There has been a lot of responses directly to me regarding configuring OpenWRT (Or any router) to allow Roku/your Smart TV to access Netflix, Hulu Plus or Amazon Prime. Let me write about the 3 steps process on enabling your Roku devices (in my example) to access Netflix in any non-USA country.

Post 1: VPN Service. Why do you need it.

Post 2: Configure VPN on OpenWRT

Post 3: Route only traffic from a particular Internal IP through VPN in OpenWRT

Post 1: VPN Service. Why do you need it.

Without VPN, when we access Netflix, Netflix will be able to see our originating IP address (or our originating country). As you are already aware (are you?), Netflix is only available for USA viewers.

With VPN, Netflix will think that we are located in USA (although we are connecting from a non-USA region). The traffic goes out from our PC/streaming player, to our local ISP. The data is then routed back to the USA VPN Server, and the data is then encapsulated and passes to Netflix service. I hope I did not lose you.

Anyway, based on my test, below are some VPN Services that worked best/stable:

VPNAce

It works for the following devices:

If you are looking for a VPN Service that allows you to watch Netflix, purchase one of the VPN Services above and let me know if it helps!

  What is Dynamic DNS:

Dynamic DNS (DDNS or DynDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DNS configuration of its configured hostnames, addresses or other information.

Configure Dynamic DNS in OpenWRT:

Pre-requisites:

1. This post is written based on OpenWrt Barrier Breaker 14.07

Steps:

1. Login to your OpenWRT Admin (by default is 192.168.1.1)
2. Select Systems -> Software
3. Under Filter, type in “luci-app-ddns”. Click Find Package.
4. 
5. Then click on “Available Packages”. Next to Luci-app-ddns, click Install.
6. Once Luci-app-ddns is installed, you should see a new option called “Services” between the “System” and “Network”
7. Select Services ->  Dynamic DNS
8. Define the dynamic DNS configuration parameters as per the screenshot and click Save
9. 
10. Lastly, go to System -> Startup.
11. Locate the Service called “DDNS” and click on “Disabled” to enable it.
12. 

Comment here if you are having issues!

Problem:

When updating Exchange Service Pack, it throws a few error:

“Cannot find the recipient update service responsible for domain ‘dc=sample,dc=domain,dc=com’. new and existing users may not be properly Exchange-enabled.”

The Windows Firewall service must be started before Setup can continue.

Analysis:

You checked the Exchange log (ExchangeSetup.log). It showed:

Error ONE:

[2/16/2015 1:11:59 AM] [1] [ERROR] Unexpected Error
[2/16/2015 1:11:59 AM] [1] [ERROR] The operation could not be performed because object ‘exchserver01’ could not be found on domain controller ‘adserver01.domain.com’.
[2/16/2015 1:11:59 AM] [1] Ending processing.
[2/16/2015 1:11:59 AM] [1] [ERROR] The Windows Firewall service must be started before Setup can continue.

You verify from the Domain Controller adserver01.domain.com that the Exchange server object is there. You also verify that the Exchange Server is able to communicate with the adserver01.domain.com

Error TWO:

“Cannot find the recipient update service responsible for domain ‘dc=sample,dc=domain,dc=com’. new and existing users may not be properly Exchange-enabled.”

You will need to remove the RUS manually. Most likely Exchange 2003 wasn’t decomm-ed properly (if you are no longer using Exchange 2003).

Solution:

Error ONE:

Ignore the error “[2/16/2015 1:11:59 AM] [1] [ERROR] The operation could not be performed because object ‘exchserver01’ could not be found on domain controller ‘adserver01.domain.com’.”

Just proceed with starting the Windows Firewall service and rerun the update of Service Pack.

Error TWO:

Remove the RUS (If you no longer have any Exchange 2003 server in your environment).

You will not be able to delete the Recipient Update Service (Enterprise Configuration) by using Exchange 2003 or Exchange 2000 System Manager. Perform the following steps to delete theRecipient Update Service (Enterprise Configuration) by using ADSI Edit (AdsiEdit.msc):

1. Open ADSI Edit, expand Configuration, expand CN=Configuration,CN=<domain>, expandCN=Services, expand CN=Microsoft Exchange, expand CN=<Exchange organization name>, expand CN=Address Lists Container, and then select CN=Recipient Update Services.
2. In the result pane, right-click Recipient Update Service (Enterprise Configuration), clickDelete, and then click Yes to confirm the deletion.

By default, with Astro IPTV, you will be getting a Technicolor device from Maxis.

I will show you how to replace the Technicolor and replace it with an OpenWRT router (I’m using “OpenWrt Barrier Breaker 14.07”).

Pre-requisites:

1. Ensure that your router is already flashed to the OpenWRT version. See this post if you have not done so: Installing OpenWRT.

Setup of OpenWRT, Connect to PPPoE (after flashing to OpenWRT):

1. Change Password. On opening OpenWRT router, you will be asked to login. The default password for OpenWRT is empty. Login and change your password.
2. Connect to PPPoE. First thing you want to do is to connect to PPPoE, so your WAN will be able to connect to the TM fiber device. Click Network -> Interface -> next to WAN, click Edit. Change the protocol to PPPoE-WAN. Specify your username “5 digits@home.maxis.com.my or 5 digits@public.maxis.com.my”. Password by default should be the your 5 digits with a value 1 behind. Eg, if your username is 12345@home.maxis.com.my, your password will be 123451.
3. Click Save and Apply.

Create new VLAN for Maxis home fibre and Astro IPTV:

1. Switch. Click Network -> Switch.
2. Under VLAN ID, modify the value 2 to value 621.
3. Port 1 by default should be your WAN port. Ensure that CPU and Port 1 both are set to “Tagged”. Leave the rest of Ports as Off.
4. Click ADD. Change the VLAN ID for the new VLAN Interface to 823.
5. With your Astro IPTV decoder plugged into your router’s Port 4, it should be then Port 5 in the OpenWRT Switch interface. Under VLAN ID 823, ensure that CPU, Port 1 both are “Tagged”. For Port 5, set it as “Untagged”. Rest set as Off. Under VLAN ID 1, turn off the tagging for Port 5.
6. Click Save and Apply.

Tie the WAN Interface to VLAN 621.:

1. Go to Network -> Interface.
2. Under WAN, click Edit.
3. Under Physical Settings, select “eth0.621”

Create a new interface for IPTV and configure the firewall:

1. Go to Network -> Interface
2. Click Add new Interface.
3. Define the new name “IPTV”
4. Protocol: Static Address
5. Cover the following interface: eth0.823
6. Click Submit.
7. IPv4 Address: 192.168.2.1
8. IPv4: 255.255.255.0
9. Under Firewall Settings, under create:, type in “iptv”
10. Save & Apply
11. Under Interface, DHCP Server, click “Setup DHCP Server”.
12. Under DHCP Server, click “Advanced Settings” tab.
13. Ensure that “Force DHCP on this network even if another server is detected” is selected.
14. Save & Apply
15. Network -> Firewall, under IPTV, select the Edit icon.
16. Ensure that “Allow Forward to destination zones” is selected for WAN.
17. Click Save & Apply.

Install IGMPProxy 

1. Click System -> Software
2. Click Update Lists.
3. Under Filter, type in “IGMPproxy”
4. click Available Packages. Click Install next to IGMPPROXY.

Configure IGMPProxy

1. Download PUTTY, run it and connect to your router
2. Under Login As, type “root”. Press Enter.
3. Type in your OpenWRT password.
4. Type in:
   1. cd /etc/config
   2. vi igmpproxy
5. Modify the “192.168.1.0/24” to “192.168.2.0/24” (see this link on how to use VI to edit)
6. Reboot OpenWRT.

Now check if Astro IPTV is still working.

The overview of my interface:

Good luck!

Background:

Office 365 with Dirsync setup.

Problem:

After a batch update of users in AD, and assignment of license in Office 365, these users are not able to login to Office 365.

However, if create a single user in AD and assign license in Office 365, the user is able to login to Office 365.

Solution:

Do a force password sync

Note: You must have Directory Sync tool version 6438.0003 or greater installed in order to perform the process below.

To trigger a full password sync, perform the following steps:

1. Open PowerShell, and then type Import-Module DirSync
2. Type Set-FullPasswordSync, and then press Enter
3. Load Services.msc
4. Restart the Forefront Identity Manager Synchronization Service Service.

Back in August I posted a blog announcing the beta release of Azure AD Connect. Since then we have received a lot of feedback and made improvements in AAD Connect and AAD Sync, including multi forest support and password write back.

The biggest thing we’ve learned from you, our customers and partners, is that rather than a bunch of different tools (DirSync, AAD Connect, AAD Sync, ADFS, etc.) you want one simple, integrated tool for connecting your existing Windows Server Active Directory with Azure Active Directory. You’ll be happy to know that we’ve acted on your feedback!

Today we’re releasing a public preview of the “new” Azure AD Connect (you can download it here).

Azure AD Connect is “new” because it is now one integrated tool that includes all the advances of AAD Sync and the features from the beta release of Azure AD Connect into simple, fast & lightweight solution. Azure AD Connect has everything you need to connect your Windows Server AD(s) and Azure AD with only 4 clicks.

Now you can get started using Azure AD in under an hour, no new hardware required!

With this preview you can choose Express Settings or Custom settings just like before, only now you get the latest sync engine and capabilities.

Add one or many Active Directory forests to your connection.

And configure sync options Exchange Hybrid sync, password write back and alternate ID attribute

There are few things I want to let you know about the preview:

• Because it’s our first combined wizard and it is in Preview status, we are not supporting production deployments for this release. Our next release will be production supported.
• Our goal is to bring 100% of the previous DirSync functionality into Azure AD Connect. Before we GA Azure AD Connect we will bring all Dirsync functionality in.
• We’ve received a lot of great feedback from you and have incorporated most it. But that doesn’t mean we’re done. Please keep the feedback coming!

Our goal is to GA Azure AD Connect with additional sync options, seamless migration from Dirsync, and production support in the next 90 days.

Please note there will no longer be separate releases of Azure AD Sync and Azure AD Connect. And we have no future releases of DirSync planned. Azure AD Connect is now your one stop shop for sync, sign on and all combinations of hybrid connections.

Source: Technet Blog

Users of Wi-Fi hotspots have been warned about the “Poodle” attack – the latest bug in Internet browsers that can hijack web sessions and transactions, and even extract data from secure HTTP connections, The Straits Times reported today.

Poodle, or Padding Oracle on Downgraded Legacy Encryption, exploits Secure Sockets Layer version 3 (SSLv3), one of the protocols used to secure Internet traffic, the Singapore daily said.

All major browsers, from Google Chrome to Mozilla Firefox, support SSLv3.

An attacker can access online banking or email systems “secured” by HTTP connections. The flaw was reported by Google employees – Bodo Möller, Thai Duong and Krzysztof Kotowicz – in a paper published on Thursday.

The Poodle attack relies on the fact that most web servers and browsers are still using an “ancient” SSLv3 to secure their communications.

Source: The Malaysian Insider

Scenario:

In an Exchange Hybrid environment (using Office 365).

Problem:

In Exchange Management Console (EMC), under Move Request, there is some mailbox being moved. This action was not done by the local IT administrators. The mailbox affected are mailboxes already migrated to Office 365.

Solution/Explanation:

Run a Get-MoveRequest and if you see something like below, you are actually seeing the database being moved from Exchange Online DB to another Exchange Online DB. This is part of Exchange Online DB maintenance. There is no impact to users.

ExchangeGuid               : 404b747c-d942-4ecc-ba61-9459c234a8d3

SourceDatabase             : APCPR04DG020-db001

TargetDatabase             : APCPR04DG011-db170

SourceArchiveDatabase      :

TargetArchiveDatabase      :

Flags                      : IntraOrg, Pull, MoveOnlyPrimaryMailbox

Problem: Customer has a few email domain names and are slowly migrating to Office 365. The customer wants to auto assign license for certain domains using PowerShell.

Step 1:

Set the Office 365 tenant password in a TXT file.

The PowerShell Script:

#Modify below YOURPASSWORD to your Office 365 password
$password = “YOURPASSWORD”
$password | ConvertFrom-SecureString | Set-Content c:\o365\password.txt

Step 2:

Search based on the valid domains and add license for users that have not been licensed.

The powershell script:

#Valid Domains.
#Modify below domainA.com and domainB.com to your own domain that you want to auto assign license.
$validDomains =”*@domainA.com”,”*@domainB.com”

$MsolAdmUser = “admin@USERTENANTNAME.onmicrosoft.com”
$pwd = Get-Content c:\o365\credmsol.txt | ConvertTo-SecureString
$cred = New-Object System.Management.Automation.PSCredential $MsolAdmUser, $pwd

# CONNECT TO 365
Import-Module MSOnline
Connect-MsolService -Credential $cred

$temp = (get-msoluser -all) | select userprincipalname

foreach ($a in $validDomains){

foreach ($b in $temp){

$validUser = ($b) | where {$b.userprincipalname -like $a}

If ($validUser –eq $null){

} else{

set-msoluser -userprincipalname $validUser.userprincipalname -usagelocation “MY”

set-msoluserlicense -userprincipalname $validUser.userprincipalname -addlicenses “userTenantName:STANDARDWOFFPACK“

$validUser = $null

}

}

}

To get the “userTenantName:STANDARDWOFFPACK“, you will need to run get-msolaccountsku.

The above is a script that I quickly developed. Apologies if it isn’t neat as of now

Problem:

When you are trying to delete a verified domain name in Office 365, an error pops up saying that some users or Office365 services are still attached to the domain.

Root Cause:

Just like what the error said, some of the Office 365 services or users are still attached/assigned to the domain name that you are trying to remove.

Solution:

Things to check:

1. Ensure that no users are associated with the domain that you are trying to delete. You can verify this by going into Users And Groups, and Edit a user. Ensure that the domain you are trying to delete, eg, abc.com, is not listed there.
2. Ensure that no security groups/distribution groups have the accounts attached to abc.com. Security groups/distribution groups can be access by logging into Office 365, click on Users And Groups, and click on Security Groups.
3. If you have just deleted the users, or changed the domain for each individual users, you will need to wait for a while (1 min?) as it will need to sync the changes to the different Office365 service settings.
4. If the accounts are uploaded to Dirsync, you will need to stop the Dirsync synchronization to change the accounts to a Cloud Only account. Then, you will need to do step 1-3 above to delete the Security groups; and/or manually modify the e-mail addresses fields in Office 365, Exchange Online.

Lately, I had an issue with Office 365’s MIISClient.exe

Problem:

MIISClient.exe shows that a bunch of user accounts failed to sync with the error “Insufficient Permission”.

Solution:

Certain permissions needed by MSOL Service Account went missing (for whatever reason!). All we had to do is to recheck back the permissions.

Step 1: Run the Azure Active Directory Sync tool Configuration Wizard

Make sure that the latest version of the Directory Sync tool is installed and that you run the Azure Active Directory Sync tool Configuration Wizard. When you run the wizard, one screen prompts you to enable rich coexistence. Complete the wizard, and then start directory synchronization.

Alternatively, you can run the Enable-MSOnlineRichCoexistence cmdlet after the Directory Sync tool is installed to enable the write-back feature. This cmdlet must be run by using enterprise credentials or should be run by the enterprise admin.

Step 2: Confirm MSOL_AD_Sync_RichCoexistence permissions

If step 1 doesn’t resolve the issue, check that the MSOL_AD_Sync user belongs to the MSOL_AD_Sync_RichCoexistence group and that the group has Allow permissions to the user who is experiencing the issue, where write-back is not working for the following attributes:

• msExchSafeSendersHash
• msExchBlockedSendersHash
• msExchSafeRecipientHash
• msExchArchiveStatus
• msExchUCVoiceMailSettings
• ProxyAddresses

To do this, follow these steps:

1. In Active Directory, make sure that the MSOL_AD_Sync_RichCoexistence group exists and that the MSOL_AD_Sync user is a member of the group.
2. In the on-premises environment, use Active Directory Users and Computers to open the user properties for the user who is experiencing the issue.
3. On the Security tab, click Advanced.
   
   Note You must enable advanced features to complete step 3.
4. Make sure that the MSOL_AD_Sync_RichCoexistence group is listed. If it’s not listed, add the group, and then make sure that the group is granted Allow permissions to write to the attributes that are listed previously.

Note Step 2 may be required if the object does not inherit permissions from the parent. This issue may be resolved by making sure that the object inherits permissions from the parent object.

Source: Microsoft KB 2406830

Hope this helps!

Statement:

You have purchased some Office 365 E3 plans and have assigned the Office 365 E3 licenses to the users.

You would like to activate Legal Hold for these users in bulk, using PowerShell.

Script to Activate:

1. # First you need to be connected to the Exchange PowerShell.
3. $pagesize = 100; # The number of mailboxes per loop
4. $inc = 0; # Start increment value
6. # Continue until all mailboxes are litigation hold enabled
7. do {
8.     Write-Output “Getting mailboxes”
9.     # Get UserMailboxes that does not have litigation hold enabled
10.     $mailboxes = Get–Mailbox –Filter {LitigationHoldEnabled -eq $false -andRecipientTypeDetails -eq “UserMailbox”} –ResultSize $pagesize –WarningAction SilentlyContinue
11.     if($mailboxes) { Write-Output (“Current mailbox count: {0}” -f ($inc += $mailboxes.Count))}
12.     # Enable litigation hold
13.     $mailboxes | Set–Mailbox –LitigationHoldEnabled $true –WarningAction SilentlyContinue
14. } while($mailboxes);

Source: Goodworkaround.com

In a Hybrid deployment, lately I had experienced that:

1. On-premise users can see cloud users’ free/busy

2. Cloud users cant see on-premise users free/busy

Note: the below may not solve your problem, but it should lead you to the right way to brute force your way to solve the problem lol

Resolution:

1. Try out the Hybrid Free/Busy Troubleshooting Tool.

2. Check out: User can’t view free/busy information for a remote user in a hybrid deployment of on-premises Exchange Server and Exchange Online in Office 365

3. Did an IISRESET as recommended: http://jesperstahle.azurewebsites.net/?p=242

4. Update/Refresh the Federation Metadata. See this blog for more information.

•  Connect to Exchange Online in PoweShell
• Execute:
• Get-FederationTrust | Set-FederationTrust -RefreshMetadata

5. Execute the free/busy test from Microsoft Remote Analyzer

6. Ensure that in all Exchange Servers (including the inactive ones located in the DR sites), the Get-WebServicesVirtualDirectory has the correct ExternalURL: https://mail.contoso.com/ews/exchange.asmx (and is routable from the internet)

Get-WebServicesVirtualDirectory -Identity “ServerName\EWS (Default Web Site)”

Leave a comment if it’s still not working. No promise that I can help you fix, but I’ll try

Problem:

You have a customer. They are on Exchange on-premise. You want to implement Office 365 with Exchange hybrid. What is the Exchange Server versions that is supported in a Hybrid mode?

Answer:

Note:
1 Blocked in Exchange 2013 setup 2 Tenant upgrade notification provided in Exchange Management Console 3 Requires at least one on-premises Exchange 2010 SP2 server 4 Requires at least one on-premises Exchange 2010 SP3 server 5 Requires at least one on-premises Exchange 2013 CU1 or greater server

Bing is famous for having a different background picture whenever someone browses to Bing. However today onwards, when browsing to Bing using a HTML5 supported browser, it will show a video in the background.

What do you think? Waste of bandwidth?

Source: Bing Blog at http://www.bing.com/community/site_blogs/b/search/archive/2011/09/23/something-new-on-the-homepage.aspx?form=pgbar1