Mar 112012
 

I was out for dinner the other night at a nice restaurant in downtown Calgary. While waiting for my tenderloin steak, I decided to pull out my phone and check my Twitter, Facebook, e-mail (you know, the usuals). I noticed that my Samsung Focus (SGH-i917) picked up some WiFi networks and I accidentally tapped the option, I saw that I was picking up a wireless network with the SSID of “ShawOpen”.

I remember reading about Shaw launching a city wide wireless network in select areas as a trial. This service compliments your existing internet services you have with Shaw. While the project is currently on trial, when and if it leaves trial, it will simply use the amount of bandwidth you are already paying for with your home Shaw internet package.

More information on the Shaw Exo WiFi Trial can be found here. I believe you can associate 10 devices with your account (someone correct me if I’m wrong) and your device will automatically connect as long as your WiFi is turned on whenever you are in range. It’s a simple, fast, wireless internet connection.

 

Anyways, moral of this story: It was easy to connect, easy to log in (it uses your @shaw.ca e-mail address), and it was fast! And don’t forget, this lets you avoid using your cell phone data plan! I’m definitely going to be using this more often! Good job Shaw!

And remember: Whenever doing anything with confidential data (banking, private stuff, etc…), always make sure the website’s you are accessing use SSL encryption (you’ll see https in the address bar). If data is sent over a wireless connection and not encrypted it can be intercepted.

Mar 112012
 

For the past 2 weeks I’ve been receiving notifications reporting that one of my clients SBS 2008 environments is about to have some Exchange certificates expire. Below is an example of the event log:

 

Source: MSExchangeTransport
Category: TransportService
Event ID: 12017
User (If Applicable): N/A
Computer: server.domain.local  Event Description: An internal transport certificate will expire soon. Thumbprint:ZOMGZOMGZOMGZAOMGZOMGZOMGZOM, hours remaining: 46  Event Log Name: Application  Event Log Type: warning  Event Log Date Time: 2012-03-08 13:15:36

 

Now upon initial research, apparently we were supposed to just be able to run the “Fix My Network” wizard inside of the SBS Console. Running this during the warnings, and after the certificate actually expired did absolutely nothing. The wizard was unable to detect the certificate had expired. It did report something to do with issues with an SMTP connector, however everything was working, and when trying to fix that, the wizard errored out and could not complete. I also read another article that running the “Setup my internet address” my fix the issue, but however it did not.

I decided to take a look at all the certificates currently install and also in use. To view the certificates installed, go to “Start”, then “Run”, type in “mmc.exe” and hit OK. Click on “File”, then “Add/Remove Snap-in”. Inside of this window, highlight “Certificates” and move to the right (hit the button with the arrow). Another window should open, select “Computer Account”, and follow through with the wizard. Once the certificates open, expand “Personal” and “Certificates” underneath it.

In my environment I noticed that there were two certificates that were identical, only difference being expiration. I had a feeling that the proper certificate existed on the server, however for some reason it was using an older one that it should not be. Keep in mind, this specific server was migrated from another (SBS 2008 to SBS 2008 Migration to new hardware).

To confirm they were identical, I opened up a Exchange Shell (find it in the start menu, and right click and “Run As Administrator”). I typed in “Get-ExchangeCertificate | FL”. The output confirmed that the certificates were the same and performed the same function.

 

ONLY PERFORM THIS if exchange is using the wrong certificate and you have two certificates which are the same, only with different expiration dates. If you do not, you are experiencing another problem and these instruction either won’t help you, or make your problem worse.

I decided to switch Exchange over to the new certificate:

1) Get the thumbprint of the newer certificate, it will be provided when you run “Get-ExchangeCertificate | FL”. Make sure the services and information match the certificate that is about to expire.

2) With the Exchange Shell still open type in “Enable-ExchangeCertificate thumbprint -Services SMTP,POP,IMAP” (sub in the thumbprint where it says thumbprint).

3) It will ask you to confirm, click ok.

4) Delete the old certificate, but make sure you back it up first. Export the old expiring certificate using the Certificate view inside of mmc.exe (what we did above). Export it (with extended data) so it can easily be re-imported if any issues occur. If you do need to restore it, inside of the Certificate view in mmc.exe, simply right click, re-import, and use the “Enable-ExchangeCertificate” (shown above) to re-activate it.

 

Hope this helps!

Mar 102012
 

Wow, what a horrible weekend it has been dealing with all these certificate expirations (both clients, and my own). Ton’s of articles on the internet, however tons don’t cover what you do if you have your own certificate authority and DON’T want to use a self-signed certificate. Also, all the tutorials on the net use the Shell, I rather use the GUI…

When it comes time to renew your certificate, you’ll be seeing these in your Event Viewer:

Source: MSExchangeTransport
Category: TransportService
Event ID: 12018
User (If Applicable): N/A
Computer: server.domain.com  Event Description: The STARTTLS certificate will expire soon: subject: server.domain.com, thumbprint: ZOMGZOMGZOMGZOMGZOMGZOMGZOMGZOMG, hours remaining: 664. Run the New-ExchangeCertificate cmdlet to create a new certificate.

 

Source: MSExchangeTransport
Category: TransportService
Event ID: 12017
User (If Applicable): N/A
Computer: server.domain.com  Event Description: An internal transport certificate will expire soon. ZOMGZOMGZOMGZOMGZOMGZOMGZOMGZOMG, hours remaining: 664  Event Log Name: Application  Event Log Type: error

Anyways, first off, DO NOT use this tutorial if your running “Microsoft Small Business Server”, there is a better, easier, and more automated way to perform this on SBS (I won’t be covering that in this blog post, I will however make another one to explain the procedure). Depending on you’re environment, this may or may not be the best way or the right way to do this. In my environment, I have 1 server that acts as a Domain Controller and a Certificate authority, and a second server that is running Microsoft Exchange 2010.

You take your own risk if you perform the instruction in this blog post.

 

1) Start the renewal process

We need to generate a renewal request. Load up the Exchange Console, and select the “Server Configuration” on the left. It should load up your Exchange Certificates on the lower half of your screen. Look for your certificate that is about to expire. To get the details on the certificates, simply double click and it will load the info, if you’re unsure of which certificate it is, use the thumbprint provided in the Event viewer, and compare it to the Thumbprint on the “Details” tab of the certificate. Once you find it, highlight it and select “Renew Exchange Certificate…” on the action pain to the right.

Renew Exchange Certificate

 

 

 

 

 

 

 

 

2) Create renewal request Wizard

This will open the certificate renewal request wizard (as shown below):

Certificate Renewal Request Wizard

 

 

 

 

 

 

 

Simply choose a file name and location to save the request. It’s easiest just to save it on your desktop. After, hit “Renew”. This will generate the certificate renewal request.

 

3) Copy certificate request to clipboard

Locate the file you created above inside of Windows Explorer. Right click on this file and select “Open”, or “Open With”. When prompted, uncheck the “Always use the selected program to open this kind of file” option, and select “Notepad” as the program to open the file with. Example below:

Open with Notepad

Open with Notepad

 

 

 

 

 

 

 

This will open the certificate request. Now highlight all the text and copy it to your clipboard. Example below:

Certificate request in Notepad

Certificate request in Notepad

 

 

 

 

 

 

 

4) Submit certificate request to certificate authority using web interface

Now we submit the request! Log on to your certificate authority web interface. On the first screen, we will select “Request a certificate”, as shown below:

Request

Request

 

 

 

 

 

 

 

Then select “advanced certificate request”, as shown below:

Advanced certificate request

Advanced certificate request

 

 

 

 

 

 

 

And now, choose “Submit a certificate request by using a base-64 encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.”, again example below:

 

 

 

 

 

Finally, we are going to populate the request. Inside of the “Saved Request:” text box, paste your request from your clipboard (which we copied to your clipboard above), then for “Certificate Template:” choose “Web Server”. Example is below:

 

 

 

 

 

Now select Submit! On the next page that loads, simply select “Download certificate” and save it to a location you’ll remember.

 

5) Install certificate on Exchange

We now have a certificate that’s ready to be installed. Go back to the Exchange console where we left off. Inside of the certificate list, you should see an item that has a status that says something about a pending request. Highlight this request, and on the Action Pane, select “Complete request”. I could be wrong on what this says as I can’t remember and did not take screenshots.

A wizard should open up, in this wizard simply point it to the new certificate (the file we just saved at the end of step 4, shown above). Follow the instructions.

 

6) Assign Services to Certificate

Now that the certificate is installed, we need to assign which services will use it. The new certificate should also now be in the list of certificates inside of Exchange. Highlight the new certificate, right click, and select “Assign Services to Certificate”. Example below:

Assign Services to Certificate

Assign Services to Certificate

 

 

 

 

 

 

 

Once the wizard opens up, follow through and when actually prompted for the services check everything except for “Unified Messaging”. Finish the wizard.

 

7) Delete old certificate

Now we are almost done. Go back to the certificate list inside of Exchange and look for the old certificate that is going to expire. Highlight it, right click, and select “Remove”.

 

You’re Done!

 

Mar 092012
 

Well, for some time I haven’t been able to have my Samsung Focus (SGH- I917 Windows Phone 7) automatically sync over Wi-Fi when on AC power. It should connect after 10 minutes and sync if setup properly.

When it does try to connect, Zune opens on the computer and presents this error: “Connection Error – Can’t connect to your phone. Disconnect it, restart it, then try connecting again.”. Unfortunately I have done this over 400 times over a span of 4 months each time failing.

This is an extremely convenient feature to have, especially if you have a Zune Pass and download music on both your WP7 device, and your computer. Having it sync overnight when the phone is plugged in while sleeping just rocks.

I finally decided to set aside some time to resolve the issue. Tried numerous things like reconfiguring the Wireless Sync, deleted everything off the phone, etc… with absolutely no luck.

FINALLY TO RESOLVE I just went to the sync settings for the phone and selected “Forget this phone”, then after that re-configured the sync partnership. Unfortunately it duplicated all my pictures and videos on both the computer and the phone (some stuff had 3 copies and my WP7 pic folder on my computer almost tripled in size). After this (I made sure I had everything backed up), I deleted all Music, Pictures, Videos, Zune content off the phone, and set Zune up to sync nothing, I then reconfigured my Sync’ing preferences (re-setup music, pictures, etc…). MAKE SURE YOU HAVE A BACKUP OF YOUR WP7 PICTURE FOLDER, when I told it not to sync, it actually deleted it off the computer.

 

Short Instruction:

1. Backup your WP7 Picture/Video Sync folder on your computer (The folder that contains Pictures and Videos you take).

2. In Zune, Select “Forget this phone” under the phone’s sync properties.

3. Reconnect phone, create new sync partnership. If no duplicates of Pictures/Videos exist, configure wireless sync and your done.

4. If you experience duplicates of “Camera Roll” and “Saved Pictures”. Delete them off the phone and computer, sync, and restore from backup, sync, and finally configure wireless syncing.

And you’re done!

 

Mar 072012
 

Well, I thought I’d share a recent experience with all of you…

About a month ago, one of my clients underwent a Static IP change. Their provider notified them that due to network changes, their Static IP addresses for their servers were getting updated. This isn’t odd, completely normal, and usually happens once every 3-5 years.

Here’s where things get messed up:

Shortly after the change even though SPF records, Reverse DNS, DNS, and blacklists had been checked/configured, for some reason we were having issues sending e-mail to a handful of organization. After a couple of weeks, one of the recipients got their IT department to check in to why. Turns out SORBS had the new Static IP blacklisted.

SORBS had the IP listed as a dynamic (non-static) IP. Keep in mind, my client was using a business connection from one of the largest ISPs in Canada with networks throughout all of North America.

At first, I thought no big deal, I’ll just fill the form out to de-list. Turns out there is no form, you have to register to their site. I found this extremely odd, I don’t want anyone knowing my contact information, I’m not even an employee of the company, and on top of all this, why would they need us to register?

So I registered, waited 30 minutes for a confirmation e-mail to log in, and BAM, got an SQL error when trying to log on to their site, couldn’t go any further. I needed to get this de-listed ASAP. Stuck as a guest on the site, I tried to find a way to contact them via e-mail or some other means, turns out they don’t allow you to contact them unless you are registered.

So at this point I was stuck. I contacted my client’s ISP and asked if there was anything they could do to assist. The ISP responded, and actually mentioned that SORBS regularly does this. Apperently all ISPs send out static IP lists to all Blacklists but SORBS refuses to update it unless the ISP pays a very large “exuberant” amount of money. If the ISP does not pay, they don’t update them. ISP said there was nothing they could do.

I finally decided to just e-mail “webmaster@sorbs.net” and explain the situation. The e-mail was accepted, however no response.

So here we are 5 weeks later and we are still listed and my client is complaining of 1 more organization they can’t send to. Thankfully today out of nowhere my account works on their website, and I was FINALLY able to put through the de-list request.

Why would anyone use this RBL? What a pain!

Mar 062012
 

Well, I received a phone call from my father this morning, demanding I to go to his blog and check out a video… (I’ve been helping my dad get this first blog up and running the past couple days).

Check the video out at: http://www.russwagner.com/?p=4, pretty funny :)

Anyways, this made me think of some of my old favorite classics. Here’s a few pertaining to Linux:

Linux is Ready

Linux

Crime of the century

Mar 042012
 

I decided to take advantage of boxing day sales last Christmas and picked up the Logitech Z906 speaker system. Noticed these bad boys had a number of different types of audio input connectors so I went out and purchased a TOSLINK (Toshiba Fiber Optic audio) cable and hook it up to my computer that way. I’ve never played with a multi-speaker setup, nor fiber optic audio cables.

After getting everything unpacked and hooked up, I noticed that the computer could NOT send multi-speaker output unless the stream was dolby encoded. So all games, applications, and software that supported multi-speaker output could not take advantage of the speakers, UNLESS it used dolby audio.

In order to get multi-speaker working, I had to use the traditional set of 3-4 X  3.5inch stereo cables. When using this output, games (including Counter Strike), apps, etc… could now use the multi-speaker output.

Just thought I’d write this up in case it saves someone some time. I spend over a day trying to find out why I was having these issues. P.S. In the end, I still use TOSLINK as I find the audio quality way better, even though it is in fact just stereo (2 speakers).

Mar 022012
 

Well, today I was cleaning up and found an old Linksys SPA-3102 device that I purchased 3-4 years ago. I originally purchased this device to connect my Trixbox (Asterisk) PBX to my land line at my house.

The SPA-3102 is a device manufactured by Linksys/Cisco that provides one FXS terminal, and one FXO terminal. This device can connect your PSTN phone line to your VoIP PBX, and it can also allow you to connect a standard phone to your VoIP PBX as an extension, all at the same time.

While I wasn’t to happy with performance of the solution, nonetheless I figured it out and got it running. I decided to write up a little blog post as a How-To get the SPA-3102 working with Trixbox. This solution is mostly just a bunch of config, so excuse the lack of How-To and the bulk of config dumps:

 

1) Configure the Asterisk extension (this configures the line you hook up to a phone on the SPA-3102):

Create a extension inside of Trixbox. Leave everything default except:

Display Name: Fax Machine (change this to whatever you want)

Extension: 199

secret: password (choose you password)

canreinvite: yes

host: dynamic

type: friend

nat: yes

qualify: yes

2) Configure the Asterisk Trunk for the SPA-3102

Go to the Trunk Menu inside of Trixbox PBX configuration. Add a new SIP Trunk. Leave settings default except:

Outbound Caller ID: “Name” <Number> (Change the Name and number to your PSTN line, if the number doesn’t match, it could break things)

Trunk Name: pstntrunk

PEER Details:

disallow=all
allow=ulaw
canreinvite=no
context=from-trunk
dtmfmode=rfc2833
host=dynamic
incominglimit=1
port=5061
qualify=yes
secret=password
type=friend
username=pstntrunk

3) Configure Outbound and Inbound Routes

The configuration for the Outbound route is normal and doesn’t require any special configuration other than the normal outbound route you’d normally create for a trunk. However, the Inbound route does require special attention. When creating the Inbound route, make sure that the DID Number value matches the 10 digit number you configure for the PSTN. This is how it will recognize this and categorize the incoming call under that specific inbound route.

4) Now for the SPA-3102 Configuration

There’s no way I’m writing all the config out for the SPA-3102, so instead I took screenshots for each tab that requires configuration.

 

 

And Voila!

You now have your SPA-3102 configured to both act as an extension and a gateway to the PSTN. If anyone has any better configuration please write a comment, I’d love to update this article, and I’d like to get this working better than it currently is of possible.