Monthly Archives: July 2014

Are you using the wrong Salt?

Not on your hot chips, but in your Active Directory environment. Server 2003 was a very robust and long living operating system. The trouble is, next year W2K3 support disappears . The latest version is of course Server 2012 R2, and it’s this huge gap of 11 years that is causing some issues as people migrate from Domain Controllers running W2K3 to Server 2012 R2. At the heart of it is the “salt” used:

“The Kerberos client depends on a “salt” from the KDC in order to create the AES keys on the client side. These AES keys are used to hash the password that the user enters on the client, and protect it in transit over the wire so that it can’t be intercepted and decrypted. The “salt” refers to information that is fed into the algorithm used to generate the keys, so that the KDC is able to verify the password hash and issue tickets to the user.

When a Windows 2012 R2 DC is promoted in an environment where Windows 2003 DCs are present, there is a mismatch in the encryption types that are supported on the KDCs and used for salting. Windows Server 2003 DCs do not support AES and Windows Server 2012 R2 DCs don’t support DES for salting.”

Fascinating! Read the full article on the ASKDS TechNet Blog


get IT right




Leave a comment

Filed under Uncategorized

SCCM R2 Cumulative Update 2

was released last month, 24th June. As I’m teaching the 10747 course this week, I thought I’d better refresh myself with what’s in the update. Interesting reading, in fact, a *must* read for those running ConfigMan.

Something I tend to emphasise during the course is the use of options when deploying the SCCM Client, in particular the smscachesize= option. We discuss HDD size, amount of RAM, size of the students SOE, and the size of the largest applications they plan on deploying. As a reminder, the default cache size is set to 5120MB; too small, in my mind, for todays beefy applications, especially if you want to persist content in the cache. I normally suggest 10240MB as a starting point.

The KB article, 2970177, points out a very interesting “undocumented software feature” (well, undocumented until now) about cache size: “If the maximum size of the Configuration Manager client cache is exceeded by a software update package, the cache continues to increase beyond its specified limit.” Interesting, to put it mildly. So, check the cache on selected clients and see if you need this Update.

Also, to assist you managing your ConfigMan environment, Microsoft have released:

System Center 2012 Configuration Manager Servicing Extension has been released to the Configuration Manager Open Beta community! You can download the Beta here:

System Center 2012 Configuration Manager Servicing Extension provides useful information for maintaining a Configuration Manager environment. Servicing Extension provides the following capabilities:

  • Notifies you of Configuration Manager updates as they become available, with the ability to filter updates according to which major release they apply to
  • Provides details on the sites in your environment, including the last major Configuration Manager version installed and the most recently installed Cumulative Update
  • Provides a list of Configuration Manager client versions that may be present in your environment, and makes it easy to create queries to locate these clients
  • Provides a built-in RSS reader to display recent blog postings from the System Center Configuration Manager Team Blog and The Configuration Manager Support Team Blog

get IT right


Leave a comment

Filed under SCCM 2012 R2