You are here: Blog

Add AD Group as an EAC Group.

What's hard to wrap your mind around in MICROSOFT world is the whole disconnect between systems. In other words, it has fine-grain control. It can be connected but it isn't connected automatically by default.

So let's take this example of adding a group to AD & EAC:

  • -create a group in ACTIVE DIRECTORY (AD) called TESTGROUP.
  • -add people to a group.
  • -the group doesn't show.

If you try to add the group in the EAC, you get an error message: "Active Directory operation failed on" ... "already exists."

It's trying to tell you that you can't create the group in EAC because that group is already created in AD.

So let's add the AD GROUP so that it shows in the EAC GROUP:

  • -go the AD USERS & COMPTUERS
  • -double-click on the group-name-that-you-want-to-change.
  • -bullet UNIVERSAL (rather than GLOBAL)
  • -click OK
  • -connect via POWERSHELL.
  • -type: Enable-DistributionGroup -Identity "GROUP_NAME" -Alias "GROUP_ALIAS"
  • -refresh the screen in the EAC and the group name will show.

Awesome! Good work.

Now when you try to make a change to the group you find that you can't change the settings for that group in EXCHANGE 2013. You get a message "You don't have sufficient permissions. This operation can only be performed by a manager of the group."

You can get around this by using the -BypassSecurityGroupManagerCheck option in the powershell and take ownership of it. Let me show you:

  • -connect to via POWERSHELL.
  • -type: Set-DistributionGroup -Identity testgroup -ManagedBy administrator -BypassSecurityGroupManagerCheck

This will add the ADMINISTRATOR as the OWNER of the TESTGROUP.

Last Updated on Wednesday, 29 October 2014 12:09

Block Websites with SonicWall

I service a SONICWALL 2400. I want to block certain web sites. Even though the license for Premium Content Filtering Service shows as EXPIRED, this doesn't mean you can't block web sites and it doesn't mean you don't have Content Filtering Service. It just means you don't have Premium Content Filtering Service. The Premium Content filtering allows you to filter on the basis of categories (http://www.sonicwall.com/us/en/products/Network_Security_Content_Filtering_Categories.html).

  • -login to SONICWALL
  • -click SYSTEM > LICENSES
  • -look for "Comprehensive Gateway Security Suite Upgrade"
  • -underneath, look for "Premium Content Filtering Service."
  • -next to it, I see EXPIRED.

A little miffed and upset because I feel like I'm being hi-jacked to pay for something that just about any home router can do out of the box, I give it a try anyway.

  • -login to SONICWALL.
  • -click SECURITY-SERVICES (on the left-hand side).
  • -click CONTENT FILTER.
  • -you may see UPGRADE REQUIRED (in big red letters).
  • -not true (just like their AUTO-DOWNLOAD FIRMWARE feature).
  • -find the second section called CONTENT FILTER TYPE.
  • -select CONTENT FILTER SERVER (in the dropdown box).
  • -click CONFIGURE.
  • -click CUSTOM LIST (tab at the top).
  • -click ADD.
  • -type in the domain you want to block (for example: aol.com).
  • -click OK > OK
  • -that should do it! Test it out and let me know how it goes.
Last Updated on Wednesday, 22 October 2014 11:12


Here are some tips on using the STORCLI.

Like last time, you have to run as admin.

  • -right-click CMD
  • -browse to the STORCLI location

Show all the info about the MegaRaid card:
storcli /c0 show all

I would post more but this site already has most of it:

The goal for me is to get 4 physical drives in a RAID1. I want to hot-swap pull one of the drives and store it away for safe-keeping. Then I want to insert a new fresh drive into the array.

The older drive is should be able to be used/mounted without difficulty.

Last Updated on Tuesday, 21 October 2014 17:50

LSI MegaRAID Firmware Failed to FLASH flash. Stop!!!

So upgrading the firmware on this puppy was rather brutle. I kept on getting, "Firmware Failed to FLASH flash. Stop!!!".

Luckily, there is someone out there (http://www.wobblycogs.co.uk/index.php/computing/hardware/110-lsi-megaraid-firmware-upgrade-under-vmware) that understand that this means that you are trying to upgrade too far of a gap. You can't go from v2.007.403-3066 to v2.130.403-3066. You have to step up to the upgrade.

He also was kind enough to post the step-upgrade-firmware since LSI doesn't offer that firmware anymore.

Here's how:

As a requirement, use the STORCLI (it is the successor of the MegaCLI). To be clear, the MegaCLI should not be used. It is outdated.

  • -right-click CMD
  • -browse to the STORCLI location
  • -make sure the firmware ROM's are in the same folder (it isn't necessary but it makes it easier).
  • -type: StorCLI /c0 download file=AF2108_FW_Image.rom
  • -it should take about 10 minutes.
  • -reboot server.
  • -wait nervously as it performs the upgrade during the reboot.
  • -go back to the same location in CMD.
  • -type: StorCLI /c0 download file=mr2108fw.rom
  • -it should take about 10 minutes.
  • -reboot server.
  • -wait nervously as it performs the upgrade during the reboot.
  • -bliss ensues.
Last Updated on Tuesday, 21 October 2014 17:41

Update Exchange Malware Definitions

  • -open POWERSHELL
  • -type: & $env:ExchangeInstallPath\Scripts\Update-MalwareFilteringServer.ps1 -Identity <yourservername.yourdomain.tld>
  • -press enter

Hopefully, obviously replace the full <yourservername.yourdomain.tld> with your actual domain name. This could be server.domain.local or server.domain.com or foo.fee.tld. To find this value type:

Now look at the EVENT VIEWER:

  • -server-manager
  • -click WINDOWS-LOGS > APPLICATION (on the left-hand side).
  • -look for EVENT-ID: 6033

This should indicate that the definitions were successfully updated.

Last Updated on Friday, 15 January 2016 15:27

Exchange 2013 Logs

I'm so used to Centos being so easy that it's difficult for me to wrap my head around MS thinking. Typically in Centos, front-end mail logs would be in:

With internal/external delivery being in:

Well from the following link from MS, I was able to piece together a little more info on how it routes the email through the system:

High-level logs (general connection status) are documented here:

Low-level logs (specific connection status) are documented here:


In MS EXCHANGE, the logs are in:
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog

There you will find 2 directories that are hopefully self explanatory:

This will show the details of the data transfer including what email address it came from and what email address it's going to. This would be equivalent to the qpsmtpd.


Some more logs are in:
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\Connectivity

This is for sending email. It will show the SMTP responses such as "Failed connection to...." It will not show the DATA transfer details.


This shows delivery of internal email which skips the external QPSMTPD. Here is another spot:


This is going a little overboard as it tracks details of every single message.

Some more logs are in:
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking

This will show the following:
#Fields: date-time,client-ip,client-hostname,server-ip,server-hostname,source-context,connector-id,source,event-id,internal-message-id,message-id,network-message-id,recipient-address,recipient-status,total-bytes,recipient-count,related-recipient-address,reference,message-subject,sender-address,return-path,message-info,directionality,tenant-id,original-client-ip,original-server-ip,custom-data

That's a bunch of information. In my mind, this is equivalent to the qmail logs.

If you want to look through the logs, this is the place to do it! Want to make it easier? Find my article on installing GNUWIN32 so that you can grep through the logs. Sweet!


Since logging is disabled by default, we have to turn it on. This is turning the logging on for the FRONT-END/QPSMTPD:

  • -type: Get-ReceiveConnector "FOO\Default Frontend Foo" |fl *
  • (This will show the details for the connector.)
  • -type: Set-ReceiveConnector "FOO\Default Frontend Foo" -ProtocolLoggingLevel Verbose



The above link helped me here. Searching through the message logs is the only way to see if a TRANSPORT RULE or MAIL FLOW RULE has been triggered. To see the whole message log, it's like this:

Get-MessageTrackingLog | fl *

If a message has been block by a TRANSPORT RULE or MAIL FLOW RULE, it will give an EVENTID of "FAIL" and the STATUS will say "550 5.2.1 Message deleted by the transport rules agent."


Get-MessageTrackingLog -Sender This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Get-MessageTrackingLog -Recipients This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Get-MessageTrackingLog -Start "06/13/2016"

A specific EVENT (Such as FAIL):
Get-MessageTrackingLog -EventId FAIL

Shows the FAILED messages for the day (including messages that fail due to MAIL FLOW RULES (TRANSPORT RULES):
Get-MessageTrackingLog -EventId FAIL -Start "01/01/2000"

Adding them together to find an email that didn't go through (EVENT FAIL) FROM a USER, TO a USER on a certain DATE:
Get-MessageTrackingLog -EventId FAIL -Start "06/01/2016" -Sender This e-mail address is being protected from spambots. You need JavaScript enabled to view it -Recipients This e-mail address is being protected from spambots. You need JavaScript enabled to view it -Resultsize Unlimited

See the expanded details about the messages:
Get-MessageTrackingLog -EventId FAIL -Start "06/13/2016" -Sender This e-mail address is being protected from spambots. You need JavaScript enabled to view it -Recipients This e-mail address is being protected from spambots. You need JavaScript enabled to view it -Resultsize Unlimited | fl

Show me everything about the item by using the InternalMessageId:
Get-MessageTrackingLog -InternalMessageId 89279485181957 | fl

Event Parameters can be the following: BadMail, Defer Deliver, DSN, Expand, Fail, PoisonMessage, Receive, Redirect, Resolve, Send, Submit, and Transfer.


Last Updated on Monday, 13 June 2016 10:13

Joomla 2.5: Manager Group Can't Access Admin Login

Some components, namely FRONTPAGE SLIDESHOW (aka FPSS) gets the parent_id incorrect.

  • -access MYSQL
  • -access #_assests
  • -re-organized via "parent_id"
  • -change all the 0's (zero's) to 1's (one's).
  • -change the "Root Asset" to 0 (zero).

In mysql speak, it looks like this:

UPDATE `#_assets` SET `parent_id`=1 WHERE `parent_id` = '0';
UPDATE `#_assets` SET `parent_id`=0 WHERE `title` = 'Root Asset';

Last Updated on Friday, 17 October 2014 13:36

Install Grub onto a HD

Here's how to install Grub onto a HD:

  • grub
  • grub> device (hd0) /dev/sdb
  • grub> root (hd0,0)
  • grub> setup (hd0)
  • grub> quit

If you look closely, you are installing grub on SDB (not SDA). Also note that you are installing grub as HD0 or the FIRST HD. The reason you do this is because grub is already installed on SDA and while grub only needs to be installed on one disk (it doesn't need to be installed on two disks), you need to consider what happens if SDA dies.

If SDA dies then SDB is going to be the next disk in line and possibly the only disk. The boot process or bootstrap will skip SDA and try to boot from SDB. If grub is not found, then the system will not boot. Installing grub on SDB as the FIRST HD, ensures that the system boots to the first stage menu and allows you to pick your installation or begin stage 2.

Getting Hardware Info

Getting hardware information from a server that you've never laid eyes on, is thousands of miles away and can physically access is sometimes difficult.

Below are some items that I've used in the past to get details of the hardware in the system. You can harmlessly type the commands in as they only inspect info and do not change anything.


I like this one. It gets the info from the bios, even the product name, serial number and Dell service tag number. It even gets the BASEBOARD info (or motherboard info) and the CHASSIS info (the actual physical case) with it's locked status.

The full is is:

  • dmidecode
  • lspci
  • lsusb
  • df -h
  • fdisk -l
  • mount | column -t
  • cat /proc/cpuinfo
  • cat /proc/meminfo
  • cat /proc/scsi/scsi
  • cat /proc/version
  • uname -a
  • cat /proc/partitions
Last Updated on Friday, 10 October 2014 10:32

AWS S3 Clients

Amazon Web Services or AWS is amazing. There's so much I'm like the proverbial kid in a candy store. This changes everything. Walls are torn down technologywise. And price isn't a barrier.

One issue is what is so seemingly simple like sync a local directory to AWS S3 is so complicated. There are a number of ways to automatically sync items that I have found in my travels and wanted to list them out.



This is the standard of what you want. It connect a new DRIVE LETTER to your computer which syncs with S3. So it adds a Z DRIVE to your computer. That Z DRIVE is actually your S3. Cool.

The problem becomes, what if I don't want it as a DRIVE LETTER and I want it to connect to an existing folder/directory.



This is strictly a command-line tool. It will walk you through getting the command correct but then you are responsible for running the command directly or on a cron. Not exactly what I was looking for.



This looks promising but it doesn't have the GovCloud access region of AWS that I need.

Last Updated on Tuesday, 14 April 2015 15:06

ioncube loader

Unzip the IonCube File & Load It Into the PHP

  • -untar/unzip the ioncube download tar.gz
  • -it will give a bunch of files.
  • -use the phpinfo file to look at the all the php info details.
  • -find where the extension_dir is.
  • -for me, it is: /usr/lib64/php/modules
  • -copy the most recent ioncube_loader into that directory (there will be other extensions in there as well).
  • -for me, the file is: ioncube_loader_lin_5.3.so

Edit the php.ini file

  • -go to the end of the file.
  • -type:

zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_5.3.so

Restart the Httpd

  • -type: service httpd-e-smith stop
  • -type: service httpd-e-smith start
Last Updated on Friday, 26 June 2015 15:22

DRAC Settings


As stated, DRAC is basically DELL's propitary version of IPMI. This is OUT-OF-BANDWIDTH control. This means you can control the server even if it doesn't have an OPERATING SYSTEM on it. You can load an OS from thousands of miles away. I have successfully done this. You can control the BIOS settings, you can restart the PC, you can watch the PC boot up and you can remotely connect and view the PC (This is different than RDP). Awesome!


You can control the DRAC setting through either LOCAL access (directly on the PC) or REMOTE access (from another system). For the LOCAL access, you can use the OPEN MANAGE software previously discussed. It will install a SERVER-MANAGER icon on the desktop that can control some of the settings.


The REMOTE access can be obtained by simply setting an IP ADDRESS on the DRAC and hitting the DRAC via a web browser. What's surprising to me is that the REMOTE access seems to have more options than the local access. In fact, I really don't know why there are 2 different interfaces. It would make sense to redirect the local interface to the remote interface.


One of the options of the REMOTE is VIRTUAL MEDIA access. This means that the remote system will boot from the VIRTUAL MEDIA. It goes like this.

  • -put the OS INSTALL DISK into your computer.
  • -connect to the DRAC via browser.
  • -connect the VIRTUAL MEDIA to the remote system.
  • -the remote system will boot from the CD! (that is totally awesom!!!).
  • NOTE: the same will happen with an ISO image.


On the DRAC settings via REMOTE, you can configure the VIRTUAL MEDIA settings.

  • -connect the the DRAC via browser.
  • -click APPLY CHANGES (at the bottom).


The reason you want to do this is because most systems won't install when the VIRTUAL FLASH is enabled along with the VIRTUAL MEDIA. Both the VIRTUAL FLASH & the VIRTUAL MEDIA are enabled by default by DELL (probably an oversight on their part).

Another reason you want to do this is that if the VIRTUAL FLASH is enabled, it may show up on the WINDOWS system as an empty drive that is not formatted.


Also note that since you're accessing a remote system, usually the connection is through JAVA. I've had many issues trying to get it to work. It seems like it works best from IE on a WINDOWS system. I have very little success from the MAC BOOK PRO > FIREFOX combo.

This is true of bothe IPMI and of DRAC.

Happy remote accessing!

Last Updated on Tuesday, 07 October 2014 16:07

Upgrading the DRAC Firmware

Here's what I did to upgrade the DRAC firmware:

  • -open command prompt and run this command to disable Virtual Flash:
  • -type: racadm config -g cfgRacVirtual -o cfgVirMediaKeyEnable 0
  • -run the DRAC update - around 10 minutes to install
  • -still in command prompt run the command to enable Virtual Flash:
  • -type: racadm config -g cfgRacVirtual -o cfgVirMediaKeyEnable 1

You can also upgrade the DRAC firmware via the REMOTE access to the DRAC. It seems to be easier. I don't know why that is so.

Last Updated on Tuesday, 07 October 2014 16:06

Download Office - Glory Days of Software

In case you don't know, the glory days of software are officially over. The new licensing in Microsoft 2013 make it nearly impossible to retreive an INSTALL KEY, PRODUCT KEY or skip ACTIVATION. I will bypass the horrors of trying to manage this for a large set of computers and go straight to the point that MS has put up a catch-all page (404 page) that will allow you to download a product if you have a valid KEY.

In other words, you still need an INSTALL KEY or PRODUCT KEY.

MS landing page for sofware download if you already have a KEY (this will attach the KEY to your MS ACCOUNT/MS EMAIL):

MS 2010 items can still be directly downloaded here:

For example, PROJECT PRO 2010:

The following link has collected all of the links for us:

Last Updated on Thursday, 04 June 2015 09:42

Auto Login To Windows Domain

Did you ever have that one executive that has a locked office and refused to type in a USERNAME & PASSWORD because they can't diferentiate between their COMPUTER PASSWORD, EMAIL PASSWORD and ICLOUD PASSWORD?

I've had that before. It's easier to just automatically log them in than dealing with the phone calls.

Here's how:

That's it! The Autologon for Windows v3.01 should take care of the rest. You are doing great!

Backup Cisco 2960-s Config File

I haven't done this stuff since college nearly 20 years ago. Most of my experience has been in Small to Medium Enterprises with a just-get-it-done attitude and a we-just-need-internet desire that I haven't had the need to get into the details.

I will say that it seems as if some of these companies simply complicate proceedures to be able to justify their pricing. Backing up a config file should be a 1 button push. It's almost 2015.

  • -click START > RUN > CMD
  • -type: telnet
  • -type: o 111.222.333.444 (that the letter o as in lmnop and the ip address of the switch)
  • -type in the password
  • -type: enable (enable is their sudo command)
  • -type in the password (yes again for sudo)
  • -type: copy run tftp
  • -type 111.222.333.444 (that's the ip address of the tftp server, if you don't have a tftp server, download the http://tftpd32.jounin.net/ portable tftp server & allow UDP port 69).

That should do it!


Last Updated on Saturday, 27 September 2014 12:03

Add USB Drive to Linux

When you add a fresh USB DRIVE to Linux, it should automatically assign it a device. Something like:

  • /dev/sda
  • /dev/sdb
  • /dev/sdc
  • /dev/sdd

and so on.

Discover the USB Drive

The easiest way to check this is to look through the message log::

grep kernel /var/log/messages

You will see something like:

Sep 26 18:07:24 server kernel: usb 2-1: new high speed USB device using ehci_hcd and address 5
Sep 26 18:07:24 server kernel: usb 2-1: configuration #1 chosen from 1 choice
Sep 26 18:07:24 server kernel: scsi6 : SCSI emulation for USB Mass Storage devices
Sep 26 18:07:24 server kernel: usb-storage: device found at 5
Sep 26 18:07:24 server kernel: usb-storage: waiting for device to settle before scanning
Sep 26 18:07:29 server kernel:   Vendor: ST310003  Model: 40AS              Rev:
Sep 26 18:07:29 server kernel:   Type:   Direct-Access                      ANSI SCSI revision: 02
Sep 26 18:07:30 server kernel: SCSI device sdd: 1953523055 512-byte hdwr sectors (1000204 MB)
Sep 26 18:07:30 server kernel: sdd: Write Protect is off
Sep 26 18:07:30 server kernel: sdd: Mode Sense: 34 00 00 00
Sep 26 18:07:30 server kernel: sdd: assuming drive cache: write through
Sep 26 18:07:30 server kernel: SCSI device sdd: 1953523055 512-byte hdwr sectors (1000204 MB)
Sep 26 18:07:30 server kernel: sdd: Write Protect is off
Sep 26 18:07:30 server kernel: sdd: Mode Sense: 34 00 00 00
Sep 26 18:07:30 server kernel: sdd: assuming drive cache: write through
Sep 26 18:07:30 server kernel:  sdd:
Sep 26 18:07:30 server kernel: sd 6:0:0:0: Attached scsi disk sdd
Sep 26 18:07:30 server kernel: sd 6:0:0:0: Attached scsi generic sg3 type 0
Sep 26 18:07:30 server kernel: usb-storage: device scan complete

If you look closely at the above logs, you will see that the system assigned the letter d to the USB DRIVE. So, the device is /dev/sdd

If the USB DRIVE already has a file system on it, you might be able to find more details by:

df -h

or simply


Partition the USB DRIVE

The fresh USB DRIVE will have no filesystem so it probably won't be mounted anywhere. To format the USB DRIVE:

  • fdisk /dev/sdd
  • n (to add a new partition)
  • p (to make a primary partition)
  • 1 (that's the number one, the number you want to assign to the partition)
  • w (write and exit)

Format the USB DRIVE

Now that there is a partition on the USB DRIVE, we have to format the partition with a filesystem.

  • mkfs.ext3 -L BackupDrive1 /dev/sdd1


  • ext3 is the filesystem itself (explaining filesystems is beyond this article).
  • -L option is to label the USB DRIVE

Mount the USB DRIVE

To mount the USB DRIVE, issue a:

  • mount /dev/sdc1 /media/BackupDrive1/

Reliably mount multiple disks in the one location

In case you want to use a rotating set of disk drives for backups, you may want to mount different USB DRIVES in the same location. Of course, make sure you don't plug both in at the same time.

Edit the /etc/fstab. Add the lines by typing:

  • LABEL=BackupDrive1      /media/BackupDrive1     ext3    defaults
  • LABEL=BackupDrive2      /media/BackupDrive1     ext3    defaults

Set The Label On The Partition

This will set the label on the partition:

  • e2label /dev/sdd1 MyLabel

Check The Label On The Partition

This will check the label on the partition:

  • e2label /dev/sdd1

Unmount the USB DRIVE

If you need to unmount the USB DRIVE, it's like this:

  • umount /media/BackupDrive1/

How to Keep the USB DRIVE From Falling Asleep

I won't go into too much detail here but sometimes the USB DRIVE is going to fall asleep because of the USB DRIVE CADDY that it is in. The easist way for me to fix it was to mount it around 5 minutes before the back is scheduled to start.

  • mkdir -p /etc/e-smith/templates-custom/etc/crontab/26usb-drive
  • vi 26usb-drive

# Keep the USB drive from going into standby.
#5 * * * * /bin/touch /dev/sdc &>/dev/null
50 21 * * * root mount /dev/sdc1 /media/BackupDrive1/
55 21 * * * root umount /media/BackupDrive1/

How to Selective Restore From DAR Backup

Here's how to selective restore from DAR backup:

dar -x /media/BackupDrive1/server.domain.local/set2/full-201408092200 -N -R / -w -g home/e-smith/files/ibays/share_data/files

You will also have to restore all the incrementals:

dar -x /media/BackupDrive1/server.domain.local/set2/inc-001-201408102200.1.dar -N -R / -w -g home/e-smith/files/ibays/share_data/files
dar -x /media/BackupDrive1/server.domain.local/set2/inc-002-201408112200.1.dar -N -R / -w -g home/e-smith/files/ibays/share_data/files
dar -x /media/BackupDrive1/server.domain.local/set2/inc-003-201408122200.1.dar -N -R / -w -g home/e-smith/files/ibays/share_data/files
dar -x /media/BackupDrive1/server.domain.local/set2/inc-004-201408132200.1.dar -N -R / -w -g home/e-smith/files/ibays/share_data/files

How to Manually Start a Backup

Here's how to manually start a backup routine

  • /sbin/e-smith/do_backupwk

How to Set the Backup Sets

Backup Sets are an entire week; a full backup on Friday plus the remaining 6 days (SAT, SUN, MON, TUE, WED, THU). This data can be large. Currently, on one server, I have 600GB of data for the entire backup set.

A USB backup drive needs to be large enough for the number of full sets you want (how far back in history do you want to go) + 1. In other words, N + 1.

As an example, if you have a 2TB drive and you can only go back 2 sets.

Why? Well if you have 3 sets that is a total of 1.8TB (600 x 3) which is the desired result. The problem becomes that the next backup cannot run because it collects the backup and then it deletes the oldest backup. The next backup can only go to about 200GB and then it will error out. I learned this the hard way.

Putting the backup sets to 2 will result in 1.2TB. The next backup set will finish for a total of 1.8TB and then delete the oldest backup for a total of 1.2TB again.

Last Updated on Tuesday, 30 September 2014 16:52

Cisco Port Security

I had to get port-security running on a Cisco Catalyst 2960-S:

Show the port information on a Cisco 2960-S

  • -click START > RUN > CMD
  • -type: telnet
  • -type: o 111.222.333.444 (that the letter o as in lmnop and the ip address of the switch)
  • -type in the password
  • -type: show interfaces (this will give the long version).
  • -type: show interfaces summary (this will give the traffic summary version).
  • -type: show interface description
  • -type: show ip interface (this will give the ports up/down status).
  • -type: show ip interface brief (this will give the ports up/down status at a glance).
  • -type: show interface status (this will give the ports vlan, duplex and speed).
  • -type: show interface status err-disabled (this will give a quick report of the ports in err-disabled mode).
  • -type: show power inline (this will give the port power status).
  • -type: show version (for overall switch info and uptime).

NOTE: 2960-S platform has a 100mbp/s management port identified as fastethernet0.

Show the Port Security on a Cisco 2960-S

  • -type: enable
  • -type: the-sudo-password
  • -type: show port-security (this will give the ports with the security violations).
  • -type: show port-security interface Gi 0/1 (this will give the individual port status as per port security).
  • -type: show port-security address (this will give the port security memorization table).

Configure the Port Security on a Cisco 2960-S

  • -type: config terminal
  • -type: interface Gi 0/19 (to configure that port).
  • -or type: interface range Gi 0/1 - 19 (to configure a range of ports).
  • -type: switchport port-security (to enable port security)
  • -type: switchport port-security maximum 1 (allows only 1 mac address to be assigned to the port).
  • -type: switchport port-security violation shutdown (shutdown the port if there's a violation and requires manual).
  • -type: switchport port-security mac-address sticky (collects the mac address and memorizes it).
  • -type: switchport port-security aging time 0 (set the aging time to 0)
  • -type: switchport port-security aging type absolute (set the mac address type to the only mac address allowed).

Manually Enable the Port after a Violation on Port Security

  • -while still in config mode.
  • -type: shutdown (this shuts the port down).
  • -type: no shutdown (this brings the port back up).

When a security violation happens, the port is shutdown and will not work. It requires manual intervention to make certain there is no malicious activity happening. The commands above will bring the port back up working with the original MAC address.

Clear out the Stick Mac Address to Allow Another Computer/Device

  • -login to switch.
  • -type: enable
  • -type: config terminal
  • -type: interface G 0/19
  • -type: shut
  • -type: do clear port-security all interface gi0/19
  • -type: no switchport port-security mac-address sticky
  • -type: switchport port-security mac-address sticky
  • -type: no shutdown

This will clear out the mac-address that is remembered and bring the port back up so that it will work with another NEW-MAC address.

However, if the mac-address is still in the address-table, you will not be able to use this mac-address on another port. The mac-address has to be cleared from the original-port it is attached to.

First, find out if the mac-address is attached to a port and make note of the port.

  • -type: show port-security address

Now, shut down the new port:

  • -type: config t
  • -type: int gi0/28
  • -type: shut

Now, clear out the mac-address from the original port:

  • -type: config t
  • -type: int gi0/19
  • -type: shut
  • -type: do clear port-security all interface gi0/19
  • -type: no shut

Now, verify the mac-address is gone:

  • -type: do show port-security address
  • -type: end

Finally, bring back up the new port:

  • -type: config t
  • -type: int gi0/28
  • -type: no shut

You can see if a port is in violation by:

  • -type: show int status

To recover any port that is in violation:

  • -type: config t
  • -type: errdisable recovery cause psecure-violation

But then you have to wait the Timer-Interval-Seconds before the port is available again.

To see the timeout:

  • -type: show errdisable recovery

You might want to see if any mac-address is in the table:

-type: show mac address-table

Disable Port Security

  • -while in config mode & while in an interface or range of interfaces
  • -type: no switchport port-security

End the Config Session

  • -type: end

To Tail the Logs

  • -type: terminal monitor
  • -type: terminal no monitor

Save the Changes

  • -type: write memory
  • -or type: copy running-config startup-config
Last Updated on Thursday, 11 July 2019 09:10


Windows can't keep copying correct by default. As a note for myself, I'm shamelessly copying from somewhere on the internet:

robocopy source destination /E /ZB /DCOPY:T /COPYALL /R:1 /W:1 /V /TEE /LOG:Robocopy.log

A real-world example is copying the BACKUP-DRIVE to an EXTERNAL-DRIVE but only files for the last 90 days:

robocopy z:\ t:\ /MIR /Z /E /ZB /DCOPY:T /COPYALL /R:1 /W:1 /V /TEE /MAXAGE:90 /LOG:Robocopy.log

Here's what the switches mean:

  • source :: Source Directory (drive:\path or \\server\share\path).
  • destination :: Destination Dir  (drive:\path or \\server\share\path).
  • /E :: copy subdirectories, including Empty ones.
  • /ZB :: use restartable mode; if access denied use Backup mode.
  • /DCOPY:T :: COPY Directory Timestamps.
  • /COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU).  Copies the Data, Attributes, Timestamps, Ownser, Permissions and Auditing info
  • /R:n :: number of Retries on failed copies: default is 1 million but I set this to only retry once.
  • /W:n :: Wait time between retries: default is 30 seconds but I set this to 1 second.
  • /V :: produce Verbose output, showing skipped files.
  • /TEE :: output to console window, as well as the log file.
  • /LOG:file :: output status to LOG file (overwrite existing log).

The above will copy the directory. You will have to manually re-setup the share.

This is why the best practice is to use full permission for everyone on the share, and limit the permission using NTFS permissions. And wait till everyone leaves the office.

NOTE: Robocopy can be cantankerous. If you get error message, "access is denied" or "This security ID may not be assigned as the owner of this object" then try it this way.

-first, map a drive: net use k: \\server\share-name /user:pc-name\username password-here

-second, use robocopy with /COPY:DAT instead of /COPYALL. Like this: robocopy E: K:\share-name /E /ZB /DCOPY:T /copy:DAT /R:1 /W:1 /V /TEE /MT:12 /LOG:Robocopy.log

Last Updated on Thursday, 20 July 2017 10:11

Find the Size of the current directory

I can never remember how to find the size of the current directory in linux. Here it is:

du --max-depth=1

And to make is human readable and sorted by number:

du -h --max-depth=1 |sort -n

Last Updated on Wednesday, 05 June 2019 05:29

BCD Replaces Boot.ini

Twice this week I've been bitten by the BCD or BOOT CONFIGURATION DATA.

BCD replaces the BOOT.INI file in older systems such as XP. BCD is found in WINDOWS VISTA and newer systems. The BCD is a OPERATING SYSTEM FILE and will be hidden unless the options are set to view those files:

  • -open any EXPLORER window.
  • -click the VIEW tab (at the top).
  • -click OK.

Previously, there was a boot.ini file. To edit the boot.ini file, simply edit the file with a text editor. Now to edit the BCD, you must use BCDEdit.exe.

The overall problem becomes that the BCD is unreliable (hence the name Microsoft). It causes issues like:

"the trust relationship between this workstation and the primary domain failed" in WINDOWS 7
(bcdedit /set S:\Boot\BCD {default} bootstatuspolicy ignoreallfailures)


"inaccessible boot device" WINDOWS 8.1
(Bcdedit /store S:\BOOT\BCD /set {default} truncatememory 4294967296)
(T:\windows\system32\bcdedit /store S:\boot\bcd /set {default} truncatememory 4294967296)

Both require edits to the BCD. But how do you edit the BCD when the system isn't accessible?


How to Edit the BCD

The BCD is actually a file in a small hidden directory. If you could connect the external drive to a working system and assign the letter S to the drive, the file location would be:


Please note that this is NOT the WINDOWS OS partition. This is a small NTFS partition (100MB for WINDOWS 7 & 300MB for WINDOWS 8) before the the WINDOWS OS partition. This partition is marked as ACTIVE and will therefore be chosen as the partition to boot from.

This is really confusing because there is a T:\Boot\BCD as well.

True to MS standard, they put out way too much unnecessary jargon here:http://technet.microsoft.com/en-us/library/cc721886%28WS.10%29.aspx#BKMK_bcdedit

  • -connect the harddisk with the corrupt BCD into another computer that is running Windows.
  • -mount the defective partition on a drive (in my case S:\)
  • -in the partition the file S:\Boot\BCD is the one that needs to be repaired.
  • -open a command prompt (Cmd.exe) (as administrator)
  • -type: T:\Windows\System32\bcdedit /store S:\Boot\BCD /enum
  • -you are viewing the BCD.
  • -to view everything in the BCD...
  • -type: T:\Windows\System32\bcdedit /store S:\Boot\BCD /enum all


How to Edit Some of the BCD Settings:

The BCD will have a BOOT-MANAGER called BOOTMGR. This is a boot manager for the entire disk. You can think of it as a GRUB, LILO, GRUB4DOS, etc or any other bootloader. It can be used to redirect the boot the MAIN WINDOWS OS but it can also boot other OS's as well. Most people won't get this far. They just want their MAIN WINDOWS OS to boot correctly.

After the BOOTMGR section, comes all the WINDOWS OS sections. Typically, the main section will be called DEFAULT and it will show as {default}.
(NOTE: don't let the curly brackets scare you).

For example, if you wanted to change the BOOTMGR device and the DEFAULT device, here's how.
(Please do not type this in... This is just an example.)

T:\Windows\System32\bcdedit /store S:\Boot\BCD /set {bootmgr} device boot
T:\Windows\System32\bcdedit /store S:\Boot\BCD /set {default} device boot
T:\Windows\System32\bcdedit /store S:\Boot\BCD /set {default} osdevice boot

This will change the settings for those key values.

You can also use an awesome handy tool called VISUAL BCD EDITOR located at: http://www.boyans.net


Fix the BCD

If you would like to rebuild the BCD, here's how:

  1. Put the Windows Vista or Windows 7 or Windows 8 media in the DVD drive / usb, and then start the computer.
  2. Press a key when you are prompted.
  3. Select a language, a time, a currency, a keyboard, or an input method, and then click Next.
  4. Click Repair your computer.
  5. Select the operating system that you want to repair, and then click Next.
  6. In the System Recovery Options dialog box, click Command Prompt.
  7. Type Bootrec.exe, and then press Enter.

That will automatically try and fix the BCD if it's broken.


Rebuild the BCD

Same as fixing the BCD above but using switches at the end.

Bootrec.exe /FixMbr
Bootrec.exe /FixBoot
Bootrec.exe /ScanOs
Bootrec.exe /RebuildBcd


WINDOWS 8.1 Considerations

WINDOWS 8.1 installs a hidden 300MB NTFS partition.

If WINDOWS is loaded, some may investigate and fiddle around with the BCD on the main partition in C DRIVE not realizing that the BCD loading in another hidden partition for the purpose of the BCD.

If you boot from a CD/USB, the BCD PARTITION will be the C DRIVE and the WINDOWS OS PARTITION will be the D DRIVE.


BCDEDIT Says zero Total Identified Windows installations

If you get as far as: Bootrec.exe /ScanOs

And it says:

"zero Total Identified Windows installations: 0"

Then you may have to rebuild the BCD. Be sure to backup the original BCD first.

  • boot from a WINDOWS VISTA/7/8 media as above.
  • cd c:\boot (note that this is not the normal C DRIVE. If you boot from a WINDOWS 7 or WINDOWS 8 install disk, the disk will see all the partitions and LETTER them accordingly. The C DRIVE will be the BCD partition and the D DRIVE will be the WINDOWS partition.)
  • bcdedit /export c:\bcdbackup
  • attrib c:\boot\bcd -h -r -s
  • ren c:\boot\bcd bcd.old
  • bootrec /rebuildbcd
  • type: Y
  • press: ENTER

You should get some kind of awesome message to let you know that it is rebuilt correctly.

Last Updated on Thursday, 25 September 2014 08:53

Set VPN Idle Timeout on Windows Server 2012

  • (a new window opens)
  • -right-click REMOTE ACCESS LOGGING (on the left-hand side).
  • -click LAUNCH NPS.
  • (a new window opens)
  • -click NETWORK POLICIES (on the left-hand side).
  • -right-click "Connections to Microsoft Routing and Remote Access server"
  • -click PROPERTIES.
  • -click CONSTRAINTS tab (at the top).
  • -click IDLE TIMEOUT (on the left-hand side).

The IDLE TIMEOUT settings can be configured here.

GnuWin32 Where Have You Been All My Life?

GnuWin32 Where Have You Been All My Life? As they say, necessity is the mother of invention. I always wanted to use *nix commands on Windows platform before but never really needed it until I was forced to deal with a Windows Server on a daily basis.

My digust for some of the way Windows operates should be apparent by now but if not, let me tell you; I'm disgusted. I could have learned commands in the 1970's that are still in practice today. Or if I traveled with Windows, I would have to learn over and over again.

GnuWin32 is a application package suite that alllows you to use *nix commands on Windows.

This should get all your familiar *nix command in the COMMAND SHELL.

Last Updated on Wednesday, 03 February 2016 09:25

Group Policy, Organization Units, Server 2012

In my mind, it's very simple. You have USERS and you have GROUPS (anything that is more than 1 user). If I need to do something, I should create a rule and apply it to the group.

In Microsoft Server 2012, it doesn't exactly work that way. It, in true fashion, has to be as difficult as humanly possible.

To look at the default structure:

  • -click SERVER-MANAGER (I'm pretty sure they ripped this name off another project).
  • -a DOMAIN TREE shows.
  • (It has USERS, COMPUTERS but it doesn't have GROUPS. GROUPS are erroneously mixed in with USERS)

To add a GROUP.

  • -click USERS.
  • -right-click USERS.
  • -click NEW > GROUP
  • -type in the GROUP-NAME.

To add USERS to GROUP.

  • -double-click GROUP NAME.
  • -click MEMBERS tab (at the top).
  • -click ADD.
  • -type in the NAMES you want to add.

Since I'm a big fan of GROUPS, I want to apply a login script just for a certain GROUP.

To look at the default Group Policy structure:

  • -click SERVER-MANAGER (I'm pretty sure they ripped this name off another project).
  • (It has "GROUP POLICY OBJECTS". All your GPO's are here.)

Active Directory Hierarchy And The Way You See It Taught

Now what's interesting is that this doesn't match the USERS & COMPUTERS. There is no GROUPS section. Why? Because this is based off of LDAP. Why is that important? Because LDAP is hierarchical (and not relational). This means that one-child can only have one-parent. (But one parent can have many children. [Don't ask.]). So instead of GROUPS, they use ORGANIZATIONAL-UNITS. This hierarchical structure means that a USER cannot be a member of 2 different GROUPS in an ACTIVE DIRECTORY ORGANIZATIONAL UNIT (or AD and OU). The end result is that a USER-object can only be place in one OU.

This is why there are so many articles and videos about structuring your AD and OU's correctly. Because it doesn't make sense to rational thinking and someone has to explain it in details just to get it working. And even then, they have trouble getting it working smoothly. Most of the advice demonstrate that you should create OU's and then to put both the computer-objects and the user-objects inside of that OU. The GROUP-POLICY is then applied to the OU and consequently it will be applied to the USER and/or COMPUTER.

Of course it will. The GP is attaching to the individual USER or COMPUTER.

Active Directory And The Way It Should Be Enterprise

In short, this may work well for the ENTERPRISE (company more than 300 users). Traditionally you should create OU's along geographic boundaries and then to put both the computer-objects and the user-objects inside of that OU. It would look something like this:


The GROUP-POLICY is then applied to an OU and consequently it will be applied to the USER and/or COMPUTER.

Active Directory And The Way It Should Be Small Business

But what about everyone else? It doesn't work well for the small to medium enterprise (as defined by MS: a company less than 300 users). For this segment, it's faulty thinking. I don't have a bunch of offices across the globe. I don't have multiple floors, levels and locations. If I follow the common advice, I no longer have a section called USERS that contains all my users. And I don't have a section called GROUPS that contains all my groups.

My mind doesn't work the way of the enterprise. I group people all the time and they can be in many groups at the same time. I can group my friend Jason as being the WORK GROUP, FRIEND GROUP and CHURCH GROUP. But again, you can't do this in AD.

What is nice about AD is that it is highly customizable. Consequently, you will see many (and I stress many) different ways to do this in articles, videos and in practice. Also due to this customization, I can create the way I want it, I just have to create it myself rather than this feature coming ready out-of-the-box.

All of that set aside, ultimately at the root-level of AD I want to have an OU called GROUPS. Under that GROUPS-OU, I locate all my SECURITY-GROUPS objects (out of the USERS and into the GROUPS). These are common units like ACCOUNTING, PRODUCTION, HR, IT, MANAGEMENT, MARKETING, OPERATIONS, SALES, etc. Each SECURITY-GROUP has the members that are needed.

The result looks similar to:


This makes it easy on myself. Just keep it simple and create those SECURITY-GROUPS in the new GROUPS-OU, leave the computers in the COMPUTERS-OU and the users in the USERS-OU.

For clarity, if you click on USERS, there are only USER-OBJECTS in there. There are no GROUP-OBJECTS in there. All of the GROUPS have all been moved to the appropriate place in the GROUPS-OU.

GROUP POLICY That Applies To Groups

Now the problem becomes the GROUP-POLICY.

Counter-intuitively, GROUP-POLICY-OBJECTS (GPO's) cannot be applied to GROUP-OBJECTS. GPO's can only be applied to USER-OBJECTS and COMPUTER-OBJECTS. Remember from above where many tutorials, classes, videos and articles say to put the objects in the OU? This is why they teach you to do it this way. If they don't put the OBJECTS in the OU, the GP doesn't work.

So how do I apply a GPO to a SECURITY-GROUP?

By creating a GPO on domain-level (not the OU level), editing the GPO and assigning the GPO to the GROUP through SECURITY-FILTERING.

To create a new GPO:

  • -click SERVER-MANAGER (I'm pretty sure they ripped this name off another project).
  • -right-click the domain-name (ie contoso.com).
  • -type in a NEW-NAME.
  • -click OK

Edit the GPO:

  • -right-click the GPO.
  • -click EDIT.
  • -make all your changes in here. Don't worry about anything else at this point.

Assign GPO to the GROUP:

  • -click the GPO.
  • -you should be on the SCOPE tab (at the top).
  • -click ADD (at the bottom).
  • -type in the name of the GROUP.
  • -click OK.
  • -click DELEGATION tab (at the top).
  • -click ADVANCED button (at the bottom right).
  • (a new windows pops up).
  • -click AUTHENTICATED USERS (at the top section).
  • -find APPLY GROUP POLICY (at the bottom section).
  • -uncheck the ALLOW.
  • -find READ (at the bottom section).
  • -checkmark ALLOW (this should already be done but just to verify).
  • (This is not a typo. This allows all users to READ the GPO but doesn't assign it to them.)

Run The GPO On The Client Computer

  • -click START > RUN
  • -type: CMD
  • -type: gpupdate /force
  • -type: gpresult /h new-report.html (or if you are savy, type: gpresult /R) (or if you want to punish yourself, type: gpresult /Z).
  • -open new-report.html to view results


In summary, there are USERS-&-GROUPS section in AD and there are OU's in GPO. They don't match. So we create our own GROUP-STRUCTURE in AD, create a GPO, link it to an OU and only give the AD GROUP access to the to the GPO through SECURITY-FILTERING.


-A good source of information is here: http://www.grouppolicy.biz
-And there are good videos on YouTube here:https://www.youtube.com/user/itfreetraining
-EVERYONE group does not include EVERYONE.
-AUTHENTICATED-USERS also includes DOMAIN-COMPUTERS. This is why it should not be entirely-removed from the GPO.
-On 06/22/16 a MS update breaks many GPO's but not the method above. Read the rest of the story here:

Last Updated on Tuesday, 11 February 2020 10:43

AWS S3, GovCloud and DropBox

So let's say that you need to share files with outside vendors. Historically, this is done through an FTP site. The problem is that FTP is insecure, really insecure. So insecure that in 2014 (and for many years before) it shouldn't even exist (you can throw telnet into this category as well).

In more modern times, this is done through services like DropBox, Gdrive, OneDrive, etc; with DropBox seemingly leading the way.

The problem becomes that certain industries are not allowed to use DropBox, not because DropBox doesn't meet technological requirements but because DropBox doesn't meet regulations. One of these industries is Government.

In walks Amazon Web Services or AWS. AWS has a number of cloud based products. There's so many services, it's dizzying. I'd be lying if I said that I knew and understood them all.

Now take all of these services and boil them down to the top 12 absolutely necessary services. Now make sure that only US Persons are able to access these services. This is GovCloud.

One of the primary services of AWS & GovCloud is S3. S3 is a simple cloud storage.

Create a DIRECTORY for the S3 to live:

  • -login to AWS GOVCLOUD.
  • -click S3.
  • -click CREATE BUCKET.

Create an OUTSIDE USER to access the S3:

  • -login to the AWS GOVCLOUD
  • -type in the USERNAME.
  • -click CREATE (at the bottom right).
  • -record the ID & KEY (you will not have another chance to do this).
  • -click CLOSE > CLOSE.
  • -click on the USER-YOU-JUST-CREATED.
  • -scroll to bottom.
  • -click APPLY (at the bottom right).
  • -record the PASSWORD (you will not have another chance to do this).

 The rest can be done through the AWS GOVCLOUD web site but it's actually easier to use CLOUDBERRY S3 EXPLORER PRO. It costs $30 at the time of writing but so what.

Assign USER to allow access to S3 bucket:

  • -click ACCESS MANAGER (at the top).
  • -click NEXT.
  • -checkmark the OUTSIDE-USER
  • -select NEXT.
  • -click NEXT.
  • -checkmark the S3 BUCKETS you want to allow access to.
  • -click NEXT.

It will show you the STATEMENT it is going to implement. This will work for AWS S3 but it won't work for GOVCLOUD. GOVCLOUD has a different RESOURCE NAME. I'll spare you the details.

  • -everywhere you see "aws", replace it with "aws-us-gov"
  • (This took me an entire day to discover).
  • -click NEXT > NEXT.
  • if it gives an error saying that a policy already exists... ignore it. We already know. We just created it.

 Now you have 2 sets of credentials for the OUTSIDE USER. You have a USERNAME & PASSWORD they can type in for the web site. They also have an ID and KEY they can use for a program.

Last Updated on Tuesday, 14 April 2015 15:05

Find DRAC IP Address

So you have a DRAC or DELL REMOTE ACCESS CONTROLLER. It is their proprietary version of IPMI. You can configure the DRAC via IP ADDRESS.

But how you find the IP ADDRESS of the DRAC?


-install OPENMANAGE.

(as of print is: http://en.community.dell.com/techcenter/systems-management/w/wiki/1760.openmanage-server-administrator-omsa.aspx#Documentation_OMSA)

-click START > RUN

-type: cmd

-type: racadm getniccfg

(this gets the IP ADDRESS. By default it is usually:


-type: racadm setniccfg -s ipAddress gatewayAddress subnetMask


-click START > RUN



Last Updated on Wednesday, 06 August 2014 17:55

Quickbooks 2014 H202 Error


Quickbooks 2014 H202 error. So the Quickbooks is setup in a traditional style. The Quickbooks Server is installed on the Windows Server 2012 x64. Quickbooks is setup on the Windows 7 x64 client pc's.

The FILE SHARE is mapped to Q DRIVE but QUICKBOOKS is trying to access the file via \\ip-address-here\qb-file-name-here


The client PC's can see the FILE SHARE trying to access the Quickbooks file gets the dreaded H202 error. This basically means, "something's wrong."


The FILE SHARE is locked down to the ACCOUNTING group. The Quickbooks QuickBooksDB24 Service is starting with a new user called Quickbooks-something-I-can't-remember.


  • -add the QBUSER to the group that has access to the FILE SHARE.


  • -click START > RUN
  • -type: services.msc
  • -double-click: QuickBooksDB24
  • -a new window opens.
  • -click LOGON (at the top).
  • -bullet THIS ACCOUNT.
  • -type in a USERNAME & PASSWORD of a USER in the group that has access to the FILE SHARE.
  • -restart the QUICKBOOKSDB24 service.

That should do it.

Polycom Administrator Manual


This is what I need. Read and digest.

I'm having a hard time with this. There simply too much info that doesn't compute along with too much outdated info.

Apparently, you can configure the phones individually but also via config files from the server. That's what I want to do but I can't figure it out.


UPDATE 02/01/18

While it is certain that information is spread throughout the internet, I was finally able to piece this together that makes sense for me. Please see the Upgrading Polycom Phones Across Entire Location

Last Updated on Saturday, 10 February 2018 10:30

Find Devices in Linux

To find devices in Centos/RHEL, you can issue a:

cat /proc/partitions

Or you can issue a:

fdisk -l

Either will do. The fdisk gives a little more info.

If you need to get the info for a USB device, try:


Last Updated on Saturday, 26 July 2014 05:16

DDWRT Guest Network

[UPDATE: This process isn't worth it anymore. For low-end projects, just buy an Asus router (it doubles as an access-point). For mid-sized projects, buy Ubiquiti. For high-end projects, buy Watchguard. Boom. Done. Easy.]

The goal is to have one wireless unit providing both the OFFICE WIFI and the GUEST WIFI. This wireless unit is an access point already running the OFFICE WIFI. It is not a router/gateway/firewall. A SonicWall is the router/gateway/firewall.

So how do we have a wireless GUEST WIFI as well as a regular OFFICE WIFI?


  • -find VIRTUAL INTERFACES (at the bottom).
  • -click ADD.
  • -give your guest wifi network a name.
  • -select ENABLE for AP ISOLATION.
  • -click SAVE > APPLY.


  • -click WIRELESS SECURITY (at the top).
  • -select a mode (I chose WPA2 PERSONAL).
  • -select an algorithm (I chose TKIP + AES).
  • -type a password.
  • -click SAVE.


  • -click SETUP > NETWORKING (at the top).
  • -find BRIDGING SECTION (should be the 2nd from the top).
  • -click ADD.
  • -type: br1 (in the first box).
  • -click SAVE (at the bottom).
  • -new options will show under the bridge.
  • -type in an IP ADDRESS & SUBNET MASK (I typed in &
  • The idea here is that it must be a separate network from the main network. Since most small networks are or, using is fine.
  • -click SAVE > APPLY.


  • -go to the BRIDGING SECTION again.
  • -click ADD.
  • -select BR1.
  • -select WL0.1
  • -click SAVE > APPLY.


The DHCP service must be running to add a secondary DHCP service.

  • -click SETUP > BASIC SETUP (at the top).
  • -find the DHCP section.
  • -select DHCP SERVER.
  • -verify the appropriate network information.
  • -checkmark USE DNSMASQ FOR DHCP.
  • -checkmark USE DNSMASQ FOR DNS.
  • -checkmark DHCP-AUTHORITATIVE.
  • -click SAVE (at the bottom).
  • -click SETUP > NETWORKING (at the top).
  • -find the DHCPD section (at the bottom).
  • -click ADD.
  • -select BR1.
  • -select ON.
  • -click SAVE > APPLY SETTINGS (at the bottom).


  • -click SERVICES (at the top).
  • -find the DNSMASQ section.
  • -select ENABLE for DNSMASQ.
  • -select ENABLE for LOCAL DNS.
  • -select ENABLE for NO DNS REBIND.
  • -type the following in the Additional DNSMasq Options:


This should be fairly straight forward. We are setting the options for 2 sets of DHCP. Each set customizes the GATEWAY, DHCP RANGE and DNS for the each DHCP set. You will have to customize this to fit your own needs.

This is different than most instructions you will see. This is because since this is an ACCESS POINT and not a GATEWAY/ROUTER/FIREWALL. When that happens the AP will automatically try to become the DNS & the GATEWAY for both sets of DHCP ranges. That obviously won't do since we need have to other items perform those functions. More importantly, I do not want the guest network to have the same DNS settings as the regular network. The settings above allow us to customize them to our needs.


  • -click ADMINISTRATION > COMMANDS (at the top).
  • -find the COMMAND SHELL box.
  • -type the following:

iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
iptables -I INPUT -i br1 -p tcp -dport telnet -j REJECT -reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp -dport ssh -j REJECT -reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp -dport www -j REJECT -reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp -dport https -j REJECT -reject-with tcp-reset

  • -click SAVE FIREWALL (at the bottom).

This isn't straight forward at all. Basically, the first 5 commands allow internet access to flow. The last 4 commands block the GUEST WIFI from accessing the OFFICE WIFI.

That should do it! Save and Restart the unit to make sure that it survives a reboot. There are 2 separate networks, the OFFICE WIFI and the GUEST WIFI. The GUEST WIFI can access the internet but cannot access the office network. That includes any shares, printers or any other computers on the office network.

Last Updated on Thursday, 01 September 2016 14:46

Show Last Logon

Let's say that you had a requirement to show the last time your logged onto the computer system, including any failed attempts.

To be clear, this message shows after anyone logs into the computer and before the DESKTOP shows.

  • right-click DEFAULT DOMAIN POLICY.
  • click EDIT.

Add a Login Message in Windows Server 2012

Let's say that you had a requirement to show a login message before someone logged into the computer. Maybe something like, "Hi, system usage is monitored, recorded, and subject to audit. By using the system, you grant consent to such monitoring and recording. Unauthorized use is prohibited and subject to criminal and civil penalties."

To be clear, this message shows before anyone logs into the computer and before the LOGIN BOX shows.

  • right-click DEFAULT DOMAIN POLICY.
  • click EDIT.
  • edit the text.
  • edit the text.

(NOTE: Both have to be set or else it doesn't show.)

Windows Server 2012 Backup System State

I like to manually backup the SERVER STATE before I make any changes:

Last Updated on Wednesday, 16 July 2014 11:19

Add A Disclaimer to Exchange 2013

The best guide I've witnessed on this occasion is here:


I'm posting for my own reference.


The only other items I would like to add is that there should be an EXCEPTION:

-paste the disclaimer in the box (don't worry if the whole disclaimer doesn't fit).
-click the + (the plus sign).
-click SAVE.

-the disclaimer will be placed directly at the end of the email.
-the disclaimer will only show at the very bottom of the email; underneath any forwards or replies that may be in the email.
-the disclaimer will only show once and will not repeat if the disclaimer already exists. This means it will not repeat on forwarded emails and reply emails.

Last Updated on Wednesday, 16 July 2014 11:21

Polycom Phone Sets Digitmap

Are you experiencing different results when you dial directly from the Polycom phone set than if you pickup the Polycom phone set and dial?

For example, to make a call:
-walk to the phone.
-dial 540-552-0497 (automated weather service number).
-hit DIAL.
-the call goes through on speaker phone.

Now, try this:
-walk to the phone.
-pick up the hand set (you hear a dial tone).
-dial 540-552-0497 (automated weather service number).
-nothing... (or possibly, "I am sorry, that is not a valid extension).

As referenced in the last post, a DIAL PLAN, is a set of numbers that is used to dial out. What's interesting with the Fonality/Polycom solution is that the DIAL PLAN on the SERVER, doesn't apply to the POLYCOM PHONE SETS directly. So what's happening here is when you simply dial the number and hit DIAL, you are using the SERVER DIAL PLAN.

When you pick up the phone set and dial the number, you are using the POLYCOM PHONE SET DIGITMAP (notice the difference between the DIAL PLAN & DIGITMAP).

What's even more interesting, is that the two sets don't corrospond. You can't simply take the SERVER DIAL PLAN and simply copy it to the POLYCOM PHONE SET DIGITMAP and expect it to work. Trust me. I've tried. We have to translate them.

So here are the SERVER DIAL PLANS again:

9 + nxxnxxxxxx
9 + 411
9 + 611
9 + 0
9 + nxxxxxxx
9 + 1nxxnxxxxxx
9 + 011.
9 + 11

To start fresh, I've wiped out the POLYCOM PHONE SET DIGITALMAP.

The letter "n" is any single number other than 1 or 0. The problem is that "n" doesn't exist on the DIGITALMAP. You have to use [2-9].

The letter "x" is any single number. "x" does exist on the DIGITALMAP.

So here is my on-the-fly-translation:

-covered by rule 2
0 (telco operator)
-covered by rule 2

Additonal DIGITALMAP rules are as follows:

0T (allows for local operator)
[7]xxx (allows for local extension)

The complete final DIGITALMAP looks like this:

Last Updated on Tuesday, 08 July 2014 11:37

Port Mapping on SonicWall

Let's say I want to access a server on port 5901 in the internal network but rom the outside network, I want to connect to port 5900.

So it may look like this: 5900 => 5901

STEP 1: Create new custom service.

Create new service: RedirectExtPort on TCP 5901.

STEP 2: Add firewall-access-rule.

Firewall -> Access Rules


Service: RedirectExtPort
Source: Any
Destination: WAN IP

STEP 3: Add NAT Policy

go to Network -> NAT Policies

New Policy:

Original Source: Any
Translated Source: Original
Original Destination: WAN IP
Translated Destination: InternalServerIP
Original Service: RedirectExtPort
Translated Server: RDP5900
Inbound Interface: WAN Port
Outbound Interface: Any

10 Steps In Setting Up a Fonality Server

Recently, I had the priviledge to be involved in a new fiber line install from LEVEL3. The fiber line service was also ordered with a SIP service. This is new to me so I'll explain slowly in terms I can understand.

A SIP service is basically telephone service via internet only (no copper lines). Sometimes, this is called a SIP TRUNK or a VOIP TRUNK. Basically, it's the main connection with a USERNAME & a PASSWORD that they provide along with an OUTSIDE IP ADDRESS. To to be clear, the only connection we have to the outside world is one internet connection, the fiber line. In this particular case, the connection's capacitiy is 10 Mbps.

Sitting in a physical brown box was a Fonality phone server. I have no idea who Fonality is or the extent of their service. I pulled it out of the box and rack it in the four post rack.

From here, I have no idea what to do. I have no idea how the Fonality server connects to anything. I have no idea where the phone numbers are coming from.

Here is the process I went through.

1-collect the phone numbers or the phone number block or the list of phone numbers that are assigned to the company. This block is coming from the company that is providing the SIP service. Call the company and get them.

2-collect the MAC ADDRESSES of the phone devices. The MAC ADDRESSES are needed to be collected and given to the crew at FONALITY. They will somehow associate the MAC ADDRESSES with the account. If the MAC ADDRESS is not associated with the account, the device cannot be used. I'm finding out more about this as I should be able to add devices myself. Currently, to my knowledge there is no way to add the sets by yourself. The Fonality support crew must do this for you.

3-connect the FONALITY server to the internet. It doesn't matter how. It just needs an internet connection. On mine, there were 2 nics on the back. NIC1 was the one that worked. To configure, I had to plug in a monitor, keyboard and mouse. Logging in with:

USER: ip
PASS: ip

This gave me limited options and one was to change the IP address. If you can't set it manually, it should be set to get an IP ADDRESS via DHCP.

The magic of the FONALITY is that upon connecting to the internet, it will automatically make a VPN call back to the FONALITY HQ SERVERS. The FONALITY HQ has a WEB ADMIN CONTROL PANEL (https://cp.fonality.com/) that configures (with pulls and pushes) to the local PHYSICAL FONALITY SERVER via the VPN. Pretty cool.

4-connect to the WEB ADMIN CONTROL PANEL at https://cp.fonality.com/. FONALITY should give you a USERNAME & PASSWORD. I received one with a WELCOME LETTER in the box but it didn't work. I had to contact support to get the USER/PASS reset.

5-setup USERS/EXTENSIONS. Upon logging into the CP, you have to setup the USERS. This comes down to FIRST NAME, LAST NAME & EXTENSION NUMBER. The EXTENSION NUMBER can be any 4 digit extension but it cannot be changed later on. If you want to change the extension, the extension has to be deleted and recreated. At the bottom of the page, add the DEVICE to the EXTENSION.

6-setup the SIP account. Again, the SIP account is just a USER/PASS along with an OUTSIDE IP ADDRESS. Click OPTIONS > VOIP. Type in those 3 pieces of information and click ADD VOIP ACCOUNT.

7-setup DIAL PLAN. A DIAL PLAN is how the phones will be used to dial out for items such as local phone calls, long distance phone calls and international phone calls. Such as dial 9 to get an outside line. Click OPTIONS > DIAL PLAN. Here are the dial plans I setup:

9 + nxxnxxxxxx local call
9 + 411 Information local call
9 + 611 Phone Trouble local call
9 + 0 local call
9 + nxxxxxxx Standard local call local call
9 + 1nxxnxxxxxx long distance
9 + 011. International international
9 + 11 emergency

8-setup SONICWALL or other firewall. The Fonality server is going to require certain ports open on the firewall to work correctly. On a simple firewall, direct the following ports to the internal ip address:

  • icmp:0
  • icmp:3
  • icmp:4
  • icmp:5
  • icmp:8
  • icmp:9
  • icmp:10
  • icmp:11
  • tcp:21
  • tcp:22
  • tcp:53
  • udp:53
  • tcp:80
  • udp:4569
  • udp:5060
  • udp:5061
  • udp:5070
  • udp:5222
  • tcp:5222
  • tcp:6600
  • tcp:8000
  • udp:9710

On a SONICWALL, the concept is the same but you have to create an ADDRESS OBJECT. Create the services, if they are not already there. Finally create the NAT POLICY. Typically, I use the WIZARD to set these up. At least with one service but then add the other services later on.

9-setup phone sets via IP ADDRESS. Amazingly to me, some of the settings need to setup individually; phone set by phone set. This kind of ruined the whole point of central management but so be it. If the phone has an IP ADDRESS, type it in along with the USER/PASS. The important setup items here are LINE1 with the EXTENSION NUMBER. Also setup the NTP for the NETWORK TIME. Click GENERAL > TIME. The important part here is to setup the server name which is something like s123456.fonality.com.

10-last of all Fonality recommends setting an A RECORD in the DNS settings. A RECORD is s123456.fonality.com the IP ADDRESS is the INTERNAL IP ADDRESS of the server. This way when the phone sets request info they will be redirected internally rather than externally. It saves a few milliseconds.

Last Updated on Sunday, 06 July 2014 16:50

LEVEL3 Fiber Line and Sonicwall

Just a mental note that a SONICWALL INTERFACE (X0, X1, X2, etc) needs to be manually set with a LINK SPEED of 100MB FULL DUPLEX for a LEVEL3 Fiber Line. It cannot be set to AUTONEGOTIATE.

Upgrade Exchange 2013


-we are at EXCHANGE 2013 15.9.516.32 aka RTM
(You can find yours by typing: get-exchangeserver | fl AdminDisplayVersion)
(Visit the following for the current version list: https://technet.microsoft.com/en-us/library/hh135098%28v=exchg.150%29.aspx)
-underlying OS is WINDOWS SERVER 2012 STANDARD
-verified we have .NET 4.5 installed

-CU5 15.0.913.22

-only need CU5
(CU4 aka SP1 is not needed. All CU's are full updates and are not dependent upon previous CU's in any way.)
-downloaded CU5 to the server.

Take a confirmed backup of Active Directory

Take a confirmed backup of your existing Exchange 2013 servers and databases



-setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

-repadmin /showreps

-Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
-Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

-get-executionpolicy –list
-Set-ExecutionPolicy Unrestricted

-click Manage > Add Roles and Features > Features
-checkmark it
-click NEXT
-click INSTALL

-Setup /m:upgrade /IAcceptExchangeServerLicenseTerms

-get-executionpolicy –list
-Set-ExecutionPolicy RemoteSigned


Last Updated on Monday, 03 April 2017 11:15

Datacenter Backups Are Tough

Datacenter backups are tough. They have been killing me through the years. Why? Simply because there is too much data. Sure backuping up a desktop or a phone isn't too hard as the options are available but what do I do in a datacenter? What are my options?

Good question. What are my options? Well, lets think about it.

Typically, the fist option I think of is a backup to an external HD or a USB HD. On a desktop this easy, plug the USB HD into the desktop and off you go. In a datacenter, I can't plug in the USB. It's thousands of miles away. When I called one datacenter about this option, they said I would have to rent out another unit or another U. This is obviously expensive. Plus I would have to pay for USB drive and the time for a tech to work with me. That part shouldn't be too bad but you never know.

But if I'm going to pay for another U, I might as well have a second server to backup to.

Which leads to the second option, a second server. A second server wouldn't be too bad. There are many pros, it is available, I have control and I could use it in a pinch for something else if I needed and possibly exteriment with high availability items.

The issue with a second server is setup. The thought of having to setup a secure RSYNC is daunting to me. There's too many things that could go wrong and I wouldn't know it until they did go wrong. Items like my backup not working until I needed it.

The second issue with a second server is simply my pennywise roots. I'm not paying a full server setup simply for backup if I can get around it.

The third option is to backup to desktop. This simply won't work. There's simply too much data. I'm not downloading 500GB of info via web to a local desktop. Even if I did go down this path the major issue would be restoring it if I needed to. How would I get the data back to the rebuilt server? Wait days for it to transfer 500GB? It would be faster if I drove it there. I simply don't like it.

Luckily for me, my new awesome datacenter has a fourth option; NAS. Network attached storage. So basically it's an external HD that is accessible via LAN connection. Better yet, I can setup it up without their required intervention. I can just order it up via my control panel they provide and it is ready to go in a matter of 1 minute. Awesome. They automatically provide the NAS connection name, the share name, the username and the password.

But would it work? Well, they offer a free 20GB NAS for testing out. Huh? Are you kidding me? That's awesome.

So I type in the credentials on the backup panel, signal a manual backup and voila, it works. After all these years, a seemingly daunting and expensive task it boiled down to a literal 5 minute operation. Amazing.

Thank you to all the datacenter professionals and backup developers that made this possible.

Last Updated on Monday, 23 June 2014 06:03

SuperMicro Intelligent Management

Wow! I'm learning a whole bunch about SuperMicro Intelligent Management. It basically provides a way to control the physical server from a remote location. Or as they put it you can have "system management in a pre-OS or an OS-absent environment." Pretty cool.

I can view the bios, change bios settings, change IP settings, view the screen as if I were sitting right in front of the server. Again, pretty cool.

A couple of notes for me:

-CONSOLE REDIRECTION and KVM CONSOLE and CONSOLE REDIRECTION and IPMI are all the same type of item and refer to the same item, a remote console.

-SOL is SERIAL OVER LAN. I do not know what this is but I think it's passe. I'll check and report if I find differently.

Here you can get the IPMIView:


But you don't need it. Just hit the IP address of the IPMI nic in INTERNET-EXPLORER (will not work in FIREFOX) and a login page will show. The default user/pass is:

  • (case-sensitive)

You may have to add the ip address to the JAVA security section before this will work:

  • -start > control-panel > java
  • -click SECURITY tab (at the top).
  • -click EDIT-SITE-LIST
  • -type your ip-address like so:
  • -click OK > OK

To add an ISO:


From here you can add an ISO, IMA, USB, etc

To update the SUPERMICRO BIOS:

  • -get a bootable ISO here: http://pingtool.org/downloads/fd11src_live.iso
  • -get the bios zip file for your motherboard from the supermicro web site
  • -extract the bios zip files
  • -open AMI.BAT in a text-editor
  • -comment out the following lines by adding the double colon (::) in front of the lines:
  • -manually rename AFUDOSU.SMC to AFUDOSU.EXE
  • -download the MAGICISO program.
  • -install MAGICISO.
  • -start MAGICISO.
  • -open the bootable ISO.
  • -add the bios files to the FREEDOS > 3RDPARTY folder
  • -save the ISO (click file > save).
  • -connect the ISO to the VIRTUAL-MEDIA (as above).
  • -choose FREEDOS from the menu.
  • -change to the 3RDPARTY folder: cd 3RDPARTY
  • -type: AMI filename.xxx (ie: ami X10SLM5.c21)
  • -hit ENTER
  • -wait.
  • -wait more.
  • -wait longer.
  • -eventually it will complete.
  • -once you get the message "System must power-off to have the changes take effect!", turn the power-off on the IMPI.
  • -disconnect the ISO.
  • -power-on the system.
  • -let it reboot 4 times on it's own.
  • -once it reboots to something, enter the bios and reset to the defaults (this is necessary as there are defaults that cannot be manually changes and must be set).
  • -reboot again and enter bios.
  • -set your bios options to your preference.


Last Updated on Saturday, 28 October 2017 21:35

Running a VDMK on VirtualBox

  • open VIRTUALBOX.
  • click NEW (at the top).
  • type in the name you want to see.
  • select the TYPE of system (in my case it's WINDOWS 7).
  • select the VERSION of system (in my case it's WINDOWS 7 X64).
  • select the folder or CHOOSE.
  • browse to the VMDK file.
  • click CREATE.

Try to start it. Most likely it will BSOD with 0×0000007B.

Booting a VMDK in VIRTUALBOX BSOD's with 0×0000007B.

Now when you try to boot it, it will BSOD on you. It's happening because of the STORAGE CONTROLLER is fubar'd. The Problem is that Images you import from other plattforms to Virtual Box gets by default the wrong HDD config and Windows hates you for changing hard drive controllers. Here's how to fix it (loose instructions as specific changes from version to version):

  • open VIRTUALBOX.
  • right-click on the VM.
  • click SETTINGS.
  • click STORAGE.
  • select the SATA CONTROLLER.
  • click REMOVE.
  • select IDE.

Now the VMDK should boot fine.


Manually Send An Email To An Outside Domain

Want to manually send an email to an outside domain from your Exchange 2013?

Destination SMTP server:   mail.foo-receive.com
Source domain:   foo-send.com
Sender's e-mail address: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Recipient's e-mail address: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Message subject:   Test from foo-send
Message body:   This is a test message

click START > RUN

type: cmd

at the command prompt type: telnet

press ENTER.

This command opens the Telnet session.

type: set localecho

This optional command lets you view the characters as you type them. This setting may be required for some SMTP servers.

press ENTER.

Type: set logfile c:\telnetsession.txt

This optional command enables logging of the Telnet session to the specified log file. If you only specify a file name, the location of the log file is the current working directory. If you specify a path and a file name, the path must be local to the computer. Both the path and the file name that you specify must be entered in the Microsoft DOS 8.3 format. The path that you specify must already exist. If you specify a log file that doesn't exist, it will be created for you.

Type: open mail.foo-receive.com 25

press ENTER.

Type EHLO foo-send.com

press ENTER.

Type MAIL FROM: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

press ENTER.

Type RCPT TO: This e-mail address is being protected from spambots. You need JavaScript enabled to view it NOTIFY=success,failure

press ENTER.

The optional NOTIFY command defines the particular delivery status notification (DSN) messages that the destination SMTP server must provide to the sender. DSN messages are defined in RFC 1891. In this case, you are requesting a DSN message for successful or failed message delivery.


press ENTER.

You will receive a response that resembles the following:

354 Start mail input; end with <CLRF>.<CLRF>

Type Subject: Test from foo-send

press ENTER.

press ENTER.

RFC 2822 requires a blank line between the Subject: header field and the message body.

Type: This is a test message

press ENTER.


type a period ( . )

press ENTER.

You will receive a response that resembles the following:

250 2.6.0 <GUID> Queued mail for delivery

To disconnect from the destination SMTP server, type: QUIT

press ENTER.

You will receive a response that resembles the following:

221 2.0.0 Service closing transmission channel

To close the Telnet session, type: quit

press ENTER.

Last Updated on Friday, 13 June 2014 13:54

Windows 7 Won't Boot, Windows 7 Won't Boot Into Safe Mode, Hang On Searching For Windows Installations

How I got there:

  • user shutdown computer via START > SHUTDOWN.
  • computer started to load 8 updates during shutdown.
  • user didn't want to wait and hard shutdown pc by holding power button.
  • slap forhead.
  • boot into normal mode. Result: takes forever and then reboots (about an hour).
  • boot into safe mode. Result: takes forever to load and then reboots (about an hour).
  • same result for safe mode with command line.
  • boot from WINDOWS 7 CD. Click REPAIR YOUR COMPUTER. It goes to SEARCHING FOR WINDOWS INSTALLATIONS and stays for long time (I hard shutdown at about 1 hour).

What to do:

In running a CHECKDISK, you are risking that an error will be discovered and the disk will refuse to run or start clicking.
You can easily use a KNOPPIX CD to access and transfer the data.

Yes, this is in twice because the data is important. In running a CHECKDISK, you are risking that an error will be discovered and the disk will refuse to run or start clicking.
You can easily use a KNOPPIX CD to access and transfer the data.


  • boot from WINDOWS 7 CD.
  • choose language & keyboard.
  • press SHIFT + F10.
  • a command prompt opens.
  • type: chkdsk c: /R


  • type: Ren c:\windows\winsxs\pending.xml pending.old


  • type: CD /D C:
  • reboot to WINDOWS 7 CD.
  • reboot to WINDOWS 7 CD.
  • reboot to hard drive.
  • yes 3 times. The above is NOT a typo.

In my particular case, the CHKDSK found and error and refused to proceed. A hard shutdown was performed. Upon reboot, the drive started clicking. The drive is now at a data recovery center.

NOTE: Thank you to to the following link:http://www.sevenforums.com/tutorials/219533-troubleshooting-windows-7-failure-boot.html

Last Updated on Friday, 13 June 2014 13:54

Downgrade Windows 7 Professional to Windows 7 Home Premium

I like to skip the story usually of how I go into the situation but on this occassion it's worth it since I can imagine this scenario happening for many.

I was repairing a client's computer since the hard drive died. I replaced the hard drive and needed to load the OS. The sticker on the computer box said WINDOWS HOME PREMIUM but the client didn't have the CD since the manufacturer doesn't include them anymore. I didn't have one either. I only had WINDOWS 7 PRO.

"What's the big deal," I thought. "I'm sure it's simple to change it afterwards." Well, it isn't.

I loaded the Windows 7 Professional but then it complained about not being activated and not being genuine.

Just like most other issues, there is so much mis-information on the internet, it's almost impossible to fix anything nowadays. But it is possible to fix.

So here's my notes:

-go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion

Options are:


Options are:Windows 7 Professional
Windows 7 Ultimate
Windows 7 Business

2-download the freely available ISO of the WINDOWS version found here:

Windows 7 Home Premium 32Bit: http://msft.digitalrivercontent.net/win/X17-58996.iso
Windows 7 Home Premium 64Bit: http://msft.digitalrivercontent.net/win/X17-58997.iso

Windows 7 Professional 32Bit: http://msft.digitalrivercontent.net/win/X17-59183.iso
Windows 7 Professional 64Bit: http://msft.digitalrivercontent.net/win/X17-59186.iso

Windows 7 Ultimate 32Bit: http://msft.digitalrivercontent.net/win/X17-59463.iso
Windows 7 Ultimate 64Bit: http://msft.digitalrivercontent.net/win/X17-59465.iso

(NOTE: the product key number on the side of the computer box has to match the WINDOWS VERSION but it doesn't matter about the BIT VERSION. A Windows 7 Home Premium number will work with both the 32bit and the 64 bit)

3-download the eicfg_removal_utility.zip tool found here:

4-run the utility on the ISO to remove ei.cfg from the ISO.

5-download RUFUS found here:

6-run RUFUS and put the ISO on a USB.
(select all the defaults)

7-run SETUP.EXE on the USB.
(Do not boot from the USB).

(it's the only option it gives you).

9-click UPGRADE (it should allow you to go through the upgrade/downgrade process. It will keep all programs & files intact.)

10-type the product key on the side of the computer box.

Give it about an hour to complete this process.

Migrate to Office365

The migration to Office 365 is a pain. I'm not a fan. I could go on and on but there's almost no point in resisting. I even recommend switching to it to some of my clients.

To start the migration, you need an end-point. That end point needs to have the

WEB SITE NAME: mail.contoso.com
SERVER NAME: contoso-dc (yes, this is the actual computer name).

In the migration, do not setup the users on the new side. The migration will automatically setup the users for you.

Last Updated on Friday, 26 June 2015 15:22

Block Cryptolocker on Exchange 2013

-log into your EXCHANGE ADMIN CENTER (EAC) with an Admin account.
-click on the Admin in the upper right hand corner.
-select Exchange.
-go to Mail Flow on the left.
-make sure you are on Rules.
-click the + (to Create New Rule).
-name it Block EXE.
-in the Apply this rule if... drop down select Any attachment's content includes...
-click the Enter words...
-type EXE
-hit the + (you should not see EXE where the Enter words... was).
-(if you want to add other extensions like BAT, MSI, CMD and so on, you can just click in that same spot).
-in the Do the following... drop down selected Reject the message with the explanation...
-type in: Executable content not allowed. 
-leave the Audit this rule with severity level: checked drop down as is (Not specified).
-choose a mode for this rule: radio button should be on Enforce.
-now hit Save

Now add a second rule. This time when setting up the rule in mail flow, you need to:

-click on 'more options' (at the bottom of the rule).
-go back to 'apply this rule if' (at the top)
-select 'any attachment' then 'has executable content'.

Maybe I'll add a video here. Contact me if you really want one.

Last Updated on Friday, 13 June 2014 13:27


Is your Exchange 2013 (Windows Server 2012) putting messages in the DRAFTS folder?

-hard code the IP ADDRESS in the c:\windows\system32\drivers\etc\hosts file as both FQDN and Friendly name.

It will look like this:     server.domain.tld     server

Restart the MAIL TRANSPORT service and everything should be right as rain.

This happens because the server is trying to use IPv6 and for some unknown-reason-to-me, the IPv6 wasn't working as it should. Hard coding the ip address in the HOSTS file forces the server to use IPv4.

Another 6 hours down the drain due to lack of logs in Microsoft Windows. This is exactly why I stopped using Microsoft software more than 10 years ago. At least with Red Hat (RHEL, Centos, Linux) you have something to go on. If you are business, I recomment getting a support contract so that you can call when you need to.

Last Updated on Thursday, 19 March 2015 13:32

OUTLOOK Email Calendar Crashes OUTLOOK

Emailing Calendar dates from OUTLOOK 2007 crashes the OUTLOOK app.

The WindowsShell.manifest file is missing from C:\Windows folder. Find another workstation where this file exists and copy it over.

Manually Transfer SME Server Data to New Install

Manually Transfer SME Server Data to New Install


-3 drives (sda, sdb, sdc) in RAID 5 config.
-sudden power outage.
-sme won't boot.
-bad block on sda which makes up MD1.
-removing sda doesn't work for some reason.


Install Fresh SME Server

-buy new HD
-remove all old HD's
-install new HD
-install fresh SME on new HD
-shutdown machine

Re-insert Old HD

-remove new HD
-insert one of the good old HD drives

Boot from CD

-put in SME SERVER cd
-type: sme rescue
-hit enter
-don't start network
-accept other defaults

Change the LVM Name

(It's ok to run these commands. Only the last command affects the setup. Which can be easily changed back if needed)
-lvm vgscan
-lvm lvscan
-lvm vgchange -a y
-lvm pvscan
-lvm lvscan
-lvm vgrename main mainold

Re-insert New HD

-remove old HD
-insert new HD drive

Boot New HD & Access Old HD

-boot up via new HD
-connect old HD via USB caddy.
-it should be /dev/sdb
-type: fdisk -lu /dev/sdb
-mdadm -AR /dev/md8 /dev/sdb2
-lvm vgscan
-lvm lvscan
-lvm vgchange -a y
-mkdir -p /mnt/olddrive
-mount -t ext3 /dev/mainold/root /mnt/olddrive

Manually Copy Old Info

-cd /
-signal-event pre-restore
-/bin/cp -Ra /mnt/olddrive/etc/e-smith/templates-custom/ /etc/e-smith/
-/bin/cp -Ra /mnt/olddrive/etc/e-smith/templates-custom/ /etc/e-smith/
-/bin/cp -Ra /mnt/olddrive/etc/group /etc/
-/bin/cp -Ra /mnt/olddrive/etc/gshadow /etc/
-/bin/cp -Ra /mnt/olddrive/etc/passwd /etc/
-/bin/cp -Ra /mnt/olddrive/etc/samba/secrets.tdb /etc/samba/
-/bin/cp -Ra /mnt/olddrive/etc/samba/smbpasswd /etc/samba
-/bin/cp -Ra /mnt/olddrive/etc/shadow /etc/
-/bin/cp -Ra /mnt/olddrive/etc/smbpasswd /etc/
-/bin/cp -Ra /mnt/olddrive/etc/ssh/ /etc/
-/bin/cp -Ra /mnt/olddrive/etc/sudoers /etc/
-/bin/cp -Ra /mnt/olddrive/root/ / (I cheated here. I only grabbed the htop config file. I left the rest)
-/bin/cp -Ra /mnt/olddrive/opt/ /
-/bin/cp -Ra /mnt/olddrive/home/e-smith/db/ /home/e-smith/
-/bin/cp -Ra /mnt/olddrive/home/e-smith/Maildir/ /home/e-smith/
-/bin/cp -Ra /mnt/olddrive/home/e-smith/web/ /home/e-smith/

Manually Copy Mysql Info

service mysqld stop
/bin/cp -Ra /mnt/olddrive/var/lib/mysql/ /var/lib/
cd /var/lib/
chown -R mysql:mysql ./mysql
service mysqld start

Reboot with Transferred Configuration

-signal-event post-upgrade
-this allows people to work/access iinternet

Manually Copy Rest of Data

/bin/cp -Ra /mnt/olddrive/home/e-smith/files/ /home/e-smith/

Copy to New External HD

-leave HD's in the server.

Boot from CD

-plug in new HD via usb
-put in SME SERVER cd
-type: sme rescue
-hit enter
-don't start network
-accept other defaults

The new drive should show up as /dev/sdd.

Parition New HD

-type: fdisk /dev/sdd
-Press p > Press n > Press p, partition 1, default 1 > Press w
-type: mkfs.ext3 /dev/sdd1

Change to Old Info

-chroot /mnt/sysimage

Mount New HD

-mkdir -p /mnt/newdrive
-mount /dev/sdd1 -t ext3 /mnt/newdrive

Copy Info

-/bin/cp -Ra /home/ /mnt/newdrive



If running your own mail server is still important to then you will need a few item in today's world even if they are not RFC required. These items are mainly:

  • spam filtering
  • antivirus filtering
  • spf
  • dkim
  • dmarc

You either have to build these yourself or use a product that has it built in. With cloud systems clearly on the rise, most are going to find that it isn't worth the trade off and succumb to the pressure of using Gmail or Microsoft Hosted Exchange for around $4 per month.

However there are other options out there. If you don't want to give up control of the mail server (and I wouldn't blame you if fall into this category) but still want the items listed above, you could always use SCANMAILX.COM

Though it doesn't look like much on the outside, it is actually a terrific product depending on the number of account you need to manage. For about $175, you can protect and secure all the accounts on the domain.

Jesper Knudsen is the brains behind SCANMAILX and one of the most brilliant developers of our time. After emailing back and forth a few short times so I could feel comfortable with the product, I signed up.

It is rather easy to get going as well. You don't even have to setup accounts on the SCANMAILX side. Three simple steps to change to SCANMAILX.


  • change MX records TTL to 3600 (1 hour. The lowest TTL possible in NS).
  • be certain the FORWARD HOST is correctly configured in SCANMAILX account.
  • change DNS mx records to mxdk01.scanmailx.com & mxdk02.scanmailx.com.

It's been a few months since signing up and everything is humming along just fine and dandy. The controls at the administrator side of their web site is pretty straight forward.

Canon Advanced C5235: Change SMTP Port

Canon Advanced C5235: Change SMTP Port

Of course with the recent changeover to Hosted Exchange, or Office365, we need to change all the outgoing email settings, or SMTP settings, on all the copiers. Most copiers it is pretty simple. But with Canon, they haven't put their SMTP Port in the web interface. Nearly 2014 and companies still design and engineer with brain damage.

  • walk to copier.
  • press the settings button.
  • press the numbers 2 & 8 simultaneously.
  • press the settings button again.
  • press the number 2 and the settings button once again (go into "level 2" of service mode).
  • press the i symbol.

Running My Own Email Server

Running My Own Email Server

For the past 10 years, I've been running my own email server for a company of 750 accounts. It was built in my spare bedroom as a hobby and it intrigued my desire to learn. It worked very well and saved a ton of money, so I implemented it.

The Reasons

One of the reasons I did this was strictly control. I could easily control accounts, look into situations and make corrections if needed.

Another reason I did this was because of detailed information I could get by looking at the log files. Like above, I could easily look into the logs to see what's happening in real-time and didn't have to put up with cryptic or erroneous messages.

Another primary reason was speed. I could make changes via command line faster than most people could change channels on their TV. A simple command line and BAM!, the info I needed was there.

The last primary reason I did was because I trusted myself rather than someone else. I knew that as long as the hardware was working correctly, the Centos email-server would be the energizer bunny of the rack.

The Downfall

The downfall of all of this is actually running it. And everything that comes with it. The technical aspect was the easy part. As I said, most Centos systems are rock solid stable. The tough part is the people. When email doesn't go through, they automatically think that there is something wrong with the system. Especially when business is on the line. It's easier to blame the system rather than themselves. Never do they think or admit that they could have made a mistake.

The reality is much different. If this 10 year project has taught me anything it's that people make a massive amount of mistakes. Massive. Let me say it again: MASSIVE!

The Human Factor

Telling people that the email didn't go through because they spelled the email address incorrectly was nearly a daily occurrence. It went like this... They spelled the name incorrectly. They received a bounce message. They assumed that something is wrong with the email server. They complained to me. Never once did they actually look at the bounce message and read what it said.


"Oh, I must have spelled the email address incorrectly. Let me try again and spell it correctly." Were never words that anyone said. It was always, "I need this email to go through!!! There is something wrong with the system!!! How can we operate like this!!!"

When you tell them the email address incorrect, they call you a smart-@$$ and grumble as they walk away. Really I have better things to do than spend my adult years telling other adults that they can't spell.


Then comes the big issue: SPAM. I've nearly devoted my life to rid my accounts of spam. It's been a back and forth battle. There were some days that I thought I would simply pull the plug and quit. But I stuck in there and eventually an updated RPM would come through fixing the problem for awhile until the process started again.

In recent years, the server has sometimes nearly choked on itself fighting the contents of messages but it kept pushing through.


While blocking other blacklisted servers is a good idea in my mind it is obviously not good for the people trying to get messages. In my mind, the complaints sounded like this, "My friend has a GoDaddy account that she bought the other night for a dollar and the account is on a server that sending out millions of spam messages advertising pharmaceuticals. It's obviously black-listed for very good reason as most, if not all, blacklisted servers are but I need her messages to come through. Can you fix it?"

So I'm supposed to adjust my system because theirs is obviously broken.


Here's the progression of an actual complaint taken verbatim:

THEM: "I've had repeated complaints of emails getting denied, kicked back or undeliverable when people use my [removed].com address. Am about to lose a new listing because of... What's the problem!?"

ME: "They are on a blacklist. We don't receive email from blacklisted servers."

THEM: "I contacted my friend. Here is what he said..."

"Your email server uses a German blacklist database provider that looks to be shady at best. The IP address [blah, blah, blah] is owned by Network Solutions who hosts one of the largest email systems. Any reputable black list service would contact Network Solutions directly before blacklisting one of their email servers seeing how blacklisting a Network Solution server would cause a great deal of email to be 'bounced' or undelivered to your system. I recommend removing this black list from your mail server immediately. I would also recommend using an ironport or some other reputable SPAM filtering hardware over a hosted database look up. If you do decide to use a hosted service to reduce SPAM, definitely choose a more reputable company than UCEPROTECT...."

ME: "The server is on more than 5 different blacklists. They can't all be wrong. There is obviously an issue with the other server."

THEM: "...the email addresses [sic] are famous for being undependable. (Just ask [removed] from [removed company], [removed], [removed] and more)... Many [removed] agents use their own email addresses due to the poor workings of [removed] addresses."

ME: "Their email is hosted on Unified Layer. One of Unified Layer's servers was behaving badly. Consequently, that server was put on an external BLACKLIST that we utilize. This blocked all email from that particular server. Unified Layer has full time staff to handle issues like this and they fixed the issue rather quickly so everything should be ok. It is a common issue with Unified Layer just search on google here: https://www.google.com/search?q=unified+layer+blacklist"

THEM: "Our regular [removed] emails are not all coming in. I did not receive multiple emails from [removed] a couple days ago, and apparently our new client (who is about to list a $1m+ with us) is being rejected. Please fix asap, as he is very techy [sic] and if we are not receiving his emails..."

ME: "He's so techy [sic] that he's using Unified Layer as his email. Not a good sign. They are black listed again. Look at the 17 million results when you search for it via google."

THEM: "If [removed], [removed], [removed] and I (repeatedly)are all kicked back from [removed]- we have a problem. I know other agents have addressed this same concern - answer always comes back that it is not [removed]'s issue. Yet our ability to receive necessary email continues to be compromised. More than likely, this very message will be kicked back. This is beyond frustrating - has been going on for 2+ years now with no success in remedying this crippling situation. It is not just 1 or 1 isolated incidents. Too many senders are being rejected."

ME: "Thanks for contacting me. You can help me by contacting me if you have a particular issue. You need to let me know what the issue is and what bounce message is. In other words, if someone sends you a message and they receive a bounce message, find out what the bounce is and send it to me. I'll be glad to look at it and point out where the issue is and make adjustments if necessary.

Can I make adjustments on technical information that is never sent to me? No I can't. Which is why I ask for your help.

They don't all get kicked back. Unified had a problem with one of their servers. They fixed it as they should. You can see from the info below that Barracuda agrees that this is an issue outside of [removed].

Nobody has sent me any bounce messages from [removed] but [removed] and I email each other on a regular basis. In fact we traded emails over the weekend.

Nobody has sent me any messages from [removed].

Concerning your email, you might have sent a message in the past but not recently. Again, if you are receiving a bounce message, let me know what it is."


The above is boring. That is my point. It's boring and pointless. They are trying to convince me that something is wrong on my end. I am trying to convince them to use a good email service like gmail so something similar that costs less than $5 per month.

The Switch

Today, I put an end to all of it. I switched over to a cloud service. It came down to Gmail or Microsoft Hosted Exchange. I chose Hosted Exchange because I don't like where Gmail is headed with the funny and ultimately too small compose message box on their web site. Yes, that is really why I did't choose them.

The total project is going to cost 50K per year or 500K of the same period I was doing it for free.

The biggest relief is that I don't have to do it anymore. If something is wrong, it's their fault. Do you think I will still get complaints?

Powershell Useful Commands

Powershell Useful Commands

This is my Powershell Useful Commands. They are commands that I want to use but can't remember their silly non-sensical syntax. I'll update it as I see fit. This is for me. If you can use it, great.

1.Get-Mailbox USERACCOUNT | Select *
1.Get-Mailbox USERACCOUNT | Select prop1, prop2, etc
1.Get-Mailbox USERACCOUNT | FL *forward*
2.Get-Mailbox USERACCOUNT | Select Name, PrimarySMTPAddress, ForwardingAddress, ForwardingSMTPAddress, DeliverToMailboxAndForward

NOTE: There are two properties that are very similar ForwardingAddress & ForwardingSMTPAddress.

Here is the difference:
ForwardingAddress: This is to forward to another account within the same domain.
ForwardingSMTPAddress: This is to forward to an external account.

1.Set-Mailbox USERNAME -DeliverToMailboxAndForward $true -ForwardingSMTPAddress forwarding-email-address.tld
1.Set-Mailbox USERNAME -DeliverToMailboxAndForward $false -ForwardingSMTPAddress $Null
1.Set-Mailbox USERACCOUNT -EmailAddresses foouser1-AT-domain.tld, foouser2-AT-domain.tld
3.<h5>{code}Get-Mailbox | Where {$_.ForwardingsmtpAddress -ne $null} | Select Name, ForwardingAddress,ForwardingsmtpAddress, DeliverToMailboxAndForward
1.Get-DistributionGroupMember GROUP-NAME-at-DOMAIN.TLD
1.Get-DistributionGroup GROUP-NAME-at-DOMAIN.TLD|FL
1.Add-DistributionGroupMember -Identity GROUP-NAME-at-DOMAIN.TLD -Member USERNAME -BypassSecurityGroupManagerCheck"
1.Remove-DistributionGroupMember -Identity GROUP-NAME-at-DOMAIN.TLD -Member USERNAME -BypassSecurityGroupManagerCheck

By default only internal-accounts can email groups. To set a group to accept Senders outside of organization:

1.Set-DistributionGroup -Identity GROUP-NAME-at-DOMAIN.TLD -RequireSenderAuthenticationEnabled $False


I don't know how to explain this. But here it goes... The following are commands that affect the USERACCOUNT at a root level. Because of this, REGULAR POWERSHELL (and all it's dependencies) can't run the commands. You have to get a SUPER POWERSHELL.

They call it the WINDOWS AZURE AD MODULE. It will only run on WINDOWS-7 & WINDOWS-8 and it requires something called ONLINE SERVICES SIGN IN ASSISTANT. Even though it is called a MODULE which maybe should just upgrade your current POWERSHELL, the truth is that it's another POWERSHELL (Trust me, nothing in Microsoft world makes sense).


So, AS ADMINISTRATOR, you have to use this AD MODULE rather than POWERSHELL to make changes.

1.right-click WINDOWS AZURE AD MODULE click RUN AS ADMINISTRATOR type: $msolcred = get-credential type: connect-msolservice -credential $msolcred
1.Set-MsolUser -UserPrincipalName jsmith-at-company.com -StrongPasswordRequired $false
1.Set-MsolUserPassword -UserPrincipalName jsmith-at-company.com -NewPassword new-password-here -ForceChangePassword $false
1.Remove-MsolUser –UserPrincipalName USERNAME-at-DOMAIN.TLD
1.New-MsolUser -DisplayName "testuser" –UserPrincipalName testuser-AT-yourdomain.com –UsageLocation "US" | Set-MsolUserLicense -AddLicenses "tenantname:ENTERPRISEPACK"


ls: lists contents of directory.

cat: read contents of text file.

Select-String: the MS version of grep.

DDWRT Kong Build Updates

I periodically check for newer hardware and firmware builds when it comes to routers. I am more interested in stability than performance but of course would like to have both.

In my last update, I was using:
Asus RT-N16 + r18050

In this check, I'm still sticking with Asus RT-N16. They are plentiful and affordable. New routers are available but they are 100% higher in costs and I don't think are worth the trade-off yet.

Stable More Affordable Version

The only change at this time is to move to the latest K26 r22200 build here:
Asus RT-N16 + http://www.desipro.de/ddwrt/K26/r22200

I was looking into the K3.x builds for the RT-N16 but it seems a rather complex process.

Stable Upgraded Bleeding Edge Version

Since I'd rather wait till hardware changes and the process is a little more straight forward, the next step up seems to be:
Asus AC-RT66U + http://www.desipro.de/ddwrt/K3-AC/22715

Last Updated on Tuesday, 11 April 2017 18:19

The Option of Options

The Option of Options

Leaders are gatekeeps. They decide what a group of people will have and what they won't have. In the same way an editor of a newspaper decides what stories people will read and what stories will never make the frontpage, leaders eventually have to decide what to offer as well.

One of the most powerful principles a leader will come across is the option of options. What do good leaders give as an option to another group? Do you give the as many as possible? After all, that seems to be what people want.

The truth is that while people want options to be able to choose, they don't want too many options. If you give a person too many options, their brain goes into overload and quits the decision making process altogether to find another way to proceed.

A good example of this is CostCo. You might have been to CostCo before. The huge warehouse superstore that does nearly everything by bulk. I actually stretch before I go in and I heard a rumor that it will be added to the next Summer Olympics. Just kidding.

One of the most common complaints about CostCo is the lack of choice. Do you know what CostCo thinks? Perfect. That's exactly what they want. They want options but very few of them. Options are good but too many options and it hinders the decision making process.

The brain can handle about 6 options easily. Any more than that and it starts to give up.

This was one of the brilliance of Steve Jobs. One of the best actions he took when he was reintroduced to Apple in the early 2000's was to limit the product line. Forget about having all sorts of options that competitors were offering. Boil the product line down to the most basic of items. Keep the options so simple that a non-working wife of a well-to-do husband could understand and make the decision on her own. He limited it down to the:

  • iMac (home computer use)
  • Mac Pro (professional computer use)
  • iBook (home laptop use)
  • Mac Book Pro (professional laptop use)

What could be easier? Each option is clear. Each option is distinct. Each option is easily understood by the target market. Diving deeper into each one of these simple options will reveal that there are further options to upgrade but those options come later and are re-presented at another stage.

What's funny is how quickly a company can change when the leader is vacated. In such a short time, Apple has lost it's focus that was so easily identifiable a few years ago.

This week they will release 2 new iPhones, the 5s and the 5c. Our target market can't tell the difference between the two. There's no clear difference. There's no easily identifiable differentiators. It can't be easily understood. Do you think both will be a success? Or do you think that one will succeed and one will fall flat on it's face? Or maybe both will be doomed? I guess we will find out.

Now to you leader. Will you offer options? You will offer many and confuse? Or will you be helpful. Offer no more than 6 options. Make each one clear and easily identifiable. Don't confuse. Clarify.

Paying for a SMTP Relay

Paying for a SMTP Relay

I manage a server that handles email for a medium sized company. It processes about 1,000 messages per hour or 24,000 per day. The box sits inside the office humming away for about 10 years.

Then one day, for some reason, executable content comes through the email service which isn't picked up by ClamAV. Then, for some reason, a user opens an email that's obvious-to-me-but-not-to-them that they shouldn't open. Then, for some reason, my choice of antivirus at the time (Panda Cloud) does nothing and... poof. Cutwail virus city. This thing starts sending out spam by the thousands every minute and the IP address is quickly put on blacklists all across the world.


If you are given a map and dropped into nowhere, you can usually find your way around pretty quickly. If you're dropped in the middle of nowhere, it takes longer to find your way out.

I discover they're on a blacklist pretty quickly. Through blacklist diagnostics, I can see that a cutwail virus is on the network. I wait till the end of day and start to scrub client pc's and think "I'm too old of this stuff."

I find a client pc, disinfect it with Microsoft Saftey Scanner and feel good. I put in for delisting and wake up the next day to find they were re-listed for the same reason.

I missed a client pc behind a closed door. Executives. The reason the world spins slowly.

Finally getting physical access by persuasion that there's an obvious problem, I disinfect the second client pc as well. Feeling really good, I put in for another delisting. The next morning they stay that way.


The next few days were spent delisting from any blacklist or RBL at MXToolBox.

Now here's the problem, despite delisting, the IP address is on-radar at larger outfits like Yahoo & AOL who run their own internal spam metrics. Because of poor stats, the server is still getting blocked.

To ease this, I switch over to the ISP smtp server which is used to work fine for quite a long time: smtp.fdn.com. That doesn't work. They were bought out. So I use the newer smtp server: smtp.nuvox.net. That doesn't work. They were bought out by Windstream. I don't know the smtp server for them.

I call support knowing that large customers get to talk to knowledgeable people in a few minutes. Obtaining that Windstream's smtp server is: mailhost.windstream.com, I start using that.

Everything is going good.

A few hours pass.

Rrrrrriiiiiinnnnggg!!!! Rrrrrrriiiiinnnngggg!!! Rrrrrriiiinnnnnngggg!!!

"I'm not getting email!"

I look in the logs: "Too many recipients in the past hour."

So Windstream has an hourly limit on sending. This used to not be so. Normally it isn't a problem but when blast company wide messages go out, the server spikes above that level.

I switch back to the internal smtp.

Everything is going good.

A few hours pass.

Rrrrrriiiiiinnnnggg!!!! Rrrrrrriiiiinnnngggg!!! Rrrrrriiiinnnnnngggg!!!

"I'm not gettting email!"

I look in the logs: "(DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.htm"

So AOL has dynamically blocked the IP address because it went too high on the stats.

I switch back to the Windstream smtp.

My only problem is AOL. If they would remove the DYN:T1 block, my life would be normal again.

I switched back and forth between the internal smtp and the Windstream smtp for the next several days hoping the block would be removed.

After getting enough complaints because of too much delay, I realize I'm too old for this and my hobby projects in my 20's which are now production projects in my 30's probably need to be shutdown. I just can't take it.

I look for outside help.

I remember hearing about Amazon smtp services or simple email service (SES). It's part of their Amazon Web Services (AWS) or their cloud services.

I sign up feeling like they are a good partner.

Their documentation takes a few reads because of the whole credentials aspect. They have a set of credentials for accessing the service but they have a different set for accessing SMTP. This set is created automatically.

Their documentation is also confusing about SSL/TLS on port 465 but I test it out over the next few days and get it working in my test. Here's what I used



Unfortunately, the service won't work for forwarding accounts. In other words, if I receive emails on behalf of someone and forward them onto their private email address at for example, AOL, it bounces with a message about the sending domain being invalid.

Back to the drawling board.

You would think that an SMTP service for large volume would be easy to find and obtain. Well, it's easy to find enough. Like most, I go to google and type "smtp services."

Cutting out the details, here's the services that make my short list:

  • MandrillApp
  • Ongage
  • Critsend
  • Mailgun
  • MailJet
  • SendGrid
  • Dyn

I moved on to the next service on the list, MandrillApp. Super easy. Create an account and the credentials are right there, easy to understand and ready to be used.

  • Host smtp.mandrillapp.com
  • Port 587
  • SMTP Username This e-mail address is being protected from spambots. You need JavaScript enabled to view it
  • SMTP Password any valid API key

I turn them on over the weekend and montior it. Everything is great. It even has detail stats on the sending such as percentages and graphs that make you feel good. The problem becomes, you lose control.

Managing my own server, I can watch the outgoiong process in real time. If the receiving server gives a message, I can see it. When you outsource this to another company, you don't get to see anything. You have no idea what is happening. All you know is that there is a problem.

Over the next few days, I deal with issues such as mail stuck in the queue with no way to send it, message sending limits being lowered to 29 messages per hour with no way to lift them and rejected messages with no reason why. Messages aren't getting through.

No one can run a business without messages getting through.

I contact their support through email and wait about 24 hours for a response each time. The responses are all the same, they sound great but in the end the service is automatic and their's nothing they can/will do.

So I ask the ultimate question, "What's the point of having a sending service that doesn't help you send?" I didn't pay them to be critics on what I was sending, I pay them to send, period. If they are not going to help me do that then we are not a good fit.

I change the sending back to local server. I move on.

I cannot have another experience like the failed MandrillApp trial run. Being afraid, I breeze over Ongage, CritSend, MailGun and MailJet. They all seem to be similar. Built for developers so that a product can automatically send messages to their clients.

They really aren't services that help send messages on a day to day basis. Most of their documentation starts talking about send limits and unsubscribes.

I decide using the local service is the best option just like that past 10 years. I made some changes to limit the number of messages that can be sent per second and I dish sending off to the ISP smtp server. It seems to be working OK with only a few hiccups.

AOL has seemed to stop blocking with these low limits and the passing of 30 days time from the original incident. My only issue is some Yahoo servers are still blocking. Not all. Only some. Arrrrgggghhh. I'll deal with it.

I'll have to work on the IP reputation in the near future by turning on SPF, DKIM, and DMARC. Believe it or not, I turn towards friends and I have one who runs scanmailx.com. I'll test the service out but know that the developers are some of best around.

Walk Through: Clone Hard Drive with Bad Blocks By Using ddrescue

Walk Through: Clone Hard Drive with Bad Blocks By Using ddrescue

OK, here it is again in simple terms. You can't fix bad blocks. Once it happens, it grows. If you see bad blocks anywhere, replace the HD as soon as possible.

The best way to make this happen is by cloning the disk. Here's how:

This process ignores filesystems so it will work on Windows (NTFS) and Linux (ext2, ext3). I haven't tried other filesystems but can imagine it would work fine as well. Although on Mac's I use Carbon Copy Cloner (CCC).

  • -shutdown the computer that needs fixing.
  • -buy a disk the exact same size (or larger) as the disk that has bad blocks on it.
  • -physically install the HD in the computer.
  • -download SYSRESCUE CD here:
  • -make a bootable SYSRESCUE CD.
  • -boot off of the SYSRESCUE CD.
  • -accpect the defaults as it boots.
  • -you are at a black command prompt.
  • -find which HD is in which position.
1.sfdisk -luS /dev/sda /dev/sdb

-typically the sda will have a partition table & sdb will have nothing and you'll get "no partitions found".

-Great. Wonderful.

-Now let's clone the disk by rescuing a whole disc with all partitions in /dev/hda to /dev/hdb.

Note: you do not need to partition the new disk /dev/hdb beforehand, but if the partition table on /dev/hda is damaged, you'll need to recreate it somehow on /dev/hdb.

1.ddrescue -f -n /dev/sda /dev/sdb rescue.log

If the system is really important, then do it a second time with the following options. This pass will be slower but more thorough.

1.ddrescue -d -f -r3 /dev/sda /dev/sdb rescue.log

Now let's shutdown.

Remove sda (the old drive).

Now reboot.

Boot fine! It recognizes the new cloned drive as sda.


Reposition the drive sda to the first slot for sanity's sake.

Macbook Pro Slow After 10.8 Upgrade

Macbook Pro Slow After 10.8 Upgrade

Macbook Pro slow after 10.8 update. Many are having the same issue. I threw in the towel and purchased another after market hard drive from macsales.com. They promise it will work with some custom firmware they have on it. The hard drive I purchase is located here:


With a fresh 1TB hard drive that's verified to work and original CD's in hand, I went onto install Mac OS X 10.6 with a fresh install rather than cloning this time. It wouldn't install... See above.

Macbook Pro Won't Install

Macbook Pro Won't Install

Macbook Pro won't install OS X with an error message "Installation failed, Mac OS X could not be installed on your computer..." I don't know why. I don't really care. I just want it to work.

  • restart the install from the disk.
  • select OPTIONS.
  • uncheck everything except the BASE SYSTEM (I think that's what it's called).
  • it should install this time.

One thing is for sure, Apple is not the promise land... it's just a new set of problems.

Macbook Pro Slow During OS X Install

Macbook Pro Slow During OS X Install

Macbook Pro is slow and taking forever (say about 15 minutes) with no progress update or the little sounds that make me feel like something's happening. You can see the install logs by clicking:

  • window.
  • installer log.

Select to SHOW ALL LOGS. This way I know what's happening. That makes me feel better. Or just be patient and let it go through. It's actually doing something.

Macbook Pro Pinwheel of Death During 10.8 Upgrade

Macbook Pro Pinwheel of Death During 10.8 Upgrade

What a disaster... If you see the pinwheel of death, aka the beachball of death, aka spinning ball, let it go for about 10 minutes. Still happeing? Hard shutdown by holding the power button for 5 seconds or so. It will shutdown. Press again to start up the Macbook Pro. The upgrade process should begin automatically.

Access RAPIDSSL Certificates

Access RAPIDSSL Certificates

To access your RAPIDSSL certificates or your GEOTRUST certificates, you can login to their END USER PORTAL here:

This is kinda hidden since typically RAPIDSSL only sells to resellers and pushes all support through them, so I'm making a note of it.

Last Updated on Friday, 26 July 2019 05:31

Can't Print to Bizhub C360 From Mac OSX

Can't Print to Bizhub C360 From Mac OSX


USER: admin
PASS: 12345678


  • -download drivers from the bizhub website
  • -add printer as normal using those drivers (not generic)
  • -print something
  • -click SHOW DETAILS (in print dialog box) (or you might have to click USE SYSTEM DIALOG)
  • (Basically we are trying to get to the part where we have many options.)
  • -change to OUTPUT METHOD
  • -bullet PUBLIC
  • -click SAVE SETTINGS > OK

In some cases, I've had to use ACCOUNT TRACKING (rather than USER AUTHENTICATION). For this, a USER must be setup on the Bizhub C360 under ACCOUNT TRACKING. The USER must have a NAME & PASSWORD.

On the Mac OSX side

  • -print something
  • -click SHOW DETAILS (in print dialog box) (or you might have to click USE SYSTEM DIALOG)
  • (Basically we are trying to get to the part where we have many options.)
  • -change to OUTPUT METHOD
  • -checkmark ACCOUT TRACKING
  • -type in ACCOUNT & PASSWORD
  • -click SAVE SETTINGS > OK
Last Updated on Friday, 26 July 2019 05:32

Office 2010 "You don't have permission to open this file."

Office 2010 "You don't have permission to open this file."

You also might get, "filename.xls could not be found."

-disable Panda's DATA SHIELD.

Panda's Cloud free antivirus has a new component called Data Shied. Disable the DATA SHIELD and it will fix the issue.

Last Updated on Friday, 26 July 2019 05:33

The Specified Domain Either Does Not Exist or Could Not Be Contacted

The Specified Domain Either Does Not Exist or Could Not Be Contacted

When you try to add a computer (XP, SERVER 2003, WIN7, etc) to a domain, you get: "The Specified Domain Either Does Not Exist or Could Not Be Contacted"

If I know that the domain does exist, check to make sure the computer you are working on has the right network settings. You may have to release and renew the IP address. Usually, the DNS is incorrect. If it still doesn't work, set the WINS server as well.

Last Updated on Friday, 26 July 2019 05:34

Testing HD with Smartctl & Finding the Filesystem

Testing HD with Smartctl & Finding the Filesystem

Hmmm. Something is wrong with SDA. Let's test it:

1.smartctl -t short /dev/sda

And look at the results:

1.smartctl -a /dev/sda

The last 5 result log shows:
Error: UNC 8 sectors at LBA = 0x00384622 = 3687970

SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Short offline Completed: read failure 10% 44084 976766499

So we have to find the filesystem. Usually it would be:

1.# fdisk -lu /dev/sda

I get:

1.Disk /dev/sda: 500.1 GB, 500107862016 bytes
2.255 heads, 63 sectors/track, 60801 cylinders, total 976773168 sectors
3.Units = sectors of 1 * 512 = 512 bytes
4.Device Boot Start End Blocks Id System
5./dev/sda1 * 1 208769 104384+ fd Linux raid autodetect
6.Partition 1 does not end on cylinder boundary.
7./dev/sda2 208770 976768063 488279647 fd Linux raid autodetect

((976766499- 208770) * 512) / 4096

We get:
122069716 LBA block.

But wait, the filesystem isn't on sda, it's on /dev/main/root. Here's how:

1.# cat /etc/fstab
1./dev/main/root / ext3 usrquota,grpquota 1 1
2./dev/md1 /boot ext3 defaults 1 2
3./dev/main/swap swap swap defaults 0 0

So we know files system is mounted at /dev/main/root and it is ext3 type.

We can find the BLOCK SIZE by:

1.# tune2fs -l /dev/main/root | grep Block

I get:

1.Block count:              121561088
2.Block size:               4096
3.Blocks per group:         32768

We're still at 122069716 LBA block.
Or specifically 122069716.125 or the second of 8 sectors in this block.

We can test the block by:

1.# debugfs
2.debugfs 1.39 (29-May-2006)
3.debugfs:  open /dev/main/root
4.debugfs:  testb 122069716
5.Illegal block number passed to ext2fs_test_block_bitmap #122069716 for block bitmap for /dev/main/root
6.Block 122069716 not in use
7.debugfs:  quit

In short, it looks like this:

sda1  sdb1

        sdb1 sdb2
        pv (md2)
        vg (main)
    /            \
lv (main/root)        lv (main/swap)

Last Updated on Friday, 26 July 2019 05:35

unrecoverable I/O read error for block 976557696

unrecoverable I/O read error for block 976557696

unrecoverable I/O read error for block 976557696


I'm going to walk you through this one. It happened during a raid recovery. SDA is in the system and I'm trying to add a new SDB. I hate posting logs but it looks like this:

01.Dec 24 15:38:10 server kernel: sd 0:0:0:0: SCSI error: return code = 0x08000002
02.Dec 24 15:38:10 server kernel: Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE,SUGGEST_OK
03.Dec 24 15:38:10 server kernel: sda: Current [descriptor]: sense key: Medium Error
04.Dec 24 15:38:10 server kernel:     Add. Sense: Unrecovered read error - auto reallocate failed
05.Dec 24 15:38:10 server kernel:
06.Dec 24 15:38:10 server kernel: Descriptor sense data with sense descriptors (in hex):
07.Dec 24 15:38:10 server kernel:         72 03 11 04 00 00 00 0c 00 0a 80 00 00 00 00 00
08.Dec 24 15:38:10 server kernel:         3a 38 46 23
09.Dec 24 15:38:10 server kernel: raid1: sda: unrecoverable I/O read error for block 976557696
10.Dec 24 15:38:10 server kernel: ata1: EH complete

It can't resync the raid because there's a read error on the only remaining disk, sda. I wish it would just skip over it because the value of having a working raid is more important than the value of having a bit of information that is probably not that important anyway. I think it's a bug in the mdadm package that's fixed in current versions but I'm stuck with what I have.

To fix, in short, clone the disk and move on with life. Here's howto:

Use ddrescue to clone disk. It's a tool on a boot cd found here:

So download the disk image and burn it.
Boot to system rescue cd with defaults.
The raid starts to rebuild automatically, so we will have to stop it. First, fail and remove sdb1:

1.mdadm -f /dev/md1 /dev/sdb1
2.mdadm -r /dev/md1 /dev/sdb1

Now, fail and remove sdb2:

1.mdadm -f /dev/md2 /dev/sdb2
2.mdadm -r /dev/md2 /dev/sdb2

Now let's clone the disk:

1.ddrescue -f -n /dev/sda /dev/sdb rescue.log
2.ddrescue -d -f -r3 /dev/sda /dev/sdb rescue.log

Now let's shutdown.

Remove sda. Now reboot.

Boot fine! It recognizes the new cloned drive as sda.


1.signal-event halt

Reposition the drive sda to the first slot for sanity's sake.
Place new hd into the second slot.

02.manage disk array redundancy.
03.add sdb into array.
04.wait for resync.
05.# cat /proc/mdstat
06.Personalities : [raid1]
07.md1 : active raid1 sdb1[1] sda1[0]
08. 104320 blocks [2/2] [UU]
09.md2 : active raid1 sdb2[1] sda2[0]
10. 488279552 blocks [2/2] [UU]

resync's fine!!!


Here's the long version with all of my notes. It's the perfect example of a sysadmin's downward spiral into the 5th circle of hell.  It may or may not make sense.

The error return code is below. I had to look it up. Basically it says there's no error.
08 | 00 | 00 | 02
cat /usr/src/kernels/2.6.18-308.16.1.el5PAE-i686/include/scsi/scsi.h

Here's the real issue. It's a read error on the live disk.
raid1: sda: unrecoverable I/O read error for block 976557696

This link explains it better than I do:

In theory, this would work. First check the read of the sector:
$ hdparm –read-sector 976766499 /dev/sda: Input/Output error

Then write to the sector:
hdparm –write-sector 976766499 /dev/sda
hdparm –write-sector 976766499 –yes-i-know-what-i-am-doing /dev/sda

But I don't have those options in hdparm. I'm at hdparm v6.6 and these options are in hdparm v8.1. Hmmm... Let's look at the status:
cat /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sdb1[1] sda1[0]
104320 blocks [2/2] [UU]
md2 : active raid1 sdb2[2](S) sda2[0]
488279552 blocks [2/1] [U_]

Let's look at the details of md2:
mdadm --detail /dev/md2

So md2 has:
1 active-sync member
1 removed member
1 spare member

We can't add the new drive into md2 because it's already added:
mdadm -a /dev/md2 /dev/sdb2
mdadm: Cannot open /dev/sdb2: Device or resource busy

So we have to fail it and remove it:
mdadm -f /dev/md2 /dev/sdb2
mdadm -r /dev/md2 /dev/sdb2

Now let's try to re-add it with the re-add option:
mdadm /dev/md2 --remove detached
mdadm --re-add /dev/md2 /dev/sdb2

Same result. Humph...

Let's remove the device, shutdown and add the original sdb back in.

Same result. Humph...

We're back to the bad block. Exact same message, exact same block:
$raid1: sda: unrecoverable I/O read error for block 976557696

Modern hard disk drives are equipped with a small amount of spare sectors to reallocate damaged sectors. However, a sector only gets relocated when a write operation fails. A failing read operation will, in most cases, only throw an I/O error. In the unlikely event a second read does succeed, some disks perform a auto-reallocation and data is preserved. In my case, the second read failed miserably (“Unrecovered read error – auto reallocate failed“).

If there were another correctly working disk in the raid, I would just replace the bad disk. But this is the only disk left.

Let's see the logical volume:
lvdisplay --maps |egrep 'Physical|LV Name|Type'

OK, it's: /dev/main/root

I'm going to try to run badblocks on the lv:
badblocks -n -s /dev/main/root

I get:
/dev/main/root is mounted; it's not safe to run badblocks!

Boot from Install CD.
Type: sme rescue (at prompt)

Select your language. Select keyboard language.

Unmount the lvm:
unmount -l /dev/main/root

Check for bad blocks on the lv:
badblocks -n -s /dev/main/root

That took too long. Stopped at 1% compelete.

Let's check the remaining disk:
smartctl -a /dev/sda

Gives the error log:
40 51 08 22 46 38 e0  Error: UNC 8 sectors at LBA = 0x00384622 = 3687970

And also gives the proper LBA error:

This is the decimal number. The hexadecimal number is: 0x3a384623.

The system has a raid. LVM is on the raid. The file system is on LVM. Trying to map the bad phyiscal block, to the LVM logical block is nearly impossible because it's manual calculation. But I try anyway.

Finding the sda layout:
sfdisk -luS /dev/sda

Disk /dev/sda: 60801 cylinders, 255 heads, 63 sectors/track
Units = sectors of 512 bytes, counting from 0

Device Boot    Start       End   #sectors  Id  System
/dev/sda1   *         1    208769     208769  fd  Linux raid autodetect
/dev/sda2        208770 976768063  976559294  fd  Linux raid autodetect

so the bad lba is in sda2.

The LBA minus the start of the partition:
976766499 - 208770 = 976557729

Let's get the size of the PHYSICAL EXTENT of the PHYSICAL VOLUME:
--- Physical volume ---
PV Name               /dev/md2
VG Name               main
PV Size               465.66 GB / not usable 3.31 MB
Allocatable           yes (but full)
PE Size (KByte)       32768
Total PE              14901
Free PE               0
Allocated PE          14901
PV UUID               M1IIOi-nln7-encf-DgZC-DtjF-0ZGs-4OEFgK

So we have:

So the LBA block size is 32768 * 2:

Let's find the offset of the beginning of the first PE:
pvs -o+pe_start $part


Let's calculate the physical partition's bad block number / sizeof(PE) =
976557729 / 65536 = 14901.0883942

Find the LV of 14901:
lvdisplay --maps |egrep 'Physical|LV Name|Type'

]# lvdisplay --maps |egrep 'Physical|LV Name|Type'
LV Name                /dev/main/root
Type                linear
Physical volume     /dev/md2
Physical extents    0 to 4702
Type                linear
Physical volume     /dev/md2
Physical extents    4765 to 14900

So we know it's in /dev/main/root

We need to know the block size of the LV:
dumpe2fs /dev/main/root | grep 'Block size'

Block size:               4096

The logical partition begins on PE 4765

So let's find the badblock
(# PE's start of partition * sizeof(PE)) + parttion offset[pe_start] =
(4096 * 65536) + 192 = 268435648

Let's test the FS of the bad block:
dd if=/dev/main/root of=block268435648 bs=4096 count=1 skip=268435648


debugfs 1.32 (09-Nov-2002)
debugfs:  open /dev/main/root
debugfs:  testb 268435648


I got:
Illegal block number passed to ext2fs_test_block_bitmap #268435648 for block bitmap for /dev/main/root
Block 268435648 not in use

This means my calculations are wrong.


Back to the drawing board. Here's what I know:
debugfs must be used on the filesystem. The filesystem is on /dev/main/root
The disk has sectors of 512 bytes.
The logical block size of the FS is 4096 (Or the block size is 8 disk sectors)
The error message is: raid1: sda: unrecoverable I/O read error for block 976557696
(I don't know if this is the block on sda, sda2, md2 or /dev/main/root).
Doing a e2fsck -cvy /dev/main/root or a badblocks -n -s /dev/main/root takes too long.
The LBA_of_first_error is 976766499
The starting sector of sda2 is 208770.
The last sector of sda2 is 976768063.
The total sectors in sda2 is 976559294.
The problem is at 976557729 inside partition sda2.

If no LVM it would be:
((976766499 - 208770) * 512) / 4096 = 122069716.125


So I check to see if it's in the repos
yum --enablerepo=* search sg3

I get some pages back.

So I look at more info about it:
yum info sg3_utils

I get back the package is in the centos base repo.

Feeling safe, I install the package:
yum install sg3_utils

Now I can verify LBA block without feeling nausea:
sg_verify --lba=976766499 /dev/sda

I get:
verify (10):  Descriptor format, current;  Sense key: Medium Error
Additional sense: Unrecovered read error - auto reallocate failed
Descriptor type: Information
medium or hardware error, reported lba=0x3a384623

I poke around other LBA from the logs:
sg_verify --lba=976557696 /dev/sda

I get nothing.

I'm all in and going to reassign the block:
sg_reassign --address=976766499 /dev/sda

I get:
REASSIGN BLOCKS not supported

Crap... The good news is that I've verified the LBA block or physical block.

Physcial block: 976766499
File system block: 3687970

b = (int)((L-S)*512/B)

I'm down to:
using a live cd to hdparm
calculate something to use dd on the lvm filesystem.

I downloaded a gparted livecd & burn it to a cd
Booted from gparted live cd and entered command line mode.

hdparm –read-sector 976766499 /dev/sda: Input/Output error

Then write to the sector:
hdparm –write-sector 976766499 /dev/sda
hdparm –write-sector 976766499 –yes-i-know-what-i-am-doing /dev/sda

Read sector again:
hdparm –read-sector 976766499 /dev/sda
(a lot of zeroes should follow)

New error:
raid1: sda: unrecoverable I/O read error for block 976558336

# 1  Short offline       Completed: read failure       90%     44420         976766501

Booted from gparted live cd and entered command line mode.

This time when I read the sector, I get a bunch of zero's
hdparm –read-sector 976766501 /dev/sda

Reboot... won't boot.

Boot into file system recover mode (no live cd or rescue).
Look at /cat/proc/mdstat
Now md1 was automatically renamed md127 thanks to gparted livecd.

Go into single user mode:
telinit 1

Take a look at the mdadm.conf
mdadm --detail /dev/md127

If it says "Preferred Minor : 127" this this is your problem. You need to update the preferred minor.

mdadm --stop /dev/md127
mdadm --assemble --update=super-minor /dev/md1 /dev/sda1

Then you'll have your md127 assembled as md1. And it should stay this way in the future too.

Since I didn't do:
mdadm --assemble --update=super-minor /dev/md1 /dev/sda1 /dev/sdb1

I now have:
# cat /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sda1[0]
104320 blocks [2/1] [U_]

md127 : active raid1 sdb1[1]
104320 blocks [2/1] [_U]

md2 : active raid1 sda2[0]
488279552 blocks [2/1] [U_]

unused devices: <none>

Wonderful. Let's stop md127. But first, unmount it:
# umount /dev/md127

I get:
umount: /dev/md127: not mounted

OK. Since it's unmounted, let's stop it:
# mdadm -S /dev/md127

I get:
mdadm: stopped /dev/md127

Great. Back to start. Let's see what we have:
# cat /proc/mdstat

I get:
Personalities : [raid1]
md1 : active raid1 sda1[0]
104320 blocks [2/1] [U_]

md2 : active raid1 sda2[0]
488279552 blocks [2/1] [U_]

unused devices: <none>

Let's zero out the superblock of sdb so that md127 doesn't com back via some type of magic out there.

Fist, I check the partition table of sdb with the -lu option so it shows sectors rather than cylinders.
# fdisk -lu /dev/sdb
# sfdisk -luS /dev/sdb

I get:
Disk /dev/sdb: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders, total 976773168 sectors
Units = sectors of 1 * 512 = 512 bytes

Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *           1      208769      104384+  fd  Linux raid autodetect
Partition 1 does not end on cylinder boundary.
/dev/sdb2          208770   976768063   488279647   fd  Linux raid autodetect

Let's zero out the superblock of sdb.
#mdadm --zero-superblock /dev/sdb1
#mdadm --zero-superblock /dev/sdb2

Now let's add sdb back in.
#console > Manage Disk Array > Add sdb

I get:
kernel: raid1: sda: unrecoverable I/O read error for block 976558336


hdparm –read-sector 976766501 /dev/sda: Input/Output error

Then write to the sector:
hdparm –write-sector 976766501 /dev/sda
hdparm –write-sector 976766501 –yes-i-know-what-i-am-doing /dev/sda

Read sector again:
hdparm –read-sector 976766501 /dev/sda
(a lot of zeroes should follow)

hdparm –read-sector 976767187 /dev/sda: Input/Output error

Then write to the sector:
hdparm –write-sector 976767187 /dev/sda
hdparm –write-sector 976767187 –yes-i-know-what-i-am-doing /dev/sda

Read sector again:
hdparm –read-sector 976767187 /dev/sda
(a lot of zeroes should follow)

kernel panic


Boot from livecd.

type: sme rescue
press ENTER for US
press right arrow to select NO, Don't start network.
press ENTER to CONTINUE, Start filesystem.
press ENTER for OK

Take a look at:
cat /proc/mdstat


mdadm --detail /dev/md127

If it says "Preferred Minor : 127" this this is your problem. You need to update the preferred minor.

vgchange -an
can't deactivate volue group main with 2 open logical volumes

Can't stop the volume group because there's a logical volume open.

lvchange -an
lv main/root in use: not deactivating

Can't stop the logical volume. Don't know why.

Let's reboot without mounting the file system:
Boot from livecd.

type: sme rescue
press ENTER for US
press right arrow to select NO, Don't start network.
SKIP the filesystem

mdadm --assemble --update=super-minor --uuid ce917023:5da6a14f:2a9c304f:a380120a /dev/md2

Use ddrescue to clone disk.
Boot to system rescue cd with defaults.
The raid starts to rebuild automatically, so we will have to stop it.

mdadm -f /dev/md1 /dev/sdb1
mdadm -r /dev/md1 /dev/sdb1

mdadm -f /dev/md2 /dev/sdb2
mdadm -r /dev/md2 /dev/sdb2

Now let's clone the disk:

ddrescue -f -n /dev/sda /dev/sdb rescue.log
ddrescue -d -f -r3 /dev/sda /dev/sdb rescue.log

Now let's shutdown.

Remove sda. Now reboot.

Boot fine! It recognizes the new cloned drive as sda.

signal-event halt

Reposition the drive sda to the first slot for sanity's sake.
Place new hd into the second slot.
manage disk array redundancy.
add sdb into array.
wait for resync.

# cat /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sdb1[1] sda1[0]
104320 blocks [2/2] [UU]

md2 : active raid1 sdb2[1] sda2[0]
488279552 blocks [2/2] [UU]

resync's fine!!!

Now reboot with only sdb. I get:
black screen.

I have to reinstall grub onto sdb. It should have happened on manage disk array redundancy. Asking for help.

In the end, the following worked fine:
grub-install sdb

Last Updated on Friday, 26 July 2019 05:39

md1 was automatically renamed md127 after using gparted livecd.

md1 was automatically renamed md127 after using gparted livecd.

Boot into file system recover mode (no live cd or rescue).
Look at:


Now md1 was automatically renamed md127 thanks to gparted livecd.

Go into single user mode:

1.telinit 1

Take a look at the mdadm.conf

1.mdadm --detail /dev/md127

If it says "Preferred Minor : 127" this this is your problem. You need to update the preferred minor.

1.mdadm --stop /dev/md127
2.mdadm --assemble --update=super-minor /dev/md1 /dev/sda1 /dev/sdb1

This will rebuild, without data loss, md1.

Or to be more exact, use the uuid of the raid disk, md1, and update the name.

1.mdadm --assemble --update=super-minor --uuid ce917023:5da6a14f:2a9c304f:a380120a /dev/md1

Of course you need to re-adjust for your raid situation. In my case, md1 was built from sda1 and sdb1.

Then you'll have your md127 assembled as md1. And it should stay this way in the future too.

Last Updated on Friday, 26 July 2019 05:37

How Do I Remove md127?

How Do I Remove md127?

If you're following along, md127 is on the system because of the gparted live cd. It isn't being used because we've re-built the array as md1.

md127 is left over as a raid device but there are no disks to it. Let's stop md127. But first, unmount it:

1.# umount /dev/md127

I get:

1.umount: /dev/md127: not mounted

OK. Since it's unmounted, let's stop it:

1.# mdadm -S /dev/md127

I get:

1.mdadm: stopped /dev/md127

That should do it.

Last Updated on Friday, 26 July 2019 05:36

IE9 Won't Install - code 3715

IE9 Won't Install - code 3715

IE9 won't install on a Windows 7 64-bit system:

1.-download the SYSTEM UPDATE READINESS TOOL here:
3.-run the tool (as administrator)
4.-wait about 30 minutes.
5.-download the IE9 offline installer here:
7.-run the IE9 INSTALLER (as administrator).

That should do it.

PDF -The file is damaged and could not be repaired

PDF -The file is damaged and could not be repaired

Try to open a PDF in FIREFOX and get the message: The file is damaged and could not be repaired. Local\gobblygook

The fix, for me was a setting in KASPERSKY.

2.-click WEB ANTIVIRUS (on the left-hand side).
3.-click SETTINGS (under SECURITY LEVEL, in the middle)
4.-click TRUSTED URLS (tab at the top)
5.-click ADD
6.-type: *.yourwebsitename.tld/*
7.-click OK > OK > OK

Office 2008 Mac Setup Assistant Loop

Office 2008 Mac Setup Assistant Loop

If you have the serial code for the software, you remove the files below:
~/Library/Preferences/Microsoft/Office 2008/Microsoft Office 2008 Settings.plist
/Applications/Microsoft Office 2008/Office/OfficePID.plist

If you are using the Mac Migration Assistant and migrate the Apps but not the user, copy the files from the old computer to the new user/computer.
~/Library/Preferences/Microsoft/Office 2008/Microsoft Office 2008 Settings.plist
/Applications/Microsoft Office 2008/Office/OfficePID.plist

That should do it.

eregi, preg_match | split, preg_split | ereg_replace, preg_replace

Quick note to myself; eregi, ereg_replace and split are depreciated php functions. Official note is here:


Fix eregi with preg_match like so:

case (eregi('android',$user_agent));  // we find android in the user agent
case (preg_match('/(android)/i',$user_agent));  // we find android in the user agent

if ( eregi( "bmp|gif|jpg|png|jpeg", $file ) && is_file( $i_f ) ) {^M
if ( preg_match( "/(bmp|gif|jpg|png|jpeg)/i", $file ) && is_file( $i_f ) ) {^M

if (eregi("0$", $count)) {
if ( preg_match( "/(0$)/i", $count)) {

if (eregi("gif", $file) || eregi("jpg", $file) || eregi("png", $file))
if (preg_match("/(gif)/i", $file) || preg_match("/(jpg)/i", $file) || preg_match("/(png)/i", $file))

Fix split with preg_split like so:

split(':', $thumbSpace);^M
preg_split('/:/', $thumbSpace);^M

split('www', 'D:/Projects/job.com/www/www/path/source', 2);
preg_split('/www/', 'D:/Projects/job.com/www/www/path/source', 2);

Fix ereg_replace with preg_replace like so:

$output = ereg_replace (";", "", $output);
$output = preg_replace ("/;/", "", $output);

Dell 3100cn Won't Work with Windows 8

Dell 3100cn color laser printer won't work with Windows 8. When it asks for the driver:

  • select DELL (on the left hand side).
  • select DELL OPEN PRINTER DRIVER (PCL 5) (on the right hand side).

That should do it. It will work, it just won't automatically pick up the correct model number. Who cares. At least it works. Better than Dell not offering specific drivers.

Brother MFC Scanning Windows 8

Brother MFC 8440 won't scan as PDF on Windows 8 (32 bit). These are loose instructions as I can't provide step by step.

You'll have to start the scans from the computer. The scan buttons on the Brother MFC won't work. But at least you can scan to PDF.

Another option, if you really want PaperPort then:

You'll have to start the scans from the PaperPort in this instance. But at least you can use PaperPort and you can scan to PDF. The ConnectionTool also works if the SCAN button in greyed out in PaperPort for Windows 8.

All of this is provided that the twain driver is installed. The WIA driver won't work. If the twain driver needs installed:
  • right-click MY COMPUTER.
  • click MANAGE.
  • find IMAGING DEVICES in the tree.
  • right click BROTHER MFC 8440.
  • browse to the driver folder and inf file.
  • click OK.

This will install the twain driver.

Last Updated on Thursday, 08 December 2016 16:45

Allow Internal Lan Clients to Send Email

Upgrading to SME v8 (Centos v5, RHEL v5) requires email clients on the internal lan to send email with authentication turned on and SSL turned on. Without this, email will not get sent.

To send email from internal email clients without requiring authentication turned on and SSL turned on.

config setprop qpsmtpd RelayRequiresAuth disabled
signal-event email-update

How Do I Reset a Ricoh Printer Back to Factory Defaults?

To reset a Ricoh printer back to factory defaults:

  1. -go into SERVICE MODE
  2. -go to: SP 5-801

Sender Name Has Not Been Registered to the Address Book on Ricoh Printers

Sometimes I get a "Sender name has not been registered to the address book" error on Ricoh printers and multifunction machines.

  1. -walk up to machine.
  3. -click the FILE TRANSFER tab (at the top).
  4. -click NEXT or the down arrow button (at the bottom).
  6. -click ON.
  7. -while you are there, make sure there's an ADMINISTRATOR'S EMAIL address and SMTP settings.
  8. -click OK -> EXIT -> EXIT.

As far as I know there is no way to change this on the web interface. I'm probably wrong, I just don''t know where it is. The other settings on the web interface are accessible by clicking EMAIL.

Other settings in to make a multi-page PDF, in other words a PDF with multiple pages and not seperate pages, are in:

  • Default Settings for Normal Screens on Device
  • Default Settings for Simplified Screens on Device

Hardware VEN DEV's

Here's a list I just used to figure out the model number of an attached harware wireless client. I was working remotely so I couldn't just look at the label.


  1. -right click MY COMPUTER
  2. -click MANAGE
  3. -click DEVICE MANAGER (on the left hand side)
  4. -click the + (next to a device, ie "network adapters")
  5. -right click on the device
  6. -click PROPERTIES
  7. -click DETAILS tab (at the top)

The number in the big white box looks like this:

The important parts are the following:
VEN number: 8086
DEV number: 1050

Look it up on the list and you'll see what I was working with.

Macbook Pro Slow After New Hard Drive


I'm not sure the below is correct. I think there is a problem with the link negoatiation between 1.5 (sata), 3.0 (sata2) and 6.0 (sata3). Something isn't jiving. You can see this post where people more interested in this than I am located a tool to change the speed: http://forums.macrumors.com/showthread.php?t=1584023&page=2


After I upgraded a client's Macbook Pro (Mid 2009) 250GB hard drive to a 1TB WD WD10JPVT and cloned it with CCC, the Macbook Pro was sloooooowwwwww.

Being beachballed to death, I searched for a solution. It's technical but basically the SOFTWARE UPDATE in OSX upgrades the EFI FIRMWARE to v1.7. I don't know why exactly but downgrading to EFI FIRMWARE to v1.6 fixes it (shamelessly reprinted from the Crucial forms).

Verify you have a higher version number than 1.6.

  2. -find "Boot ROM Version"
  3. -it should say: MBP53.00AC.B03
  4. -download http://hotfile.com/dl/109001076/5dfaf39/aluminum.macbook.pro.recovery.dmg.html
  5. -open DiskUtility and drag the above image to the left.
  6. -plug-in any USB flash drive (no need for large capacity).
  7. -click the USB from the left and erase with "Mac OS Extended (Journaled)".
  8. -click the image and choose the RESTORE tab.
  9. -in the destination drag the USB drive.
  10. -click restore.
  11. -beboot while holding the option key to select the USB drive from boot menu.
  12. -the Apple logo will come up and a dark gray bar will start to move right under it.
  13. -sit relax and wait for the process to be done.
  14. -Macbook Pro will reboot automatically.
  15. -now open System Information and make sure that Boot ROM Version is MBP53.00AC.B02.

If you get "Could not find any scan information. The source image needs to be imagescanned before it can be restored."
-click on the image file in the list on the left.
-click on IMAGE > SCAN IMAGE (in the menu at the top).

The final fix for this is to change the SPECIFIC hd cable, with a 2010 FOXCONN model hd cable that is designed for the faster controller. It's a 15 minute fix and you should be running EFI Firmware v1.7 without any issues.
Here are the details:


iFixit part no:

50 12. 02 6

APPLE part#:
821-0989-A (NOT part#: 821-0812-A)

How Do I Customize Joomla 2.5 Quick Icons

Go to: site-root/administrator/modules/mod_quickicon/helper.php

'link' => JRoute::_('index.php?option=com_jevents&task=icalevent.list'),
'image' => 'header/icon-48-language.png',
'text' => 'Calendar Events',
'access' => true

In the example above the link goes to the JEVENTS component. I wanted to place a quick icon for Joomla 2.5 because I want my client to easily be able to access what they need to access. You can replace the LINK with your custom link.

Last Updated on Thursday, 08 December 2016 17:18

How Do I Reset the Counter on a Ricoh 4100nl

Need to get to reset the counter on the Ricoh 4100nl?

1.-go into SERVICE MODE.
2.-press 2 > ENTER > 7 > ENTER > 804 > ENTER >
3.-press 001 > ENTER > ENTER > ESCAPE
4.-press 002 > ENTER > ENTER > ESCAPE
5.-press 003 > ENTER > ENTER > ESCAPE
6.-press 004 > ENTER > ENTER > ESCAPE
7.-turn OFF & back ON.

Service Mode for Ricoh 4100nl

Need to get to SERVICE MODE on the Ricoh 4100nl?

1.-turn power off.
3.-turn on
4.-nothing shows on led
5.-release ONLINE & ESCAPE

You're in SERVICE MODE on the Ricoh 4100nl.

Ricoh 4100 Remove Misfeed Internal Path

Are you getting an error message that says, "REMOVE MISFEED INTERNAL PATH" after changing the MAINTENANCE KIT on your Ricoh 4100nl?

-unplug printer
-remove two screws that hold the left panel on (one in back & one on left side after opening up the front).
-you'll see 2 silver motors about the size of a quarter.
-the lower one has a metal rod in the middle.
-push it all the way in. It has to be all the way flush with the rest. It came loose when replacing the paper feed roller.

If that doesn't work, I usually trash it. Probably thrown away about 10 so far. They don't make them like they used to. Still better quality than when I was using Dell/Lexmark products.

GPT Protected Disk


You plug in a external disk drive into an Windows XP computer. The disk doesn't show under MY COMPUTER. You look in DISK MANAGEMENT and you might see HD Drive in GPT status.


CAUTION! This will erase everything on the disk. If you need to get data off the disk, you'll have to use a data recover program like R-STUDIO or ICARE.

  • -click on "Start Menu" > click "Run" > type "cmd" > click "OK"
  • -type "DiskPart"
  • -type "list disk"
  • -type "select disk 1"
  • -type "clean" (This command removes GPT disk from the current in-focus disk by zeroing sectors).
  • -go back to Disk Management
  • -right click on disk info > choose "Initialize Disk"
  • -right click on disk info > choose "New Partition…", follow Partition Wizard and format it.
  • -now you are able to use the disk in Windows XP.

iPhone Photo Library is Black

On your iPhone, you go to the PHOTO LIBRARY and all you see is black. Here is the fix:

  1. Connect your iPhone to your computer.
  2. Run iPhone Explorer on your computer (install it if you don't already have it).
  3. Backup (copy to a folder on your computer) and then delete the following files:
  4. /DCIM/.MISC/Info.plist
  5. /PhotoData/Photos.sqlite
  6. /PhotoData/PhotosAux.sqlite
  7. /PhotoData/com.apple.photos.caches_metadata.plist
  8. Unplug your iPhone, launch Camera Roll app and wait as it rebuilds the database.

HP Printing Gibberish

HP printing gibberish when printing PDF's. The first page comes out in English but the other pages come out in hyroglyphocs or gibberish.

  1. open ADOBE READER.
  2. click PREFERENCES.
  3. uncheck PROTECTED MODE.

How Do I Share on Windows 7


-click Start > Control Panel > Network and Sharing Center.
-click Change Advanced Sharing Settings.
-make sure File and Printer Sharing is Turned On.
-make sure Password Protected Sharing is Turned Off.

STEP 2 (If that didn't work)

-click Start > type gpedit.msc
-navigate to Computer Configuration/ Windows Settings/ Security Settings/ Local Policies.
-click on User Rights Assignment.
-click "Access this computer from the network"
-make sure EVERYONE is added to the list.

STEP 3 (If that didn't work)

-click here Windows Server 2003 Resource Kit Tools: http://go.microsoft.com/fwlink/?LinkId=4544(ignore message about known issue.)

After installation is complete, click on: Start > All Programs > Windows Resource Kit Tools > Command Shell

Type (Attention: they are case sensitive.)

1.net user guest /active:yes
2.ntrights +r SeNetworkLogonRight -u Guest
3.ntrights -r SeDenyNetworkLogonRight -u Guest

The first command enables network access for Guest, the two subsequent ones change two different policies to allow network access for Guest.

Ricoh LPR Port

Ricoh printers should be able to print with a RAW PORT and port number 9100. These are the default settings for TCP/IP printing.

To get an older Ricoh printer to print in LPR

1.-select LPR
2.-type: lp (that's a lower-case L and lower-case P in the QUEUE).

I recently had this with an MPC2000 (MP C2000).

In the end, I switched it back to RAW PORT 9100. It seemed it was a firmware issue.

Last Updated on Tuesday, 11 April 2017 18:09

Find Your Service Tag Number

Finding your service tage or serial number can be a pain. These are needed so that I can get the right drivers on the computer which is always harder than it seems.

1.-click RUN
2.-type: cmd
3.-click OK
4.-type: wmic csproduct get vendor,name,identifyingnumber
5.-hit ENTER (on the keyboard)

Reset a Cisco AIR-AP1121G-A-K9

To reset a Cisco AIR-AP1121G-A-K9 to factory defaults:

1.-power Cisco Aironet down.
2.-hold the MODE button, and turn it on.
3.-hold the MODE button until you the AP lights turn red, which should be after about 30 seconds.

To access a Cisco AIR-AP1121G-A-K9 with factory defaults:

1.-give your PC  the static address of
2.-plug your PC into your AP's Ethernet interface using a Crossover cable (this is required).
3.-open a web  browser and try to connect to
4.-USER: Cisco (case-sensitive)
5.-PASS: Cisco (case-sensitive)

Note that the AP only holds the for 5 minutes after boot.

Also note that if it's plugged into a router, it will pick up a DHCP address. If so, you may be able to look at the address table on the router and match up the MAC ADDRESS with IP ADDRESS so you can see what address to connect to. Hope that makes sense.

For the record, the above access points are nearly the worst wireless units I've ever come across. It's taken nearly all day to reconfigure these units that could have been done in a matter of minutes on DDWRT. After that, one went awol and brought down the entire network for some unknown reason. I'm seriously considering dropping these units in the project and replacing them with Asus units with DDWRT.

Contact Form Spam

So this site has recently been the target of CONTACT FORM SPAM. This means that a CONTACT FORM on the web site is being hammered by an automated process to submit content to the form that is really just junk and random letters.

The main ip address of the spammer is and the logs are here: http://daknetworks.com/logs/giga-hosting.biz

I went ahead and contacted the abuse department at giga-hosting.biz, the company responsible for the server and ip address. I'm doubting to get any response but you never know.

I put on CAPTCHA on the contact forms. CAPTCHA is where it makes you spell the funny letters and numbers before hitting submit. You know what I'm talking about, right? Good. Well, unfortunately, in this world it is just about absolute necessary to have one of those on just about every contact form.


And upon sending the message we received the response of "[your email] is_not_yet_authorized_to_deliver_mail_from" message. Basically this means that they are greylisting or DEFERRING any email that comes to them. Our system should automatically resend the message when appropriate.

Comcast SMC Business Class Modem Login

I've been doing a bunch of Comcast Business Class internet setups lately. With 25mbps download speeds and a affordable pricing for Small to Medium Enterprises (SME's), who can blame the customers. I'd do it too.

The issue with the cable connection is that it isn't guaranteed. This means it could go down for any reason what-so-ever and there's really no re-course. Not good for an office fully of paid salaries trying to accomplish daily tasks. So I also have a backup T1 connection. Funny because historically T1 connections were soooo much faster than speeds at home.

I usually install my own equipment (ROUTER) behind the MODEM. When doing this, 2 items I notice.

First, DHCP is turned on the modem. I don't want that because I have a static IP. So getting into the SMC modem is as follows:

-open INTERNET EXPLORER (big blue 'e' on computer).
-at the top where you type in a web site, erase everything up there.
-hit ENTER (or RETURN) on the keyboard.

USER: cusadmin
PASS: highspeed

Turning off DHCP should be pretty obvious.

Secondly, I couldn't get through my router with a public IP from a remote location so that I can access the equipment behind it. There's an firewall setting that has to be changed in the SMC modem to make it work. Simply:
-checkmark "Disable Firewall for True Static IP Subnet Only."

That's it. Enjoy your highspeed, really, really fast business class internet from Comcast with a static IP.

Last Updated on Tuesday, 11 April 2017 18:16

DDWRT Kong Builds

I've been using the Kong Builds lately and have been happy with them. Just make sure to use the right build number. Currently, I use Kong Build R18050 here:

There still seems to be some kind of memory leak or wireless driver issue with the new drivers but I'll wait and see it improves.

If I have to resort to the DDWRT official builds, I resort to the R14929 by BrainSlayer, also known as BS builds found here:

I am getting a little worn over the whole wireless issue and trying to find the maximum settings so that everyone can work at peak performance. Here's what I currently use:

1.NG Mixed Mode
2.Channel Wide 40MHz
3.Extension Channel Upper
4.Channel 6 if possible & Channel 8 if not possible.
5.17 TX Power
6.WPA Personal Security Mode (not WPA2)


SITUATION: Repair install on Windows XP. Must activate. Can't activate... get black screen.

01.1. Turn On your PC.
02.2. Press F8 repeatedly and go to SAFE MODE WITH COMMAND PROMPT.
03.3. Click RESOLVE LATER (a black screen with show).
04.4. Type: cd \windows\system32
05.5. Type: rundll32.exe syssetup,SetupOobeBnk
06.(one space after "rundll32.exe" - Oo are two letter o's - capitals and comma are necessary)
07.6. Wait a couple of seconds (although you will Not see any change).
08.7. type: shutdown -r -t 3
09.8. You are now able to go to Normal Mode again (For another 30 days !!!).

Top Ten Reasons Why I Miss the Palm Pre and the WebOS


I've had a Palm Pre for more than 2 years now. Like dog years, that's about 14 years in technology world. After this time, the phone started to show signs of wear. Random shutdowns, cracks in the case and the like prompted me to move to a newer, better looking model that requires less maintenance.

I switched to the iPhone 4s. The decision was more out of necessity, than by choice. What other phone could I really choose? The Android or Droid is absolutely horrendous. So that left me with one option, the iPhone.

While it seems like everyone has this phone and absolutely loves it, I'm a little different. After only a week, I can already find myself wanting some of the features of the Palm Pre I've become accustomed to.


You see, I'm a geek. I admit it. I like things a certain way. The litmus test for most of my project implementations is the following:

Perfection is achieved perfection not when there is nothing left to add, but when there is nothing left to take away– Antoine de Saint-Exupery .

This has much to do with User Interface design or UI. But it also has to do with how we operate and perform tasks. In projects, I refer to this as processes and procedures.

Only give them the buttons you want them to use. If you don't want them to use a button, don't give it to them. Don't give them 2 steps when you can only give them one. You get the idea.

Top 10 Items I Miss About the Palm Pre and WebOS

As I apply these ideas to the iPhone 4s, I'm amazed. Not at what a wonderful tool it is but how in the world did it become so popular? There are great items about·the device·and it's a cool party topic but most of it is soooo 2007. It's almost 5 years later. We deserve more. We deserve the features the Palm Pre had over 2 years ago.

Here are the top ten·items the Palm Pre/WebOS has/had that I dearly miss:

01. Visual notification. This is really a stroke of genius. The Palm Pre had a visual notification when someone emailed me, texted me or called me. If I didn't get the buzz (or disabled the buzz altogether), the light would flash letting me know even from across the room that something happened. That's great because I'm not tied to my phone all the time but it usually is in close proximity. Now I have to do 4 steps with the iPhone, get the phone, turn on the screen, swipe it to activate and visually check for messages. With the Palm Pre, this only took a glance of my eye. No extra steps required.

02. Unified Swiping. This means that with the Palm Pre, everything was like a book, left to right. That's great because to go back, you don't have to find a button, just swipe to the left (or book backwards) at the bottom of the phone and it will take you back. Again, very intuitive. The iPhone has back buttons scattered all around. Sometimes at the top, sometimes at the bottom. I find fingers going schitz looking for where to push. To me this translates as a slowdown. With the Palm Pre, this is only a swipe of a thumb from the hand that's holding it. No extra steps required.

03. Card Multitasking. This was brilliant as well. On the Web OS, every new item was a card. A simple push of the button will allow you to visually see all the cards so that you can get to the one you want. Want to see a contact while writing an email? No problem, just push one button to activate the carding system and go to the contacts. Then go back via the same route you came. No extra steps required.

04. Screen Size. Believe it or not, in some cases, the screen size was larger on the Palm Pre than the iPhone. When I have to text something, the virtual keyboard takes up more than half of the physical screen size leaving my texting visual field to nearly that of a calculator I had in high school. Ugh... I miss the larger usable screen size.

05. Texting App. I can barely read texts on the iPhone. I don't need to shrink and see a comic-bubble like on the iOS. The WebOS had texting in full font size and differentiates people by a simple different color background. It also time stamped conversations easily to see when conversations happened. I miss the WebOS texting app.

06. Cloud. I mean really. It's November 2011 and the iOS is just coming out with cloud which requires a forced upgrade. WebOS has this by default and has it by design and since inception almost 3 years ago. If I drop the phone in the ocean, who cares. I buy a new one type in my username and password and viola... all my important stuff is there including my APPS. No extra steps required.

07. Synergy. This is something iOS still hasn't caught onto. Lets say I have a Facebook Friend named Dallas Herrmann. Guess who's contact is in my contacts? Dallas's. Guess who's picture shows when Dallas calls? Dallas's. I didn't put it there, it pulled from Facebook. Chances are if he's my friend in Facebook, he'll call my cell phone. If he changes his picture on Facebook, it changes on my phone. I can override this of course. I really liked this. No extra steps required.

08. Phone App. The Phone App on the iPhone is terribly thought out in my opinion. Going from voicemail to missed calls to contacts is clumsy. Trying to make a phone call requires more scrolling than an ancient library. Finding contacts is such a slowdown since everyone is listed by last name. With the Palm Pre, I open the phone app and start typing either their first or last name and a short list shows. No extra steps required.

09. Notifications. On the iOS, I get a little read circle with a number. That tells a whole lot of nothing. The WebOS has a notification system that shows a notification with what happened and who did it. Getting rid of them wasn't entering the app, it was a simple swipe to remove the visual item. No extra steps required.

10. Touchstone Charging. The iPhone still has to be plugged in to get a charge. The Palm Pre could have a touch back that rested on a pedestal. This limited the chances of breakage of tiny part or of dirt entering the internals of the device. It was less moving parts. No extra steps required.

Additional Notes

So there you have it, the top 10 items I miss most about the Palm Pre and WebOS. I could have put other items in like the single swipe to delete emails or the sticky note app but the list above is good. If I missed something or if you just want to sound off, let me know. We're a small group.

Also note that there are things that I won't miss about the Palm Pre that should be put into a different post.·As well, there are items about the iPhone 4s that are superior to the Palm Pre which again is a different post altogether.

I suppose my biggest suprise is the lack of support of a large company for the WebOS. It is a viable and in some cases preferred alternative to the iOS. Not everyone needs to have games and apps of the iOS. People like me don't have time for that stuff anyway. What we need is productivity. And that seemed to be the gap the·WebOS filled for me. My device needs to do some things really, really well: phone, contacts, calendar, email, texting and twitter.

There's a Pepsi for Every Coke

In my perfect world, Sprint would have bought the WebOS (instead of HP, yuck) and married it to their services. This would have created a synergy in the mobile communications sector defining themselves for productive people and attracting people who don't prefer the iOS or want·the opposite of items that can be seen as childish. Doing this would have created a clear personal brand that defined Sprint and WebOS for productive people and pitted themselves against the iPhone which is nothing more than an unproductive toy that requires attention that I·have set for other important items. I would used a tag line, Productivity Begins.

No Sim Card Installed - iPhone 3GS (iOS 5.0.1)

I will list out the horror story later. Basically if you have a "No Sim Card Installed" or "No Service" message. Do the following exactly. Do not read into the instructions - just perform the steps.

1. connect iPhone to Mac with iTunes.

2. remove the SIM CARD (take a paper-clip and push it in the top pinhole to eject the card).

3. put iPhone in DFU mode (that is holding down the POWER BUTTON & HOME BUTTON both at the same time for exactly 10 seconds. Release the POWER BUTTON only).

[a message on iTunes shows that an iPhone is connected in recover mode.]

4.click RESTORE in iTunes (this will restore the iPhone to the stock/normal firmware.)

5. wait til it is finished.

6. when the phone boots, it will show "No Sim card." Don't do anything yet.

7. simply put the simcard in the top SIM CARD slot.

6. the phone will activate the phone automatically.

Update: 11/03/12: This is one of the most popular articles on this web site. Please note that this info is provided as in my own experience and it isn't meant to fix your particular issue. Please make sure you've backed up everything. Please make sure everything is synced. Please refrain from emailing me, asking me for support. If you want my advice, upgrade your phone to the latest version available (iPhone v5) and have the store/service transfer everything.

What is a T1?

internetRecently I was at a medical office in Stuart. The office was sending huge x-ray images to various places. The issue was sending the files was taking forever.

They couldn't understand why it was taking so long because they had a DSL. I asked it they ever considered a T1? They said they didn't understand what a T1 was compared to their DSL line.

Great question.

Internet connections are measured in two ways; download speed (or receiving speed) and upload speed (or sending speed).

Download speed is the speed by which we surf the internet. Your laptop is getting information from somewhere else. Complaints asking why the internet is so slow is always download speed.

Upload speed is the speed by which we send emails. Your laptop is sending information to somewhere else. This is why their complaint about slow in sending prompted me to inquire about a T1 consideration.

Furthermore, we measure speeds in megabits, Mbp, (not megabytes, MB, like we normally do). Here's how the connections stack up.

Their DSL was a 6Mbps. This is a 6Mbps maximum download speed. Upload speed probably around 0.250 Mbps.

Their T1 is going a to be 1.5Mbps. Upload speed is going to be 1.5Mbps. This is a 500% increase over a DSL line in upload speed. Giving the best chance at sending the xray images.

The most important factor of T1 is that it is guaranteed. This means it is guaranteed to be running all the time. Worries about their internet going down like it did in the past won't be an issue anymore.

After explaining the differences, we'll be installing a T1 at their office this week.

Open .xls Files with Office Starter (Excel Starter)


-have a traditional .xls file on the DESKTOP

-double-click to open it.... nothing


01.-close out of everything
02.-click START > RUN
03.-type: regedit
04.-click OK
05.-navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xls\OpenWithProgIDs
06.-it'll probably say: "Excel.Sheet.8"
08.-click RENAME
09.-change to: "Excel.Sheet.12"
10.-restart computer
13.-find .xls
15.-change to: "Microsoft Application Virtualization DDE"
16.-click OK > CLOSE

Yes... that took me about 2 hours to discover. I don't choose to hate Microsoft.... they force me to hate them.

Page 4 of 5

Contact Dak Networks

Please contact us at the following.