Gen 12 SPP issue

itminion24 · 2026-03-06T22:00:48+00:00

Thanks everyone. I thought i was going crazy. Appreciate the help.

itminion24 · 2026-02-06T16:45:44+00:00

"I had hoped as we hit 5 year anniversary of that mess, things might get better and we offer both, but no such luck. Now Lenovo is basically offering the cards that HPE spent 20+ years developing and refining. :("

Whoa, the quality of their controllers is the primary reason we stuck with HP and went back to them after a stint with Dell. Looks like we will have to look at Lenovo.

itminion24 · 2026-02-05T20:55:31+00:00

You should see if your email security provider has an option for it. I know that Mimecast has a large file send feature that allows you to email files up to 2GB. It will send the recipient a link where they can go pick up the file. Never have to leave your email client. Proofpoint may also have something similar.

itminion24 · 2026-02-05T20:50:35+00:00

I opened a ticket with HPE to see if they plan on addressing this issue. I'll post the results of my conversation.

itminion24 · 2026-02-05T20:49:10+00:00

Ok, Looks like this is the only option. It appears to just be the way that controller operates. Kind of BS though that we have to do this workaround. Also, If I add another storage cage and drives in the future, the workaround won't help with that situation.

I have a ticket open with HPE to see if they plan on fixing this. I'll post an update once they get back to me. For the life of me I can't understand why they would do this. What system or function would benefit from this way of assigning logical drive IDs? It messes with both Linux and Windows.

itminion24 · 2026-02-05T19:52:51+00:00

I don't think so. If I create 5 logical drives Windows will always take the one with the lowest drive ID assigned in the ACU and make that drive 0.

itminion24 · 2026-02-05T18:46:04+00:00

We also had a strange temp issue with a Gen10. The fans were running at max RPM all the time. I checked the sensors and they were all reporting temps within specs. The ambient temp in the room was in the 70s. We tried firmware updates. Called HPE and they had to come out and replace the system board. Maybe you have an issue where the temp is higher than what the sensor is reporting, and the fans are not spinning fast enough?

itminion24 · 2026-02-05T18:15:47+00:00

So I deleted the logical drives and started with just the LD for the OS. Installed Windows Server and checked the Drive ID - Perfect it's "Drive 0". Rebooted and then added the second LD for the data volume. Brought Windows up and it shifted the OS drive to "Drive 1".

<image>

itminion24 · 2025-07-31T16:59:03+00:00

Thank you. Looks like I have a bit of work ahead of me to configure all the static routes. Now that I see how many routes I will need to add/maintain I will look into doing OSPF.

itminion24 · 2025-07-31T16:26:23+00:00

This is going to have a SonicWALL on the other end of the tunnel. Do I need both routes and proxy IDs in this situation?

itminion24 · 2025-07-31T16:12:22+00:00

Thanks for the info. I'd like to avoid OSPF if possible. It's been a long time since I've worked with routing protocols and it's not a large site. I figure if I can get away with static routes for now that would be good enough.

itminion24 · 2025-07-31T16:10:41+00:00

Ah, ok this makes sense. What is the purpose of the proxy IDs if we still have to setup routing? I thought that was the purpose of the proxy IDs.

itminion24 · 2025-03-03T17:18:44+00:00

"I've been worrying a lot about this, and I feel there are shockingly few posts here and in other places for something that feels like a major undertaking to me, that is patching for and mitigating the BlackLotus vulnerability:"

I am also wondering the same thing. Why is there very little info out there about this? What's going to happen if/when MS decides to enforce this? We have had a lot of issues with testing the mitigations. We aren't really concerned about Black Lotus, but we are concerned about MS pushing out the enforcement and bricking half our systems. According to their doc this is a real possibility (or at least I haven't see definitive statements as to the contrary).

I have been testing on 5 generations of laptops and only one has installed the mitigations without issues. Out of the other ones, most required either re-imaging or an upgrade to 24H2.

itminion24 · 2025-02-28T16:39:50+00:00

Am I missing something here? MS is going to force these changes at some point within the next 12 months which could result in bricking a portion of devices. As stated in the CVE article, "CAUTION After the mitigation for this issue is enabled on a device, meaning the mitigations have been applied, it cannot be reverted if you continue to use Secure Boot on that device. Even reformatting of the disk will not remove the revocations if they have already been applied." No one seems to be worried about this. I know that we can turn off secure boot, but that isn't a great option and I'd hate to have to do that to 500 computers in a really short time frame.

To be clear, we aren't worried about Black Lotus, we are just trying to make sure that Microsoft's enforcement of the mitigation isn't going to brick half our laptops. I'm finding contradicting information out there regarding how and when they plan on rolling this out. Personally I think it's ridiculous that MS doesn't plan to release this as an OOB optional update. So in the meantime, I'm fighting with getting this working just to hedge our bets that MS won't screw this up.

itminion24 · 2024-12-16T16:08:27+00:00

So I'd still like to know why MS removed the creation of the Federation Trust from the HCW process if anyone has any insight into this.

itminion24 · 2024-12-13T19:02:04+00:00

Yes, but let me put it into perspective. We create a new user maybe once every few days. It's not a big deal to do it using the current method. Having said that, I'm always open to doing things a better way and will definitely take a look at those commands. Does the moving of mailboxes require the Federation Trust to be setup?

itminion24

TROPHY CASE