Disable SMB1

In light of the recent details of SMBv1 being incredibly vulnerable  to attacks, it’d be a good idea to make sure that SMBv1 is disabled on your systems. There isn’t much reason to leave it enabled, it was deprecated in Windows Vista/Server 2k8, and unless you have an old NAS that requires SMBv1, you should be able to disable it without any harm.

The other benefit of disabling SMBv1, is that it forces your systems to use SMBv2 or v3, which perform better.

So, let’s go through how to disable it quickly and easily.

For Windows 8.1 and above, as well as Windows Server 2012 R2 and above, it’s just a simple PowerShell command.

To run Powershell as an Admin, please do the following:

  1. Click on Start
  2. Type in “Powershell” without the quotes
  3. Right click on “Powershell” and click run as administrator. Do not run Powershell ISE
  4. Click on “Allow” if a prompt comes up

Server2k12R2+

Open a PowerShell window as Admin

Remove-WindowsFeature FS-SMB1

If all goes well, you’ll get a message saying it was successful.

Win8.1+

Open a PowerShell window as Admin

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

You’ll get a message saying that it has succeeded.

For the remaining versions of Windows, the commands are a little different.

Win8/Server2k12

Open PowerShell window as Admin

Set-SmbServerConfiguration -EnableSMB1Protocol $false

Windows Vista/7/Server 2k8/2k8R2

Open PowerShell window as Admin

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

Then restart the computer

Disabling SMBv1 is simple, quick, and highly important both from a security standpoint and a performance standpoint.

On Random Yet Consistently Timed Crashes

The past few weeks, I’ve been dealing with hard crashes on my Hyper-V server. They all happened at around the same time. Essentially, the VM would stop responding to any services past pings. If I try to use the Hyper-V console to bring it up, it would just crash. If I tried to reboot or stop the VM it would crash the host.

So, I went through the event logs on the host, and came across a bunch of errors on my Highpoint 2720 controller relating to ports not responding and driver not responding. I have a scheduled drive pair verify that was running around the time of the crash, so I assumed that there may be a chance that I had an issue with the drives on the pair.

I ran a full drive scan on the two drive pairs, and both succeeded without errors, nor were there any crashes. After that, I ran a drive pair validate, but at a different time of the day. This one succeeded as well.

Feeling thoroughly confused, I went through the event logs again, and came across an error in the host log that also coincided with the same timestamps. This error was sourced from my PCIe network card, so at that point, I start trying to figure out what could cause two PCIe cards to stop responding at the same time.

I got through the logs on the VM again, and notice some errors with the ID 129 but no details given due to a missing component. I do some Googling, and find an ancient MS forum post about this error. It was traced to an issue with VSS and similar issues with crashing VMs.

I then remember that I had a Windows Server Backup running on the VM around the same time that this was running. Disabled that, and suddenly the crashes stop.

Whoops.

Multi-system Lightroom

I’ve been doing photography for years. And, for years, I’ve been using Adobe Lightroom to manage and edit my photos. With the advent of the photographer’s plan and the two-system allowance, I’ve been able to get Photoshop as well, for a low monthly cost.

However, one feature that’s always been missing is catalog sync between systems. While some people will throw the catalog on a network share, and use it from there, I’ve never been comfortable with doing that due to corruption concerns.

Historically, I’ve just used RDP from my tablet or laptop to get to my desktop where I have Lightroom installed. There are some disadvantages to this method. For starters, if my connection dips for any reason, or if RDP decides to throttle my connection, I’ll end up with artifacts as well as a reduced color depth. It also, even at its best, feels less responsive. And, with Lightroom not being the fastest program, these negatives effects are compounded by RDP.

This solution was a two-part solution. First part was to get my 1 TB of photos to a faster, more central location than my desktop hard drive. I have a homeserver with a large RAID10 array. Thanks to dual NICs, I’ve got the network bandwidth to spare, and RAID10 is quite a bit faster than my local hard drive. RAID also lets me lose a drive without having total downtime until I can replace a drive and restore from Crashplan.

So, I fired up Lightroom, and added the share for the drive to my folder list. I then moved a few folders over for testing from my desktop. I decided that if the speed was similar between desktop and server, that there would be no harm in just moving everything before trying the sync. After doing a few tests, I couldn’t really see a difference so I started moving the rest of the photos. I did the photo moving from Lightroom so it’d keep all the data, rather than moving in Explorer and reimporting. It took a little longer, but I feel that it was worth it.

It was at this point that I remembered that I had photos in a second location. Since Lightroom is so sluggish, I have a secondary SSD where I keep photos that I’m actively working on. When I’m done with them, I move them back to the main photo location for storage. I didn’t want to lose access to these photos when I’m working on my laptop, so I set up some mapped network drives to keep everything straight. Luckily, I don’t have drive letter mixing between my laptop and desktop, so it was a quick fix.

Finally, it was time to set up the sync. I used allwaysync, since I wanted to capture the previews as well, and it seems to handle massive syncs better than some of the other tools I’ve used. Once I set it up to sync my lightroom folder to my laptop, and it finished running (It took forever due to there being over 100k small files), it was time to test.

I opened the catalog on my laptop, and all my previews, presets, and filters were right there. To test, I did some edits and browsed through some folders. Even with DNG/CR2 files, there wasn’t any extra lag as compared to running from my desktop. I’m doing this testing on an Asus Ultrabook (16gb ram/I7) running on AC wifi.

All in all, I’m quite satisfied with the performance, and I think that this will make photo editing a lot more mobile. For example, if I’m traveling, all I need to do is move a folder to my laptop via lightroom, and sync up when I get back. Or, I can import some files to my laptop while on a shoot to do in the field edits, and then sync back when I’m home.

Rosewill RNG-407-Dualv2 Thoughts

A few weeks ago, I picked up a Rosewill RNG-407-Dualv2 for my home server. It’s a dual gigabit NIC, that Amazon had for less than $40. Thanks to Hyper-V and an Ubiquiti managed switch, I was able to quickly set up port channel, which gave me some extra speed on network operation, as well as separating my VI network traffic from my management traffic.

Since they were so affordable, I decided to pick one up for my desktop as well. My desktop runs Windows 10 Pro, with Hyper-V. I figured I’d set it up the opposite way from server, with the desktop getting the port channel 2 gbps connection, and my VM’s getting my existing onboard 1 gbps connection. Little did I know that this was going to be a bit more of a hassle.

As any decent IT guy would do, I tossed aside the provided driver CD, and jumped online to grab the latest drivers. And then the fun started.

Rosewill’s drivers installed as expected and I suddenly had two LAN interfaces as expected. However, Microsoft does not support teaming in Windows 10 natively. That was probably something I should have investigated before buying this, but what’s a home tech project that doesn’t have a few surprises?

I did some checking on Rosewill’s site, however, it was sparse on details and instructions. There was a diagnostic driver that had a folder called teaming, however attempting to install it was blocked by Windows due to incompatibilities.

At this point, I was starting to get concerned, so I decided to check with the chipset manufacturer and see what generic drivers they had. Fortunately, the network chip is a Realtek product, so they had several driver options on their website.

I download the latest Windows 10 drivers, and install. They are more recent than the Rosewill ones, so I had high initial hopes for them. Alas, there was still no way to configure teaming from the driver side.

Realtek had a diagnostic driver, so I attempted an install of that. Everything seemed great. Network cards showed up in network devices with Realtek Teaming driver, and no alerts anywhere. So, I fire up the Realtek Diagnostic Tool, and it fails with a protocol error. I do some Googling, and turn up an old driver on AsRock’s site of all places that claims teaming abilities.

Deciding that I have nothing left to lose, I download and install the driver pack. I try to load the teaming utility, and it comes right up. I am then able to set up network teaming through the rather archaic looking utility. After a quick port channel config on the switch, I’m able to get connected.

As a test, I start copying some large files to two separate systems to maximize speed. Right away, I hit 1.5gbps, which is exactly what I want to see.

For now, I’m satisfied, however, I suspect I’ll be trying the Realtek Diagnostic drivers again, since I’m not sure why those wouldn’t work, but an older AsRock driver for Realtek would.

NPVR Review

I run a PC-based DVR with some SiliconDust HDHomeRun Prime tuners. Historically, I’ve used Windows Media Center, as it was painless to use, and had a robust 10 FT interface as well as an excellent TV guide. However, when Microsoft announced that it was going to be a paid addon for Windows 8, I saw the writing on the wall, and started researching other alternatives.

I ended up with NVPR, after testing a lot of the other Windows based solutions, such as MediaPortal and ForTheRecord (which I believe is now Argus). NPVR seemed to have the easiest guide setup and the most stable recording out of those three. The only issue that I’ve had with NPVR, and it’s the same as all non-MCE options, is that it doesn’t support DRM recordings. So, depending on your cable provider, this may not be that useful. However, for cablecard copy-freely channels as well as clearqam/antenna channels, it’s a great choice.

NPVR is free, supports some scripting to handle guide and recording handling, and is rock solid stable. Let’s go through what features it offers.

We’ll start with the guide functionality, since that is where a DVR program lives and dies. Fortunately, NPVR supports both MC2XML as well as SchedulesDirect. I decided to pay the $25 a month to get SchedulesDirect. It’s easy to setup and update, and quite accurate. When you open the guide, it shows a (configurable) timespan and all the shows that are airing.

Recording options are quite robust, with the basic “Record Once”, “Record All New” and “Record All”, as well as more advanced options like “Record all at this time slot” or “Record on these days”. Files are saved as TS files with an XML sidecar for metadata. While some may prefer a compressed file to save space, having the raw TS files gives a lot of options, particularly if you want to strip commercials or re-encode to your standard format. There are script hooks in the scripts directory that let you run postprocessing scripts to move files, or reencode, or whatever else you’d like.

Live TV and playback work well, although it’s not on par with MCE, or even the more recent releases of the SiliconDust TV App that support DRM channels. At this point, I either use the SiliconDust TV app on my computer, or the cable provider box for live TV.

Beyond that, it also has a strong web interface that supports much larger channel displays, as well as a robust search and record function. Definitely helpful for those days that I’m out of town and want to quick double check whether or not I’ve got my shows recording.

It also has a good community, and regular updates, as well as some plugin support. One plugin that I highly recommend is GuidePlus [site link]. It will automatically update the guide listings for shows that you have set to record with season/episode details, as well as renaming the files with the same info. It makes it quite easy to see whether or not you’ve seen an episode or not.

All in all, NPVR is the best DVR product on PC that I’ve tested. At some point, I’ll do a comparison with PLEX and SiliconDust’s beta DVR product.

PRTG HDHomeRun Plugin

I use SiliconDust’s HDHomerun Primes for my DVR needs at home. The prime model lets you connect a cablecard from your cable provider, and access the full range of channels, and not just the few local channels that come through ClearQAM (assuming you have one of the few providers that even offer those anymore).

As with most cable providers, on top of the cablecard, my provider toss in a tuning adapter that is required to access the full range of channels. That takes what used to be just a single network device in the case of a simple ClearQAM tuner, to a 3 device setup, wherein any failure will cause random channels to fail to complete loss of recording abilities. Tuning adapters in particular are quite fail-happy. I tend to need to restart mine about once or twice a month.

After a particularly bad string of recording/tuning failures, I decided that something needed to be done. I use PRTG’s free license to monitor my home network, so I started looking at that first to see what was needed to write a plugin. Fortunately for me, PRTG plugins can be Powershell, and just need to return a simple XML value in order to handle logging and alerting.

Unfortunately, the HDHomerun devices do not use an accessible API, so I had to go back to the drawing board. I ended up using curl to grab and parse the network page for the site for the details that I wanted to track. Since the pages are simple HTML, results are pulled almost instantly, and I’ve not seen any negative impact from pulling reports every minute.

For starters, I wanted to validate that the tuner was actually responding and serving the page. Why not start with the basics? On the off-chance the page doesn’t respond, it’ll throw an error, and depending on how you have your PRTG set up, you can get an email for that.

Then, working my way down the failure points, I wrote the needed code to track the cablecard status. If the cablecard shows anything but working, it’ll kick back an error. While this is an issue that I’ve only see happen once, it wouldn’t be a complete monitoring solution if I disregarded the risk potential. Unfortunately, this wasn’t one that I wanted to test, since the last time I removed a card, I had to sit on the phone with support so that they could re-pair it with the tuner. That being said, it should work as expected.

The final (and most expected) failure point is the tuning resolver. These boxes have a tendency to just randomly crash or stop responding, causing random channels to not show up or not be found. Frustratingly, in most cases, there aren’t even any LED changes to show that they have failed. Thankfully, the HDHomerun is able to tell when they go down, and the pages will update with failures if it loses contact with them. If the script detects anything wrong, it’ll bounce back a failure, and (if configured), you’ll get an email with failure details.

Deciding to err on the side of overkill, I also added some statistics reporting as well. So the script will monitor the signal strength/quality of each tuner individually, as well the cablecard signal quality/strength. It makes it easier to verify any sort of quality issues, as well as just being an interesting thing to track.

Installation of the script is just a matter of adding it to your plugins directory, and adding a custom/exe sensor in PRTG. It takes three parameters:

-IPAddress

Enter the IP address of the tuner you’re tracking here.

-Prime

Put a 0 if this is a plain tuner, and a 1 if it is a Prime/CableCard tuner

-NumTuners

Put the number of tuners that you have. 2 generally for plain, and 3 for Prime

The script for monitoring the cablecard and tuning resolver statuses is separate from the main script, so make sure you include that one as well.

That script only has the parameter of -IPAddress.

You can download these scripts from Github here.