Tuesday, April 5, 2016

Dell, Broadcom and Virtual Machine Queues

We work with Dell servers and they come with Broadcom network cards. In general they work well, but they have an issue when being used as Hyper-V hosts. Virtual machine queues which in theory improve performance end up bogging down networking.

Symptoms we've seen:
  • Slow file copying to/from VMs over the network.
  • Dropped network connection for entire host that is fixed by reboot.
In both cases the fix is to disable virtual machine queues (VMQ). We had been doing it in the properties of the physical network on the Hyper-V host. However, we were recently having issues with a host and that option wasn't in the interface provided by the driver.

Some blogs were referring to using registry edits to disable it. However, a faster and easier way in Windows Server 2012 R2 (maybe also Windows Server 2012, but I haven't verified) is by using Windows PowerShell.

To view the VMQ status of your network adapters:

To disable VMQ for all adapters:
Get-NetAdapterVmq | Disable-NetAdapterVmq

Sunday, April 3, 2016

Windows 10 BitLocker

I normally focus on troubleshooting with my blog posts, but this one is an exception. I wrote up a section for course manual on BitLocker in Windows 10 that includes a couple of short activities enabling BitLocker. However, I'm concerned that that activities could take an extended period of time. So, this blog post is providing screenshots of what those activities look like.

Before I start with the steps, I was pleasantly surprised that I was easily able to get BitLocker going in a VM without doing anything goofy. Once upon a time, to get BitLocker going, we needed to use a virtual floppy to store the startup key. There is now an option to use a password instead. I haven't looked at this in a while and this is probably not a new option. I'm going to guess that Windows 8.1 at least probably had the same.

There are three nice things about a startup password for BitLocker:
  • You don't need a TPM in your computer to make it work. Many computers don't have a TPM so that requirement is a deal breaker for many people.
  • You don't need a USB key to startup. Before, the alternative to a TPM was a USB key with the startup key. The idea that I needed to keep a USB key with my laptop seemed inherently fragile.
  • The behavior mimics what other drive encryption products do. Many other full drive encryption products require a password to startup the system. Users that are used to this process like to continue using it.
With no further ado, here are the screenshots...

Enabling BitLocker in Windows 10

Turn on Bitlocker

Select an unlock method

Enter the password to unlock the drive

Save the key to a location that is not the drive being encrypted.

In my VM, I printed using the built in PDF printer since the VM only had the C: drive.
I'm not planning to access this drive from anything but Windows 10 build 1511 or later. So, new encryption mode was good.

Click Continue to make it so.

After a reboot, enter the password to startup

Check encryption status with manage-bde.exe

Testing BitLocker Recovery with a Recovery Key

On the BitLocker startup screen press Esc to access BitLocker recovery

Enter the recovery key from the PDF (you printed that before you got to this point right?)

Once you're in you can change the password or turn off BitLocker