Macrium Reflect

Discussion in 'backup, imaging & disk mgmt' started by Stigg, Nov 23, 2013.

  1. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    713
    Location:
    US
    What was the exact error? Were you seeing the error using Remote Desktop FROM that machine to somewhere else or when using it TO that machine? Or are you not interested in trying to solve that? Why didn’t you already have those updates given that they were released a long time ago?
     
  2. yoorrik

    yoorrik Registered Member

    Joined:
    Aug 26, 2020
    Posts:
    30
    Location:
    Belarus
    I manage my game server via Remote Desktop.
    My system is based on Windows7x64 SP1 Pro.
    The server is also based on Windows 7x64 SP1 Pro.
    I cannot install any other programs or updates on the server.
    The server does not have SHA2 support.
    If I install SHA2 support on my computer and then I try to connect to my second computer (server), then I get an error: “An authentication error occurred the specified function is not supported”
    If I remove SHA2 support then there is no error.
     

    Attached Files:

    Last edited: Jun 20, 2021
  3. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    713
    Location:
    US
    There might be a registry tweak or something you can make on your system to allow it to continue using SHA-1 for RDP (or whatever algorithm it used prior to the SHA256 update), which should then allow it to continue connecting to Win7 systems that don't have the SHA256 update. I don't know for certain that this is possible since I've never had a need to look into it, but knowing Microsoft, I would expect something like that to be available.
     
  4. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    713
    Location:
    US
    Ok, I got curious about this one. It turns out that this relates to the CredSSP encryption oracle attack. Remote Desktop uses CredSSP if NLA is enabled, which is the default. As of an update released in May 2018, the default behavior became that the system will not connect to servers that still use a vulnerable version of CredSSP. But you can override that protection. After you install those updates, run this command in an elevated Command Prompt window:

    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle /t REG_DWORD /d 2

    Then restart Windows. That will allow your system to continue connecting to other vulnerable systems. If you ever want to set your system back to the default of having this protection enabled, just delete that AllowEncryptionOracle registry value and restart.

    But the fix for the CredSSP vulnerability itself was released in March 2018. It was only in May 2018 that the default behavior was switched to block connections with vulnerable systems. So this game server that you can't install anything on hasn't received patches in over 3 years??
     
    Last edited: Jun 20, 2021
  5. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,297
    thank you very much
     
  6. yoorrik

    yoorrik Registered Member

    Joined:
    Aug 26, 2020
    Posts:
    30
    Location:
    Belarus
    Yes, I know that. When I was using Windows 10x64 Enterprise LTSC, I disabled CredSSP (to disable I used GPO) in order to connect to the server. This makes the defense weaker, but it was necessary.
    I am currently using Windows 7x64, so there is no need to disable CredSSP.
    Macrium v.8 requires SHA2 support? Ok, I'll do it.
    Now should I disable CredSSP or upgrade my server? Thank you but no.
    For me Macrium ver.7.2 and ver.7.3 work stably and I see no reason to use ver.8.0
     
    Last edited: Jun 21, 2021
  7. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    845
    Location:
    Lunar module
    Winpe has a real annoying problem, how the buttons on the taskbar work, they are triggered by a single click or double click. The reason is clear, this is a pop-up tooltip to the button. This is a clear bug and it requires correction. The menu should be opened only by a single click in all cases, how it works in Windows and in non-Macrium Winpe. Check if the appearance of the pop-up tip in Windows adds an excess click?
    22.png sshot-1.png
    The second problem is an annoying popup window with a comment to the backup, viewing the file tree is extremely uncomfortable, only the mouse shifted on two pixels, as jumped out the poppup and closed the whole review. Need to make "Show the Comment Pop-up Window" option, or show the pop-up window only when press the hotkey.
    11.png
    Both nuances are relevant for v7.x and v8.0. Please convey this information of the developer.
     
    Last edited: Jun 21, 2021
  8. wssw

    wssw Registered Member

    Joined:
    Jun 17, 2021
    Posts:
    2
    Location:
    UK
    Thanks JP. I did some further testing over the weekend...

    I found that with v7, the reflectdlfull-v7 agent worked ok, and Rescue Media builds also worked ok. I had a VPN, Malwarebytes, and Kaspersky AV running with no adverse affects.

    However, with v8, the reflectdlfull-v8 agent was unaffected by my AVs but it was the VPN which was causing it to malfunction and report corruption of the option list. When the vpn was disconnected the agent worked ok.

    Then when I was running v8, I was able to successfully create Rescue Media USB and boot menu (RE and PE) if I disconnected the VPN or if I had no internet connected (my AVs were running too)

    So, in my case it was my VPN which caused the problems with v8 (but strangely the VPN didn't affect v7 agent or Rescue Media builds).
     
  9. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    713
    Location:
    US
    You wouldn't be disabling CredSSP. You would simply be disabling the security fix that would be added by those Windows updates, but since you don't have those fixes at all now without the patches installed, disabling the fix would not make you any worse off than you are today.

    If Reflect V7 works for you, then fantastic. But especially as time goes on, you could potentially run into other situations where SHA256 support at an OS level becomes required. The reason Reflect V8 requires it is because of updated driver signing requirements from Microsoft, and obviously Reflect isn't the only application that relies on drivers. If nothing else, you might want to test installing those updates and setting that registry key just so you know whether that would allow you to continue RDPing to your server in case you're ever forced to install those Windows updates to make something else work.

    And seriously, why has that server not been updated in over 3 years?
     
  10. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    713
    Location:
    US
    Yes, if the button's tooltip is showing, clicking once only dismisses the tooltip, without activating the button. I reported that on the Macrium forums over 3 years ago: https://forum.macrium.com/Topic22596.aspx
     
  11. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    713
    Location:
    US
    Interesting find. Not sure how to account for that unless maybe Macrium changed how they distribute V8 content in some way that makes your VPN unhappy? I haven't looked into that since I haven't had a reason to. Or are you sure your VPN is just a VPN rather than including network traffic security/filtering functionality?
     
  12. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,572
  13. yoorrik

    yoorrik Registered Member

    Joined:
    Aug 26, 2020
    Posts:
    30
    Location:
    Belarus
    Moreover, for the last 8 years I have not used antivirus and have not had any problems.:)
    SHA256 support? I'm not interested in the Macrium ad campaign around version 8.
     
  14. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    713
    Location:
    US
    I don't use anything beyond Windows Defender myself. But I do install security updates. Even ignoring the possibility of a security compromise that you might not be aware of, since obviously not all malicious application "advertise" themselves, past success avoiding security compromises is no guarantee of future success. Lots of people have never had their houses burn down, but some people who stop buying fire insurance on that basis could end up regretting it later.

    And you missed my point about SHA256. The reason Reflect V8 requires SHA256 support is because of changes by Microsoft around driver signing requirements. So if you ever need to install anything ELSE later on that needs to load drivers, then THOSE applications would not be able to install on your outdated Win7 system either. And if that happens with an application that you actually WANT to use/update, then you may be forced to update your Win7 system. So just in case that ever happens, you might want to at least TEST whether the registry tweak I posted above would allow you to keep using RDP. I really don't understand why you would refuse to install Windows updates even when a fix for the problem you encountered is available, but of course it's your system. (But I'm glad it's not on my network!!)
     
  15. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,456
    Location:
    USA
    Absolutely. If I were to write any malware I would have it wait more than 30 days to do anything so that even if the user had backups they would most likely include said malware. :eek:
     
  16. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    713
    Location:
    US
    That has absolutely been done. But it’s not commonplace because there’s a risk/reward balancing act there. If your malware is detected while it’s lying dormant, then it might get removed before it does anything, in which case you as the bad guy get nothing.
     
  17. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    845
    Location:
    Lunar module
    When uninstalling Macrium Reflect, the integration into the boot menu is automatically removed and there is no point in separating these operations.
     
  18. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    845
    Location:
    Lunar module
    Hello Macrium developer! Please, we need an option to select which columns to display so that the user can hide the columns he doesn't need. And changing the order of the columns, but not necessary. This will make browsing the backup tree much more comfortable, give it a try.
    scr.png
     
  19. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,297
    Just upgraded to V8 (no problems - very smooth) and updated the rescue mode. The next thing I wanted to test was viboot, had not used this before in V 7 and was curious as I had read that with V8 this feature should be available to all via Virtual Box.
    However trying this via macrium I am getting " Failed to start viBoot - Virtual Box or Hyper V must be installed" and looking at the knowledgebase I tried to start this via the app as a standalone application. The outcome is the same. Is there a setting in my Win10 config that needs to be changed first?
     
  20. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    845
    Location:
    Lunar module
    For ViBoot to work you must enable Hyper-V in Windows components or install Oracle VM VirtualBox and its Extension Pack (version numbers VB and EP must match). I love VB.
    qqq.png
     
  21. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,297
    thanks Aldist - I ticked this box and rebooted and now was able to launch viBoot. However the virtual machine could not run which I suspect has something with my installation of Bootit ( I may need to ask Brian about this) - see attached error.
    Bootit.jpg
     
  22. MPSAN

    MPSAN Registered Member

    Joined:
    Nov 21, 2004
    Posts:
    940
    Is a VERIFY after running an Image Backup a waste of time? I always have the VERIFY checked but wonder if it is a waste of time. Am I the only one here who ALWAYS runs this?
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,384
    Location:
    Slovenia
    I have it enabled also. For me it's not a waste of time since it only lasts for a few seconds and it performs at least basic check. But to be sure it+s better to check backup by restoring it (I use VM for this).
     
  24. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,572
    I don't think it's a waste of time, either. I always let Macrium Reflect verify each and every backup.
     
  25. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    403
    Location:
    CSA Consulate, Glos., UK
    I ran it once a few years ago. :D Never had it fail yet. Never had a restore fail either. Had the occasional PEBCAC error.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.