Feuerfest

Photo by Pixabay: https://www.pexels.com/photo/white-switch-hub-turned-on-159304/

In corporate networks you often encounter technologies likes proxies, SSL Man-in-the-middle (MITM) appliances (to scan HTTPS traffic) and NAT constructs. All can make it hard and cumbersome to troubleshoot certain problems. For example the common: "Why can I successfully connect to this server/service, while my colleague can't?"

This question is usually accompanied by a lack of useful troubleshooting tools like telnet, netcat, nmap and tcpdump/Wireshark. As they are deemed dangerous hacker tools. Luckily there is PowerShell and as I just learned the Test-NetConnection function, which allows us to troubleshoot using basic TCP-Connections - with this knowledge we can at least rule out or identify certain issues.

PS C:\Users\user> Test-NetConnection -ComputerName 192.168.0.1 -Port 443

ComputerName     : 192.168.0.1
RemoteAddress    : 192.168.0.1
RemotePort       : 443
InterfaceAlias   : Ethernet
SourceAddress    : 192.168.0.2
TcpTestSucceeded : True

Or if you prefer it a bit shorter, there is the tnc alias and the -ComputerName argument can be omitted too.

PS C:\Users\user> tnc 192.168.0.1 -Port 443

ComputerName     : 192.168.0.1
RemoteAddress    : 192.168.0.1
RemotePort       : 443
InterfaceAlias   : Ethernet
SourceAddress    : 192.168.0.2
TcpTestSucceeded : True

It's a bit annoying that you have to use the -Port argument. The common notations like IP:Port or IP Port don't work as expected. The reason is that there is a switch-statement in the function which sets the port based on four pre-defined keywords. Sadly not even HTTPS or SSH are in there.

PS C:\Users\user> (Get-Command Test-NetConnection).Definition
[...]
                switch ($CommonTCPPort)
                {
                ""      {$Return.RemotePort = $Port}
                "HTTP"  {$Return.RemotePort = 80}
                "RDP"   {$Return.RemotePort = 3389}
                "SMB"   {$Return.RemotePort = 445}
                "WINRM" {$Return.RemotePort = 5985}
                }
[...]

I don't know if a lookup based on the C:\Windows\System32\drivers\etc\services file is feasible due to Windows file rights, security, etc. But that certainly would be an improvement. Or add some logic like "If the second argument is an integer, use that as the port number".

Anyway, I now have an easy and convenient way of checking TCP-Connections and that is all I need.

Photo by Sora Shimazaki: https://www.pexels.com/photo/crop-unrecognizable-developer-using-laptop-and-smartphone-5926389/

My Windows 10 gaming PC showed the lovely error code 0x80070643 when I try to apply the "2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441)". And this update gained a somewhat notorious reputation.

What I do understand is, that KB5034441 fails to install if there isn't at least 250MB of free space on the so-called "Windows-RE" or recovery partition. Microsoft offers a PowerShell script to enlarge the recovery partition. But this only works in certain cases like the recovery partition is located after the Windows partition. Which wasn't the case on my PC. Additionally Windows wasn't able to shrink my C-Partition in order to create new, and greater, Windows RE partition behind the C-Partition.

First time I executed the script in April 2024, it told me that I have only 171.5 MB of free space then I will be under the MinSize of the C-Partition.

So yeah.. Time to dive a little bit deeper?

Turns out the MinSize and MaxSize are retrievable via the Get-PartitionSupportedSize function.

PS C:\WINDOWS\system32> Get-PartitionSupportedSize -DriveLetter C

     SizeMin      SizeMax
     -------      -------
245659398144 248628903936

A little bit of PowerShell internals

With (Get-Command Get-PartitionSupportedSize).CommandType I am able to get the CommandType, this tells me if I am working with a Function, an Cmdlet or an alias. Helpful if you explicitly need to know the details.

Via (Get-Command Get-PartitionSupportedSize).Definition we can retrieve the actual code behind that function. There we can see that a new CIMInstance connection to the MSFT_Partition class of the Windows Storage Management Provider API is made.

Ok, but does this help me? Not much, now I would need to dig into WMI, C/C++ and this would require more time than I am willing to invest.

Back to the problem

However I noted (or more like: felt) that the SizeMin number is different from what I got last time. Which would surprise me as the Partition Size was the same and I always had more than 20GB of free space on the C-Partition.

Fancy a try? Sure thing!

PS C:\Users\users\Downloads> .\resize_script.ps1

Cmdlet resize_script.ps1 an der Befehlspipelineposition 1
Geben Sie Werte für die folgenden Parameter an:
(Geben Sie !? ein, um Hilfe zu erhalten.)
BackupFolder: C:\winre-backup
Start time: 08/10/2024 18:08:39
Examining the system...
WinRE-Status:                          Enabled
WinRE-Ort:                             \\?\GLOBALROOT\device\harddisk0\partition1\Recovery\WindowsRE
System directory: C:\WINDOWS\system32
ReAgent xml: C:\WINDOWS\system32\Recovery\ReAgent.xml

Collecting OS and WinRE partition info...
OS Disk: 0
OS Partition: 4
WinRE Partition: 1
Disk PartitionStyle: GPT
WinRE partition size info
  Partition capacity: 523235328
  Partition free space: 55316480
WinRE Partition Offset: 1048576
WinRE Partition Type: Recovery
OS partition size: 249414287360
OS partition Offset: 644874240
OS partition ends at: 250059161600
WinRE partition starts at: 1048576

Backup Directory: [C:\winre-backup]

Verifying if the WinRE partition needs to be extended or not...
WinRE partition is not after OS partition, cannot perform extension
Need to create a new WinRE partition after OS partition

Summary of proposed changes
Note: WinRE partition is before OS partition, need to create a new WinRE partition after OS partition
Will shrink OS partition by 785383424
Current OS partition size: 249414287360
Target OS partition size after shrinking: 248628903936
New WinRE partition will be created with size:  785379328
Existing WinRE partition will be deleted
WinRE partition: Disk [0] Partition [1]
Current WinRE partition size: 523235328
The contents of the old WinRE partition will be backed up to [C:\winre-backup]                                                    
Please reboot the device before running this script to ensure any pending partition actions are finalized

Would you like to proceed? Y for Yes and N for No: y
Proceeding with changes...

Note: To prevent unexpected results, please do not interrupt the execution or restart your system

Loading [C:\WINDOWS\system32\Recovery\ReAgent.xml] ...
Stage location info is empty
Disabling WinRE...
REAGENTC.EXE: Vorgang erfolgreich.

Verifying that WinRE wim exists in downlevel at default location
Performing repartition to extend the WinRE partition ...
Shrinking the OS partition to create a larger WinRE partition
Resizing the OS partition to: [248628903936]...
Target partition size: 248628903936
Size of OS partition after shrinking: 248628903936

Copying content on WinRE partition from [\\?\Volume{daac35b3-1726-41c1-b290-1f73fd3f840a}\] to [C:\winre-backup]...
Copying [\\?\Volume{daac35b3-1726-41c1-b290-1f73fd3f840a}\Recovery] to [C:\winre-backup\Recovery]...
Backup completed

Deleting WinRE partition: Disk [0] Partition [1]...

Creating new WinRE partition...
Target size: 785379328
Formating the partition...
New Partition index: 1
Re-enabling WinRE...
REAGENTC.EXE: Vorgang erfolgreich.


WinRE Information:
WinRE-Status:                          Enabled
WinRE-Ort:                             \\?\GLOBALROOT\device\harddisk0\partition1\Recovery\WindowsRE
WinRE Partition Index: 1
  Partition capacity: 785379328
  Partition free space: 317145088

OS Information:
OS partition size: 248628903936
OS partition Offset: 644874240
End time: 08/10/2024 18:09:29

The contents of the old WinRE partition has been backed up to [C:\winre-backup]

Successfully completed the operation
PS C:\Users\users\Downloads>

And after a reboot everything was fine. The update is now installed and my recovery partition is now located after my Windows C-Partition. My C-Partition is now 231GB, 1GB less.

Don't ask me what changed between April 2024 and August 2024. I have absolutely no idea. When I executed the script in April 2024 I had ~22GB of free space. Cleared all temp files from Windows you can clear. Defragmented the drive. Even moved some games to other partitions/hard-disks to free up even more space. Nothing worked.

The resize_script.ps1 is also still the same as the one I downloaded in April 2024.

Anyway, no annoying pending update anymore. And given that we are talking about my gaming PC I can live with that. ☺️

Photo by Nothing Ahead: https://www.pexels.com/photo/close-up-of-a-keyboard-4567339/

As an IT consultant in 99,5% of all cases I'm provided a notebook with Windows as operating system. As this is (sadly) still the standard, even when you do your work only on Linux machines.. Therefore I do have to use many separate Windows tools..

SSH/RDP (Remote/terminal access):

• PuTTY & pageant as agent for automatic key based authentication
• Alternatively SuperPutty works fine if you need to split windows next to each other or have all Putty windows in one application window
• mRemoteNG also works fine for SSH & RDP as more often than not I also need to connect to servers via RDP too
• If you only need RDP, have a look at the Remote Desktop Connection Manager from the lovely Sysinternals folks at Microsoft

Texteditor:

• Notepad++ has syntax highlighting, proper support for all kind charsets AND per-default it saves even the text in windows you haven't explicitly saved. (Useful if you're in a hurry..)
• Alternative: PSPad

Credentials/Secrets/Passcodes

• KeePass: The neat thing is, so far it always came pre-installed.

Diffing files/finding differences:

• Meld (That one is also available for Linux if you need a GUI)