I have opened a case, but reaching out to the wider community.
I have 9 sites running VBR 12.3 on Windows 11 Enterprise 23H2
I've deployed a new site (twice) with Windows 11 Enterprise LTSC 24H2.
The first deployment, the system went onsite and the networking was fubar. Wireless couldn't connect to anything.
Wired Networking either showed the flashing network cable icon on the taskbar or a globe. Sometimes you would get an IP, but general error when trying to ping.
We thought it was just a screwed up hardware so we brought it back to office and couldn't resolve issue (even after moving drive to new hardware).
We completely redeployed OS, reinstalled VBR 12.3 to system and everything was working great. We then deployed to remote site, I completed some backups over weekend and all was good.
Today I went through the security and compliance, suppressed the 5 items we suppressed everywhere and then ran the script to apply and rebooted.
This box never came back and I think its going to have the same problem so its something in the script but I have no idea what.
Going through the list of things the script changes, nothing stands out that could completely fubar the networking like we've seen
Here are the things I could think of that may be involved?
Windows Remote Management (WinRM) service should be disabled
Windows Script Host should be disabled
Link-Local Multicast Name Resolution (LLMNR) should be disabled
Local Security Authority Server Service (LSASS) should be set to run as a protected process - Most likely culprit maybe?
NetBIOS protocol should be disabled on all network interfaces
Anyone else hit this before I start manually going through each setting and rebooting to see when it breaks?
-
Rumple
- Service Provider
- Posts: 104
- Liked: 23 times
- Joined: Mar 10, 2010 7:50 pm
- Full Name: Mark Hodges
- Contact:
-
Rumple
- Service Provider
- Posts: 104
- Liked: 23 times
- Joined: Mar 10, 2010 7:50 pm
- Full Name: Mark Hodges
- Contact:
Re: Security and compliance Analyser breaks networking
I have found the issue. Disabling the http proxyservice ONLY impact Windows 11 24H2 LTSC. I tried each of the settings on another machine (HP laptop) running Windows 11 Enterprise 24H2 and nothing broke. It also does not seem to impact the Windows 11 Enterprise 23H2 systems either.
By changing the Registry key back to Start value 3 (manual) and rebooting, the system came back online.
6 {
Write-host "Disabling Web Proxy Auto-Discovery service (WinHttpAutoProxySvc)..." -NoNewline
Try {
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc -Name Start -Value 4
Write-host "OK (Reboot required)" -ForegroundColor Green
}
Catch {Write-host "Failed" -ForegroundColor Red}
}
By changing the Registry key back to Start value 3 (manual) and rebooting, the system came back online.
6 {
Write-host "Disabling Web Proxy Auto-Discovery service (WinHttpAutoProxySvc)..." -NoNewline
Try {
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc -Name Start -Value 4
Write-host "OK (Reboot required)" -ForegroundColor Green
}
Catch {Write-host "Failed" -ForegroundColor Red}
}
Who is online
Users browsing this forum: AdsBot [Google], Amazon [Bot], Bing [Bot], d.artzen, Semrush [Bot] and 155 guests