Cisco IDS 4250XL - SSH protocol versions supported

I recently had a vulnerability scan completed and "SSH protocol versions supported" showed up in it for my IDS. Has anyone come across this and if so, how am I able to mitigate it. Is there a way to change the SSH version on the device?

What vulnerability is being asserted in the OpenSSH implementation of SSH protocol version 1?
I have not seen a new problem discovered in more than three years in the SSH protocol version 1. OpenSSH-3.7.1p2 contains all the fixes for all vulnerabilities that I am aware.
When a vulnerability assessment recommends shutting down SSH protocol version 1, they need to back it up with some facts to show that SSH1 as implemented in the IDS 4.x sensor is insecure.
=====
That having been said, you can disable SSH protocol version 1 by editing /etc/ssh/sshd_config and restarting the service. What you will lose is the ability to manage keys in the IDS CLI. So you cannot use authorized keys to log into the sensor.
The "copy scp:..." and "upgrade scp:..." commands will fail. When you start an SSH2 client, it will refuse to connect to the remote server because it won't trust the host key.
You also won't be able to manange network devices to perform blocking using the SSH protocol.

Similar Messages

  • Question about ssh login warning: Bad protocol version identification

    I set up ssh on my computer according to Tim Haigh's suggestions given here:
    http://discussions.apple.com/thread.jspa?threadID=1674968&tstart=0
    But when I log in from my iPhone, secure.log shows this:
    sshd[534]: Bad protocol version identification 'GET / HTTP/1.1' from 208.54.83.51
    Although I do log in successfully, how can I resolve this error?

    GET / HTTP/1.1
    Looks more like a Web browser handshake, than ssh.

  • Is HLS protocol version 6 is supported in IOS 6.x and IOS 7.x ?

    Is the latest HLS protocol version (version 6) is supported in IOS 6.x and IOS 7.x players ?
    If it is supported can you please provide a sample m3u8 with EXT-X-START tag ?

    I use native player and start play from web page in Safari
    Master playlist
    #EXTM3U
    #EXT-X-MEDIA:TYPE=SUBTITLES,GROUP-ID="WebVTT",NAME="Main",DEFAULT=NO,AUTOSELECT= NO,URI="http://172.18.0.81:8080/mediaserver/download/2/service.523/item.m3u8?playlist=we bvtt"
    #EXT-X-STREAM-INF:BANDWIDTH=16777216,SUBTITLES="WebVTT"
    http://172.18.0.81:8080/mediaserver/download/2/service.523/item.m3u8?playlist=da ta
    segmets playlist
    #EXTM3U
    #EXT-X-VERSION:4
    #EXT-X-TARGETDURATION:1
    #EXT-X-MEDIA-SEQUENCE:2280
    #EXT-X-ALLOW-CACHE:NO
    #EXTINF:1
    http://172.18.0.81:8080/mediaserver/download/2/service.523/item.ts?chunk=1
    #EXTINF:1
    http://172.18.0.81:8080/mediaserver/download/2/service.523/item.ts?chunk=2
    #EXTINF:1
    http://172.18.0.81:8080/mediaserver/download/2/service.523/item.ts?chunk=3

  • Cisco-ids ipv6 support

    Hi All,
    Is/will cisco-ids support ipv6 for command&control and sensing?
    Thanks
    Henk

    1) an "enhancement request" is a way for us to track that somebody is interested in a feature. This means that every time we look at doing a binary update, we will be reminded of the feature request and can prioritize it against other things we want to do. A lot of prioritization information comes from Marketing feedback, so I encourage you to make sure that your sales channel knows your needs. In short, its not planned so I can't say if it will ever be there.
    2) correct...no dates announced yet.
    see #1 for the last Q.
    Scott

  • Do any new cisco versions support auto-adding team members back to group chat?

    each day I create a team group chat (9.2.6 or lower)
    a. if someone falls out of the team chat  (switches buildings, goes to a meeting, reboots etc)
    b. they fall out of the team chat
    c. users have to ask me to add them back to the team chat or I have to add all team members in the group every few hours.
    It would be great if it was more of a chat room like feature where anyone in that group can come/go as needed. Do any versions support this feature?
    If not I would like to pass this on as a suggestion. I believe lync supported this feature.

    and persistent group chat looks like it works with cisco jabber 9.7+?
    any advice on how I would submit a request internally for persistent chat?
    a. what is required (what is the name of the app, database stuff I have read about)
    b. which version of Jabber is recommended
    I would like it integrated with Cisco jabber and not a separate chat utility. Also is there a different place to place a "wishlist" request? Thanks!

  • What trunking protocols are supported by the Cisco AP1200 series

    Guys,
    What trunking protocols are supported by the Cisco AP1200 series?
    Advanved thanking for your reply

    Has to be a dot1q encapsulation.
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Cisco IDS vs SNORT

    This isnt ment to be a flame thread. During a security audit our vendor said that the Cisco IDS's we use are not really that good and we should move to SNORT.
    Is SNORT a good product to use in conjuction with the Cisco IDS or just by itself replacing out the Cisco IDS's? We have always stuck to CISCO equipment, and never really did anything else. Mainly because of the reliability and performance it offers.

    In my experience, the statement that "SNORT is better than " is usually the result of 1) No experience with said commercial product and 2) a bias favouring anything Open Source.
    IMNSHO, both products are excellent; they're just different. Cisco, at least when compared to the last version of SNORT I played with (1.9, 2.0), was better at both IP fragment and TCP session reassembly. Furthermore, you generally don't get contractually obligated support with SNORT (unless of course you buy Sourcefire, but that's not really the same thing...).
    Snort's biggest advantages, again IMNSHO, are cost (generally hardware only, if you don't factor in configuration and maintenance man power costs...) and flexibility. By flexibility, I mean that you can deploy it on just about anything running Linux (desktop, server, inline) and you can choose to use it as either an IPS (Snort-inline), NNIDS (Snort running on a desktop or server) or NIDS (Snort on a system acting as a purpose-built sensor).
    Both of them are fairly easy to modify with custom signatures and new signatures are coming out very frequently (user community for Snort, vendor-supplied for Cisco IDS), so neither has a distinct advantage here.
    That's just a quick response. There is usually a deeper philosophical discussion here, but this goes back to my "bias favouring anything Open Source" comment.
    I hope this helps,
    Alex Arndt

  • Windows 8 64 bit issues with Cisco AnyConnect Secure Mobility Client version 3.1.04072

    I am having an issue with the Cisco AnyConnect Secure Mobility Client version 3.1.04072 on a Windows 8 64 bit laptop.
    I am able to create the VPN connection but the connection will not allow data to be transferred.
    Stats from a manual connection:
    Cisco AnyConnect Secure Mobility Client Version 3.1.04072
    VPN Stats
        Bytes Received:  14375
        Bytes Sent:  0
        Compressed Bytes Received:  0
        Compressed Bytes Sent:  0
        Compressed Packets Received:  0
        Compressed Packets Sent:  0
        Control Bytes Received:  0
        Control Bytes Sent:  0
        Control Packets Received:  0
        Control Packets Sent:  0
        Encrypted Bytes Received:  7820
        Encrypted Bytes Sent:  1207
        Encrypted Packets Received:  9
        Encrypted Packets Sent:  3
        Inbound Bypassed Packets:  0
        Inbound Discarded Packets:  0
        Outbound Bypassed Packets:  0
        Outbound Discarded Packets:  0
        Packets Received:  4
        Packets Sent:  0
        Time Connected:  00:03:01
    Protocol Info
        Inactive Protocol
            Protocol Cipher:  RSA_3DES_168_SHA1
            Protocol Compression:  None
            Protocol State:  Disconnected
            Protocol:  DTLS
        Active Protocol
            Protocol Cipher:  RSA_3DES_168_SHA1
            Protocol Compression:  Deflate
            Protocol State:  Connected
            Protocol:  TLS
    OS Version
        Windows 8 : WinNT 6.2.9200
    Log from the data transmission software:
    24/12/2013 12:51:13 - Application version = 1.11.28.0
    24/12/2013 12:51:13 - Lodgement Library Version =  1.11.28.0
    24/12/2013 12:51:13 - Connection Method =  INTERNET
    24/12/2013 12:51:13 - DIS Connection Type = Automatic
    24/12/2013 12:51:13 - VPN Client =  ACTIVE
    24/12/2013 12:51:13 - Check Available Connections =  NOT ACTIVE
    24/12/2013 12:51:13 - Windows 8 (6.2.9200 SP )
    24/12/2013 12:51:13 - Language: English (Australia)
    24/12/2013 12:51:13 -
    24/12/2013 12:51:13 - Connected to ISP via LAN
    24/12/2013 12:51:13 - Checking for presence of VPN client.
    24/12/2013 12:51:13 - VPN client found. (C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe)
    24/12/2013 12:51:13 - The Cisco AnyConnect Secure Mobility Client application is in use.
    24/12/2013 12:51:18 - Terminating Cisco AnyConnect Secure Mobility Client in progress ...
    24/12/2013 12:51:18 -
    24/12/2013 12:51:18 - Checking Cisco AnyConnect  version.
    24/12/2013 12:51:19 - Cisco AnyConnect Secure Mobility Client (version 3.1.04072) .
    24/12/2013 12:51:19 - Copyright (c) 2004 - 2013 Cisco Systems, Inc.  All Rights Reserved.
    24/12/2013 12:51:19 - Config file directory:C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\
    24/12/2013 12:51:19 -
    24/12/2013 12:51:19 - Loading profile:C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\ELS-IMelAde-TCP.xml
    24/12/2013 12:51:19 -
    24/12/2013 12:51:19 - Initializing the VPN connection.
    24/12/2013 12:51:19 - Ready to connect.
    24/12/2013 12:51:19 - Ready to connect.
    24/12/2013 12:51:19 - Contacting ELS-IMelAde-TCP.
    24/12/2013 12:51:23 - Authenticating user.
    24/12/2013 12:51:23 - Connected to VPN concentrator.
    24/12/2013 12:51:23 - Establishing VPN session...
    24/12/2013 12:51:23 - Checking for profile updates...
    24/12/2013 12:51:23 - Checking for product updates...
    24/12/2013 12:51:23 - Checking for customization updates...
    24/12/2013 12:51:23 - Performing any required updates...
    24/12/2013 12:51:23 - Establishing VPN session...
    24/12/2013 12:51:23 - Establishing VPN - Initiating connection...
    24/12/2013 12:51:24 - Establishing VPN - Examining system...
    24/12/2013 12:51:24 - Establishing VPN - Activating VPN adapter...
    24/12/2013 12:51:24 - Establishing VPN - Configuring system...
    24/12/2013 12:51:24 - Establishing VPN...
    24/12/2013 12:51:24 - Connected to VPN concentrator.
    24/12/2013 12:51:24 - Connected to ELS-IMelAde-TCP.
    24/12/2013 12:51:24 - Connected to VPN concentrator.
    24/12/2013 12:51:24 - Connection to VPN client return code = 0.
    24/12/2013 12:51:24 - Connected to VPN concentrator.
    24/12/2013 12:51:24 - Connecting : Connecting to 203.202.43.2.
    24/12/2013 12:51:45 - Error in ConnectToDIS - Socket Error # 10060
    Connection timed out.
    24/12/2013 12:51:46 -
    24/12/2013 12:51:46 - Disconnecting from the VPN concentrator.
    24/12/2013 12:51:46 - Disconnect in progress, please wait...
    24/12/2013 12:51:46 - Detaching AnyConnect, please wait...
    24/12/2013 12:51:47 - Detached.
    24/12/2013 12:51:47 - Disconnected from VPN concentrator.
    24/12/2013 12:51:47 - *****************************************************
    24/12/2013 12:51:47 -               END OF LODGEMENT PROCESS
    24/12/2013 12:51:47 - *****************************************************
    Issue history:
    - Previously running Cisco VPN client on Windows 8 64 bit laptop (VPN working and able to transmit data over VPN)
    - Upgrade to Windows 8.1 stopped the VPN client working
    - Refreshed system back to Windows 8 and reinstalled all software
    - Cisco VPN client would not install on system
    - Cisco AnyConnect Secure Mobility Client installs and is able to connect to VPN host
    - Cisco AnyConnect Secure Mobility Client downloads and installs software from VPN host
    - Data transmission software returns error code #10060
    Any assistance would be greatly appreciated.

    anyone found the fix for this?

  • Cisco Identity Services Engine (ISE) Version 1.2: What's New in Features and Troubleshooting Options

    With Ali Mohammed
    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about what’s new in Cisco Identity Services Engine (ISE) Version 1.2 and to understand the new features and enhanced troubleshooting options with Cisco expert Ali Mohammed.
    Cisco ISE can be deployed as an appliance or virtual machine to enforce security policy on all devices that attempt to gain access to network infrastructure. ISE 1.2 provides feature enrichment in terms of mobile device management, BYOD enhancements, and so on. It also performs noise suppression in log collection so customers have greater ability to store and analyze logs for a longer period.
    Ali Mohammed is an escalation engineer with the Security Access and Mobility Product Group (SAMPG), providing support to all Cisco NAC and Cisco ISE installed base. Ali works on complicated recreations of customer issues and helps customers in resolving configuration, deployment, setup, and integration issues involving Cisco NAC and Cisco ISE products. Ali works on enhancing tools available in ISE/NAC that are required to help troubleshoot the product setup in customer environments. Ali has six and a half years of experience at Cisco and is CCIE certified in security (number 24130).
    Remember to use the rating system to let Ali know if you have received an adequate response.
    Because of the volume expected during this event, Ali might not be able to answer each question. Remember that you can continue the conversation on the Security community, sub-community shortly after the event. This event lasts through September 6, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

    Hi Ali,
    We currently have a two-node deployment running 1.1.3.124, as depicted in diagram:
    http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_010.html#ID89
    Question 1:
    After step 1 is done, node B becomes the new primary node.
    What's the license impact at that stage, when the license is mainly tied to node A, the previous primary PAN?
    Step 3 says to obtain a new license that's tied to both node A & node B, as if it's implying an issue would arise, if we leave node B as the primary PAN, instead of reverting back to node A.
    =========
    Question 2:
    When step 1 is completed, node B runs 1.2, while node A runs 1.1.3.124.
    Do both nodes still function as PSN nodes, and can service end users at that point? (before we proceed to step 2)
    Both nodes are behind our ACE load balancer, and I'm trying to confirm the behavior during the upgrade, to determine when to take each node out of the load balancing serverfarm, to keep the service up and avoid an outage.
    ===========
    Question 3:
    According to the upgrade guide, we're supposed to perform a config backup from PAN & MnT nodes.
    Is the config backup used only when we need to rollback from 1.2 to 1.1.3, or can it be used to restore config on 1.2?
    It also says to record customizations & alert settings because after  the upgrade to 1.2, these settings would change, and we would need to  re-configure them.
    Is this correct? That's a lot of screen shots we'll need to take; is there any way to avoid this?
    It says: "
    Disable services such as Guest, Profiler, Device Onboarding, and so on before upgrade and enable them after upgrade. Otherwise, you must add the guest users who are lost, and devices must be profiled and onboarded again."
    Exactly how do you disable services? Disable all the authorization policies?
    http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_01.html#reference_4EFE5E15B9854A648C9EF18D492B9105
    ==================
    Question 4:
    The 1.1 user guide says the maximum number of nodes in a node group was 4.
    The 1.2 guide now says the maximum is 10.
    Is there a hard limit on how many nodes can be in a node group?
    We currently don't use node group, due to the lack of multicast support on the ACE-20.
    Is it a big deal not to have one?
    http://www.cisco.com/en/US/customer/docs/security/ise/1.2/user_guide/ise_dis_deploy.html#wp1230118
    thanks,
    Kevin

  • Ask the Expert: Introduction to Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features)

    With Namit Agarwal and Rahul Govindan 
    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features) with experts Namit Agarwal and Rahul Govindan.
    This is a continuation of the live webcast.
    Cisco ASA CX (Context-Aware) is a next generation firewall service that serves as an extension to the Cisco Adaptive Security Appliance (ASA) firewall platform. In addition to the proven stateful inspection firewall capabilities, it provides us with next-generation capabilities and a host of additional network-based security controls for end-to-end network intelligence and streamlined security operations.
    Namit Agarwal is a customer support engineer at the Cisco Technical Assistance Center in Bangalore, India. He has more than four years of experience in the security domain. His areas of expertise include ASA firewalls, IPS, and ASA content-aware security (ASA CX). He has been involved in various escalation requests from around the world. He holds CCIE certification (number 33795) in security.   
    Rahul Govindan has been an engineer with the Security Technical Assistance Center team in Bangalore for more than three years. He works on security technologies such as VPN; Cisco ASA firewalls; and authentication, authorization, and accounting. His particular expertise is in Secure Sockets Layer VPN and IP security VPN technologies. He holds CCIE certification (number 29948) in security.
    Remember to use the rating system to let Namit and Govindan know if you have received an adequate response. 
    Because of the volume expected during this event, Namit and Govindan might not be able to answer every question. Remember that you can continue the conversation in the Security community, subcommunity VPN shortly after the event. This event lasts through November 1, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
    Webcast related links:
    Slides from the live webcast
    Video Recording of the live webcast
    Introduction to Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features): FAQ from live webcast

    Hello Namit and Rahul,
    Here are few questions that came in directly during your live webcast hence posting them here so that users can benifit:
    1)      How is ASA CX different from other UTM solutions ?
    2)      How is dynamic application inspection of CX better than other inspection engines  ?
    3)      What features or functionalities on the CX are available by default ?
    4)      what are the different ways we can run or install CX on the ASA platform ?
    5)      What VPN features are supported with multi context ASA in the 9.x release ?
    6)      What are the IPv6 Enhancements in the ASA version 9.x ?
    Request you to please provide your responses to them individually.
    Thanks.

  • WLC: which software-version support SHA2 certificates for Web Authentification and Web Management ?

    Hello,
    I tried to install new SHA2 3th-Party certificates on our WLCs. There are old WiSM1-Boards and 2504 to support our old 1230 Access Points, running 7.0.251.2, which didn't install it, although the config manual for 7.6 and 8.0 say that SHA2 certificates are supported since 7.0.250.0. When I tried to install the SHA2-certificates I get the message "File transfer failed" an the log says:
    *TransferTask: Dec 12 13:22:14.394: #UPDATE-3-CERT_INST_FAIL: updcode.c:1869 Failed to install Webauth certificate. rc = 1
    *TransferTask: Dec 12 13:22:14.394: #SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4085 Cannot PEM decode private key
    I tried to install the same certificates on our WiSM2-Boards, running 7.4.121.0 and I failed too. The same certificates could be installed on a 2504 running 8.0.100 without any problems.
    In all 3 cases I tried to install unchained certificates for web management and Level 3 chained certificates  for web authentication. I used the following guides to get the certificates (e.g. taken from the config manual 8.0.100):
    http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html
    http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/70584-csr-wlc-00.pdf
    Which software versions support SHA2 certificates and which didn't ? Is the a list for it ?
    Regards

    Hello,
    I solved the problem. First I used a Debian Linux system with Openssl 1.0.1. After I searched the internet using one of the log messages above I found sites which mentioned to use Openssl 0.9.x. So I tried a productive and security fixes Debian Linux System running Openssl 0.9.8 and I succeeded. The wlcs accepted the certificate files and used it after a reboot. The Web GUI still shows a SHA1 Fingerprint, but the certificate signature Algorithm is SHA2:
    Signature Algorithm: sha256WithRSAEncryption
    When you check the openssl.org homepage Openssl 0.9.8 is still one of the actual version of openssl and is still available and fixed. But the Openssl Roadmap says:
    "We don't want to have to maintain too many branches. This is likely to include a timescale for the EOL of version 0.9.8"
    I don't know the differences between certificates made with openssl 0.9.8 and 1.0.1. Is there anybody who can explain it to me ?
    Regards

  • Which IOS version supported EEM?

    Hi
    May I know which IOS version supported EEM (Embedded Event Manager) ?
    we are using 2960 and 3750. Does c2960-lanbasek9-mz.150-2.SE5/c2960-lanbase-mz.122-35.SE5 support?
    hugo

    EEM supported on 3750:-
    http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-2-special-early-deployments/product_bulletin_c25-614546.html
    But as leo said its not on 2960.

  • The vm and host networking components failed to negotiate protocol version '4.0'

    Hi,
    I have the problem that when I start a VM with windows server 2012 on a hyper-v v2 host, it takes very long till the VM get bind the static or dynamic ip adress. I tried both, static and dynamic. In every case I see at the event viewer the following error:
    the vm and host networking components failed to negotiate protocol version '4.0'
    After a few minutes the VM gets bind the IP an everything works fine. But at the next time I reboot the machine the same failure appear.
    Trying to use legacy network adapter results in the same problem. After this I tried to export the vm to a hyper-v v3 host. At first boot time
    the problem didn't appear and the vm get's bind the ip adress without problems. Then after upgrading the integration services to hyper-v v3
    version the same problem appears but without register it in the event viewer.
    Does anybody know how I can fix this problem?
    Kind Regards,
    Marcus

    Hi,
    A MS KB records an issue when you run Windows 8 or Windows Server 2012 based Virtual machine in Windows Server 2008 or in Windows Server 2008R2:
    http://support.microsoft.com/kb/2744129
    There is a Microsoft update in this KB, you may install this KB in your Windows Server 2008 R2 and check the result.
    While about this issue after you migrate the guest VM to Windows Server 2012 host, will it still has such error message after you remove all network adapters of the guest VM?
    Install Windows update for the Hyper-V host, after that upgrade Integration service for the guest VM again to check the result.
    For more information please refer to following MS articles:
    "Unsupported configuration" warning when you run a Windows 8-based or Windows Server 2012-based virtual machine in Windows Server 2008 R2
    http://support.microsoft.com/kb/2737297
    Hyper-V Overview
    http://technet.microsoft.com/en-us/library/hh831531.aspx
    Lawrence
    TechNet Community Support

  • Which protocol version is really used?

    In the JSSE reference guide, Appendix A: Standard Names, is said, that the protocol name passed to the getInstance method of the SSLContext class maybe one of the following: SSL, SSLv2, SSLv3, TLS, TLSv1. But it does not specify which protocol version will actually be used, it is always said that it supports one or some specific protocols, but it may support other protocol versions as well.
    And what does the setEnabledProtocols method of the SSLSocket class do? May an application specify here exactly, which protocols should be used?

    JSSE currently supports SSL v3.0 and TLS v1.0 (SSL v3.1).
    The protocol agreeded with the server depends on your client/server configuration, and always is the lower protocol supported by both of them.
    For example:
    Server -> TLS v1.0
    Client -> SSL v3.0
    The shared protocol will be SSL v3.0.
    About the getEnabledProtocols() method, give a look here:
    http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#NewMethods
    Hope this helps.

  • The VM and host networking components failed to negotiate protocol version '5.0'

    I have been searching for a fix for this issue for sometime.
    The VM and host networking components failed to negotiate protocol version '5.0'
    and
    The VM and host networking components failed to negotiate protocol version '4.0'
    this error have been posting on the host server 2008 R2, with a hyper-V running server 2012 R2, which is the eval version vhd from Microsoft.
    I have tried the patch on the server 2008 R2 host and the nic delete and rescan option with varied reboots and such between each step of the process just to try every possible combination.
    The error persists. Are there any other suggested solutions for fixing this problem. Also the drivers have all been updated along with the system firmware.
    thanks,

    The hotfix states Server 2012 in the VM. You stated Server 2012 R2 in the VM.  MSFT is very precise in this language - Server 2012 != Server 2012 R2.
    Two distinctly different releases of Windows Server.
    In this case the N = the running release of Hyper-V.  In this case your Hyper-V Server at release version 2008 R2.
    The +2 = the current version of Windows.  In this case that is 2012 R2.  Two releases ahead of the version of the hypervisor you are running.
    I tossed in the link to Ben Armstrong's blog article as that is the ONLY (and still definitive statement) support statement regarding this configuration.  He posted that article at my request after many folks posting in this forum with strange behavior
    in this configuration.
    "supported" in this context means that if you call CSS, you will be told the following: 'yes, you have errors in the event log.  We will not fix that.  This is an unsupported configuration.  But that does not block the OS in the
    VM running.  If you want the errors to go away, we suggest you upgrade your Hyper-V Server to 2012 R2.  That configuration is supported.'
    That said, it can impact other functionality of the VM that rely on Integration Components in the VM and the Services of the hypervisor.  There is most likely small things that will not work.
    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.

Maybe you are looking for