Friday, March 04, 2016

Necessary Software for Your IT Toolbox


  1. Disk Cloning Solution:  I'm partial to Acronis Backup v11's Live CD for this job - it's fast, easy, and well supported.  However, we can't always have the luxury of a $90 backup solution.  For those customers without an Acronis license I use G4L - Ghost 4 Linux - it's an intimidating looking tool, and it's certainly not very fast, but the price can't be beat.  Learn how to use G4L at http://www.oakdome.com/lab/?page_id=8.
  2. Password Reset Solution:  My fave tool is chntpw.  Available as part of the excellent Kali Linux computer forensics toolbox, chntpw allows you to edit the registry offline (and I can think of reasons to do this far beyond password reset).  If you don't want to fuss with an entire Linux distro just for chntpw you can use the excellent Offline Windows Password & Registry Editor - this is a LiveCD or Bootable USB that will make NT passwords as easy as Linux can make them.  It is chntpw neatly packaged in a LiveCD, so it also allows registry editing.  Be certain to read the fine manual because the interface looks quite intimidating.
  3. Windows 10 Upgrade DVD:  Many businesses are making the switch to Windows 10 because it is more secure.  Viruses and spyware are hounding users.  Windows 10 has several improvements that help prevent viruses.  It's also faster, more stable, and has some neat cloud management features.  Follow these directions  to get some Windows 10 iso goodness and create your own Upgrade DVD.  If you're upgrading I suggest booting the target computer into Windows 7 then running the DVD, booting from the DVD is for clean installs.  Windows 10 installs using the computer's Windows 7, 8, or 8.1 license key.
  4. RAM Diagnostic CD:  BSOD, slow boot, disk corruption, slow shutdown, poor performance, hangs and freezes, all can call for a RAM diagnostic.  Memtest86+ has been my go-to for quite a while.  Download the latest version, unpack it, and burn your iso to a CD.  Run it with all of the RAM installed and allow it to do a few passes, if it finds nothing, shut it down and call it good.  If it shows errors or freezes then shut down and pull out all but the 1st stick of RAM.  Boot into the diagnostic and allow a few passes - if it passes 4 or 5 times, shut it down and repeat with the remaining sticks until the faulty one is identified. 

Monday, January 04, 2016

AT&T UVerse Motorola NVG510 Bridge Mode

The best instructions are available here:

http://www.dslreports.com/faq/17734

Please note that I have not yet encountered the conflict between Bridge Mode and VOIP services.

Overall, I am very dissatisfied with the UVerse experience.  If there is any alternate service provider available, please consider using it.  In my humble opinion, UVerse is poorly supported, slow, and much more prone to failure than any competing service.

A much deeper issue, and I see this as much in competing services as I do in AT&T, is that technicians are really only equipped and trained to deal with the service providers network and are truly clueless when it comes to the customers' networks.  Issues with DHCP, DNS, and firewalling are way over the head of the typical installer.  this needs to change because customers are becoming increasingly irritated with the ineptitude displayed by the service technicians sent by Internet providers.  I often feel that these companies are operating in a way analogous to having oil change technicians perform engine repairs - the techs know what most of the parts do, but they aren't familiar with the theory and details of the inner workings.

From DSLReports:
Bridge mode, DMZ+, or IP Passthrough are the features that permit you to run your own router behind the AT&T provided residential gateway with a public IP address on its outside WAN interface. The NVG589 supports the IP Passthrough feature to accomplish this.

To be technically accurate, the NVG589 does not actually "bridge" the traffic. It will enable a default rule to forward all unknown inbound traffic to the AT&T public IP address to the MAC address of the internal router. This will preserve the public destination IP address on incoming packets and allow you to control inbound access for services and security from your personal router.

The NVG589 will still map session state information for each connection passing through, similar to a traditional NAT configuration. The only thing it will do with this traffic is rewrite the destination MAC address to that of your personal router's WAN interface. The NVG589 includes more memory and can support 8192 simultaneous connection entries, as compared to previous gateways that were limited to a maximum of 1024.

Make sure you have a notebook or a computer that you can directly connect to the NVG589.  Once you have that, unplug all Ethernet cables (including television STBs) from the NVG589 except for the previously mentioned notebook/computer. Note: the WAN connection from AT&T is not an Ethernet connection.

Second, write down the WAN-side MAC Address of your personal router.

Configuration steps to perform on the NVG589:
Note: 192.168.10.1-254 address block is a suggestion in this series of steps.  Feel free to adjust this as you wish.

1. Login to the NVG589's web-based configuration interface in your web browser.
This can usually be accessed with the following link:  https://192.168.1.254

2. Go to the "Home Network" -> "Subnets & DHCP" tab.  It may ask for your NVG589's password.

3. If your "Device IPv4 Address" is in the same subnet as your personal router's LAN segment, you should change your personal router's network configuration to use a different subnet like 192.168.10.0 or whatever you wish, as long as it continues to use private address space in the 192.168.0.0/16, 10.0.0.0/8, or 172.16.0.0/12.  The subnet mask can stay the same, 255.255.255.0, or can be adjusted to a larger range if you want.

4. Leave the default DHCP settings on the NVG589 as is, unless you want to expand the usable range. This will permit your Television Set Top Boxes to connect and any other devices that you may want to use the integrated wireless or wire directly to the RG. The Television STBs can not connect to your personal router, unless your router has the capability to provide Multicast Routing using IGMPv3. Most consumer routers do not have this capability.

It is important that you have only your computer that's configuring the NVG589 connected to it at this time.

5. If you have made any changes, at this point, Click "Save" at the bottom.

6. Go to the "Home Network" -> "Wireless" tab.

7. If you do not want to use the NVG589's integrated wireless feature, disable Wireless by choosing "Off" in the "Wireless Operation" option.

8. Go to the "Firewall" -> "Packet Filter" tab.  Click on the "Disable Packet Filters" button.

9. Go to the "Firewall" -> "NAT/Gaming" tab and disable any and all settings.

10. Go to the "Firewall" -> "IP Passthrough" tab.  Select "Passthrough" in the "Allocation Mode" option.

11. Do not enter anything for the "Default Server Internal Address". Leave this field blank.

12. In the "Passthrough Mode" selection choose "DHCPS-Fixed".

13. Type in the WAN-side MAC Address for your router under "Manual Entry", lowercase is fine. The MAC address should be in the traditional hexadecimal format xx:xx:xx:xx:xx:xx where the x's should be values from 0-9 or letters a-f, separated with single colons. If you have already connected the WAN interface of your personal router and configured it for DHCP, it may show up in the "Choose from list". If you select it, it will automatically fill the field with appropriate MAC address.

14. The Passthrough DHCP Lease value defaults to 10 minutes. You can not change this.

15. Click "Save" at the bottom. It will tell you that it needs to reboot. Stop! Do not reboot the router, yet.

16. If you are not putting any devices on the network segment directly attached to the AT&T gateway and do not want any of the Firewall security features active on the NVG589, go to the "Firewall Advanced" tab at the top and turn everything off. The recommendation is to leave these features enabled if you will have any devices on this segment or are using the integrated wireless feature. If you disable these features, make sure you are enabling this functionality on your personal router.

17. Near the top of your screen, you should see an option telling you to reboot the router. Go ahead and do this now. It takes about 2 minutes.


Configuration steps for your personal router:

1.
Disconnect your laptop's ethernet connection from the NVG589 and connect your personal router, while the NVG589 reboots.

2. Connect your laptop to your personal router.

3. Login to your personal router and change the Internet connection type to DHCP as per your router's instructions.

You should be done configuring the IP Passthrough "bridge mode", at this point. Verify that your personal router is being assigned the public IP address from AT&T on its WAN interface via DHCP.

Friday, February 27, 2015

Legally Installing Microsofts Fonts in OSX for Free

So you have Office 2011 for Mac and you're having trouble collaborating with your Windows-loving friends because you don't have Calibri or some other MS font, what should you do?

I Googled for an answer and got one (this discussion from 2012), but it was old and the link to MS's app didn't work.  So here's an updated procedure (this worked in Mavericks, and should work for older versions, also).


  1. Visit http://www.microsoft.com/en-us/download/details.aspx?id=21007 and download the Open XML File Format Converter for Mac 1.1.8 - it will arrive as a DMG.
  2. When the DMG opens you may install the software as a whole, but if you already have the latest version of Office you're just adding stuff you don't need and potentially introducing problems.  Instead right click Open XML File Format Converter for Mac 1.1.8.mpkg and select Show Package Contents.
  3. Navigate to the Contents folder then the Packages folder.
  4. Double-click OpenXML_all_fonts.pkg and execute the installer then complete the installation.
  5. Eject the disk image (duh).
  6. Open Office 2011 and be productive!

Thursday, October 09, 2014

How Do You Secure The Internet?

This is a question I have been asked a few times now, and the asker doesn't typically mean the ENTIRE Internet, they just mean their own little corner of it.  You know, the one sitting on your desk.

When someone asks this, what they really mean is "How do we keep the bad guys out?"

The three major ways the bad guys get in are:  exploiting your desktop computers, exploiting your servers, and exploiting you.  You see, the bad guys exploit both computers and users alike.  Malware (a blanket term referencing adware, spyware, and viruses), service exploitation (this is what people usually think of when they hear the word "hacking"), and calling you or emailing you and straight up lying to you are ways that your data may be compromised.  You see, we're not dealing with nice people here.

Often people are just trying to get through their day with all of their work done well.  They're looking for a fast free tool because it might take too long to complete a purchase.  Free compression utilities, file viewers, and PDF printers have the potential to infect users computers and provide easy ways for the bad guys to get in.  Interestingly enough most of the adwares and spy wares I have encountered aren't normally detected by antivirus programs as they are classified as "PUPs" - Potentially Unwanted Programs.  These technically aren't viruses, but a nuisance as they may download other PUPs which download some more, and so forth.  I'm not just talking banners inside of the app, I'm talking full-on browser hijacking where you lose your homepage, search results are altered to promote certain products, and even your line-of-business application windows display ads.
Have you seen me?
Technicians can sometimes struggle for hours to remove them because these apps aren't meant to be easy to remove.  Furthermore these apps can download additional content from other bad characters who don't just stop at serving ads: they will try to convince you to directly give them money by scaring you.  They will intimidate you with frightening looking ads and ominous messages about your computer being slow or having viruses.  Some will even go so far as to tell you that illegal activity has been detected on your computer and offer, for a fee, to clean it off.  Some even lock your computer, say that illegal activity has been detected by the government, and you may pay a fine if your want to avoid jail - all from the convenience of your office and payable via Bitcoin.

These sorts of applications don't just come from misguided efforts at inexpensive office productivity, they are often secretly shoehorned into your computer by the advertising on web sites.  Not just scummy places nobody has any business visiting - we're talking major news outlets and popular web portals like the New York Times.  I am now seeing workers with a long history of being productive and not screwing around ending up with some pretty nasty bugs.

Another, more targeted method, seeks to install even nastier tools into the computers of workers handling sensitive financial.  Known as Spearphishing, the idea is to send emails which look like important communications to financial staff.  These emails have a file attached, typically a .zip or .pdf, which, when opened, installs software that watches for important financial data to be accessed.  When sensitive data is detected the malware neatly packs it up and sends it to someone who is going to steal your customers credit card data and potentially empty all of your bank accounts.
Surprised?
It turns out that, short of pulling the plug on your Internet connection, there is no one solution which will prevent this sort of abuse.  What is required is a "Defense in Depth" - layers of protection which, when takes as a whole, offer a more solid defense than any one process or product.  The entire process of retrieving information from the Internet must be questioned and examined at critical junctures.

Let's look at the process:

  • First the user makes a decisions that they want to get something done on the Internet.  This is the best time to intervene - the user needs to have knowledge to avoid danger online.  The bad guys often depend on us being either inattentive or ignorant.  Here's a good article on spotting bad links.
    Just click Download already!
  • When you request your web page your computer performs a DNS (Domain Name Service) query - this is akin to looking up a number in the phone book - the response can be controlled by both good guys and bad guys alike.  Good guys can alter these results and prevent access to undesirable web sites.  Bad guys can do likewise and funnel your users into advertising or more malware.
  • The HTTP Get is the next critical juncture - your computer has the number of the party you are trying to reach, dialed it, and the metaphorical phone is now ringing.  This is where a proxy server steps in - it intercepts the call and makes the call on your behalf.  Again, proxies can be used by both good guys and bad, and some of the bad ones insert ads, open additional pages, and even prevent you from accessing web sites and information for removing the malware.  The good guys will use it to compare the URL of the web site you're visiting to a categorical list of URLs and block web sites which fall into undesirable categories.  Administrators and mangers can also look at the proxy logs and get a good idea of how you have spent your time online.  Analysis of these logs can indicate which users are engaged in risky online behavior and give managers an opportunity to offer some advice on how to better spend their time online.
    I see you've been surfing the web...
  • Ongoing HTTP Sessions can also be intercepted by a proxy, reassembled, examined for viruses, and then forwarded to the client.  This would be a great job for a powerful router, but many businesses don't have them yet.  Interestingly, Charter Business is leading the charge in this field and is providing routers with this capability to their high speed customers.
  • Now that your computer has completed its call there's data to be opened or executed.  This is where a good antivirus product comes into play.  Many of todays malwares are "drive by downloads" which means you never actually clicked a download button, nor did you click Open or Run.  It just happens...  Unless you have a good antivirus product which does behavioral monitoring.  Antivirus products can watch what your computer is doing and prevent suspicious activity.  Check with your antivirus vendor (I know a good one) to find out if your current product does this monitoring.  Hopefully the malware packages never get a chance to misbehave as your antivirus will detect and quarantine them as soon as the download completes.
  • If, after all of this, your computer still becomes infected with malware the malware must now succeed in making it past some or all of the lower level services to succeed in communicating with its masters - savvy DNS managers maintain lists of known bad actors and can block requests to hosts based on these lists.  Though they're uncommon, an Intrusion Detection Systems (IDS) at the firewall can detect the command and control communications used by malware, then generate alerts or terminate suspicious connections.  IDS's are are prone to false positives, so be careful if you go this route because they can require a lot of care and feeding.
  • If the malware has made it past all of these defenses then the bad guys have done a good job (relatively speaking, it's awful for us) and are now winning the game.  The likelihood of this has been reduced through defense in depth, but we can never consider ourselves to have won:  we have to find every hole in our defenses and fix it, the bad guys only have to find one. 
Spearphishing attacks are incredibly crafty, and the bad guys know how to get past many of these defenses.  Users must be prepared to match their own wits against those of the bad guys.  They will receive messages crafted to make the user want to open the attachment.  Messages will claim their attachments are:
  • Requests for bid
  • IRS communications
  • postal notifications
  • shipping notifications
  • bank password reset requests
  • law enforcement notifications
  • holiday greeting cards
  • invoices
  • awards
  • banking documents
All of these are important stuff, and nobody wants to drop the ball.  The bad guys know this and will do everything in their power to prey on our sense of duty or curiosity.  Needless to say, some of our friends and coworkers might benefit from a brief orientation on these threats.  I can't emphasize enough what a vital role your gut will play in this - if you think it might be a scam it probably is.
And for good reason.
There are many opportunities to prevent spearphishing attacks.  Remember, spearphishing is sending malware via email to people with sensitive jobs.  Many email servers (Like Microsoft's Office365) include virus scanning which will remove the threat before it reaches your inbox.  Email servers may also be configured so that they may only receive mail from trusted systems or from systems that can pass a series of tests that only trustworthy servers can pass.  As if that's not enough, servers will often read the email and make some decisions based on the content.  It's not uncommon to see 2/3 of the messages received by a server silently dropped.

Controlling DNS responses can be useful here, as well - compromised servers are may be detected and listed with security services.  If you have been duped into clicking a dangerous link the attempt could be blocked by services such as OpenDNS.

Think you can spot a phishing attack?  Take the OpenDNS Phishing quiz!

I hope that I've been able to help you learn a bit more about the threats faced by modern office staff.  If you would like to learn more about how Safe Mode might be able to secure your office computers please don't hesitate to call or email!

Tuesday, September 16, 2014

Windows 7 Desktop Can't Join the Domain - Path Not Found? Blame AVG (and everything else!)

Spoiler Alert:  uninstalling AVG from the desktop fixes the problem.

A desktop is complaining that it's Trust Relationship has failed.  Normal stuff, probably went through a system restore and ended with an old SID, no biggie.  Remove it from the domain, reboot, readd to the domain, boom done, right?  Not so fast... after changing the domain name and hitting OK I'm presented with the normal domain login to which I input my domain administrator credentials.  The computer complains with an error message:
The following error occurred attempting to join the domain "somedomain.local":
The network path was not found. 
This points to a DNS issue on our SBS 2008.  Rebooting the server was my first step and it yielded no positive results.

The SBS 2008 in question seems slow and balky.  It's an HP ML110 with 8GB of RAM serving as an SBS for a group of 10 or so people using email and file storage in the server as well as its normal duties authenticating users and doling out Group Policy.

Noted error 13568 with source NtFrs in the event log which basically says that the File Replication Service is in Journal Wrap Error.  It reads kind of like:

The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.   Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"  Replica root path is   : "c:\windows\sysvol\domain"  Replica root volume is : "\\.\C:"  

A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons.   

[1] Volume "\\.\C:" has been formatted.  

[2] The NTFS USN journal on volume "\\.\C:" has been deleted.  

[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.  

[4] File Replication Service was not running on this computer for a long time.  [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".  

Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.  

[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.  

[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.  

WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.  

To change this registry parameter, run regedit.  Click on Start, Run and type regedit.  Expand HKEY_LOCAL_MACHINE. Click down the key path:    "System\CurrentControlSet\Services\NtFrs\Parameters" Double click on the value name    "Enable Journal Wrap Automatic Restore" and update the value. 

 If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

Also noted Event ID 25:

The shadow copies of volume \\?\Volume{83195036-2013-11e0-9593-3c4a92d51777} were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

It sounds like the hard disk could too busy to serve up essential functions - looking at the Resource Monitor I could see that SQL was going crazy reading itself from the hard drive.  I decide to run the SBS 2008 BPA and see if it can tell me more.  I also update the HP System Management Agents and the HP Array Configuration Utility so that I could rule out hard disk problems (which indeed were not an issue).

My BPA report showed some issues which were solved with some simple netsh commands that were detailed in the BPA.  But an outsized Sharepoint and SBSMonitoring were also an issue as was the server being in Journal Wrap condition.

The outsized databases don't seem like they'd keep desktops from joining the domain, but the journal wrap might be a different story.  I followed the link to http://support.microsoft.com/kb/292438 and said to myself, "Oh Crap, they've linked to an outdated article, this is for Win2k!  Nice job Microsoft..."  Worthless - except, it's not.  Things haven't changed much in the last 14 years of Active Directory.

Sure enough, upon reading http://blog.ronnypot.nl/?p=738 I check and find the SYSVOL share was not available.  I changed the registry value (which was what the error message directed, also) and waited a few minutes.  The SYSVOL share came available again.  BUT... still cannot connect the workstation to the domain.

I decided to pursue the other issues indicated by the BPA and fix the SBSMonitoring and Sharepoint Services databases.

First SBSMonitoring - Google yielded http://kwsupport.com/2013/05/sbsmonitoring-database-is-nearing-maximum-size/  which suggests using http://blogs.technet.com/b/sbs/archive/2011/08/22/how-to-recreate-the-sbsmonitoring-database.aspx to replace the database with a new blank one.  What are the drawbacks?  Loss of historical data - no biggie.  Downloading and running the script was a breeze, I just needed to set-executionpolicy unrestricted to get it to execute.  That article then recommended I complete the steps at http://blogs.technet.com/b/sbs/archive/2009/07/14/sbs-2008-console-may-take-too-long-to-display-alerts-and-security-statuses-display-not-available-or-crash.aspx which will shorten the amount of time which logs are kept and reduce the amount of information which is logged.

Now to deal with the overweight Sharepoint Services Database - http://support.microsoft.com/kb/2000544 seems like a good place to start and it features a convenient "Fix It For Me."  This removed the issue from the BPA, but the desktop still won't join the domain.

Others have been feeling this pain, I see posts with similar issues all over the Internet.  This one:  http://richardburley.com/windows-7-unable-to-join-domain-fix/ seems like it might finally be the one which most closely matches my situation.  On the afflicted PC I cannot browse to \\servername.  I checked this from another computer and found that \\servername worked fine - an exact fit!  This fellow fixed his issue by removing everything from the network configuration that wasn't TCP/IP v4 or v6.  I'm working remotely so this seems like a real bummer of a solution, but examining the network protocols I noted the AVG Network Filter Driver.  Perhaps this is it?  I removed AVG and rebooted the PC.

Uninstalling AVG fixed the issue - a fifteen minute fix found through four hours of work.  The server is certainly having issues, but they weren't causing THIS issue!

Wednesday, August 27, 2014

Using the Same Alias in Multiple Domains in Office365


  1. Start PowerShell as an Administrator
  2. If you haven't before issue the command issue it now: Set-ExecutionPolicy RemoteSigned
  3. Connect PowerShell to Office365 - (from http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx)
    1. Issue the command and input your credentials: $UserCredential = Get-Credential
    2. Then issue this command to connect:  $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    3. Import the PowerShell commands from the Exchange Server by issuing:  Import-PSSession $Session
    4. Now test your connection by issuing: Get-Mailbox and making sure you get output.
  4. https://www.cogmotive.com/blog/office-365-tips/create-shared-mailboxes-with-same-alias-at-different-domains-in-office-365 gives us the following steps
    1. :  New-Mailbox -Name "Test Shared Mailbox 2" -Alias test_shared2 -Shared -PrimarySMTPAddress test_shared@cogmotivereports.com       Be certain to replace "Test Shared Mailbox 2" with the desired display name, the alias "test_shared2" with the desired alias (prefix before the @ sign) and fix the primary SMTP address with the desired address.
    2. Next correct the login name for this mailbox - set-mailbox test_shared2 -MicrosoftOnlineServicesID test_shared@cogmotivereports.com - you may receive the following error WARNING: UserPrincipalName "test_shared1@cogmotivereports" should be same as WindowsLiveID "test_shared@cogmotive.onmicrosoft.com", UserPrincipalName should remain as"test_shared1@cogmotivereports". Which may be safely ignored.
  5. Check you work by issuing Get-Mailbox verifying that the new mailbox entry appears.
  6. Close your session with Remove-PSSession $Session
This will create a new shared mailbox with the desired alias.  To make certain users send from the desired address and not the placeholder alias (test_shared2) sign into Exchange and go to the shared mailbox.  Edit the email addresses and set the desired alias as the primary address.


Wednesday, August 20, 2014

Migrating Outlook 2010 Autocomplete to Outlook 2013


  1. Run Outlook 2013, allow it to finish loading, then close it - no need to wait for it fully synchronize if you have a large mailbox.
  2. Open C:\Users\username\AppData\Local\Microsoft\Outlook\RoamCache
  3. Look for files named Stream_Autocomplete.dat  and note the latest one (this is the target) and the largest one (this is the source).
  4. Make a backup copy of both files, I placed mine in C:\temp.
  5. Go back to C:\Users\\AppData\Local\Microsoft\Outlook\RoamCache and rename the source file Stream_Autocomplete.da~ by replacing the "t" with a "~".  Before you commit the change, highlight the entire name before the period and copy it with Ctrl+C then commit the change.
  6. Rename your target file by pasting the source file name over the target file name.
  7. Run Outlook and feel the joy.
Why didn't Microsoft make this an automatic function like they did in prior versions? 0_o

Thursday, July 31, 2014

Linking a Bypass Code in Umbrella by OpenDNS

Here's a stumper:  you've created a bypass code for a user under Block Page ->Bypass Codes, and as you're admiring your shiny new bypass code entry you note that there is a yellow Hazard symbol in the column under Linked Policies next to n/a.  Furthermore the users bypass code doesn't work - it says that it must be linked to a policy, and there isn't a "link policy" button anywhere to be found.

This situation can be avoided entirely by creating each bypass code by clicking Policies in the left hand pane, selecting the relevant policy in the main pane, then jumping to Step 3. "Select Block Page Settings" and clicking Add Code.  Create and save your new code, share it with the relevant user, and your done.

But say you've gone and created your bypass code by navigating to Block Page Settings in the left hand pane, selecting Bypass Codes underneath it, and clicking "+ Create a New Bypass Code."  Don't worry, you haven't just wasted that time - click Policies in the left hand pane, select the relevant policy in the main pane, then jump to Step 3. "Select Block Page Settings," check the box next to the desired user, and then click Save.

Thursday, July 24, 2014

Assigning a Public IP using AT&T UVerse - Pace Modem

1.  Visit your gateway address using your favorite browser.

2.  Go to Settings -> Firewall

3.  Go to Application Pinholes and DMZ

4.  Select your device and then click Allow All (the last option)

5.  Click Save

This will DMZ the device and allow all traffic to all ports on that device.

Wednesday, July 02, 2014

Scheduling Periodic Bandwidth Checks Between pfSense Routers Using iPerf

I have a customer who, for years, has complained that their point to point connection (over a dedicated Point-to-Point Cable connection referred to as EoC or Ethernet over Cable) slows down every afternoon regardless of the number of users.  Initial investigations revealed nothing of importance.  iPerf tests would show periodic slowdowns but without any consistency as I could only run iPerf at the console, which required me to stand over it and initiate the tests.

What I desired was iPerf tests every 5 minutes during business hours.

To get started install the iPerf packages in both of your pfSense systems.  I am clueless why there are iPerf options in the Webmin, they seem to do nothing, please ignore them and use iPerf from the console.

iperf -c 192.168.0.1 -t 28800 -i 300

SEEMS to work, but it would need to be invoked every morning, and only outputs to the screen. Furthermore it runs the test ALL DAY LONG, not just every 5 minutes.  This would hog up the connection and prevent real work from being done quickly.  What I need is for it to be done periodically then output to a text file that I can check occasionally.  Furthermore, the office is only open 8am-5pm Monday through Friday, so why fill up my file with tests all the rest of the time?  Lastly, iPerf doesn't include dates and times in the report, so I need to add them.  I decided to haul out Crontab and do the following:

1.  Install the iPerf package in both pfSense systems.

2.  Pick a pfSense system to be ny server, log into its administrative console, and run the following command:

iperf -s -D

This runs iPerf as a daemon and allows me to close the session but keep iPerf running.

3.  Create an sh script (mine is iperftest.sh) using vi containing the following:

date
/usr/local/bin/iperf -c 192.168.0.1 -t -x CSV


The date line adds the date and time to the output file, and the -x CSV prevents showing info beyond the amount of data transferred and the speed at which it was transferred.

4.  Add a crontab job (crontab -e) for the user admin similar to the following:

00/5 8-17 * * 1-5 /root/autoiperf.sh >> iperfreport.txt

5.  Now all you need to do is cat your iperfreport.txt to see reports.

Wed Jul  2 13:25:00 CDT 2014
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  6.00 MBytes  5.03 Mbits/sec
Wed Jul  2 13:30:00 CDT 2014
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.1 sec  6.00 MBytes  4.98 Mbits/sec