There’s been quite a bit of coverage over the past few days about a recent announcement from the Chinese government that it will “ban the use of Microsoft’s Windows 8 on its computers” (this quotation comes from Paul Thurrott’s May 20 story from WindowsITPro entitled “China Bans Windows 8 on Governmental Computers“). Reasons for this ban vary according to the source from whence such information originates, and include the following options or alternatives:
1. The government’s own posting on the subject indicates that the ban is in response to a planned move to “energy saving” products, which turns out to mean a home-grown combination of the Linux OS, open source software, and various security enhancements
2. Xinhua, one of the premier Chinese news agencies, reports that the ban is intended “to enhance computer security” in the wake of the end of life (and free support) for Windows XP, of which hundreds of millions of (mostly pirated) copies are in use in China, including in all aspects of government operations
3. On April 22, The Economic Times quoted the deputy director of China’s National Copyright Administration, Yan Xiohong, as saying “Windows 8 is fairly expensive and will increase government procurement costs” but that Chinese authorities are negotiating with MS on this matter. The paper reports further that Windows 8 sells for approximately $142 per license in China at this time.
When combining these various takes on the situation, I find myself wondering if the Chinese government might not be conducting high-stakes price negotiations with Microsoft through the press, while at the same time expressing its pique about the security threats to existing XP installations posed by lack of ongoing support and security updates for that venerable and widely used operating system. On the other hand, it’s also easy to see worries about security backdoors in US information technology products (including software) raised by the ongoing reports from Mr. Snowden. It’s hard to tell if this is a genuine matter of decided policy, or a gambit to ensure a better deal for the hundreds of millions of licenses that the Chinese government might have to buy in the future, if not all of these things at work simultaneously. Interestingly, current reports also indicate that the Chinese government is continuing to buy Windows 7 licenses, at least for the time being. It should be very interesting to see how this all plays out.
For the past couple of weeks rumors have been flying thick and fast that MS will be introducing a new model of the Surface Pro on May 20, 2014, along with the long awaited Surface Mini. I finally picked up some more substantial (though still speculative) “details” about the upcoming release from numerous sources including ZDNet, the Latin Post, and PC Magazine.
No Surface Pro 3 images have leaked yet, so here’s the MS official still for the preceding version.
There are some fascinating elements among the supposed device’s rumored new capabilities, including:
1. Larger screen size: LT indicates 12.9″ at 290 ppi (2,560 x 1,440); other sources put the display around a nominal 12″ and don’t mention resolution
2. A variety of processors form the 14 nm Core “Skylake” family of CPUs, including one i3 model, 2 i5 models, and 2 i7 models with SSD storage of 64 GB, 128 GB, 256 GB, 256 GB, and 512 GB as you climb the performance scale. Memory is 4 GB for the two lowest models, and 8 GB for the three highest ones
3. Price points fall at $799, $999, $1,299, $1,549, and $1,949 likewise ascending the performance scale
4. Wi-fi will reportedly include 802.11 ac coverage on this latest iteration
5. PC Mag reports the concomitant debut of new Type covers for the larger tablet as well (likely accessories for a device designed to do double duty as a laptop/desktop replacement, no doubt)
6. LT speculates battery life of 9 hours for HD video playback, and 15 hours for light-duty surfing and e-mail use. For sure a bigger device provides more room for a bigger battery, but it remains to be seen if this rumor reflects reality or wishful thinking (LT also reported storage up to 1 TB on the Surface Pro 3, and the ultra-high screen resolution; one wonders likewise about such details as well).
But if enough of these rumors turn out to have real substance to back them, I think I may finally find myself willing to plunk down the cash for the lastest Surface Pro model. In fact, what’s reported appears to tick off all the elements from my November 2012 wish list for a business-capable Windows 8 tablet (“Wish List: Windows 8 Tablet Requirements for Business Use,” 11/14/2012). Here’s hoping, then, that the rumors are mostly correct! For the record, I care most about the battery life, next about storage and processing power, and only distantly about Retina-class resolutions.
By Diana Hwang
Microsoft was all about the cloud at this year’s TechEd North America 2014 but IT pros wanted something more down to earth: news and previews about the on-premises System Center Configuration Manager.
This was the first time Microsoft consolidated its annual Microsoft Management Summit (MMS) with TechEd and for many attendees, it was a bit of a letdown.
Even Anderson’s keynote and subsequent demos failed to generate a high level of excitement about the cloud, said an attendee, which set the tone for a much more subdued conference.
Longtime MMS attendees were disappointed at the lack of news surrounding Microsoft’s flagship on-premises System Center Configuration Manger (SCCM).
Instead, the Redmond behemoth focused its attention on encouraging IT pros to move to a hybrid cloud model using Azure, previewing the ability to manage Office 365 using Intune, a new ASP.Net framework and unveiling Azure RemoteApps.
But more importantly, one of the key elements many MMS alumni missed at TechEd was the lack of attention on management topics.
The MMS community represents a more traditional customer and Microsoft wants enterprises to make the shift toward adopting newer cloud technology, said Steven Hosking, a consultant engineer for Vigilant IT based in Australia.
Attendees like JD Young, technology systems engineer for the Tahoma school district in Maple Valley, Washington, said they missed the sense of community surrounding MMS.
That missing feeling has sparked talks of a community-driven MMS conference.
“This would allow a focus on System Center and on-prem solutions, which are still pre-dominant,” said an SCCM administrator for an IT consulting organization based in Massachusetts. “There is a lot of support among MMS alums for this kind of solution. It will be interesting to see where it goes.”
For some seasoned attendees, the classes disappointed.
“Almost every class and everyone is low-key this year,” said one system administrator for a Florida water utility company who requested anonymity, adding many sessions were too general. He did like some SharePoint level 400 classes and technical tips he received from the experts, however.
“It [seemed] disorganized this year,” the system administrator said.
Attendees also wished Microsoft’s new CEO Satya Nadella was the keynote speaker this year to address the IT pro community. Since taking the helm of Microsoft, Nadella has repeatedly voiced his support for IT pros, calling the community the third constituency.
Whether Nadella’s appearance at TechEd might have made a difference for IT pros in how they responded to the conference is “cloudy.” But what is clear is that IT pros still want their on-premises SCCM and they’re looking hard for Microsoft to give them the answers.
Over the past six weeks, Windows watchers have tracked and pondered occasional but vexing issues for some Windows 8.1 users when it comes to applying a key update — namely KB 2919355, originally issued on April 10, then reissued on April 21 or 22 — to their systems. The reason why this particular update matters more than most is that its application is required for Windows 8.1 users to remain able to apply future updates to their systems. To give enterprises time to get ready, MS has also extended the deadline by which time that update MUST be applied to Windows 8 systems until August 12 (that month’s Patch Tuesday) for those who get their updates through Windows Assurance or the Windows Server Update Services (WSUS). Ordinary Windows users were originally given until May 13 to do likewise, but that deadline has now been extended until next month’s Patch Tuesday (June 10).
I’ve already blogged repeatedly on this subject, most recently on May 7 in a post entitled “Continuing Saga of KB2919355 Win81 Update.” In those posts, I’ve also referred to numerous articles from Windows (and MS Office) wizard Woody Leonhard who has himself written repeatedly on this topic for InfoWorld online. Woody’s latest opus on this topic appeared yesterday (May 15), is entitled “Microsoft posts tips for overcoming Windows 8.1 Update KB 2929355 errors,” and goes into considerable detail (with supporting links to a considerable number of resources and details, including MS advice on the topic, along with the most common Windows error codes that affected users are likely to encounter should they experience trouble in getting KB 2919355 to install properly (or at all).
What’s currently missing from the analysis and controversy is a sense of how many Windows users are afflicted with KB 2919355 problems, and what portion of the overall user population they represent. I’ve got 8 Windows 8.1 machines that I maintain (4 desktops, and an equal number of laptops, including three touch-enabled systems) and I haven’t hit serious snags with any of them. Only one of those machines required a reinstallation of KB 2919355 (which concluded successfully following the 4/21 or 22 re-release of that update), and all of them have now made it through the update process without further (or any) difficulties.
Reading through a post on the Microsoft Community forums at answers.Microsoft.com, it’s readily apparent that plenty of people have encountered issues with KB 2919355 (and other, related Windows 8.1 Update components including KB2919422, KB2932046, KB2937592, and KB2938439). In addition, MS has created separate discussion threads for six different error codes, plus the generic error message “We couldn’t complete the updates. Undoing changes. Don’t turn off your computer” as shown here:
If you are receiving the error ‘We couldn’t complete the updates, Undoing changes. Don’t turn off your computer’ please post to this thread found here
If you are receiving Error 0x800F0922 when installing KB 2919355 please post here
If you are receiving Error 0x800F0923 when installing KB 2919355 please post here
If you are receiving Error 0×80070003 when installing KB 2919355 please post here
If you are receiving Error 0×80070005 when installing KB 2919355 please post here
If you are receiving Error 0×80070490 when installing KB 2919355 please post here
If you are receiving Error 0×80073712 when installing KB 2919355 please post here
Preceding italic text comes from Paul Sey’s 5/14/14 post to the MS support forums thread at answers.Microsoft.com.
Some readers of this blog and other coverage of this topic have suggested that the KB 2919355 issues reported here and elsewhere are simply “a tempest in a teapot” and don’t really represent anything serious. I have to disagree, especially for enterprise IT departments faced with deploying the update into carefully managed organizational computing environments. This is just the kind of thing that gives IT pros the heebie-jeebies. The original KB 2919355 forum thread was locked at 103 pages, and another thread on that topic (“KB2919355 (Windows 8.1 Update) Fails…” was likewise capped at 116 pages, so these issues are neither completely out of the ordinary nor easy to solve, either.
I’m going to echo and amplify on Woody’s closing exhortation from his latest article for those who may be encountering issues with KB2919355. First, if you have experienced difficulty that falls into any of the seven categories listed above, follow the respective link to the designated Windows Error code thread provided in the text lifted from Paul Sey’s 5/14/14 forum post above. Second, if your error code isn’t listed there, visit answers.microsoft.com, and search for your error code there. If you can find a thread, post to it; if not, start a new one. Only if the community comes together and chases problems down can they be fixed, and will Microsoft get a complete accounting of unresolved issues still in the wild. This will be necessary to get them to revisit the deadline for applying KB 2919355, both for ordinary users on Windows Update and Microsoft Update, and for enterprise/organization users who get their updates through Software Assurance or WSUS.
[For more news on KB 2919355 from Woody dated 5/16/2014 please visit "Microsoft acknowledges more error, 800700371 and 80071A91, when installing ... KB 2919355." Apparently, the woes continue, and there are still no proven fixes or workarounds available for those suffering from any of the aforecited error codes.]
After much upset and considerable hoopla about potential issues with items in the May 13 Patch Tuesday updates — a considerable collection of 9 separate Security Bulletin IDs in the May 2014 Security Bulletin, that resulted in anywhere from 32 to 35 items in Update History on my various Windows 8.* PCs, and 16-odd items in Update History on Windows 7 machines — installation and subsequent operation seem to be proceeding with nary a hiccup nor complaint from the 10 or so machines in my current stable.
For example, on my primary production machine (an i7-2700K Sandy Bridge build), of the 34 items showing in Update History for 5/13, 16 elements were not related to MS Office — and covered Windows 8.1 itself mostly, with elements for .NET, One Drive, Internet Explorer and Flash, and more — and 18 elements involved security and other updates to Office 2013 or various components thereof. Other machines (which ranged from 32 to 35 elements added in total) showed a similar distribution, with a nearly even split between Office and non-Office elements. Here’s a snapshot of the lengthy list of elements from the aforementioned PC from yesterday:
This time around, there’s a long list of items to ponder from Patch Tuesday (click image for full-size version).
Overall, download size averaged between 900 MB and 1 GB for the various elements involved. With one element optional, and the others all important (more on that next), I elected to download the important elements in a single go, and the optional element in a separate go, which required two reboots to get through the update process completely. On most of my machines, that took about 20 minutes to complete (but YMMV, depending on download speed and how quickly PCs reboot and start up). In fact, a colleague told me that one of her PCs took nearly an hour to chunk all the way through the update process from start to finish.
Interestingly, the item that appears as KB2953522 in the list equates with MS Security Bulletin MS14-029 shows up in the Update History as an “Important” update, but in the May 2014 Security Bulletin it’s listed as “Critical” (Remote Code Execution). I’m not sure what’s going on with this apparent discrepancy, but this is considered a key patching item to avoid known and potential exploits on Windows 8.* PCs (and other current versions of Windows, as it apparently extends to versions of IE from 6 through 11). There had been some speculation that Microsoft would provide an XP patch for this item as well to provide protection beyond the “end of life” date reached last month, but its receives no mention in MS14-029, nor do there seem to be any new “patch bits” available for the now-defunct and unsupported OS through normal channels. Presumably those parties who’ve paid for extended support for XP will have received something, but I’ve seen no news about this so far (MS14-021, which was severe enough to warrant an out-of-band patch released on May 1, 2014, did include XP coverage, however). Larry Seltzer offers some interesting ruminations on this topic late yesterday via ZDNet in a post entitled “Microsoft patches Office, SharePoint and Windows, leaves XP behind” (worth reading). He also covers all the key elements in the latest round of patches and updates.
Thanks to inveterate Windows wizard and toolsmith Sergey Tkachenko, I learned about a new cleanup method for Windows 8.1 Update installs to purge no-longer needed files in the wake of successful update installation (WARNING! If you follow this recipe, you will not be able to roll back from any updates previously installed). By now, almost everybody knows the technique of clicking the “Clean up system files” button in Windows’ Disk Cleanup utility to purge their systems of update files and info in the wake of a Service Pack or similar Windows Updates. This latest take on cleanup uses Microsoft’s Deployment Image Servicing and Management tool, implemented as dism.exe at the command line.
For those who’ve (a) successfully installed KB2919355 and its attendant patches and fixes and (b) are content to go forward under the new Update regime, here’s how to clean up after those updates are applied:
1. Launch an elevated command prompt (there are many ways to do this, but if you type Windows key-X and select Command Prompt (Admin) from the
resulting pop-up menu, that’s about as convenient as it gets in the Windows 8 world).
2. type the following line at the command prompt:
dism /Online /Cleanup-Image /StartComponentCleanup /ResetBase
This command will typically take a few minutes to complete (see following explanation for what it’s doing).
3. Exit command prompt
4. Using File Explorer, delete the contents of the C:\Windows\SoftwareDistribution\Download folder. Because you can’t roll back after the preceding DISM command, there’s no need to keep these files around any more.
What’s Going On in DISM?
According to the TechNet article “DISM Operating System Package Servicing Command-Line Option,” the /Cleanup-Image, /StartComponentCleanup, and /ResetBase options for DISM all fall in the category of switches designed to perform “cleanup or recovery operations on the [Windows] image,” where the /Online option tells DISM to work on the image of Windows 8 that’s currently running. In particular, here’s what’s up with the two final options in the list of DISM arguments:
- /StartComponentCleanup gets rid of any superseded components in the Windows component store (aka the often mysterious WinSXS folder), and thus also reduces the size of the component store itself.
- /ResetBase resets and reorganizes the remaining components in that store, and also helps to reduce the overall size of that component store, essentially by defragmenting its contents and eliminating slack or unused space therein.
The net result can be savings of 1-2 GB in the Windows partition on a typical Windows 8.1 Update install (YMMV in terms of actual numbers). There’s lots more interesting stuff you can do with DISM under the /Cleanup-Image category, so you’ll want to read further in the afore-cited TechNet article to learn more about what’s available to you.
In case you didn’t already know, MS issued a security update in April, 2014 (KB 2919355) that *must* be installed on certain Windows 8.1 systems for them to continue to receive security updates that will be issued starting with next week’s set of “Patch Tuesday” updates (for more info, see my earlier blog posts from 4/8, 4/21, and 5/7). This applies primarily to those systems that receive updates from Windows Update or Microsoft Update, and won’t affect systems that use the Windows Server Update Services like those customarily managed in-house by most larger-scale customers with Microsoft Software Assurance. However, because ongoing issues with KB 2919355 are apparently not yet resolved (Woody Leonhard has written in some detail about what’s going on here for InfoWorld in stories on 5/5 and 5/8) even though enterprise customers have until August to “patch up” to KB 2919355, this situation bears watching.
First up for next Patch Tuesday: a critical IE fix for all supported Windows versions.
What happens to those with KB2919355 problems?
Next week, things are about to get more interesting, as the Advance Notification for Microsoft’s Security Bulletin for May 2014 includes an update rated “Critical” for Internet Explorer on all supported Windows versions (Vista through 8.1 Update 1 on the client side, Server 2003 through 2012 R2 on the server side). This security patch designation virtually mandates its immediate application and raises the interesting issue of what happens to those Windows 8.1 Update installations that experienced KB2919355 issues that stymied its successful application? MS has already said that a failure to install means that subsequent patches won’t be applied, so now it remains to be seen if MS will stick to its guns in light of reports of numerous and serious impediments to successful installation on some Windows 8.1 systems.
Longer term, this also poses the same potential sticking points for enterprise users not yet under the gun to apply KB2919355 immediately, but who must also toe the line by the time the August updates get released. More realistically, given typical enterprise deployment schedules, this “deadline” stretches into November. That’s because many large organizations schedule patches and updates only once-per-quarter update on some designated “update weekend,” often a 3-day weekend, to give IT teams an extra day to cope with potential problems that sometimes arise during such activities whenever possible.
This one’s going to be interesting all the way around, folks, both for those facing the immediate cut-off date next week, as well as for those organizations with Windows 8.1 deployments big enough to fall under the August deadline. Stay tuned for more results and discussion as the situation grinds its way to some kind of conclusion or another.
There’s been quite a bit of flap lately about the Windows 8.1 Update (as in the “quasi service pack”, KB2919355) released in April, 2014. It seems that many systems encounter problems with its installation, not all of which are easily overcome. The problem with the situation is that for those who get their updates from Windows Update or Microsoft Update, its installation is required to keep getting updates from those sources, starting with the upcoming patches for May. Right now, if you look at the update history in a multiply-patched Windows 8.1 machine, you might see something like this:
The 4/22 date indicates that KB2919355 was re-patched, as does history starting over following its re-installation.
On the other hand, a normally patched Windows 8.1 Update system will show an update history that looks like this:
The 4/10 date indicates that KB2919355 needed no fix-ups, as does evidence of history prior to installation.
Why am I telling you this? Because I read a troubling article from Windows-meister Woody Leonhard for InfoWorld this morning. Entitled “Microsoft reissues botched Windows 8.1 Update KB 2919355,” it explains some of the difficulties that the installer used for the update (not the update components themselves) have caused for various Windows users. Other interesting coverage is available from the Windows 8 Forums as well, to follow up on that article.
The upshot is that users who experience difficulties in installing upcoming Windows Updates should turn to Microsoft’s Deployment Image Services and Management command-line tool (dism.exe) to see if it encounters image cleanup problems it can’t fix. Here’s how: run this command at an admin-level command prompt: dism /Online /Cleanup-image /Restorehealth. If it completes correctly, you may have other problems to solve; if it fails with error codes 0X800F081F, 0X80073712, or 0X80071A91 (among others), you have issues with the KB2919355 installer itself. In that case, Windows Update should offer to (re)install 2919355, which fixes most such problems. Otherwise, it may be necessary to roll back to a pre-4/10/2014 backup so you can try again. Sheesh!
In MS-speak, MDOP stands for the Microsoft Desktop Optimization Pack. It’s a collection of tools and facilities that MS makes available to its Software Assurance customers (a category that includes many, if not most, enterprise-class Windows users). Here’s an iconic view of what’s in MDOP, which I’ll follow with some explanations about what’s new and potentially interested in the most recently released version for 2014:
The major elements of MDOP include various virtualization tools, management tools for GPOs and BitLocker, and a peachy Diagnostics and Recovery Toolkit (aka DaRT)
Some of the elements of MDOP have been around for some time now, including a variety of different virtualization and management tools. The latest release became available last week on May 1, and adds updates to its Application Virtualization components that include enhanced application publishing capabilities, improvements to launch and refresh elements, plus improvements intended to make it easier to test and deploy new versions of virtualized applications. BitLocker Management and Monitoring (MBAM) tools also come in for some interesting improvements too, including added support in Windows 8.1 for FIPS 140-2, improved compliance and enforcement tools, and better integration with load balancing for Web components, and deployment in SQL Server failover clusters. Myself, I’m particularly keen on the Diagnostics and Recovery Toolkit (aka DaRT), which includes tools designed to boot and repair unresponsive Windows systems, along with a variety of enhanced and advanced recovery tools designed for professional use in IT/tech support environments.
One more thing: MSDN subscribers can download and evaluate MDOP as well (as can TechNet subscribers as well), though the 2014 version isn’t yet available for download there at the moment. However, I imagine it should show up soon in both places.
You can call me “slow on the uptake” when it comes to figuring out how to take best advantage of advanced Windows 8 technologies if you like, but I’ve only recently realized that the best way to take advantage of SSDs and Intel’s Rapid Storage Technology and Rapid Start Technology requires building systems with disk architecture configured for RAID from the get-go. I’ve been using AHCI (the advanced host controller interface) as my default with SATA drives for years now, but have only recently learned how to use Rapid Start and a second SSD to boost Windows’ boot-up and shutdown behaviors (and times).
The default UEFI/GPT setting works fine for most smaller SSDs, but…
Having tried numerous proposed methods to switch an existing install from AHCI to RAID without success now, I’m reasonably convinced that selecting RAID in the BIOS for the motherboard’s (or system’s) SATA configuration setting prior to performing a Windows 8.* install (which means a UEFI install of Windows 8.1 on a GPT disk layout these days — at least, on most of my systems) is absolutely the right way to go. My desktops increasingly support two or more SSDs nowadays, and my Lenovo laptops accommodate mSATA SSDs as well as 2.5″ units of the same type, which means all of those systems can support both forms of Intel RST (Rapid Storage Technology and Rapid Start Technology as well). Even if you don’t use a RAID array of any kind, Rapid Start doesn’t work unless you configure the boot drive as RAID rather than AHCI (and with an SSD for the boot drive, there’s no real need to pair two drives together to boost performance for conventional hard disks).
There’s another potential wrinkle in this process that’s worth further reading and study — namely, the partitioning scheme when building a UEFI/GPT based boot/system drive for Windows 8.*. This is admirably documented in the TechNet article entitled “Configure UEFI/GPT-Based Hard Drive Partitions” but there is one proviso that may be worth considering — namely that default partition layouts may not always work exactly as expected. Let me explain: by default, Windows 8.* allocates 350 MB to the Windows Recovery Environment (WinRE) partition, 100 MB to the EFI System Partition (from whence Windows boots), and the rest of the space available on the drive to the OS partition where the visible file system will reside. On smaller SSDs, this allocation appears to work pretty well. But I’ve noticed on larger SSDs (256 GB or bigger) and conventional drives (most of which exceed 500 GB these days), some systems encounter problems when running Windows File History or when capturing a system image (using the System Image Backup option on the File History control panel element). That’s because they write such backups through the WinRE partition to the target drive, and may suffer when there’s insufficient free space in that partition to accommodate backup write activity. In such cases, you’ll want to override the default partition layout for your system, and allocate 500 GB of space (or more) to WinRE (please also follow the directives from the aforecited TechNet article about free space in that partition as well). A disk partition script (using DiskPart.exe) is available with the TechNet article, and worth both reading and using if you decide to depart from the defaults that Windows 8.* uses. An equivalent answer-file setup for SysPrep is also provided there as well.