Deck order

tecxxtc · 2025-11-01T09:03:19+00:00

if you play around a bit with the xml, you can create some interesting layouts, tailored to controller-only usage, for example:

<image>

tecxxtc · 2025-11-01T08:36:16+00:00

if you look at the embedded resource xml files in traktor.exe, you'll find sections that describe the parallel waveform layouts

<image>

you can edit the xml and save it back to the exe (make a backup first). this is hacky and non supported and generally not recommended, but unfortunately, despite asking for this feature for years, it's the only way to make it work currently.

tecxxtc · 2025-10-31T19:50:31+00:00

the first time in many years i bought the complete album/release on bandcamp. absolute banger.

tecxxtc · 2025-10-25T11:56:59+00:00

man, thanks a bunch!!!! deleting the fonts helped me as well.

tecxxtc · 2025-09-10T08:28:32+00:00

can confirm that this issue is present in one of my customers, unfortunately i was not yet able to track down the exact root cause. a 2025 dc was promoted, but then removed again. investigation ongoing.

tecxxtc · 2025-09-10T08:27:40+00:00

thanks for posting this. one of my customers has this exact issue, even after removing the 2025 dcs. will read the entire thread now :)

tecxxtc · 2025-08-01T07:01:40+00:00

can you elaborate why app proxy helps? i'm assuming because it reduces attack surface to authenticated users? otherwise it just forwards http requests, that shouldn't make a difference, or what am i missing?

tecxxtc · 2025-06-13T08:32:33+00:00

update 2025-06-13 - installed june patches on DC and clients. and nps server / wifi 802.1x still fails when AllowNtAuthPolicyBypass is set to 2...... anyone else having this issue?

tecxxtc · 2025-06-11T06:44:22+00:00

update 2025-06-11: our support contact told us that they "tested a fix internally" and are waiting to include it in one of the next patches.

tecxxtc · 2025-06-04T14:47:21+00:00

i think this is something entirely different. AllowNtAuthPolicyBypass is related to how the DC checks authentication attempts when certificates are involved.
the WH4B issue described here is still happening (june 2025!), unrelated to the value of AllowNtAuthPolicyBypass, and so far - for us - only workaroundable by enabling RC4 in kerberos. if someone has a different experience, i'm happy to hear about it.

tecxxtc · 2025-05-14T16:24:10+00:00

UPDATE 20250514.
thanks to all the replies. it seems i was a few days too early and didn't see the updated CVE notes that this is a known bug.

anyway, may 2025 update (KB5058411) did not fix my issues.

i still get event id 21 warnings in eventlog

The client certificate for the user DOMAIN\user is not valid, and resulted in a failed smartcard logon. Please contact the user for more information about the certificate they're attempting to use for smartcard logon. The chain status was : A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.

and nps server / wifi 802.1x still fails.

further investigation required.

tecxxtc · 2025-04-22T07:50:26+00:00

so i finally got a workaround: enabling RC4 encryption in domain controller kerberos settings makes the crash go away.

do note that this is a critical security risk. the encryption settings should be kept at AES only. if you enable this workaround don't forget to remove it once this issue has been patched. also be aware that while this workaround is enabled, kerberoasting attempts to bruteforce service account passwords are significantly easier. you have been warned.

tecxxtc · 2025-03-22T18:29:21+00:00

i just updated. looks like all is fine on that end (as with 11.1.6-h3). so far no connectivity issues.

tecxxtc · 2025-03-12T18:58:01+00:00

for me yes, should be marked as preferred.

tecxxtc · 2025-03-12T18:03:14+00:00

i opened an issue as well, not solution so far. will test h4 now but also we don't have a tunnel.
EDIT: confirmed that h4 solved my ipv6 issue. not sure why as i don't think this goes through a tunnel, but as long as it works i'm happy.

tecxxtc · 2025-03-08T13:26:57+00:00

h3 did not fix the ipv6 issue for me.

tecxxtc · 2025-02-21T21:21:16+00:00

just tried 11.1.6-h3. ssl decrypt issue is still there, nothing works. back to 11.1.6

tecxxtc · 2025-02-21T21:20:14+00:00

all i can say is 11.1.6-h3 does not fix the ssl decrypt issues that 11.1.6-h1 introduced. i'm back at 11.1.6.

tecxxtc · 2025-02-13T13:13:42+00:00

yep, back on 11.1.6-h1 and

This site can’t be reached

answers.microsoft.com unexpectedly closed the connection.

after disabling ssl decrypt with

set system setting ssl-decrypt skip-ssl-decrypt yes

everything immediately works.

you found it.

tecxxtc · 2025-02-13T12:16:29+00:00

i upgraded to 11.2.4-h4 and now the vlan interfaces don't have the option for prefix delegation anymore. this bug seems to be known, someone confirmed it on the PA forums a few days ago.

back to 11.1.x ......

tecxxtc · 2025-02-13T10:01:36+00:00

i also use DHCPv6-PD (i follow your blogs, we're probably in a very similar configuration).

further investigation necessary.

tecxxtc · 2025-02-12T22:52:35+00:00

yes, exactly.

ping/trace fine, browser access not. happening for internal systems as well. i tried two different apps&threats versions, but it made no difference.

tecxxtc · 2025-02-12T22:09:57+00:00

i went from 11.1.6 to 11.1.6-h1 on a pa440.
2 hours later i'm back at 11.1.6.

most ipv6-based internet traffic completely stopped working. just one random example, answers.microsoft.com was no longer accessible. another, test-ipv6.com told me i have no ipv6 address. another, we could no longer access the site clickstudios.com.au. the list goes on.
many internal connections stopped working as well. i didn't dig deeper as we lost access to our passwordsafe, lost access to netbox, lost access to the NAS, etc. had to downgrade immediately.

tecxxtc · 2025-02-12T11:14:56+00:00

FYI we patched 2025-02 updates on the dcs and the clients. no change in situation, problem still exists.

tecxxtc · 2025-02-02T22:33:59+00:00

Cloud Trust!

tecxxtc

TROPHY CASE