Set the CredSSP group policy to raise security level (4/19/2018 8:00:00 AM)
Microsoft has pushed a fix for vulnerabilities in the CredSSP credential processing system in Windows. In order to make use of the fixes, we will be pushing a group policy change to enable this fix. This will be pushed April 19th, and will take affect at the next machine reboot, which should be no later than April 23rd for Patch-Tuesday updates.
Information on the CredSSP fix are available at:
We will set the group policy to 'Mitigate' on April 19th, taking effect no lather than April 23rd. We will set this to 'Force Updated Clients' on May 17th, taking effect no later than May 21st with the campus patch reboots.
Unpatched Windows systems will not be able to effectively communicate with patched Windows systems after May 17th.
The primary impact will be Remote Desktop sessions such as connections to Remote Labs, and connections to campus Faculty/Staff desktops from home. These home and non-University Windows machines should be updated to at least the March 2018 security updates to regain normal connectivity. Machines without these updates likely have other significant vulnerabilities, and updating should be checked if they are not connecting as expected.
Firefox 60.0 ESR Campus Update (5/18/2018 5:00:00 PM)
Firefox 60.0 ESR will be replacing previous versions of Firefox on all faculty, staff, and lab computers to update campus to the newest ESR branch as well as addressing security vulnerabilities. The current deployed version is 52.7.1.
Panopto Campus-wide Upgrade (5/18/2018 5:00:00 PM)
The Panopto client will be installed on all UMKC owned Windows and Mac workstations. Existing installations will be upgraded to version 5.6 to comply with Panopto's version requirements..
Adding new handshakes for UMKC IPsec for Quick Mode connections (5/19/2018 10:00:00 PM)
A new set of secure handshakes will be added to UMKC IPsec for Quick Mode connections. This will allow stronger IPsec use. These changes will be made a week prior to dropping legacy settings, so that machines have time to smoothly transition to the new settings.
Specifically for Quick Mode, we will add:
Data Integrity - ESP - AES-GMAC-128 for integrity , and ESP - AES-GCM-128 for data integrity and encryption.
No outage is expected as this adds an additional setting, without removing any current settings. Some systems may close and restart currently active connection sessions, but will be near instant reconnect in most cases.
PaperCut Application/Server Upgrades over Summer Intercession (5/21/2018 8:30:00 AM)
On 5/21/2018, all major print servers for both faculty/staff and campus labs will be upgraded to PaperCut 18.1 from currently installed version 17.3.6. This includes KC-PRINT2 (faculty/staff printing), KC-ISSS-LAB01 (IS labs printing), KS-ISSS-LAB02 (Athletics lab printing), KC-ISSS-LAB03 (SCE labs printing), KC-ISSS-ARCLAB (Architecture labs printing), and KC-BIO-LS01 (Biology labs printing).
This should take down each server for around 30 minutes during the upgrade. Each upgrade will be performed one-by-one.
IPsec change to drop SHA1 and 3DES main-mode handshakes (5/26/2018 10:00:00 PM)
This is being pushed out one week, to allow for a change on the 20th to add new Quick Mode IPsec settings that need to distribute for a week before the next change occurs.
IPsec at UMKC will be adjusted to drop SHA-1 and 3DES handshaking and encryption options. These are already set as lower preference, but will be removed to simplify the current IPsec configuration. We will also remove support for the older UM-Root CA which has been retired, and all certificates from that CA should now be expired. (new root was activated at the end of 2014, most certs were 3 year life cycle and should be expired now.)
No direct outage is expected, but connections to Domain Controllers will likely close and restart. Some machines that negotiated the lower security will need to renegotiate at the higher security.
Campus Edge and Data Center firewall firmware upgrades (5/26/2018 10:00:00 PM)
The campus edge and data center firewalls will receive firmware upgrades. This set will be minor upgrade sets 8.0.8 to 8.0.9 , with a larger upgrade potentially in early August if 8.1.3 ships before the first Saturday in August.
The campus network edge will see two brief 10 second outages. The data center will see two 30 to 60 second outages as routing re-converges.
Fine Arts Building Network Refresh (5/31/2018 5:30:00 PM)
Information Services - Networking will be replacing the Access Switches (office network connections) and Distribution Switches (building network backbone) in the Fine Arts building. This upgrade will result in a intermittent loss of network connectivity for the offices in the building while the switches are being replaced.
CentOS and Ubuntu Linux Major Versions Released (6/1/2018 11:08:00 AM)
This month, both CentOS and Ubuntu have done major releases for their latest version this month, which will upgrade over 500 software packages on all our Linux servers. We will be working throughout the month of May on installing these upgrades, into the dev servers first, and we may be reaching out to various key personnel to test things before we push these into the production systems by the end of May. All impacted Linux servers will eventually need to be rebooted to get everything copacetic. As always, we will strive to ensure minimal disruption to services and system availability with these updates and reboots.
Upgrade KC-ISIA-SQLPRD1 to 2016 (6/2/2018 9:00:00 PM)
Upgrade SQL Server on KC-ISIA-SQLPRD1 TO VERSION 2016 FROM 2014.