Posts by CimmerianX

Well if that is all the log has, then the VPN client is really hosed.

A sanity check: YOu did run this as admin correct?

Thats it? I see no connection attempt.
You might want to remove and reinstall.

Well, the key is to keep colder air coming in and blowing over the components removing the heat as best as possible. So My 2 cents is, whatever gives you the best airflow.

Most components like video should have temp sensors. If you want, switch positions of the fans and see what gives the best results.

TLS will run over port 25 and is usually oppurtunistic.

To force TLS over a send connector you would use:
Set-SendConnector 'Name-of-connector' -RequireTLS $true

In that case, if TLS could not be negotiated, no connection is made.

BTW, if you want to enable tls globally, check it with a website called checktls.com

In the VPN client, enable the LOG then attempt the connection. Review the log or post a sanitized log file here for review.

Yep - right here:
The following message to <andrew@aztecblades.com> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'sorry, no mailbox here by that name (#5.1.1)'

Welcome to windows 8. Some marketing genius thought the all flat look was the next hip-cool thing and there you go. With the release of the service pack you now get to choose between all white background or 2 shades of very light grey....

I can't use it myself. Even the Exchange 2013 ecp and owa is terrible. I can't tell what's a clickable button or what's a clickable link. Aethetics aside, the damn interface has to be usable... Microsoft I'm talking to you.

Ubuntu doesn't run .exe files like windows would. It's a totally different world.

A 5 second google search got me a dozen links on how to do this. Try :
https://www.youtube.com/watch?v=aQDNBp6w97w
http://dreambox-help.info/?p=870
http://www.pajek.net/telstar/Navodila/Dreambox_500_For_Newbies_5.5.pdf

There is no possible way to answer that question.....

did you format / initialize the card on the PC?

Is this SD card in an android phone?

What format is the External disk partition? FAT32? EXT4? MAC Journaled?

Are there any strongswan experts here.... I'm just trying to get a Strongswan roadwarrior setup going that can be used from an android stock VPN client using IPSEC Xauth. (i've also tried from an IPAD with same user cert)

With a cert based auth, you can identify the road warrior client by ID_DER_ASN1_DN on the cert or by a san name.
So if the cert contains
Peer ID is ID_DER_ASN1_DN: 'C=CH, O=strongswan, CN=MKpeer'

The conf file for that conn should match that to
rightid="C=CH, O=strongswan, CN=*"

That's right out of the strongswan guide. But no matter what I try, I can't get a match....

Jul 9 20:54:42 vpn-test2010-perimeter pluto[12686]: "rw-rsa-xauth"[1] 166.205.49.251:8348 #1: Peer ID is ID_DER_ASN1_DN: 'C=CH, O=strongswan, CN=MKpeer'
Jul 9 20:54:42 vpn-test2010-perimeter pluto[12686]: "rw-rsa-xauth"[1] 166.205.49.251:8348 #1: crl not found
Jul 9 20:54:42 vpn-test2010-perimeter pluto[12686]: "rw-rsa-xauth"[1] 166.205.49.251:8348 #1: certificate status unknown
Jul 9 20:54:42 vpn-test2010-perimeter pluto[12686]: "rw-rsa-xauth"[1] 166.205.49.251:8348 #1: no suitable connection for peer 'C=CH, O=strongswan, CN=MKpeer'
Jul 9 20:54:42 vpn-test2010-perimeter pluto[12686]: "rw-rsa-xauth"[1] 166.205.49.251:8348 #1: sending encrypted notification INVALID_ID_INFORMATION to 166.205.49.251:8348

I've tried different CA's, ipsec pki tool, openssl, Microsoft CA.... All give me the exact same result.
I've redone the certs too many times, same result...

I've been trying every combination over days of this.... I must be missing something so simple.

Someone save my sanity please and explain to me what I'm doing wrong. Logs, configs, etc are all available upon request. .... I'll buy you a sixpack.

Are you upgrading through the windows store or from a downloaded ISO. From what I understand, if you use the ISO you can do an in place upgrade. The store does not have that option.

With Wifi signal issues, do same basic sanity checking:
1) get the latest drivers for your laptop wifi adapter
2) flash the latest firmware on the router.
3) use a wifi scanner to scan nearby signals, change your router's channel to one with less chatter 1 or 6 or 11.
4) is it only 1 device with the issue?

1st thing I think of is to make sure you have your keyboard map set to US-English. Look at Control Panel -> Region and Language -> keyboards. IS this set correctly?

Version doesn't matter. Everything from win 95 and later uses F8 to access the safemode/startup menu.

Why would changing an IP have anything to do with certificates? As long as your DNS is updated to reflect the new subnet on the original name, certs should not be an issue at all.

The Re-ip is a good idea all around rergardless.... but the port forward is still the quickest and easist I think. Camera systems can be granted a new IP without an issue, especially if you use FQDN to access the system. For Card Swipers, this would depend on your solution. You would usually manage the security database via thick client or via local app on the controller. The controller would upload the changes via console to what is essentially the central unit(s). The IP may change on the app server, but the COM port uploads should not be affected. Other systems, i.e. ELK or Crestron can all have IPs changed on the management consoles without issue.

Which solutioon are you going to use?

If I read that right, both subnets behind the .18 and .20 consumer linksys routers are assigned 192.168.1.0/24 subnets. If that is true then you can not use a VPN at all due to the overlapping subnets. (these routers don't seem to support NAT before Crypto to overcome that issue, so its out of the question).

A solution, though not an ideal one, is to use a single port forward on the 1200 router to take a single high, non-standard port on the public ip x.x.x.20 and forward it into tcp 9100 on the printer's address. Look at E1200 user guide on page 57 for info. Take TCP port 9299 and forward it into tcp 9100 to the IP address assigned to the printer. From your workstation, you setup the printer using IP Port x.x.x.20 port 9299. This traffic on the public IP is sent into the printer on the right port.

This means anyone can scan and potentially find/print to this printer, but the random high port eliminated alot of that risk. It would be ideal to have a router that can allow traffic based on Source IP as well, but it is beyond this 1200's capabilities.

The better solution is a redo of one of the 2 router subnets so that you can just use a 2nd interface to reach the prrinter.

Piece of tape works well also.

I'm not not sure if it is case sensitive actually.... I always use lower case in conf files though. Did you change it, what was the result? Now I'm curious about that.

You have to add users to the local host in order to have them access the share when using the "valid users" parameter

smbpasswd -a johndoe

[Share]
path = /blah/blah/
valid users = johndoe
read only = no
browseable = yes

Most OSs will have built in, basic video drivers. Good enough to display a screen. You would load the specific drivers from manufacturers to realize the full potenntial of the card.

Sound is not an essential part of using a system. Older cards might be able to take advantage of some generic sound drivers that ship with some OSes, but usually you want the manufacturer driver anyway.

So in the smb.conf you should have a section for the Share that you are having issues with.

Something like:
[Share]
path = /blah/blah
valid users = user
browseable = yes

Check to see if you have a "read only" entnry set to yes in the section.

That would be my 1st guess.

How are you connecting to the folder? FTP, SMB, NFS?

So when do OSes like 3.1, 95, 98, 2000, and XP become 'abandonware'?

As a sanity check:

dpkg -l | grep mysql

What is the output?

ARe you pinging via IP address or hostname.

if IP, then you have basic connenctivity but have not tested resolution. Test with hostname.

if hostname, then resolution and connectivity are fine. Check for viral activity.

if you only tested IP, then check that your DNS servers are set correctly then ping www.google.com. If you get a reply them dns and ip routing are fine. I would check for proxy config or even virus like activity.

This is a very common setup. I run split DNS in multiple locations and have both internal and external MX along with the helper records for exchange/lync/etc...

If the records were updated, then you must wait for the TTL to expire before DNS servers begin updating. I think you mentioned 24 hours above somewhere... New records are resolved right away if your DNS is working properly.

IF you run MS products, be sure you also updated the helpers for autodiscover, etc....

You can't unnless you admin the server and can pull the ip info from the traffic.

Then you can geo-locate the ip. That is unless they are using proxies and/or VPN.

2nd vote for virtual box.

From the problem PC, what are the dns servers? Use 'ipconfig /all' to get the info.

Once you have the IP info for the dns servers, use nslookup. Change server to the one from ipconfig. Try an external name. What do you get?

You can't do this on a phone mounted like a usb disk. You must turn on dev options and use adb to access the phone. Or use a file manager (i think you may need root for this) and on the phone look for /etc/hosts

All the big providers (ATT, Verizon) have a page to unlock a phone. OR call them and speak to a rep. If the phone is not under contract, they will usually give you the code.

An alternative: I just go to ninite.com, select 'Classic Shell' along with anything else I might need, download the installer and wait for all apps to install.

Most of the Dell T series Towerr machines will have expansion slots for drop in video cards. I have a t110 sitting next to me right now running Nas4Free and I does have expansion capability. It only has the single PSunit, but the newer models may give you dual PS options.

There's no possible way to answer that on a forum like this. ASk a more specific question please.

You could probably write this is python or any scripting language in 10 minutes or less..... is that within your area?

QOS is the term describing the prioritization of certain network services.

In a nutshell, an administrator can assign different levels of importance to network traffic. As an example, VOIP traffic should always be given highest priority while outbound http traffic could be relegated to a lower tier since no one cares if the cat video takes 10 seconds instead of 8 seconds to load.

Precedence is really defined by the equipment you use. But they all use a low-medium-high-highest style of assignment. Even prosumer routers can now be found with QOS settings. My home netgear even allows me to QOS my SIP traffic.

ANy gooogle search will show you dozens of pages explaining QOS. All for free.

Think of it this way.

If a single write takes 100ms at the close DataCenter 10 non-parallel writes takes 1000 ms.

If the more distant center needs 500 ms for a single write, then 10 non-parallel items take 5000 ms.

If you app needs hundreds of inserts to function, you can see how quickly the lag time would increase.

Latency will be the big issue. And how it affects your program depends on the program.

Does the program need 1 call, 20 calls, 100 calls with heavy DB inserts?

If this is the lifeblood of the system, then it should be located as close to the majority of users as possible. The Bill for the hosting services can be passed onto the customer anyway. The customer may gripe at a slightly larger hosting bill, but they will gripe more if it takes 10 times as long to complete any work process due to high latency issues.

Use GPG. The private key is in your own hands and can not be 'handed over' by any 3rd party.

A bastion host is one where 3rd party clients are allowed an SSH session. From this 'bastion' host, the client could then open a new session to internal hosts. Using a Bastion is a way to control all external traffic entering your site. Using this along with a VPN is a nice control mechanism.

I can't even remember the last time I deployed a 10 Mbps hub/switch. I think any current 10/100/1000 switch will support you, but I still am curious as to why this would even be needed.

How about soundproofing the lab walls. Foam squares and spray on glue work wonders.

Use unetbootin to create a USB for persistence....
https://help.ubuntu.com/community/Installation/FromUSBStick

Once installed, use Truecrypt to encrypt the entire drive.

if you want to deny access, any current prosumer router can block requests to any FQDN.

Right here: https://www.mysql.com/products/workbench/

I use mysql Workbench all the time. Works just fine and supports ssh tunneling to the DB as well.

I use GParted for everything. HAs never failed me.

Get the Gparted ISO. Mount or burn to disk. Boot with it and you can resize partitions easily.

Always backup before messing with your partitions and filesystems.

Routing is just step 1. You do need to have the something act as the router.... plenty of ISOs for linux based systems as well if you don't want to follow JorgeM's good advice.

After which, you need to setup DNS with the proper MX records so that each exchange server for setup1.com and setup2.com can find the Mail handler for the other domain. user@setup1.com emails user@setup2.com, setup1.com must be able to run a lookup for the MX of setup2.com to find the mail server to service email for that address.

IIRC, you can't boot to a software RAID 5 larger than 2 TB. Back in the days when I tried software RAID, Windows would only boot with Raid 1.