Blog

blog

Diagnosing Slow Page Loads due to CRL Checks

Recently, a support ticket was opened for an issue where a couple of websites were slow to load after blocking outbound internet access from a VM.  The IP addresses of these websites were whitelisted, but the browser would hang for about 30 seconds before they'd load.  In the end, we found that the SSL certificate CRL check process was causing the hang.  Let's take a look at the diagnosis process and how we discovered the root cause.

Mitchell Grande by Mitchell Grande

Attack Surface Analyzer

Attack Surface Analyzer is an older tool that Microsoft has recently updated and re-released as v2.0.  This tool tracks changes to files, services, network ports, certificates, registry, and local user accounts.  Although it is primarily for Windows, it is an open source product available for macOS and Linux as well.

Mitchell Grande by Mitchell Grande

Windows Update SHA-1 Deprecation

Another upcoming security change to Windows is the transition to SHA-2 code signing certificates for Windows Update.  This change will require updates to allow Windows 7, Server 2008, and Server 2008 R2 to continue receiving updates after July 2019.

Mitchell Grande by Mitchell Grande

Changes to Cross-forest Kerberos Delegation

Microsoft is planning to introduce a security update in July 2019 that will alter the way Kerberos delegation across forest trusts work.  If ignored, this update could negatively impact applications that rely on unconstrained delegation across a forest trust.

Mitchell Grande by Mitchell Grande

Azure News - April 2019

Summary of Azure News from March and April 2019, including new VM and Disk sizes and Windows Virtual Desktop.

Mitchell Grande by Mitchell Grande

Managed Service Accounts

Managed Service Accounts are a Windows feature introduced in Windows Server 2008 R2 for increasing the security of non-user service accounts.  Managed Service Accounts, shortened as MSAs, have an automatically-managed, complex password that removes the requirement of manually dealing with password rotation and security.  In Server 2012, this feature was enhanced to group Managed Service Accounts, or gMSAs, which allows the use of these accounts on multiple servers at once.

Mitchell Grande by Mitchell Grande

Troubleshooting Blocked Ports

One of the more common networking issues we look at is where some or all ports between servers are being blocked.  Typically, this is due to a misconfiguration, but being able to find the details of the issue is invaluable in tracking down the cause.

Mitchell Grande by Mitchell Grande

Windows Server 2008 End of Support Options

On January 14, 2020, Windows Server 2008 and Windows Server 2008 R2 will reach their End of Support date.  After this date, patches and security updates will no longer be generally available, but there are some alternative options to continue receiving updates.

Mitchell Grande by Mitchell Grande

Az PowerShell Module for Azure

Back in December of last year, a brand new version of the Azure PowerShell module was released into general availability.  This new module is called "Az" and is replacing the AzureRm module.

Mitchell Grande by Mitchell Grande