Category Archives: Small Business Server 2011

Microsoft, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Small Business Server 2011, Windows, Windows 7, Windows Server 2008 R2

Netio.sys – Pre Service Pack 2 Revision History for Windows Server 2008 R2 SP1, Windows 7 SP1 and Windows Small Business Server 2011 (SBS 2011)

Leave a comment

Netio.sys – Pre Service Pack 2 Revision History for Windows Server 2008 R2 SP1, Windows 7 SP1 and Windows Small Business Server 2011 (SBS 2011)

26-Nov-2013 – 6.1.7601.22525 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2913431 – Update fixes an issue that causes Windows to crash

26-Nov-2013 – 6.1.7601.18327 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2913431 – Update fixes an issue that causes Windows to crash

10-Oct-2013 – 6.1.7601.22477 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2896146 – Packet loss occurs when MTU is below 576 and PMTU discovery is enabled on your Windows 7 SP1 or Windows Server 2008 R2 SP1

09-Sep-2014 – 6.1.7601.22796 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2996207 – Network printers that use TCP/IP port cannot print after first document has printed in Windows

09-Sep-2014 – 6.1.7601.18588 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2996207 – Network printers that use TCP/IP port cannot print after first document has printed in Windows

06-Sep-2013 – 6.1.7601.22443 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2885978 – 0x0000007F Stop error on a Windows 7 SP1-based or Windows Server 2008 R2 SP1-based computer

13-Jul-2013 – 6.1.7601.22383 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2871565 – “C000021B” error when you inject an NBL that contains multiple net buffers in Windows 7 SP1 or Windows Server 2008 R2 SP1

06-Jul-2013 – 6.1.7601.22378 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2868623 – MS13-065: Vulnerability in ICMPv6 could allow denial of service: August 13, 2013

04-Jun-2013 – 6.1.7601.22348 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2851149 – “0x000000D1 DRIVER_IRQL_NOT_LESS_OR_EQUAL” Stop error on a Windows 7 SP1 or Windows Server 2008 R2 SP1-based computer

04-Jun-2013 – 6.1.7601.22348 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2851149 – “0x000000D1 DRIVER_IRQL_NOT_LESS_OR_EQUAL” Stop error on a Windows 7 SP1 or Windows Server 2008 R2 SP1-based computer

04-Jun-2013 – 6.1.7601.22348 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2738401 – Raw packet is discarded after a UDP broadcast packet is received on a computer that is running Windows 7 or Windows Server 2008 R2

08-May-2013 – 6.1.7601.22319 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2845690 – MS13-049: Vulnerability in kernel-mode driver could allow denial of service: June 11, 2013

09-Apr-2014 – 6.1.7601.22651 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2958399 – “0xD1” Stop error occurs occasionally in all SQL Server cluster nodes running Windows 7 or Windows Server 2008 R2

11-Dec-2012 – 6.1.7601.22190 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2786464 – Hotfix enables the configuration of the TCP maximum SYN retransmission amount in Windows 7 or Windows Server 2008 R2

29-Nov-2012 – 6.1.7601.22176 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2780879 – Hotfix improves TCP window scaling in Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2

01-Nov-2012 – 6.1.7601.22149 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2775511 – An enterprise hotfix rollup is available for Windows 7 SP1 and Windows Server 2008 R2 SP1

03-Oct-2012 – 6.1.7601.22124 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2750841 – An IPv6 readiness update is available for Windows 7 and for Windows Server 2008 R2

12-Sep-2012 – 6.1.7601.22112 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2754804 – FTP client does not establish a passive-mode FTP connection to an IPv4 FTP server in Windows 7 or in Windows Server 2008 R2

06-Sep-2012 – 6.1.7601.22108 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2752370 – “0x000000D1” Stop error when you perform a network-related operation on a computer that is running Windows 7 or Windows Server 2008 R2

06-Sep-2012 – 6.1.7601.22108 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2738401 – Raw packet is discarded after a UDP broadcast packet is received on a computer that is running Windows 7 or Windows Server 2008 R2

22-Aug-2012 – 6.1.7601.17939 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2871565 – “C000021B” error when you inject an NBL that contains multiple net buffers in Windows 7 SP1 or Windows Server 2008 R2 SP1

22-Aug-2012 – 6.1.7601.17939 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2868623 – MS13-065: Vulnerability in ICMPv6 could allow denial of service: August 13, 2013

22-Aug-2012 – 6.1.7601.17939 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2851149 – “0x000000D1 DRIVER_IRQL_NOT_LESS_OR_EQUAL” Stop error on a Windows 7 SP1 or Windows Server 2008 R2 SP1-based computer

22-Aug-2012 – 6.1.7601.17939 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2845690 – MS13-049: Vulnerability in kernel-mode driver could allow denial of service: June 11, 2013

22-Aug-2012 – 6.1.7601.17939 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2754804 – FTP client does not establish a passive-mode FTP connection to an IPv4 FTP server in Windows 7 or in Windows Server 2008 R2

22-Aug-2012 – 6.1.7601.17939 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2750841 – An IPv6 readiness update is available for Windows 7 and for Windows Server 2008 R2

20-Jul-2012 – 6.1.7601.22067 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2735855 – Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2

20-Jul-2012 – 6.1.7601.17911 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2735855 – Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2

13-Jul-2012 – 6.1.7601.22055 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2733994 – TCP/IP protocol stops responding on a computer that is running Windows 7 or Windows Server 2008 R2

13-Jul-2012 – 6.1.7601.17899 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2733994 – TCP/IP protocol stops responding on a computer that is running Windows 7 or Windows Server 2008 R2

10-May-2012 – 6.1.7601.21991 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2664888 – Computer stops responding when you run an application that uses the Windows Filtering Platform API in Windows 7, Windows Server 2008 R2, Windows Server 2008, or Windows Vista

11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 21, 22, 23, 330, 505, 510, 520, 530, 810, 820, 830, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, FireBox, Internet Explorer, Internet Explorer 8, Internet Explorer 9, Microsoft, SBS 2003, SBS 2008, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 3, Service Pack 3, Small Business Server 2003, Small Business Server 2008, Small Business Server 2011, System Manager, Watchguard, Windows, Windows 2000, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP, WSM, XP Mode, XTM

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in the GAV (gateway anti-virus) scand process causes lag and typing delay in Remote Desktop Sessions (RDP) and SIP or VoIP latency issues

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in scand process causes lag and typing delay in Remote Desktop Sessions (RDP).  You may find that remote users report a lag with Remote Desktop Sessions, freezing sessions, black screen and random disconnections.  At around the same time users report these issues you may find that the CPU usage of the scand process on your Watchguard has increased to 100% and the majority of the activity is attributed to the scand process.  You may be able to recreate this issue by browsing websites that utilise lots of Adobe Flash or Media Content as GAV will need to scan all these elements of the web page.  Login to the Watchguard System Manager and then open Firebox System Manager click on Status Report and scroll down the report until you find the Process List (Screenshot Below).  This information will automatically update every 30 seconds so you can see the %CPU column will change and update every 30 seconds.  The top value system shows the overall CPU utilisation and if you look further down you can see which sub processes are actually occupying the CPU time and making up the overall system usage.  In the screenshot below we can see that system is showing 100 % CPU Usage and then further down we can see that the scand process is accounting for 90.99% of this.  When the CPU Usage reaches 100% on the Watchguard unit it may stop forwarding other traffic and this accounts for the lag and jitter we see within the Remote Desktop Session.  Other time sensitive traffic such as VoIP or SIP traffic may also be affected by this issue as the packets are delayed whilst the Firewall recovers from the resource exhaustion.  Users may also report that web pages are slow to load at the time these issues occur where the GAV process is still dealing with the other requests.

Resolution/Workaround:

You can try disabling the GAV (gateway antivirus) for the HTTP and FTP Proxy to ensure that this is the actual cause of your issues, if the problem subsides then you may need to consider updating the XTM OS to the latest release i.e. 11.5.2 and/or adjusting the GAV policy so that it does not scan some content i.e. Images/Text within websites.  You may also need to consider opening a support case with Watchguard to make them aware of this issue, if you have a large number of users then you may even need to consider upgrading your XTM appliance to a larger unit i.e. XTM 23 to XTM 505 or XTM 22 to XTM330 to provide additional processing power (CPU) and system resources to cope with the additional anti-virus scanning requirements.

Watchguard XTM High CPU Usage scand
Watchguard XTM High CPU Usage scand
Microsoft, SBS 2008, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 2, Small Business Server 2008, Small Business Server 2011, Windows, Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

[RESOLVED] 32 Bit Application or Game with the /LARGEADDRESSAWARE option running on a 64 Bit Version of Windows Vista, Windows Server 2008, Windows SBS 2008, Windows 7, Windows Server 2008 R2 or Windows SBS 2011 may generate an error message

When you run a 32 Bit Application or Game with the /LARGEADDRESSAWARE option on a 64 Bit Version of Windows you may receive one of the following errors

  • WSANO_DATA
  • ERROR_NO_DATA (232)
  • ERROR_NOACCESS (998)

These errors will occur if the application consumes large amounts of memory, the kernel denies read or write access to the address and returns an error to the application.

The Microsoft Knowledgebase article KB 2588507 provides a hotfix to address these issues http://support.microsoft.com/kb/2588507/en-gb

To apply this hotfix, you must be running one of the following 64 Bit operating systems:

  • Windows Vista Service Pack 2 (SP2)
  • Windows Server 2008 Service Pack 2 (SP2)
  • Windows 7 (RTM)
  • Windows 7 Service Pack 1 (SP1)
  • Windows Server 2008 R2 (RTM)
  • Windows Server 2008 R2 Service Pack 1 (SP1)
DELL, Fujitsu, HP, Microsoft, ML110 G5, ML110 G6, ML350 G5, ML350 G6, Norton Anti-virus, Norton antivirus, Norton Internet Security, Primergy, ProLiant, SBS 2008, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 2, Small Business Server 2008, Small Business Server 2011, Symantec, Windows, Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

[RESOLVED] Your computer may stop responding when you run an application, Software Firewall or anti-virus package that uses the Windows Filtering Platform API

Your computer may stop responding when you run an application, Software Firewall or anti-virus package that uses the Windows Filtering Platform API

This issue affects the following operating systems:

  • Windows 7 – Service Pack 1
  • Windows Small Business Server 2011 – Service Pack 1
  • Windows SBS 2011 – Service Pack 1
  • Windows Server 2008 R2 – Service Pack 1
  • Windows Small Business Server 2008 – Service Pack 2
  • Windows SBS 2008 – Service Pack 2
  • Windows Server 2008 – Service Pack 2
  • Windows Vista – Service Pack 2

In this situation, the computer may perform slowly or stop responding and network activity may be affected.  You find that a system restart may resolve this issue in some instances.

This issue occurs because the FwpsStreamInjectAsync0 function causes the interrupt request level (IRQL) to leak.  You can resolve the issue by updating to the latest Netio.sys driver.  The download link can be found within Microsoft KB 2664888 http://support.microsoft.com/kb/2664888

 

Windows Filtering Platform (WFP) General Description

Windows Filtering Platform (WFP) is a set of API and system services that provide a platform for creating network filtering applications. The WFP API allows developers to write code that interacts with the packet processing that takes place at several layers in the networking stack of the operating system. Network data can be filtered and also modified before it reaches its destination.

By providing a simpler development platform, WFP is designed to replace  previous packet filtering technologies such as Transport Driver Interface (TDI)  filters, Network Driver Interface Specification (NDIS) filters, and Winsock Layered Service Providers (LSP). Starting in Windows Server 2008 and Windows Vista, the firewall hook and the filter hook drivers  are not available; applications that were using these drivers should use WFP instead.

With the WFP API, developers can implement firewalls, intrusion detection systems, antivirus programs, network monitoring tools, and parental controls. WFP integrates with and provides support for firewall features such as authenticated communication and dynamic firewall configuration based on applications’ use of sockets API (application-based policy). WFP also provides infrastructure for  IPsec policy management, change notifications, network diagnostics, and stateful filtering.

More info can be found here http://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx