Thursday, July 24, 2014

Assigning a Public IP using AT&T UVerse - Pace Modem

1.  Visit your gateway address using your favorite browser.

2.  Go to Settings -> Firewall

3.  Go to Application Pinholes and DMZ

4.  Select your device and then click Allow All (the last option)

5.  Click Save

This will DMZ the device and allow all traffic to all ports on that device.

Wednesday, July 02, 2014

Scheduling Periodic Bandwidth Checks Between pfSense Routers Using iPerf

I have a customer who, for years, has complained that their point to point connection (over a dedicated Point-to-Point Cable connection referred to as EoC or Ethernet over Cable) slows down every afternoon regardless of the number of users.  Initial investigations revealed nothing of importance.  iPerf tests would show periodic slowdowns but without any consistency as I could only run iPerf at the console, which required me to stand over it and initiate the tests.

What I desired was iPerf tests every 5 minutes during business hours.

To get started install the iPerf packages in both of your pfSense systems.  I am clueless why there are iPerf options in the Webmin, they seem to do nothing, please ignore them and use iPerf from the console.

iperf -c 192.168.0.1 -t 28800 -i 300

SEEMS to work, but it would need to be invoked every morning, and only outputs to the screen. Furthermore it runs the test ALL DAY LONG, not just every 5 minutes.  This would hog up the connection and prevent real work from being done quickly.  What I need is for it to be done periodically then output to a text file that I can check occasionally.  Furthermore, the office is only open 8am-5pm Monday through Friday, so why fill up my file with tests all the rest of the time?  Lastly, iPerf doesn't include dates and times in the report, so I need to add them.  I decided to haul out Crontab and do the following:

1.  Install the iPerf package in both pfSense systems.

2.  Pick a pfSense system to be ny server, log into its administrative console, and run the following command:

iperf -s -D

This runs iPerf as a daemon and allows me to close the session but keep iPerf running.

3.  Create an sh script (mine is iperftest.sh) using vi containing the following:

date
/usr/local/bin/iperf -c 192.168.0.1 -t -x CSV


The date line adds the date and time to the output file, and the -x CSV prevents showing info beyond the amount of data transferred and the speed at which it was transferred.

4.  Add a crontab job (crontab -e) for the user admin similar to the following:

00/5 8-17 * * 1-5 /root/autoiperf.sh >> iperfreport.txt

5.  Now all you need to do is cat your iperfreport.txt to see reports.

Wed Jul  2 13:25:00 CDT 2014
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  6.00 MBytes  5.03 Mbits/sec
Wed Jul  2 13:30:00 CDT 2014
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.1 sec  6.00 MBytes  4.98 Mbits/sec



Wednesday, March 05, 2014

Outlook 2010 and Office 2013 - Problems Changing an Expired Password

This puzzled us for a while, while there is a hotfix available (MS KB 2687351) you have to request it.  Without the hotfix the user may be repeatedly prompted to change their password, even if they changed it in the online portal.  Go to your account settings and select "Always Prompt for Credentials" then restart Outlook, input your new password, then make sure it works.  After you have verified your account is working go back to your account settings and clear the "Always Prompt for Credentials" checkbox so you may save your password.

Tuesday, February 18, 2014

Configuring Entourage 2008 for Office365 Exchange

Mac users are a different breed - they often just want to get things done and not spend a lot of time learning a new program.  Sometimes this means spending a lot of time making our old stuff work with our new stuff.  My friend Brent recently tackled the issue of using Entourage 2008 and Office365 Exchange with some success (though there seems to be a limitation which causes Entourage to only sync the past 6-8 weeks of email and not display the balance).


First Brent had to install several updates for his Office 2008:


Next he configured his Mac and Entourage using information from the following web sites to:




Thanks for sharing this solution, Brent!

Tuesday, November 26, 2013

Avoiding Malware and Viruses

Tips for avoiding malware infections (spyware, adware, and scareware):

  • Use Windows 7 or Windows 8.  Windows XP users are 6 times more likely than Windows 8 users and twice as likely that Windows 7 and Vista users to be infected with a virus.  (http://blogs.technet.com/b/mmpc/archive/2013/10/29/infection-rates-and-end-of-support-for-windows-xp.aspx).  For what it's worth, I haven't seen a virus-infected Mac.
  • Uninstall Java.  I know, computers without Java seem crippled.  If it's your work computer it may be required in order to get your job done - big business and governments have implemented any number of systems which require Java.  At home Java may be required to read your email or shop.  In the case that you're at home and need Java consider installing Java, completing the necessary task, then uninstalling it.  I know that's a bit of a headache but it sure beats dealing with a malware infection! (http://www.theguardian.com/technology/askjack/2013/feb/08/java-remove-ask-jack-technology)
  • Uninstall Adobe Reader.  Again, I know this is going to hurt, but it won't be as inconvenient as living without Java.  Shoot, you might even enjoy the alternative apps as they tend to be both faster and more feature rich!  I like Tracker-Software's PDF XChange Viewer.  (http://www.pcworld.com/article/2030153/)
  • Uninstall Adobe Flash Player.  This one is the least productive yet the most prevalent.  I wouldn't blame you for keeping it - some web sites are worthless without it.  That said, there are some who report that, though some web sites don't render as they should, they have been able to live a pretty full Internet life without it.  Uninstall it and see what the Internet is like, you might be pleasantly surprised!  (http://www.hou2600.org/software/six-months-without-adobe-flash-and-i-feel-fine/)
  • Update Windows.  This one should go without saying as it's been said all too many times.  Still, I see healthcare providers, aerospace companies, and grandmothers everywhere who are behind on their updates.  Even IT people are behind on their updates.  Please, for the love of all that is good, update your operating system.
  • Use the latest version of your browser.   The fact is that Chrome, Firefox, and IE all have vulnerabilities, and on any given day one is less vulnerable than the other two.  Keeping your browser up to date is the surest way to prevent infections, regardless of which one you prefer.  I've read that Crome is more secure than Firefox.  I've read that Firefox is more secure than Chrome.  I've read that Internet Explorer 11 is more secure than Firefox or Chrome.  It doesn't matter, use whatever you like or your work requires, just keep it up to date!
  • Block malware sites.  Ad blockers such as AdBlock Plus can go a long way towards preventing malicious code running on your computer as many advertising servers serve up malware as well.  Additionally you might consider using OpenDNS to block malware - OpenDNS takes a bit of work to get going, but once it's going it can not only block malware but pornography and other undesirable content as well.
  • Install antivirus software and keep it up to date.  Microsoft's latest statistics show that just over 50% of users don't have antivirus installed.  Wow.  That's like walking on the beach with no flip-flops - sooner or later you're going to step on something nasty.  Please install antivirus - Microsoft Security Essentials is free and works pretty well.
So these are things you can do to your computer and network, but that's only half of the equation as your computer isn't the one surfing the Internet, reading emails, and clicking links.  The other half is between your ears - an educated computer user is a safe computer user!  These behaviors will help keep you safer when used in conjunction with the above (in many cases these tips work better).
  • Don't click "OK" or "Open" or "I Agree" or even the "X" on popup ads!  Don't even click the red "X" if a security warning or software installer pops up unexpectedly.  On your keyboard press and hold "alt" then press the "F4" key to quit your browser completely.  This will take you away from that awful place and you will have prevented a possible infection.
  • Don't open unexpected e-mail attachments.  Unless you know for certain that someone you know is sending an attachment don't open it.  If its from someone you know and it looks legit, think twice then call the sender and politely ask if they sent you something in your email.  If they didn't, inform them that they may have a virus and recommend professional assistance.
  • Don't open any attachments from Paypal, UPS, Fedex, Amazon, the IRS, or a bank.  It's likely not from them anyway, so it's probably a virus.  If one of those organizations needs to reach you they know other ways besides your e-mail.  Especially the IRS.

Monday, October 28, 2013

VirtualBox Error VERR_SUPDRV_COMPONENT_NOT_FOUND on OSX after upgrading to Mavericks

Using VirtualBox 4.2.18 r88780 on OSX I encountered this error in a Win8 Guest after upgrading from my host OS from Lion to Mavericks.  Further testing revealed that it affects all guests, Windows and Linux.  Changing my adapter mode from Bridged to NAT fixed the issue but I could not run in Bridged mode.

Using the uninstall application and removing VirtualBox then reinstalling it fixed the issue.

Tuesday, October 15, 2013

Gateway Status Monitoring on a pfSense

pfSense is an excellent router/gateway/proxy/content filter.  It's not so hot at proactively alerting you if there is a problem.  Nobody has time to stand over their pfSense Webmin Interface and monitor gateway statuses, but it is important to know if a member is down.  An online uptime monitor can solve the problem.

The pfSense is capable of emailing you with notifications of a failed WAN connection, but that presents a chicken and egg problem - how is it supposed to notify you with email if the Internet connection has failed?  The solution that I am currently trying is using uptimerobot.com to ping the public IP of each WAN interface and send me an email if it is down and another once the service is reestablished.

Here are my settings if you want to try it:

  1. Create an account at http://www.uptimerobot.com and set up your notification options.
  2. Log into your pfSense and create a pass rule for each WAN (or Internet-facing Opt) interface for protocol ICMP, source any, destination "WAN IP Address" / "OPT1-IP-Adress" then apply those changes.  See the image that accompanies this post for more details.
  3. Using an Internet-connected remote host ping each of your public IP's and verify that they are visible to the outside world.
  4. Add your public IP's to uptimerobot.com using the +Add Monitor dialog
If anybody knows of a better way I'm all ears - this is a feature that has been requested repeatedly but hasn't ever been implemented.  The hot setup would be an audible alarm upon link failure as well as internal Growl notifications of gateway up/gateway down.



Friday, July 26, 2013

Essential Free Server and Network Tools for the Windows Admin

I don't like spending money but I like getting stuff.  What computer admin doesn't fit into this category?  When I take on a server I find that just a few tools (aside from the hardware vendors monitoring tools) end up living on its desktop.

Sequoiaview

Ever want to see what's hogging up all your valuable server hard disk space?  Ever want a quick way to see just what a drive contains?  Sequoiaview is useful for all kinds of auditing through the representation of the data on your hard drive using a "tree map."  The size of the box represents the relative size of the file and the colors are indicative of filetype.  Files are then bundled together in their respective folders.  Moving your mouse over the files and folders yields additional information and offers a way to fly over your hard disks data and visualize usage in a very intuitive and insightful manner.  Right clicking offers a way to open an Explorer window in that location so you may further interact with your files.

Roadkil's Unstoppable Copier

This classic tool is useful for both recovery scenarios and for everyday file copies and moves.  Unstoppable Copier is a fast and reliable way to shuffle data around on your hard drives and network.  It seems to move files faster than Explorer and it will attempt to read files with data residing in bad sectors.  Did I mention that it's fast?  If there is an error copying a file it notes the error and moves on - unlike Explorer which, partway through the copy, errors then quits.  Unstoppable Copier can also be batched or scripted, resulting in a flexible fast backup utility if you're not afraid to write a batch file.

Angry IP Scanner


The Angry IP Scanner is my goto for quickly finding out what's connected to the server's LAN. Certainly there are better network IP port scanners available (like NMap) but they can't match Angry's simplicity - often a quick and dirty ping scan is all you need.  It can do port scans as well as gather banners and report NetBIOS information such as the logged in user.  It's not as intrusive as NMap can be and it's very portable.  It doesn't do everything NMap and ZenMap can, but that's OK because it gets the job done.

Putty

I like the command line.  When dealing with *nix and Cisco services and devices you can't beat the Zen-like simplicity of a simple flashing curser and the world of possibilities behind it.  Putty brings some of this power to Windows, but the true power lies in the fact that does SSH Port Forwarding - a way to get secure access to your network without a VPN.  See my classic article here for details on the process of using SSH Tunneling to secure Windows Remote Desktop.

Wednesday, July 10, 2013

Outlook 2010 on Windows 7 Repeatedly Prompts for Credentials

This was on Windows 7 with Outlook 2010.  The user had migrated from Exchange on an SBS 2003 to Exchange on Office365.  My coworker Heather did all the dirty work and eventually came up with this solution:


In order to fix this issue, I deleted the Outlook profile and did the following:

Go to Start> Control Panel> User Accounts, click "Manage your credentials", scroll down to "Generic Credentials" and remove from the vault any that start with "MS.Outlook:"

Delete the auto-discover configuration file and restart the outlook.
C:\Users\\AppData\Local\Microsoft\Outlook\xxxxx - Autodiscover.xml

I tried all of these steps minus deleting the outlook profile and it didn’t work for me. However,  I recommend trying it before deleting the profile, to save time if by chance it does work.

Monday, June 10, 2013

Windows 7 - USB Devices Won't Install

I beat myself against this for six hours straight.

The reported symptom was that no new USB devices would install.  During troubleshooting SFC /scannow yielded "Windows Resource Protection could not start the repair service." I received the following error message when I tried to start the Windows Modules Installer service (TrustedInstaller): "System Error 126: The specific module could not be found".  The Installed Updates in Add/Remove Programs was blank.

I Googled this until my fingers bled.  http://support.microsoft.com/kb/959077 seemed like it should help, but it didn't.

Finally, desperate, I called Microsoft.  They said someone would call me back within 4 hours.  Oh well...  So I tried another desperate move:  I copied the "c:\windows\servicing\trustedinstaller.exe" and the four "c:\windows\winsxs\amd64_microsoft-windows-servicingstack…" folders from a known working system to a CD then replaced the files on the affected system with those copied files after taking ownership from trustedinstaller and giving the administrator full control of the required files and folders in the affected system.

It worked!