Monday, October 29, 2012

Windows RT touch cover keyboard not working fix

So one of my managers got their brand new, shiny Windows RT units in today.  And the touch keyboard wouldn't work at all.  Of course, finding any hints online during the launch week of a new device is fun and after trying out several solutions such as re-docking, refreshing, and cursing profusely, we tried one last thing we saw on the forums - rubbing alcohol.
Yes, after seeing a post from rhalbert10 at we grabbed a bottle of rubbing alcohol and some q-tip swabs and cleaned off both sets of shiny, brand new, untarnished, pristine looking connectors.  We let it air dry for 3 minutes and then redocked the touch cover.  And it started working fine...

Wednesday, September 12, 2012

Lync 2010 clients stuck in Offline state after patching

So after applying all the latest patches to my Lync 2010 server, my users started complaining that they were stuck in the Offline state but still 'connected'.  I noticed some errors in the event log related to SSL problems so after digging around I went into the Lync Deployment Wizard and ran the certificate wizard.  One of my external certificate entries was displaying as 'missing'.  After digging further I figured out that one of my certificates had expired but hadn't caused any problems so I hadn't noticed.  So I just installed an updated certificate and Assigned it using the wizard and shortly after all my Lync clients switched back to an Available status.

Saturday, August 4, 2012

Scheduling non-humans in project 2010

So I was helping someone muddle through making a Project plan and ran into scheduling fun.  Some human performed tasks had to be scheduled with Predecessors that were computer days.  The humans only work monday-friday as opposed to the computers which ran 7 days a week.  I found several articles online that showed how to make a copy of the Standard calendar and they all said to change the days to include the weekends.  This seemed to work until we got a dozen or so entries into the plan and then it tried to schedule a Finish task on the same day as a Start for the same computer resource.  After fumbling around for a bit I figured out how to change the Display from just Date to Date and Time (00/00/00 00:00am/pm) and I noticed some odd start/stop times.  Ultimately the issue was that the Standard calendar Work week has the time defined as 08:00 to Noon and 13:00 to 17:00.  My cloned calendar had just been set to 08:00 to 17:00 which Project treated as a 9 hour work day and applied 8 hours of work which left a remainder.  So yes, now my computers get a lunch hour too and all is well.

Friday, July 6, 2012

Syncthru LDAP to 2008 active directory

I had the opportunity recently to work with one of the newer large multifunction Samsung copiers this month.  The Syncthru web interface is fairly feature rich but the documentation really could use more examples in some places.  My bane for 2 hours was figuring out how to populate the address book inside it by doing an LDAP pull from Active Directory.
The initial setup of the LDAP connector went through pretty quickly.  I just went to Security -> Network Security and then down to LDAP Server on the left menu.  I then clicked Add to enter in my LDAP server.  I added in the IP address of one of my domain controllers and then used Port number 3268 to start with because you want to keep it simple initially and introduction SSL LDAP would just add one more thing to troubleshoot.  Fill in your AD Domain name in DC=yourdomain,DC=com format.  Choose simple and enter in your username in DOMAINNAME\username format.  Note that this is the first oddity in that we're mixing netbios/domain name\username format and LDAP convention on the same form.

On the second half of that window, don't check the LDAPS yet!!!  

Click on the TEST button at the very bottom and make sure you get all OK/Success. 

Once that works, then click the Apply button at the top to save these settings.

So now we're halfway done and ready for the twists.  Go to the Address book and then click on the LDAP button at the top right.

Now for the GOTCHAS!   
a)  I couldn't get it to search recursively
b)  It only worked when the user account I used to authentication against AD was in the same ORG that I was searching.  (My AD is set to not allow anonymous searching so I have to use authentication)
c)  The login ID is in CN=firstname lastname format.  This is different than the domainname\username from the other LDAP screen.
d)  The search root is the full path to the exact ORG that you want to pull from. (note the OU=test, OU=US prepended)

To keep it simple, I used (mail=*) for my search filter.  Click on the Search button when done and IF you are successful, a list of people will show up.  Just click the Apply button to pull them all into the Address book (you can always delete the ones you don't want later from inside the copier).  If you botched it, you'll get Incorrect Filter errors.

Repeat for your other ORG units, remembering to use an account inside each one for the Login ID.  If you make it past the inconsistencies of the interface and the limitations of the AD implementation of LDAP you're home free.  Once you're done you'll have a fully functional Scan to Email function that works great.

Wednesday, June 20, 2012

LDAPS, php, windows server 2008 r2 and the Unknown CA error

It's never a good day when I have to use IIS and PHP in the same sentence.  I was trying to set up an open source program to do an LDAP auth to my Active Directory servers and it worked fine without encryption on port 389.  Since I'm not fond of passing credentials in clear text across networks, I then tried to set it up for LDAPS at which time it started failing.  I ran a wireshark capture on it and the glaring fatal error of "Unkonwn CA" reared it's ugly head.  After spending considerable time making sure my AD certificates were up to date, the CA cert was imported to the local machine's certificate store, and several LDP.exe tests just to make sure, I turned my attention to figuring out how to make ldap skip past that error.  PHP had been installed using the microsoft platform installer so of course very little matched up with most of the articles I found since folders like c:\openldap\sysconf don't exist, much less then LDAP.conf file whose location appears to shift depending on which DLL your install came with.
Anyway, the key I needed was TLS_REQCERT never which would tell ldap to go fly a kite if it didn't like the CA.

So yes, that's all that you have to put in the ldap.conf file and then save it out as type "All Files" so notepad doesn't attach a hidden .txt to your filename.  Depending on your DLL, you'll either need to drop it in the root of your inetpub drive or in c:\openldap\sysconf.  Or do like I did and just dump it in both places.  Then run an IISRESET or reboot the server and voila, LDAPS starts working.

Yes, it is slightly less secure since it's not checking the CA but at least it's not clear text.


Thursday, May 10, 2012

Making NPS logs legible with notepad++

Overall I do like NPS in Windows 2008 but reading the logs is just painful.  I know there are aftermarket solutions but sometimes you just need to be able to read these things with something freely available.  Notepad++ is part of my standard toolkit and overall is just a great tool.  When you open an NPS log you'll notice that each line is over 2000 characters long.  Since all the tags look pretty orderly, I went to Language and told it to interpret is as XML.  Now I had pretty, colorized 2000+ character long lines.  After a little digging online, I figured out how to do a find/replace to insert a carriage return between each back to back tag.

You have to remember to select "Regular Expression" before clicking Replace All.  Now everything fits on the width of the screen and now all you have to do is decipher all the tags.

Wednesday, April 18, 2012

Microsoft Certified Solutions Associate

So I've been out of the certification loop for a couple of years - mainly due to workload and time/cost vs gain just not being worth it to me once you hit a high enough level.  I always try not to certify too far past the level I currently work at because a lot of that knowledge will just drain away when you're not using it.
On a whim I logged into the MCP page this week and noticed some changes since my last visit.  I guess it was only a matter of time until Microsoft pushed out new 'cloudy' certifications.  One bittersweet surprise was that I gained a new certification - Microsoft Certified Solutions Associate - apparently just for being a 2008 MSCA (back when it was 'administrator').  I guess I can't complain too much about a new free title, it's just that after all those bad years of hearing horror stories about paper MCSEs and fly by night Microsoft certs coupled with a few real life experiences with 'book smart, practical dumb' certification holders I'd already felt my certifications were being devalued.  I guess it's time to get off my duff and get back to working on these again before I get left behind.  So starting today I'll start studying for my "Microsoft Certified Solutions Expert" cert which will be available June 11th, 2012.  If I find anything useful while brushing up I'll be sure to post.

Tuesday, April 17, 2012

MDT 2012

After spotting the release announcement on Aiden Finn's blog I went ahead and downloaded MDT 2012 so I could upgrade my old MDT 2010 Update 1 installation.  That turned out to be a chore since TMG 2010 kept trying to eat the install file.  Installation was a breeze afterward, just dumped it on top of the old one and once I got into the deployment manager it had an exclamation mark over my deployment share to remind me to upgrade my deployment share to the latest version.  Running powershell scripts is now a built in task option and it now supports security compliance manager templates so there's some new stuff to play with.  I also noticed several screens seemed a bit more polished and if I'm not mistaken a few new options in the default task sequence steps.
So far so good and no issues - currently got a LTI deployment running to test out the new monitoring console.

Monitoring console:

Tuesday, January 17, 2012

Galaxy Tab WiFi stops working every few days

Having finally gotten fed up with rebooting my galaxy tab every few days to get it to work with my home netgear router, I started trolling through forums for a solution.  Suffice it to say, Android has a long way to go as far as dhcp and wifi if even half of what's posted on these forums is accurate.  Fortunately I managed to stumble on a fix that worked for me.  My wifi network was set up to accept Both WPA and WPA2.  I removed WPA support and just left only WPA2 support on and I haven't had to reboot in the past few weeks.   (There's some kind of rekey'ing issue with WPA version 1 every few days)  I'd also had intermittent issues with my Cisco WAPs and I applied the same changes to them and am waiting to see if it helps.

Thursday, January 5, 2012

Android Exchange 2010 ActiveSync issue with Smart Forwarding

Ran into a real doozy of a bug this week with one of my user's DROID phones.  Apparently there's a bug in the Smart Forwarding feature that causes an infinite loop for an outgoing message.  After doing some digging I found a LOT of references to this rare bug on the forums.  I'll post the links below but the short version is that the smart forwarding is supposed to just insert a marker when you forward an email with an attachment.  That marker tells the server to insert the attachment so the client doesn't have to download the whole email to their phone first.  In some cases this marker gets hosed royally and causes a loop between the client and server and it just repeatedly sends out the same email.  The only way to break that loop is to kill the mail profile on the device or hard reset it.

So for now I've told my users that if they've got this feature to turn it off.

settings -> battery and data manager ->data delivery - > Email and corporate sync -> smart forwarding

Email Settings-> SmartForwarding