Let it be known, long and far across all distant lands. This blog is totally independant from Microsoft and any other company or organisation and this blog (not the people) is not affiliated with Microsoft at all.
There has been a lot of responses directly to me regarding configuring OpenWRT (Or any router) to allow Roku/your Smart TV to access Netflix, Hulu Plus or Amazon Prime. Let me write about the 3 steps process on enabling your Roku devices (in my example) to access Netflix in any non-USA country.
Post 1: VPN Service. Why do you need it.
Post 2: Configure VPN on OpenWRT
Post 3: Route only traffic from a particular Internal IP through VPN in OpenWRT
Post 1: VPN Service. Why do you need it.
Without VPN, when we access Netflix, Netflix will be able to see our originating IP address (or our originating country). As you are already aware (are you?), Netflix is only available for USA viewers.
With VPN, Netflix will think that we are located in USA (although we are connecting from a non-USA region). The traffic goes out from our PC/streaming player, to our local ISP. The data is then routed back to the USA VPN Server, and the data is then encapsulated and passes to Netflix service. I hope I did not lose you.
Anyway, based on my test, below are some VPN Services that worked best/stable:
Dynamic DNS (DDNS or DynDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DNS configuration of its configured hostnames, addresses or other information.
Configure Dynamic DNS in OpenWRT:
Pre-requisites:
This post is written based on OpenWrt Barrier Breaker 14.07
Steps:
Login to your OpenWRT Admin (by default is 192.168.1.1)
Select Systems -> Software
Under Filter, type in “luci-app-ddns”. Click Find Package.
Then click on “Available Packages”. Next to Luci-app-ddns, click Install.
Once Luci-app-ddns is installed, you should see a new option called “Services” between the “System” and “Network”
Select Services -> Dynamic DNS
Define the dynamic DNS configuration parameters as per the screenshot and click Save
Lastly, go to System -> Startup.
Locate the Service called “DDNS” and click on “Disabled” to enable it.
Comment here if you are having issues!
Posted in OpenWRT|Comments Off on OpenWRT – Configure Dynamic DNS
When updating Exchange Service Pack, it throws a few error:
“Cannot find the recipient update service responsible for domain ‘dc=sample,dc=domain,dc=com’. new and existing users may not be properly Exchange-enabled.”
The Windows Firewall service must be started before Setup can continue.
Analysis:
You checked the Exchange log (ExchangeSetup.log). It showed:
Error ONE:
[2/16/2015 1:11:59 AM] [1] [ERROR] Unexpected Error
[2/16/2015 1:11:59 AM] [1] [ERROR] The operation could not be performed because object ‘exchserver01’ could not be found on domain controller ‘adserver01.domain.com’.
[2/16/2015 1:11:59 AM] [1] Ending processing.
[2/16/2015 1:11:59 AM] [1] [ERROR] The Windows Firewall service must be started before Setup can continue.
You verify from the Domain Controller adserver01.domain.com that the Exchange server object is there. You also verify that the Exchange Server is able to communicate with the adserver01.domain.com
Error TWO:
“Cannot find the recipient update service responsible for domain ‘dc=sample,dc=domain,dc=com’. new and existing users may not be properly Exchange-enabled.”
You will need to remove the RUS manually. Most likely Exchange 2003 wasn’t decomm-ed properly (if you are no longer using Exchange 2003).
Solution:
Error ONE:
Ignore the error “[2/16/2015 1:11:59 AM] [1] [ERROR] The operation could not be performed because object ‘exchserver01’ could not be found on domain controller ‘adserver01.domain.com’.”
Just proceed with starting the Windows Firewall service and rerun the update of Service Pack.
Error TWO:
Remove the RUS (If you no longer have any Exchange 2003 server in your environment).
You will not be able to delete the Recipient Update Service (Enterprise Configuration) by using Exchange 2003 or Exchange 2000 System Manager. Perform the following steps to delete theRecipient Update Service (Enterprise Configuration) by using ADSI Edit (AdsiEdit.msc):
Open ADSI Edit, expand Configuration, expand CN=Configuration,CN=<domain>, expandCN=Services, expand CN=Microsoft Exchange, expand CN=<Exchange organization name>, expand CN=Address Lists Container, and then select CN=Recipient Update Services.
In the result pane, right-click Recipient Update Service (Enterprise Configuration), clickDelete, and then click Yes to confirm the deletion.
Posted in Exchange Server|Comments Off on Updating Exchange Service Pack, throws an error “Cannot find a recipient update service responsible for domain ‘dc=sample,dc=domain,dc=com'”
By default, with Astro IPTV, you will be getting a Technicolor device from Maxis.
I will show you how to replace the Technicolor and replace it with an OpenWRT router (I’m using “OpenWrt Barrier Breaker 14.07”).
Pre-requisites:
Ensure that your router is already flashed to the OpenWRT version. See this post if you have not done so: Installing OpenWRT.
Setup of OpenWRT, Connect to PPPoE (after flashing to OpenWRT):
Change Password. On opening OpenWRT router, you will be asked to login. The default password for OpenWRT is empty. Login and change your password.
Connect to PPPoE. First thing you want to do is to connect to PPPoE, so your WAN will be able to connect to the TM fiber device. Click Network -> Interface -> next to WAN, click Edit. Change the protocol to PPPoE-WAN. Specify your username “5 digits@home.maxis.com.my or 5 digits@public.maxis.com.my”. Password by default should be the your 5 digits with a value 1 behind. Eg, if your username is 12345@home.maxis.com.my, your password will be 123451.
Click Save and Apply.
Create new VLAN for Maxis home fibre and Astro IPTV:
Switch. Click Network -> Switch.
Under VLAN ID, modify the value 2 to value 621.
Port 1 by default should be your WAN port. Ensure that CPU and Port 1 both are set to “Tagged”. Leave the rest of Ports as Off.
Click ADD. Change the VLAN ID for the new VLAN Interface to 823.
With your Astro IPTV decoder plugged into your router’s Port 4, it should be then Port 5 in the OpenWRT Switch interface. Under VLAN ID 823, ensure that CPU, Port 1 both are “Tagged”. For Port 5, set it as “Untagged”. Rest set as Off. Under VLAN ID 1, turn off the tagging for Port 5.
Click Save and Apply.
Tie the WAN Interface to VLAN 621.:
Go to Network -> Interface.
Under WAN, click Edit.
Under Physical Settings, select “eth0.621”
Create a new interface for IPTV and configure the firewall:
Go to Network -> Interface
Click Add new Interface.
Define the new name “IPTV”
Protocol: Static Address
Cover the following interface: eth0.823
Click Submit.
IPv4 Address: 192.168.2.1
IPv4: 255.255.255.0
Under Firewall Settings, under create:, type in “iptv”
Save & Apply
Under Interface, DHCP Server, click “Setup DHCP Server”.
Under DHCP Server, click “Advanced Settings” tab.
Ensure that “Force DHCP on this network even if another server is detected” is selected.
Save & Apply
Network -> Firewall, under IPTV, select the Edit icon.
Ensure that “Allow Forward to destination zones” is selected for WAN.
Click Save & Apply.
Install IGMPProxy
Click System -> Software
Click Update Lists.
Under Filter, type in “IGMPproxy”
click Available Packages. Click Install next to IGMPPROXY.
Configure IGMPProxy
Download PUTTY, run it and connect to your router
Under Login As, type “root”. Press Enter.
Type in your OpenWRT password.
Type in:
cd /etc/config
vi igmpproxy
Modify the “192.168.1.0/24” to “192.168.2.0/24” (see this link on how to use VI to edit)
Reboot OpenWRT.
Now check if Astro IPTV is still working.
The overview of my interface:
Good luck!
Posted in Computing, OpenWRT|Comments Off on Configure Astro IPTV using a Custom Router (OpenWRT) – Updated 1
Back in August I posted a blog announcing the beta release of Azure AD Connect. Since then we have received a lot of feedback and made improvements in AAD Connect and AAD Sync, including multi forest support and password write back.
The biggest thing we’ve learned from you, our customers and partners, is that rather than a bunch of different tools (DirSync, AAD Connect, AAD Sync, ADFS, etc.) you want one simple, integrated tool for connecting your existing Windows Server Active Directory with Azure Active Directory. You’ll be happy to know that we’ve acted on your feedback!
Today we’re releasing a public preview of the “new” Azure AD Connect (you can download it here).
Azure AD Connect is “new” because it is now one integrated tool that includes all the advances of AAD Sync and the features from the beta release of Azure AD Connect into simple, fast & lightweight solution. Azure AD Connect has everything you need to connect your Windows Server AD(s) and Azure AD with only 4 clicks.
Now you can get started using Azure AD in under an hour, no new hardware required!
With this preview you can choose Express Settings or Custom settings just like before, only now you get the latest sync engine and capabilities.
Add one or many Active Directory forests to your connection.
And configure sync options Exchange Hybrid sync, password write back and alternate ID attribute
There are few things I want to let you know about the preview:
Because it’s our first combined wizard and it is in Preview status, we are not supporting production deployments for this release. Our next release will be production supported.
Our goal is to bring 100% of the previous DirSync functionality into Azure AD Connect. Before we GA Azure AD Connect we will bring all Dirsync functionality in.
We’ve received a lot of great feedback from you and have incorporated most it. But that doesn’t mean we’re done. Please keep the feedback coming!
Our goal is to GA Azure AD Connect with additional sync options, seamless migration from Dirsync, and production support in the next 90 days.
Please note there will no longer be separate releases of Azure AD Sync and Azure AD Connect. And we have no future releases of DirSync planned. Azure AD Connect is now your one stop shop for sync, sign on and all combinations of hybrid connections.
Posted in Office365, Windows Azure|Comments Off on Azure AD Connect: One simple, fast, lightweight tool to connect Active Directory and Azure Active Directory
Users of Wi-Fi hotspots have been warned about the “Poodle” attack – the latest bug in Internet browsers that can hijack web sessions and transactions, and even extract data from secure HTTP connections, The Straits Times reported today.
Poodle, or Padding Oracle on Downgraded Legacy Encryption, exploits Secure Sockets Layer version 3 (SSLv3), one of the protocols used to secure Internet traffic, the Singapore daily said.
All major browsers, from Google Chrome to Mozilla Firefox, support SSLv3.
An attacker can access online banking or email systems “secured” by HTTP connections. The flaw was reported by Google employees – Bodo Möller, Thai Duong and Krzysztof Kotowicz – in a paper published on Thursday.
The Poodle attack relies on the fact that most web servers and browsers are still using an “ancient” SSLv3 to secure their communications.
In an Exchange Hybrid environment (using Office 365).
Problem:
In Exchange Management Console (EMC), under Move Request, there is some mailbox being moved. This action was not done by the local IT administrators. The mailbox affected are mailboxes already migrated to Office 365.
Solution/Explanation:
Run a Get-MoveRequest and if you see something like below, you are actually seeing the database being moved from Exchange Online DB to another Exchange Online DB. This is part of Exchange Online DB maintenance. There is no impact to users.
Problem: Customer has a few email domain names and are slowly migrating to Office 365. The customer wants to auto assign license for certain domains using PowerShell.
Step 1:
Set the Office 365 tenant password in a TXT file.
The PowerShell Script:
#Modify below YOURPASSWORD to your Office 365 password
$password = “YOURPASSWORD”
$password | ConvertFrom-SecureString | Set-Content c:\o365\password.txt
Step 2:
Search based on the valid domains and add license for users that have not been licensed.
The powershell script:
#Valid Domains.
#Modify below domainA.com and domainB.com to your own domain that you want to auto assign license.
$validDomains =”*@domainA.com”,”*@domainB.com”
When you are trying to delete a verified domain name in Office 365, an error pops up saying that some users or Office365 services are still attached to the domain.
Root Cause:
Just like what the error said, some of the Office 365 services or users are still attached/assigned to the domain name that you are trying to remove.
Solution:
Things to check:
Ensure that no users are associated with the domain that you are trying to delete. You can verify this by going into Users And Groups, and Edit a user. Ensure that the domain you are trying to delete, eg, abc.com, is not listed there.
Ensure that no security groups/distribution groups have the accounts attached to abc.com. Security groups/distribution groups can be access by logging into Office 365, click on Users And Groups, and click on Security Groups.
If you have just deleted the users, or changed the domain for each individual users, you will need to wait for a while (1 min?) as it will need to sync the changes to the different Office365 service settings.
If the accounts are uploaded to Dirsync, you will need to stop the Dirsync synchronization to change the accounts to a Cloud Only account. Then, you will need to do step 1-3 above to delete the Security groups; and/or manually modify the e-mail addresses fields in Office 365, Exchange Online.
Posted in Office365|Comments Off on Office 365 – Unable to remove verified Domain name
Lately, I had an issue with Office 365’s MIISClient.exe
Problem:
MIISClient.exe shows that a bunch of user accounts failed to sync with the error “Insufficient Permission”.
Solution:
Certain permissions needed by MSOL Service Account went missing (for whatever reason!). All we had to do is to recheck back the permissions.
Step 1: Run the Azure Active Directory Sync tool Configuration Wizard
Make sure that the latest version of the Directory Sync tool is installed and that you run the Azure Active Directory Sync tool Configuration Wizard. When you run the wizard, one screen prompts you to enable rich coexistence. Complete the wizard, and then start directory synchronization.
Alternatively, you can run the Enable-MSOnlineRichCoexistence cmdlet after the Directory Sync tool is installed to enable the write-back feature. This cmdlet must be run by using enterprise credentials or should be run by the enterprise admin.
If step 1 doesn’t resolve the issue, check that the MSOL_AD_Sync user belongs to the MSOL_AD_Sync_RichCoexistence group and that the group has Allow permissions to the user who is experiencing the issue, where write-back is not working for the following attributes:
msExchSafeSendersHash
msExchBlockedSendersHash
msExchSafeRecipientHash
msExchArchiveStatus
msExchUCVoiceMailSettings
ProxyAddresses
To do this, follow these steps:
In Active Directory, make sure that the MSOL_AD_Sync_RichCoexistence group exists and that the MSOL_AD_Sync user is a member of the group.
In the on-premises environment, use Active Directory Users and Computers to open the user properties for the user who is experiencing the issue.
On the Security tab, click Advanced.
Note You must enable advanced features to complete step 3.
Make sure that the MSOL_AD_Sync_RichCoexistence group is listed. If it’s not listed, add the group, and then make sure that the group is granted Allow permissions to write to the attributes that are listed previously.
Note Step 2 may be required if the object does not inherit permissions from the parent. This issue may be resolved by making sure that the object inherits permissions from the parent object.
6. Ensure that in all Exchange Servers (including the inactive ones located in the DR sites), the Get-WebServicesVirtualDirectory has the correct ExternalURL: https://mail.contoso.com/ews/exchange.asmx (and is routable from the internet)
Get-WebServicesVirtualDirectory -Identity “ServerName\EWS (Default Web Site)”
Leave a comment if it’s still not working. No promise that I can help you fix, but I’ll try
Posted in Office365|Comments Off on Free/busy not working in Hybrid
You have a customer. They are on Exchange on-premise. You want to implement Office 365 with Exchange hybrid. What is the Exchange Server versions that is supported in a Hybrid mode?
Answer:
On-premises environment
Exchange 2010-based hybrid with tenant version v14
Exchange 2010-based hybrid with tenant version v15
Exchange 2013-based hybrid with tenant version v15
Exchange 2013 (CU1)
Not supported1
Not applicable
Supported
Exchange 2010 SP3
Supported
Supported
Supported5
Exchange 2010 SP2
Supported
Not supported2
Not supported
Exchange 2010 SP1
Supported
Not supported2
Not supported
Exchange 2007 SP3 RU10
Supported3
Supported4
Supported5
Exchange 2007 SP3
Supported3
Not Supported
Not supported
Exchange 2003 SP2
Supported3
Supported4
Not supported
Note:
1 Blocked in Exchange 2013 setup
2 Tenant upgrade notification provided in Exchange Management Console
3 Requires at least one on-premises Exchange 2010 SP2 server
4 Requires at least one on-premises Exchange 2010 SP3 server
5 Requires at least one on-premises Exchange 2013 CU1 or greater server
Posted in MS News|Comments Off on Implementing Office 365 with Exchange Hybrid
Bing is famous for having a different background picture whenever someone browses to Bing. However today onwards, when browsing to Bing using a HTML5 supported browser, it will show a video in the background.
What do you think? Waste of bandwidth?
Source: Bing Blog at http://www.bing.com/community/site_blogs/b/search/archive/2011/09/23/something-new-on-the-homepage.aspx?form=pgbar1