Tomorrow is Wednesday July 29 and the day that Microsoft is going to release Windows 10 to approximately 5 million users that have either been a part of the Windows Insider program or pre-registered for a free upgrade. Windows 10 will be made available to volume license customers on August 1. Some vendors such as Dell and Lenovo will begin shipping pre-loaded systems tomorrow and stores such as Best Buy have been encouraged to upgrade current stock to Windows 10 before they let the machines out the door. The USB Flash Disk images will be shipping on August 30.
There will not be a build of OpenAFS 1.7 targeted at Windows 10 available on the release day. I am hoping to produce what will be my last "OpenAFS" branded client with support for Windows 10 by the start of the AFS and Kerberos Best Practices Workshop on August 17th. After that I will only be releasing AuriStor branded clients and I will explain why at the end of this letter. First, what do I know about the existing 1.7.32 build and Windows 10. 1. The 1.7.32 build does work (for the most part) on Windows 10 but 1a. the installation will be damaged during an upgrade from Windows 7 or Windows 8.1 to Windows 10. In particular, the network provider registration will be lost. End users should be encouraged to run "Repair" on the OpenAFS components after the installation is complete. 1b. there are some changes to the method by which the afs redirector is accessed that can under some circumstance result in a BSOD. 2. The infamous Explorer Shell caching bug that resulted in reports that there are 0 bytes free when copying files to \\AFS has been fixed in Windows 10. 3. As a result of the Explorer Shell bug being fixed the AFS redirector needs to be modified to undo the hack that disabled the reporting of read only volume state. 4. There is another known bug in shell32.dll that has not been fixed that can result in a deadlock if a UNC path such as \\afs\share-does-not-exist\ is entered into the explorer shell or into a file open/save dialog box. I have a workaround to implement in OpenAFS but it is not ready. 5. There are known bugs in the AFS redirector or service that can 5a. prevent failover to alternative .readonly volume sites 5b. result in access to the wrong file object if two or more objects exist with names that differ only by case in the same directory 6. The Netbios interface that the afsd_service relies for the SMB server interface has been removed in Windows 10. As a result the AFS SMB interface must be permanently disabled when running on Windows 10. 7. Windows 10 supports UNC hardening for secure access to roaming profiles and network based executables and configuration files. Microsoft best practice states that UNC hardening should be turned on. UNC hardening protects against man in the middle attacks that can result in execution of untrusted code or the loading of untrusted user registry hives by the system. OpenAFS does not support UNC hardening and it must remain disabled. By the workshop I plan to have an OpenAFS based installer to distribute. This installer will not be signed by Microsoft but by the older cross-signing certificate method. By the workshop I also hope to demo the first AuriStor based client which will: 1. support UNC hardening 2. support IPv6 connectivity 3. include a new kernel driver to process ICMP messages for faster failover and detection of IPv6 Path MTU sizes. 4. be compiled with Visual Studio 2015 5. be signed by Microsoft This client will be the client that I am going to submit to Microsoft for certification testing. It is my hope that certification approvals will be issued by October 16th which is expected to be the day that production quality previews of Server 2016 will be released. As I have mentioned previously, only drivers that were signed by Microsoft and include a certification attributed in the signature can be loaded on forthcoming Windows Server releases. Support for Server Nano will not be completed by October. I am hoping that can be completed by Spring 2016. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
