were coming out of hibernate. Perhaps sleep used to be disabled due to the edrive?
I also have a Dell Precision 5510 that was having TPM problems when waking from sleep on 1607. The TPM would fail to be detected by the OS. The system would wake, hang, reboot, and then prompt for the recovery key. On a subsequent reboot, the TPM would be detected again. Using a Dell-provided firmware update to TPM spec 2.0 seems to have resolved that problem.
I'm left wondering if a similar TPM re-initialization problem is the issue here.
------------------------------------
Reply:
Glad to hear that hibernate's working for you. You're on the right track, Prometa. Unfortunately, I am not sure how much I can comment on the internal workings of things like this.
I'm hoping the team will chime in, because the internal discussion has been quite fascinatingd, and I think it's something that would be good for a more official channel (the team itself) than "some guy at Microsoft"* who suggests something. Many think that the MS tag means we're here on official business, but the truth is we hit problems, too, and sometimes have to try fixing or working around them :).
-Timnn
*I haven't been on Windows for over 4 years now and have little contact with the team/development of the product; my installed toolset is drastically different than when I was on a kernel level team there, so I truly am just a random MS guy.
------------------------------------
Reply:
One more here. Lenovo T530 plus Crusial MX200. I had and have only "Microsoft" drivers related to Storage subsystem (shipped with OS or installed via System Update so certified by MS).
All the same story with the same issues described by all other community members:
1. I was having BSOD when Bitlocker with eDrive was enabled.
2. I cannot re-enable hardware Bitlocked encryption on Win10 1607.
------------------------------------
Reply:
I'm having same issue as well. Worked perfect on 1511. My Setup:
Dell e6440
- Win 10 1607 (14393.51) Fresh Install
- TPM 1.2 (ATML 41.1)
- BitLocker w/ Startup Pin
- Samsung EVO 850 1TB using eDrive
If I turn off BitLocker sleep works perfect. I also had one other weird issue (related?) where if you looked in BitLocker Drive Encryption under control panel and If you ran Get-BitlockerVolume in PowerShell it showed FullyDecrypted and Protection off. But what was weird is I was still getting the prompt to type my startup pin in on bootup. This was before I realized BitLocker was causing the problem and I had never turned it off. A system restore back a few days got everything back up in sync.
If this helps here is some information from PowerShell of my current state:
PS C:\Windows\system32> Get-BitLockerVolume | fl ComputerName : BRANDON01 MountPoint : C: EncryptionMethod : Hardware AutoUnlockEnabled : AutoUnlockKeyStored : False MetadataVersion : 2 VolumeStatus : FullyEncrypted ProtectionStatus : On LockStatus : Unlocked EncryptionPercentage : 100 WipePercentage : 0 VolumeType : OperatingSystem CapacityGB : 930.96 KeyProtector : {TpmPin, RecoveryPassword} PS C:\Windows\system32> Get-Tpm TpmPresent : True TpmReady : True ManufacturerId : 1096043852 ManufacturerVersion : 41.1 ManagedAuthLevel : Delegated OwnerAuth : OwnerClearDisabled : True AutoProvisioning : Enabled LockedOut : False LockoutCount : Not Supported for TPM 1.2 LockoutMax : Not Supported for TPM 1.2 SelfTest : {0, 0} - Edited by Microbolt Monday, August 15, 2016 11:00 PM Added detail
------------------------------------
Reply:
I'm having same issue as well. Worked perfect on 1511. My Setup:
Dell e6440
- Win 10 1607 (14393.51) Fresh Install
- TPM 1.2 (ATML 41.1)
- BitLocker w/ Startup Pin
- Samsung EVO 850 1TB using eDrive
If I turn off BitLocker sleep works perfect. I also had one other weird issue (related?) where if you looked in BitLocker Drive Encryption under control panel and If you ran Get-BitlockerVolume in PowerShell it showed FullyDecrypted and Protection off. But what was weird is I was still getting the prompt to type my startup pin in on bootup. This was before I realized BitLocker was causing the problem and I had never turned it off. A system restore back a few days got everything back up in sync.
Did you happen to install the Intel RST driver (Intel SATA/AHCI driver)? When I suspected a disk issue, I tried installing it. It didn't fix the problem, but it did cause Windows to think my drive wasn't encrypted, even though Samsung Magician said it still was. Uninstalling the driver did not fix the problem, and, worse still, trying to run the bitlocker status applet did nothing--the app didn't crash and dump an error, but it didn't run either. Like you, I had to system restore to a date prior to installation of the Intel driver to restore the status.
I also have a software-encrypted secondary drive. After installing the Intel driver, it prompted for a recovery key every time I accessed the drive. That problem also went away with the system restore.
- Edited by Prometa Monday, August 15, 2016 11:54 PM
------------------------------------
Reply:
Did you happen to install the Intel RST driver (Intel SATA/AHCI driver)? When I suspected a disk issue, I tried installing it. It didn't fix the problem, but it did cause Windows to think my drive wasn't encrypted, even though Samsung Magician said it still was. Uninstalling the driver did not fix the problem, and, worse still, trying to run the bitlocker status applet did nothing--the app didn't crash and dump an error, but it didn't run either. Like you, I had to system restore to a date prior to installation of the Intel driver to restore the status.I also have a software-encrypted secondary drive. After installing the Intel driver, it prompted for a recovery key every time I accessed the drive. That problem also went away with the system restore.
Yep, I sure did. I installed the Latest Intel RST driver as a troubleshooting step. It was after that that I noticed Windows thought BitLocker wasn't on any longer. Maybe we can get two bugs squashed in this thread! :)
------------------------------------
Reply:
Hi Microbolt and Prometa,
the issue with the Intel RST driver is being discussed here: https://communities.intel.com/thread/77885
I think this is an entirely separate issue because it predates the sleep problems.
To reproduce the RST issue, you have to have a hardware encrypted eDrive from a clean Windows 10 install, then install Intel RST. Bitlocker will no longer recognise that the drive is encrypted, even though it is as shown by password or recovery requests on system changes. Intel doesn't seem to have it's sharpest engineers working on the problem, they are still trying to reproduce it but their guy can't manage to hardware encrypt his drive. Probably needs a PFID reset. If people from Bitlocker team are on this thread maybe they can head over there and help figure it out.
The only way to resolve the issue is to do a system restore to before Intel RST installation. Uninstalling it will not work.
Meanwhile, can anyone from Microsoft comment on the sleep issue?
------------------------------------
Reply:
Nobody from Microsoft wants to comment on this issue. Nobody wants to take the blame for this horrible screw-up.
eDrive was broken when 1511 was initially released.
With 1607, eDrive is broken two times in a row.
------------------------------------
Reply:
------------------------------------
Reply:
Instead of trying to blame someone, please remember that we're people just like you. We make mistakes. I didn't make this one, but I've made plenty of others. An attitude of blame & shame does nothing but discourage any of us, even those who don't work on the team, from trying to help or engage with you outside of PR channels.
Yes, eDrive was negatively impacted by the update (in fact, I have had to fix four systems that were impacted, in three different ways). Emailing the team, I know what happened and have encouraged them to comment here. Something worth remembering (especially with encryption) is that that a fix released too hastily can be worse than no fix at all! While I'm trying to encourage those I've spoken with to make a post here, comments like "take the blame" and "horrible screw-up" are unlikely to help convince anyone to comment on this :).
------------------------------------
Reply:
You have established:
1. Problem is reproduced. And the team knows about it.
2. Nobody has commented.
So now what? Cry me a river? You're people too, how about us who are on the receiving end of this unaccountable breakage? Do you even know what it feels like?
The breakage on 1511 was just fixed by a patch. No comments there either.
- Edited by E. Jokacs Thursday, August 18, 2016 1:57 AM
------------------------------------
Reply:
I can actually almost understand them not commenting. This is probably a pretty high level bug, and revealing what has gone wrong and what they are doing to fix it could unintentionally reveal an attack vector against Bitlocker. Such is the nature of closed-source software. Then we would all be left with vulnerable data until Bitlocker 2.0 or whatever is released.
Stay calm and let's wait for a patch or comment, in the meantime keep posting 'me too' posts I guess.
------------------------------------
Reply:
Instead of trying to blame someone, please remember that we're people just like you. We make mistakes. I didn't make this one, but I've made plenty of others. An attitude of blame & shame does nothing but discourage any of us, even those who don't work on the team, from trying to help or engage with you outside of PR channels.
Yes, eDrive was negatively impacted by the update (in fact, I have had to fix four systems that were impacted, in three different ways). Emailing the team, I know what happened and have encouraged them to comment here. Something worth remembering (especially with encryption) is that that a fix released too hastily can be worse than no fix at all! While I'm trying to encourage those I've spoken with to make a post here, comments like "take the blame" and "horrible screw-up" are unlikely to help convince anyone to comment on this :).
Your hibernation workaround, though not ideal, has got me back up and going. For anyone else that it is not good enough, Microsoft included the roll back functionality in Windows 10 to ease any problems that may occur from an upgrade. Me knowing that the BitLocker team knows is good enough for me. I for one am appreciative that you commented :)
Probably wasn't found in the preview program because I bet most people that run BitLocker are using them in production environment and wouldn't want the headache of potentially unstable builds.
- Edited by Microbolt Thursday, August 18, 2016 8:38 PM
------------------------------------
Reply:
Fanboyism much?
eDrive is a Microsoft component, a lauded feature of Windows 10. It needs to work in some compliance situations.
Are we now suggesting that Microsoft has no responsibility of ensuring that it works in new builds? It's now up to users and clients to find the bugs?
No, no, no, no, no!
------------------------------------
Reply:
To be honest, I'm sure eDrive is an extremely small percentage of BitLocker users. You have to jump though some pretty big hoops to get it working. As strophy pointed out even an engineer over at Intel was having difficulties getting it enabled. Yes, it's an inconvenience and yes it'd be nice if it was caught in the insider program or in QA testing. But its far from the end of the world. All we have to do is just hibernate instead of sleeping until they push out a fix.
Lets try to keep the thread on topic and try to not turn this into a flame war :)
root:~# :(){ :|:& }: - Edited by Microbolt Friday, August 19, 2016 7:42 PM Quoted wrong name
------------------------------------
Reply:
There's no flame war going. I just want us to be rational adults, not adulating fans. Do we have choose one extreme position or the other?
Microsoft has the primary responsibility of ensuring their products work.
eDrive is a niche functionality. But bugs in eDrive can lead to critical failure. We're not talking graphical glitches.
Nobody expects bug-free software. But fundamental eDrive bugs surfaced in both 1511 and 1607, in ways suggesting that nobody was testing the builds for eDrive before they got out the gate.
Comments like "we acknowledge the bug, working on it" would be nice. But it's complete silence from the team responsible. Meanwhile Microsoft first-line support staff continue to advise "it's your drivers, BIOS ...."
------------------------------------
Reply:
The same goes for Lenovo T430 with Crucial MX100 SSD.
This is a horrible BUG. It does show my desktop when waking from sleep without any password prompt.
Though I am unable to click anything, my desktop gets revealed for ~15 seconds. It's a SECURITY bug.
Do something about that Microsoft!
------------------------------------
Reply:
I can actually almost understand them not commenting. This is probably a pretty high level bug, and revealing what has gone wrong and what they are doing to fix it could unintentionally reveal an attack vector against Bitlocker. Such is the nature of closed-source software. Then we would all be left with vulnerable data until Bitlocker 2.0 or whatever is released.
Stay calm and let's wait for a patch or comment, in the meantime keep posting 'me too' posts I guess.
There is a pretty serious physical attack vector on self-encrypting drives (which also affects eDrive): if you put your system in sleep mode (S3), the drive will in most cases remain unlocked, and will not lock even if the data cable is unplugged. Thus, an attacker with physical access can unplug the data cable (but not the power cable!) and connect the drive to another computer, gaining full access to everything on the drive.
The simplest way to avoid this potential hazard is to never use sleep mode, but always power off or hibernate instead, since the drive is always locked when power is cut.
I guess the bug reported in this thread could actually be related to a Microsoft attemtp to prevent this attack vector, since what seems to happen is that the drive is indeed locked when entering sleep mode, which is a good security measure. The bug could then be that Windows just fails to unlock the drive when waking up from sleep again. But I'm just guessing.
- Edited by Dassborste Sunday, August 21, 2016 9:30 PM
------------------------------------
Reply:
Interesting theory, Dassborste! But I know that spinning hard drives spin down when in sleep mode, are they just sent an S3 signal and power continues to be supplied to the drive? If power isn't cut, and the eDrive therefore isn't power off during sleep, then why would it need password re-entry when waking up from sleep?
I am still thinking this is something to do with how handling the TPM changed in 1607, it's like something is happening in the wrong order in getting the key from the TPM and sending it to the drive after waking from sleep. I wonder if somebody has encountered or can reproduce this problem in a system a hardware encrypted eDrive with the TPM disabled, using a USB dongle instead. I'd love to do it but I only have my production system to test on...
------------------------------------
Reply:
The simplest way to avoid this potential hazard is to never use sleep mode, but always power off or hibernate instead, since the drive is always locked when power is cut.
I like this idea! I haven't really seen any side affects from me disabling sleep and using hibernate instead. And from a security standpoint its much safer since from what I understand when you use sleep instead of hibernate the BitLocker key is stored in memory. I really like know that they have to try and brute force my Startup Pin before being able to attempt to get any access to my data. And with TPM's anti hammering delays that can take quite a bit of time.
But I know that spinning hard drives spin down when in sleep mode, are they just sent an S3 signal and power continues to be supplied to the drive? If power isn't cut, and the eDrive therefore isn't power off during sleep, then why would it need password re-entry when waking up from sleep?
I thought unless eDrive is handled differently that the power is actually cut to the drive in both situations. The drives are not "unlocked" per say as much as the computer remembers in memory how to unlock them. If you pulled the drive out while its sleeping it will still be locked and encrypted if you put into another system. So in standby its essentially only keeping power to the memory.
- Edited by Microbolt Monday, August 22, 2016 3:55 PM
------------------------------------
Reply:
@strophy @Microbolt
As far as I know, a sleeping drive is not without power - its controller board is still powered, and will remain in an unlocked state unless explicitly told to lock (and it is this explicit locking I'm guessing that Microsoft started doing with the 1607 build - but on the other hand, if they did then they should have discovered the bug as well, so maybe it is really a TPM related issue as strophy says).
A lot more information (and other similar attack vectors) can be found in this extremely interesting paper (pdf file):
https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf
The authors recommend not using sleep mode for now, until operating systems, OEM computer manufacturers or drive manufacturers implement protections against it (e.g. by using explicit locking, data cable unplugging detection etc). Some already have protections in place, it seems, but apparently most don't.
The paper is from 2nd November 2015 though, so perhaps things have improved since then.- Edited by Dassborste Monday, August 22, 2016 4:47 PM
------------------------------------
Reply:
@strophy @Microbolt
As far as I know, a sleeping drive is not without power - its controller board is still powered, and will remain in an unlocked state unless explicitly told to lock (and it is this explicit locking I'm guessing that Microsoft started doing with the 1607 build - but on the other hand, if they did then they should have discovered the bug as well, so maybe it is really a TPM related issue as strophy says).
A lot more information (and other similar attack vectors) can be found in this extremely interesting paper (pdf file):
https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf
The authors recommend not using sleep mode for now, until operating systems, OEM computer manufacturers or drive manufacturers implement protections against it (e.g. by using explicit locking, data cable unplugging detection etc). Some already have protections in place, it seems, but apparently most don't.
The paper is from 2nd November 2015 though, so perhaps things have improved since then.
Yeah, that does make it sound like they are trying to mitigate it. Or they forgot to put the drive in a low power state instead of powering it off. I'm only going to use hibernate for now on. Had no idea that this was even possible. (And so trivial)
- Edited by Microbolt Monday, August 22, 2016 5:01 PM
------------------------------------
Reply:
I guess the bug reported in this thread could actually be related to a Microsoft attemtp to prevent this attack vector, since what seems to happen is that the drive is indeed locked when entering sleep mode, which is a good security measure. The bug could then be that Windows just fails to unlock the drive when waking up from sleep again. But I'm just guessing.
I can't confirm that.
My main drive is a Samsung 950 Pro with (lack of Support, shame on you Samsung) Software Bitlocker. I have a second HD (Cruical MX300) which is eDrive enabled.
After waking from standby, the drive is still partly accessible, thus veeerry sloooow. After waking from standby I tried to open up a 4kb Text document which i never opened before, it took about 1 Minute but then opened.
Without flaming, I too think that the lack of Information and the severity of the bug is a complete show-stopper for Microsoft in our Company.
------------------------------------
Reply:
------------------------------------
Reply:
Also, I just read Dassborste's linked PDF and noticed that the researchers specifically highlight and praise some limited efforts by Lenovo to specifically detect when a drive is removed during sleep, and that some Lenovo laptops will not automatically unlock drives when waking from sleep. There are lots of caveats and specific scenarios, but how many of us here are actually using newer Lenovo laptops with this feature? I'm on a W540 with latest UEFI (2.27), very similar to the W541 (2.21) used in the research paper. Maybe this is actually something Lenovo could fix with an update.
I think the key point here is that eDrive is vulnerable to attack in certain specific circumstances, usually related to sleep mode, and both Microsoft and Lenovo are trying to solve it without thorough testing, resulting in this bug.
Bitlocker team, can you please post a few thoughts here about what is causing this and any progress towards a patch?
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
For now, try setting your system to hibernate instead of sleep. To see if this will work on your system, hold the windows key, press r, and type "shutdown -h" (no quotes) and click "OK" to hibernate your system. If it wakes without crashing, the following instructions will make that the default behavior for the various ways your system will transition to sleep.
Right click on your start button, choose "power options" then "change plan settings" for your active power plan. Make sure that "put computer to sleep" is set to "never" for both battery and AC power. Then, click "change advanced power settings" and change all of the options under "Power buttons and lid" to "hibernate". Similarly, you may want to change "Sleep > Hibernate after > on battery" to a shorter time (15-45 minutes).
I'm talking with the bitlocker team to get an official response, but I did find that hibernate has been an effective workaround on my systems.
Hibernate helps, and if I only have my OS drive (C:) eDrive encrypted, this workaround would be satisfactory. However, when I have a second data drive (D:) also eDrive encrypted, upon wake from hibernation, that drive no longer works properly. I can access the root of D: for a while, but not the subdirectories. When attempting to do so, it eventually errors out with a message along the lines of "D:\ is not accessible. The request could not be performed because of an I/O device error." Eventually, the same happens when I try to access the root of D:.
Turning off Bitlocker on D: resolves the hibernate issue.
Both drives are SSDs with hardware encryption. C: is a Samsung 850 EVO, D: is a Crucial M500.
- Edited by CliffLee Saturday, August 27, 2016 1:42 AM Fix drive letter typo
------------------------------------
Reply:
Exactly the same problem here. This issue was driving me totally nuts since build 14903 I think - I disabled all all internal devices via BIOS, upgraded all drivers and did numerous clean install.
Today, after the updates from 23rd appeared for 1607 I gave it one more try and still the same issue - curiously I never thought of Bitlocker being the issues, BUT THATS IT!!!
Device:
HP 1040 G3So what now Microsoft?
------------------------------------
Reply:
Same issue here, too :(
After upgrading to Win10 1607 sleep mode doesn't work anymore.
Win 10 1607
TPM 1.2
BitLocker w/ Startup Pin
Samsung EVO 850 1TB usinng eDrive
When waking up the device from sleep the lockscreen show up and the mouse can be moved, but nothing else works. No reaction to clicks, nothing. So I need to hard power off to get my PC working again.
------------------------------------
Reply:
This bug appeared from me on a Lenovo T440P with a Crucial MX100 in mid-July on 2nd last insider build before release (I think). I even posted the issue in the feedback hub :) I have since changed to a Lenovo T460P with a Samsung 850Pro but still have the same issue.
- Edited by M Friedy Saturday, August 27, 2016 3:40 PM
------------------------------------
Reply:
Hi grafc, can you check your system log to see if there are any errors piling up immediately after waking from sleep when your access is "slow"?
Sorry for late Reply.
After waking up, I have dozens of Errors 153 and some Errors 140. (translated from german as follows):
Error 153: (disk)
EventData
The E/A-Event at Logical block adress "0x5b7590" (changes every message) for device "0" (PDO-Name: \Device\00000037) was repeated.
Details:
| \Device\Harddisk0\DR0 |
| 0x6011a8 |
| 0 |
| \Device\00000037 |
| 0F01180004004000000000009900048000000000000000000000000000000000000000000000000000020228F0000B000000000B00000000000000000000762D |
Error 140 (Ntfs (Microsoft-Windows-Ntfs)):
The data could not ne moved into the Transaction protocol. The data might be corrupted: Volume-ID: "D:", Device Name: "\Device\HarddiskVolume1".
(The E/A-Device sent an E/A-Error).
------------------------------------
Reply:
Me too ...Samsung 850 pro 1 tb with edrive and bitlocker in hardware encryption...tried everything...drivers, clean installation ect! nothing works for the moment
I shut down the computer and that's all
Waiting Microsoft for an updated driver!
------------------------------------
Reply:
Latest update KB3176938 brings Windows 10 1607 to Build 14393.105.
Still the same issue.
Color management is totally broken. Random freezes occur in Windows Explorer.
I wonder if the whole Microsoft QA has gone on vacation.
------------------------------------
Reply:
Latest update KB3176938 brings Windows 10 1607 to Build 14393.105.
Still the same issue.
Color management is totally broken. Random freezes occur in Windows Explorer.
I wonder if the whole Microsoft QA has gone on vacation.
Likewise, no fix here.
I thought the QA department was replaced by "Windows as a Service"...
Seriously...how does something like this go unnoticed...
------------------------------------
Reply:
I'm having the same general problem. After Anniversary update (1607) was installed the lock screen becomes unresponsive after waking from sleep. The computer itself wakes, which I can see from activity of the power and hard drive lights, but I am unable log back in. The sign-in box never appears. The only thing to do is reboot. Login after a reboot works fine, and Login after a sign-out works fine as well.
My system configuration is:
Asus Q87M-e motherboard
Crucial M500 SSD (eDrive)
Microsoft AHCI drivers
I tried installing the latest Intel AHCI drivers to see if that would fix it but all it did was render my computer inoperable. After reboot Windows went into automatic repair mode and kept looping with no way out.
At the time of the lock screen freeze I find entries in the event log from the Enhanced Storage subsystem saying that A TCG Command has returned an error (events 10, 12, 13, and 100).
The problem does not occur when Bitlocker is turned off. I have not tried the Hibernate workaround. The latest (8-31) updates to 1607 do not fix the problem either.
I spent over 6 hours on the phone with Microsoft tech support over the last three days talking with 4 different technician. Two at level 1, one at level 2, and then one at level 3. The last one said he would research this issue, consult the Bitlocker team, and get back to me by Wednesday.
Unfortunately, with all my experimenting I have rendered Bitlocker unable to reactive hardware encryption on my eDrive, it always wants to run software encryption now. I have found that you can force hardware encryption on the operating system drive through gpedit by enabling the following setting:
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption
Configure use of hardware-based encryption for operating system drives
With this enabled Bitlocker will not proceed with software encryption. It will simply inform you that hardware encryption is not available for your drive. This will save you the steps of saving the keys and then cancelling when you see it's going to do software encryption.
Another useful command I've found is "Manage-bde -status" run from an administrative command prompt. It will report what type of encryption, if any, is being used on your drives.
------------------------------------
Reply:
It sounds like during your experiments you got your drive into eDrive mode and then tried to reinstall Windows or reactivate it with a new key. This isn't possible without first doing a PSID reset on the drive to put it back into eDrive-ready mode. I think Crucial Storage Executive will let you do this, but it might need to be a secondary drive in another computer, or boot from USB. And of course you will lose all data on the drive after the reset.
Meanwhile, it's over a month since this thread started and Microsoft hasn't even acknowledged this bug. Pretty different to Apple's recent 10-day turnaround from disclosure to public patch.
------------------------------------
Reply:
I have the exact same problem. I have:
Lenovo T540p
Samsung 850 Evo 1TB (BitLocker on, hardware encryption)
Windows 10 Education 1607
I was trying to troubleshoot this problem with an Answer Tech before just reverting to the previous build. In the process, the Answer Tech (while remoting into my system) deleted all my temporary files or something else that prevents me from going back to the previous build. Guess I'm stuck here until something changes. Thanks for the tip to use hibernate instead of sleep... it worked for me.
------------------------------------
Reply:
I too am seeing some supreme weirdness on my Bitlocker setup. I originally had three volumes, all encrypted. A SSD w/ eDrive and two plain HDD's. After the latest update, I noticed that the Bitlocker Drive Encryption menu was missing from Control Panel. I couldn't launch the GUI at all. If I searched "Manage Bitlocker" from the start menu it would appear, but nothing happened when I clicked it.
Also, automatic unlocking of drives stopped working as well.
I could still work with volumes using manage-bde from command line. However, for whatever reason, manage-bde -status would NOT report my C: drive as being encrypted. In fact, it wouldn't report a status on that drive at all. I could only see the HDD's.
Strangely enough, If I rebooted into Bitlocker recovery, I could see ALL volumes with manage-bde. As such, this was my only opportunity to disable Bitlocker on my C: drive so I did so.
After getting Bitlocker turned off I rebooted and...voila...the Bitlocker Drive Encryption menu makes a triumphant return to the Control Panel.
I did some further testing by clearing the TPM and starting completely over, but it makes no difference... the Bitlocker Drive Encryption menu completely disappears as soon as I enable Bitlocker on my SSD.
As such, I'm just leaving all of my volumes decrypted for the time being.
------------------------------------
Reply:
Unfortunately, with all my experimenting I have rendered Bitlocker unable to reactive hardware encryption on my eDrive, it always wants to run software encryption now.
Try either doing a system restore to before you installed the AHCI driver or roll them back to the Microsoft provided one. I ran into this problem too using the Intel drivers. Whats weird is even though Windows reports BitLocker is off it is actually still on. You can verify this by putting your drive into another system. There is a discussion about this bug over on Intel forums located here:
https://communities.intel.com/thread/77885
(credit to strophy for linking to that thread)
And w123dal, the symptoms you describe could be this same issue as well.
- Edited by Microbolt Friday, September 9, 2016 1:53 PM
------------------------------------
Reply:
Unfortunately for me, I can't system restore back to that point. It fails for whatever reason. However, I can confirm that RST is NOT installed at the moment. I am using the standard AHCI driver.
And w123dal, the symptoms you describe could be this same issue as well.
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
[A]wesome you managed to get phone support! Please update us here on Wednesday...
It sounds like during your experiments you got your drive into eDrive mode and then tried to reinstall Windows or reactivate it with a new key. This isn't possible without first doing a PSID reset on the drive to put it back into eDrive-ready mode. I think Crucial Storage Executive will let you do this, but it might need to be a secondary drive in another computer, or boot from USB. And of course you will lose all data on the drive after the reset.
The Microsoft "Support Escalation Engineer" called me back on Wednesday as promised, but he didn't have any new developments for me. We did confirm, however, that hibernate works normally and that if Bitlocker is turned off the system no longer freezes at the lock screen. He is apparently communicating all of this to the Bitlocker team. And I sent him a link to this discussion thread. I apologize for not responding sooner but I had other issues to deal with.
As far as doing a fresh install of Windows to an eDrive, my experience using a Crucial M500 SSD is that all you need to do is a DiskPart Clean for the edrive to be recognized and hardware encryption to be enabled. To confirm this I recently did a fresh install of the 1607 (Anniversary Edition) ISO to my Crucial SSD and everything worked normally with hardware encryption enabled. The only problem was that waking from sleep would freeze the machine.
The interesting thing I learned from doing this test is that when restoring the C: drive (the Crucial M500 SSD mentioned above) from a system image backup (made using the "Backup and Restore (Windows 7)" Control Panel tool) the eDrive functionality would no longer be enableable, Bitlocker would only do software encryption. I wonder if this phenomenon is related to the "wake from sleep" bug?
I tried clearing my TPM and then let Bitlocker reassert ownership of it, which all worked successfully, but even then it still would not allow hardware encryption. My system image backups made before the Anniversary Update will likewise no longer enable hardware encryption once they are restored. Do you think this is by design, so that system images can no longer be deployed to new hardware (a replacement eDrive) but require a fresh install of Windows?
------------------------------------
Reply:
------------------------------------
Reply:
Looks like update KB3189866 has fixed this - well waking from sleep is working, still testing.Resuming from sleep also looks to be working for me! Thanks all for the help.
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
Glad it worked :)
I've enabled hw encryption on mine too but had to reinstall windows with diskpart clean before install.
------------------------------------
Reply:
The KB3189866 update fixed my sleep/login issues as well.
However, the system image restore problem which I mentioned above still remains. Bitlocker will not re-enable hardware encryption after successfully restoring a system image to an SSD eDrive. So even though Windows 10 Anniversary Edition hardware encryption/sleep/login is now working again, I have no way of restoring my previously backed up system to a hardware encrypted state!
I have written up my testing experiences and procedure for reproducing this problem as a new thread here: Hardware encryption is not enableable after a system image backup is restored
------------------------------------
Reply:
------------------------------------
SQL server instance for reporting service is blank in SCOM 2012 R2
Hi Techies,
I have 2 sql servers with version 2014 and I have created alwaysOn high availability group for the 2 sql servers. Now, I am trying to install SCOM 2012 R2 (Management server, Operation console and web console), I am giving the listener name as database. Operations manager and operations manager data-warehouse databases are showing in sql server. However, when I am trying to install reporting server, the field SQL server instance for reporting service is showing blank.
Do I need to install the reporting server in SQL server or SCOM 2012 R2? To check, I have installed SQL server in SCOM 2012 R2 and tried to install reporting server, but still facing the same issue. I have configured reporting services properly.
Kindly Advise.
Thanks in Advance.
Harsha
Harsha
Reply:
Does this SQL server hosts a database for SCCM or any other System Center tool? in that case you will have to use a new instance of SQL.
Also please confirm once if SQL 2014 and the version that you have is supported by SCOM 2012 R2.
Thanks, S K Agrawal
- Edited by S K Agrawal Friday, September 23, 2016 2:27 PM
------------------------------------
Reply:
Harsha
------------------------------------
Reply:
- Edited by Harshavardhan Reddy Inukollu Saturday, September 24, 2016 10:45 AM
------------------------------------
divsion
y do i get banned but i report nothing gets done them bc they report me all time and i seeothers that i report is still playing and chatting
- Moved by litdev Saturday, September 24, 2016 7:31 AM
problem with music filles
Reply:
That's a DRM issue.
S.Sengupta, Windows Insider MVP
------------------------------------
Disable digital driver signature in Windows 7 Home Premium x64
Thank you for care
Absolutely I face problem with driver signature after formatting my laptop on the same edition of Windows 7 Home Premium x64, the problem is Windows fails to verify the signature of MT65xx Preloader driver!
It was working fine before formatting and I only face this problem after format, but in the last time before formatting, I installed updates from Windows Update, so this time I can't install any update because of Windows Update is keep searching and doesn't give any update list...
Some one here said: install singed driver or try sign driver yourself, I say: I work on Boxes and Service Tools for mobile phone, required to install unsigned drivers to work those stuff properly!
Another thing, I can't switch to any other version of Windows 7 because I purchased this edition and I need Home Premium for my work
I tried all the mentioned solution and recommendations and nothing solved my issue
Any suggestion will be so much appreciated
Thank you
Reply:
To turn OFF the Digital signature go through the following steps:-
1. Open the Command Prompt window and then Right clicking Command Prompt and select
"Run as Administrator".
2. On the Command Prompt type in the command "Bcdedit.exe /set nointegritychecks ON" without the quotes.
This will disable the Digital Signature.
S.Sengupta, Windows Insider MVP
------------------------------------
Windows 7 sp1 update
I am using Samsung NP300E5X-A0BIN windows 7 sp1.
I am getting notification of window could not check for update automatically (important)
My set-up for update already set as recommended Install update automatically.
But when i manually check for update, an error code appears as (window could not search for new update error code 80070002)
Please help in solving this issue.
Reply:
Kindly go through the following KB article:
https://support.microsoft.com/en-us/kb/971058
S.Sengupta, Windows Insider MVP
------------------------------------
windows update fail
what is this update cant find it through the troubleshoots...
"WindowsUpdate_0000064C" "WindowsUpdate_dt000"
thanks in advance
Reply:
kindly go through the following KB article:
How do I reset Windows Update components?
S.Sengupta, Windows Insider MVP
------------------------------------
windows 10 account issues
Hi, running windows 10 64 bit and got the anniversary update and updated last Friday, now, got a notification saying my Microsoft account needs to be fixed, and so went to settings, and now getting this message, and get an error message when try to reset pin, have got a local account, no password, just auto login, so want to change to the Microsoft account, can do that via the web, but not within windows 10. Asked disability answerdesk and they could not remote in, because my internet connection is so slow, that's another story, and so, will paste the message below. Did a sfc scan now, and reported nothing, did a restore health and said everything was fine. So then when I click on forgotten pin, it takes forever, then get something went wrong and a close button. Short of having to reinstall windows, which I don't want to, as a blind person, so, any ideas, did contact Microsoft support, they put me to the windows 10 forum, for Microsoft, which I posted, and still waiting for an answer. Any one had this issue before, got a Toshiba satellite pro c-50-a pcag: k : 00 : 004 machine, and got the latest windows 10 updates.
So any ideas.
Marvin from Adelaide, Australia.
Ps: use jaws for windows and nvda. Marvin.
Making sure it's you For security, an application needs to verify your identity. The dictionary attack mitigation is triggered and the provided authorization was ignored by the provider. I forgot my PIN Link
Hi, running windows 10 64 bit and got the anniversary update and updated last Friday, now, got a notification saying my Microsoft account needs to be fixed, and so went to settings, and now getting this message, and get an error message when try to reset pin, have got a local account, no password, just auto login, so want to change to the Microsoft account, can do that via the web, but not within windows 10. Asked disability answerdesk and they could not remote in, because my internet connection is so slow, that's another story, and so, will paste the message below. Did a sfc scan now, and reported nothing, did a restore health and said everything was fine. So then when I click on forgotten pin, it takes forever, then get something went wrong and a close button. Short of having to reinstall windows, which I don't want to, as a blind person, so, any ideas, did contact Microsoft support, they put me to the windows 10 forum, for Microsoft, which I posted, and still waiting for an answer. Any one had this issue before, got a Toshiba satellite pro c-50-a pcag: k : 00 : 004 machine, and got the latest windows 10 updates.
So any ideas.
Marvin from Adelaide, Australia.
Ps: use jaws for windows and nvda. Marvin.
Making sure it's you For security, an application needs to verify your identity. The dictionary attack mitigation is triggered and the provided authorization was ignored by the provider. I forgot my PIN Link
http://startrekcafe.stevesdomain.net http://groups.yahoo.com/groups/JawsOz
Reply:
I am having a similar issue, but there is not additional warning about a Dictionary attack. Everytime I use my computer, this pops up... If I hit cancel nothing happens. What is most suspicious to me is the lack of an application name.
-BY
------------------------------------
Remove “NT authority authenticated and NT authority interactive” groups members from all local computer users group
I am looking for a Powershell script or GPO to remove "NT authority authenticated and NT authority interactive" groups members from all local computer users group.
Thanks in advance for your help.
- Changed type Bill_Stewart Monday, October 31, 2016 6:15 PM
- Moved by Bill_Stewart Monday, October 31, 2016 6:16 PM User should not be doing this
Reply:
------------------------------------
Reply:
First, as Mike pointed out, this is not the place to ask others to write scripts for you. There is a script request page for requests.
Second, as an aside, I would not recommend removing S-1-5-4 (NT AUTHORITY\INTERACTIVE) and S-1-5-11 (NT AUTHORITY\Authenticated Users) from the local Users group.
-- Bill Stewart [Bill_Stewart]
------------------------------------
NOTEPAD TEXT DOCUMENTS DISAPPEARED FROM DESKTOP
Hi
Don't know if this is the right place to ask but ...i had two document texts saved on my win8.1 desktop and today they didn't show up anymore .System restore didn't do anything.
Any suggestions?
Tnx in advance.
Language packs installation error
Hello,
I can't install language packs for Russian, English (US) and Turkmen on my Windows 10 machine which is of the following details:
Version 1607
Windows 10 Build: 14393.0
System type: 64-bit operating system, x64-bazed processor
No Wi-Fi, modem broadband connection is set to 'Unrestricted'.
Looked through many posts and it seems that the problem is not at my end.
All mentioned LPs are available for download; error message pops up a moment I start the download. Anyone who had the same problems and solved them, please advise.
No comments:
Post a Comment