Windows Media Player 12 Crash with EMET 5.0

Posted by Ahmed Nabil | 0 comments»
I am currently running Microsoft EMET (Enhanced Mitigation Experience Toolkit) version 5.0 (Latest Version) with the popular software list which protects other well known software as Google Chrome, Firefox, Windows Media Player............etc.

After upgrading EMET to the latest version 5.0, I noticed that the Windows Media Player (Latest Version 12) crashes and the below event log is reported.



My first suspect was EMET, I removed all mitigation for the Windows Media Player from the Apps Section as shown below.



Windows Media Player started working normal after removing all mitigation, I started checking them one by one till it crashes back again with the StackPivot Mitigation.

The StackPivot Mitigation is used to detect if the stack is pivoted and used to validate the stack register present in the context structure of certain APIs. For some reason its triggered with Windows Media player and you need to un-check it to work it out till Microsoft finds a solution since they are both Microsoft Products.



UAG Direct Access client Fail to connect. DA is configured and disabled.

Posted by Ahmed Nabil In , | 0 comments»
I got couple of users using Windows 7 reporting that they can't connect using Direct Access anymore whether its HTTPS or Teredo, DA just won't work. Upon further discussing the issue with them they mentioned that they enabled and disabled the Direct Access Connectivity assistant (DCA) Use Local DNS couple of times in an effort to work it out.

We started troubleshooting by checking the Name Resolution Policy table and we noticed that the NRPT was not getting applied on the DA client as shown below.





The next step was checking the DA resolution using the netsh dns show state command and it turned to be disabled.


Name Resolution Policy Table Options
--------------------------------------------------------------------

Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                        if the name does not exist in DNS or
                                        if the DNS servers are unreachable
                                        when on a private network

Query Resolution Behavior             : Resolve only IPv6 addresses for names

Network Location Behavior             : Never use Direct Access settings

Machine Location                      : Outside corporate network

Direct Access Settings                : Configured and Disabled

DNSSEC Settings                       : Not Configured


The DA client already has the correct group policies, certificates but its disabled.

The next step was checking the below registry key:

"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient EnableDAForAllNetworks"

The value of the key was set to 2 which means that DA is disabled !

Upon deleting the registry key, the DA started working normally without any problem.

For more information about the EnableDAForAllNetworks and its different values please check the below URL. 


On both cases that i have seen so far the reason was playing with the DCA settings (Use local DNS) which triggered the flipping of this registry key from Automatic to disabled.


Hopefully this could help someone with the same problem.