2020 Daniel Gibbs Comments 0 Comment

Browsed byAuthor: Daniel Gibbs.
How Fortnite V-Bucks and In-Game Purchases Work – A Parents Guide How Fortnite V-Bucks and In-Game Purchases Work – A Parents Guide.
July 8, 2020 Daniel Gibbs Comments 0 Comment.
I have created this guide to help parents or anyone who wants to understand how to get the most out of in-game purchases in Fortnite.
To help ensure the best experience, value for money and prevent you from being caught out.
Fix Ubuntu Server Name Resolution when Pi-Hole is Installed Fix Ubuntu Server Name Resolution when Pi-Hole is Installed.
July 8, 2020 Daniel Gibbs Comments 0 Comment.
When installing a Pi-Hole on an Ubuntu server I found that once install the Ubuntu server itself was no longer able to resolve DNS.
Prevent automatic change of audio device – Ubuntu Prevent automatic change of audio device – Ubuntu.
June 25, .

2019 Daniel Gibbs Comments 1 Comment

If you are using HDMI or DisplayPort for audio

the devices regularly seem to switch back to in-built audio all by themselves.

This can be due to the HDMI device becoming unavailable when the monitor turns itself off

causing PulseAudio to choose a different device.
This causes a problem as PulseAudio does not automatically go back to the originally selected device once the HDMI device has returned.
This is very frustrating as it means constantly having to re-selected the prefered… Read More Read More SteamCMD Workaround for “appid 90” HLDS Games Servers Part II SteamCMD Workaround for “appid 90” HLDS Games Servers Part II.
October 8, .

2017 Daniel Gibbs Comments 5 Comments

Up date October 2017: It seems this issue has returned after Valve fixed it several years ago.
I have updated this repo with new app_manifest files for each server.

Hopefully Valve fix the issue again

HLDS (GoldSrc) games use appid 90 to download the game server files from SteamCMD

There is a bug that prevents all the files being downloaded from SteamCMD.
Getting all the files can take any number of attempts for SteamCMD to download them all.
The fix is… Read More Read More Debian 7 “Wheezy” LTS Updates Debian 7 “Wheezy” LTS Updates.
August 24, .

2016 Daniel Gibbs Comments 1 Comment

Debian 7 “Wheezy” Is managed by the LTS (Long Term Support) team.
Who are responsible for security update s on wheezy until May 2018.
To continue to receive updates you will need to update your sources.list.
vi /etc/apt/sources.list Add the following to your sources.list file deb http://httpredir.debian.org/debian/ wheezy main contrib non-free deb-src http://httpredir.debian.org/debian/ wheezy main contrib non-free deb http://security.debian.org/ wheezy/updates main contrib non-free deb-src http://security.debian.org/ wheezy/updates main contrib non-free deb http://httpredir.debian.org/debian/ wheezy-updates main contrib non-free deb-src http://httpredir.debian.org/debian/ wheezy-updates main contrib non-free… Read More Read More Backblaze B2 Reaching “Class C Transactions Cap” with Synology NAS Backblaze B2 Reaching “Class C Transactions Cap” with Synology NAS.
August 21, 2016 Daniel Gibbs Comments 1 Comment.
Symptom You may be getting the following alerts via email.
Class C Transactions Cap Reached 100% You have reached 100% of the free Backblaze Daily Class C Transactions Cap.
To increase your Daily Class C Transactions Cap or to change your Cap Notification Settings log on to the ‘Caps & Alerts’ page When you login to the Backblaze control panel you will see your class C transactions cap has reached.
Reason Synology cloud sync by default does a sync check for files every… Read More Read More Cloud Backup for Synology NAS using BackBlaze B2 Cloud Backup for Synology NAS using BackBlaze B2.
July 16, .

2016 Daniel Gibbs Comments 4 Comments

This tutorial will run though the set up Backblaze B2 cloud storage as a backup method for your Synology NAS using Cloud Sync.
What is Backblaze B2.
Backblaze B2 is a recently released cloud backup storage solution that works with Synology NAS (and other applications ).
It  charges $0.005 per GB to backup; this works out at around $5 for 1TB.
By far the cheapest cloud storage solution compared to others, finally making it affordable for to use this type of solution….
Read More Read More Pushbullet: How to Send a message from Bash Pushbullet: How to Send a message from Bash.
June 5, .

2016 Daniel Gibbs Comments 3 Comments

With this simple one line of code it is possible to send a message to your Pushbullet account from the Linux terminal.
This is great if you want your BASH script to message you when a specific task completes or fails.
All that is required is a Pushbullet token that you can obtain from the settings within your PushBullet Account.
This can be found here https://www.pushbullet.com/#settings Now paste the code to your terminal replacing the pushbullettoken with your own token and changing… Read More Read More Thank You Note from Doxie Team Thank You Note from Doxie Team.
June 3, .

2016 Daniel Gibbs Comments 0 Comment

Thought this was a nice touch.
I registered my Doxie GO Wi-Fi scanner that I had been using for a little while now and got this unexpected email back from Doxie Customer Care.
I have been impressed with the scanner and has helped me quickly digitize my paper work.
The only thing I need now is to get more organised.
Thanks @Doxie http://www.getdoxie.com The email reads: Hey Daniel, I noticed you recently registered your Doxie.
Congrats on making the first step… Read More Read More Install Plex Classic on NowTV Box Install Plex Classic on NowTV Box.
December 30, .

2015 Daniel Gibbs Comments 21 Comments

update: Sadly sideloading has been taken off the NowTV box so you can no longer user Plex with NowTV.
See link here for details NowTV box (Roku Player in disguise) is a great cheap set-top box that you can pick up for around £20.
It has a good selection of apps such as iPlayer, ITVHub, 4oD and YouTube as well as the optional paid NowTV service which I also recommend.
The only thing really missing is the ability to watch your… Read More Read More Posts navigation.
OLDER POSTS Categories Select Category Bash CUPS Email Gaming Home Network Linux Network Plesk Panel Plex Pop_OS.

Postfix SAMBA Steam Themes Ubuntu Uncategorized Windows

HIPAA Compliance and Cyber Risk Management

HIPAA Compliance and Cyber Risk Management .

Upcoming Educational Virtual & Onsite Events

Upcoming Education al Events.
Our live web events provide valuable information on a range of HIPAA compliance and cyber risk management related topics and allow attendees to gain insider insight and learn industry best practices .
Check back frequently as new webinar topics and dates are always being added.

10 Key Elements to Effective HIPAA Compliance & Cyber Risk Management: September 9

2020 | 11:00am–12:00pm CT.

0 Comments In this webinar

Jon Moore will review the 10-key elements to an effective, OCR-Quality HIPAA Compliance and Cyber Risk Management Program that will not only help you to meet compliance requirements but also help you to build a robust privacy and security program that protects your business, your data and most importantly, your patients.

Performing an Enterprise-Wide Risk Analysis in Changing Environments: September 16

2020 | 11:00am–12:00pm CT.
0 Comments One key area that is often overlooked by healthcare organizations is the need to review and update the risk analysis as material changes occur to their environment .
From Risk Analysis to Risk Response | How to respond to your identified cyber risks: September 23, 2020 | 11:00am–12:00pm CT.
0 Comments This webinar is designed to help you understand risk response fundamentals so that your organization can establish a process and workflow to reduce vulnerabilities and achieve better outcomes in managing cyber and compliance risks.
With Great Power Comes Great Responsibility : The Challenge of Maintaining Data Security in the Cloud: October 6, 2020 | 11:00am–12:00pm CT.

0 Comments During this webinar

Clearwater Chief Risk Officer and Head of Consulting Services Jon Moore will review recent examples of cloud security failures and discuss critical takeaways that organizations should note to avoid similar missteps.

IRM|Analysis® Demo – September 30

2020 11am–12pm CT.
0 Comments Join Clearwater for a live demonstration of the power of the best tool in the industry used by hundreds of organizations to perform an OCR-Quality® Risk Analysis and managing related risk remediation actions.

OCR-Quality® Risk Analysis Working Lab: Beginning October 7th – 11:00am–12:00pm CT

0 Comments Quick single registration for five sessions.
Hands on, interactive E-Learning series to help you minimize cyber risk exposures and meet compliance requirements.

A Patient Safety – Cyber Risk Discussion with Benoit Desjardins

M.
D., Ph.
D.
| October 8, 2020 | 11:00am–12:00pm CT.
0 Comments This web event discusses the potential threats to the confidentiality, integrity, and availability of medical imaging.

The foll Continue reading

Tag Archives: PowerShell V3.

Documenting Microsoft DHCP with Microsoft Word and PowerShell

May 31.

2014 4 Comments On a recent project

the customer needed a way to document their DHCP configuration after losing the DHCP database on one of their DHCP servers.

I offered to create a script and they gave me permissio Continue reading

Webster’s Citrix Documentation Scripts and Microsoft PowerShell Version 4

October 25, 2013 0 Comments Microsoft recently released their Windows Management Framework 4 which includes PowerShell 4.0.  I recently made sure all the current and future scripts worked with PowerShell Version 3.
The foll Continue reading.

Webster’s Citrix Documentation Scripts and Microsoft PowerShell Version 3

September 10, 2013 2 Comments I am in the process of creating V4 of the PVS and XenApp documentation scripts.  As part of the process I wanted to make sure all the current and future scripts worked with PowerShell Version 3.

The Continue reading

(87).
(93).
(5).
(3).
(93).
(7).
(13).
(19).
(1).
(24).
(3).
(1).
(388).
(15).
(90).
(6).
(1).
(7).
(7).
(1).
(8).
(2).
(2).
(49).
(20).
(1).
(106).
(68).
(38).
(69).
(94).
(1).
(97).
(54).
(2).
(27).

2 Comments on IPv6 Routed LAN with Windows

iis.
2013 EWS hybrid IAmMEC iis Kemp Load Master tmg Exchange Web Services (EWS) and 501 Error.
By.
June 24, 2014.
13 Comments on Exchange Web Services (EWS) and 501 Error.
As is common with a lot that I write in this blog, it is based on noting down the answers to stuff I could not find online.
For this issue, I did find something online by Michael Van “Hybrid”, but finding it was the challenge.
So rather than detailing the issue and the reason (you can read that on Michael’s blog) this talks about the steps to troubleshoot this issue.
So first the issue.
When starting a migration test from an Exchange 2010 mailbox with an Exchange 2013 hybrid server (running the mailbox and CAS roles) behind a Kemp load balancing (running 7.16 – the latest release at the time of writing, but recently upgraded from version 5 through 6 to 7) I got the following error: The server name will be different (thanks Michael for the screenshot).
In my case this was my clients UK datacentre.
My clients Hong Kong datacentre was behind a Kemp load balancer as well, but is only running Exchange 2010 and the New York datacentre has an F5 load balancer.
Moves from HK worked, but UK and NY failed for different reasons.
The issue shown above is not easy to solve as the migration dialog tells you nothing.
In my case it was also telling me the wrong server name.
It should have been returning the External EWSUrl from Autodiscover for the mailbox I was trying to move, instead it was returning the Outlook Anywhere external URL from the New York site (as the UK is proxied via NY for the OA connections).
For moves to the cloud, we added the External URL for EWS to each site directly so we would move direct and not via the only site that offered internet connected email.
So troubleshooting started with exrca.com – the Microsoft Connectivity Analyser.
Autodiscover worked most of the time in the UK but Synchronization, Notification, Availability, and Automatic Replies tests (to test EWS) always failed after six and a half seconds.
Autodiscover returned the following error: A Web exception occurred because an HTTP 400 – BadRequest response was received from Unknown.
HTTP Response Headers: Connection: close Content-Length: 87 Content-Type: text/html Date: Tue, 24 Jun 2014 09:03:40 GMT Elapsed Time: 108 ms.
And EWS, when AutoDiscover was returning data correctly, was as follows: Creating a temporary folder to perform synchronization tests.
Failed to create temporary folder for performing tests.
Additional Details Exception details: Message: The request failed.
The remote server returned an error: (501) Not Implemented.
Type: Microsoft.
Exchange.
WebServices.
Data.
ServiceRequestException Stack trace: at Microsoft.
Exchange.
WebServices.
Data.
ServiceRequestBase.
GetEwsHttpWebResponse(IEwsHttpWebRequest request) at Microsoft.
Exchange.
WebServices.
Data.
ServiceRequestBase.
ValidateAndEmitRequest(IEwsHttpWebRequest& request) at Microsoft.
Exchange.
WebServices.
Data.
ExchangeService.
InternalFindFolders(IEnumerable`1 parentFolderIds, SearchFilter searchFilter, FolderView view, ServiceErrorHandling errorHandlingMode) at Microsoft.
Exchange.
WebServices.
Data.
ExchangeService.
FindFolders(FolderId parentFolderId, SearchFilter searchFilter, FolderView view) at Microsoft.
Exchange.
WebServices.
Data.
Folder.
FindFolders(SearchFilter searchFilter, FolderView view) at Microsoft.
Exchange.
Tools.
ExRca.
Tests.
GetOrCreateSyncFolderTest.
PerformTestReally() Exception details: Message: The remote server returned an error: (501) Not Implemented.
Type: System.
Net.
WebException Stack trace: at System.
Net.
HttpWebRequest.
GetResponse() at Microsoft.
Exchange.
WebServices.
Data.
EwsHttpWebRequest.
Microsoft.
Exchange.
WebServices.
Data.
IEwsHttpWebRequest.
GetResponse() at Microsoft.
Exchange.
WebServices.
Data.
ServiceRequestBase.
GetEwsHttpWebResponse(IEwsHttpWebRequest request) Elapsed Time: 6249 ms.
What was interesting here was the 501 and that it was always approx.
6 seconds before it failed.
Looking in the IIS logs from the 2010 servers that hold the UK mailboxes there were no 501 errors logged.
The same was true for the EWS logs as well.
So where is the 501 coming from.
I decided to bypass Exchange 2013 for the exrca.com test (as my system is not yet live and that is easy to do) and so in Kemp pointed the EWS SubVDir directly to a specific Exchange 2010 server.
Everything worked.
So I decided it was an Exchange 2013 issue, apart from the fact I have lab environments the same as this (without Kemp) and it works fine there.
So I decided to search for “Kemp EWS 501” and that was the bingo keyword combination.
EWS and 501 or Exchange EWS and 501 got nothing at all.
With my environment back to Kemp >  2013 >  2010 I looked at Michaels suggestions.
The first was to run Test-MigrationServerAvailability –ExchangeRemoteMove –RemoteServer servername.domain.com.
I changed this slightly, as I was not convinced that I was connecting to the correct endpoint.
The migration reported the wrong server name and the Exrca tests do not tell you what endpoint they are connecting to.
So I tried Test-MigrationServerAvailability –ExchangeRemoteMove –Autodiscover –EmailAddress [email protected] As AutoDiscover is reporting errors at times, the second of these cmdlets sometimes reported the following: RunspaceId         : a711bdd3-b6a1-4fb8-96b8-f669239ea534 Result             : Failed Message            : AutoDiscover failed with a configuration error: The migration service failed to detect the migration endpoint using the Autodiscover service.
Please enter the migration endpoint settings or go back to the first step and retry using the Autodiscover service.
Consider using the Exchange Remote Connectivity Analyzer ( https://testexchangeconnectivity.com) to diagnose the connectivity issues.
ConnectionSettings : SupportsCutover    : False ErrorDetail        : internal error:Microsoft.
Exchange.
Migration.
AutoDiscoverFailedConfigurationErrorException: AutoDiscover failed with a configuration error: The migration service failed to detect the migration endpoint using the Autodiscover service.
Please enter the migration endpoint settings or go back to the first step and retry using the Autodiscover service.
Consider using the Exchange Remote Connectivity Analyzer ( https://testexchangeconnectivity.com) to diagnose the connectivity issues.
at Microsoft.
Exchange.
Migration.
DataAccessLayer.
MigrationEndpointBase.
InitializeFromAutoDiscove r(SmtpAddress emailAddress, PSCredential credentials) at Microsoft.
Exchange.
Management.
Migration.
TestMigrationServerAvailability.
InternalProcessExcha ngeRemoteMoveAutoDiscover() IsValid            : True Identity           : ObjectState        : New And when AutoDiscover was working (as it was random) I would get this: RunspaceId         : a711bdd3-b6a1-4fb8-96b8-f669239ea534 Result             : Failed Message            : The ExchangeRemote endpoint settings could not be determined from the autodiscover response.
No MRSProxy was found running at ‘outlook.domain.com’.
ConnectionSettings : SupportsCutover    : False ErrorDetail        : internal error:Microsoft.
Exchange.
Migration.
MigrationRemoteEndpointSettingsCouldNotBeAutodiscovere dException: The ExchangeRemote endpoint settings could not be determined from the autodiscover response.
No MRSProxy was found running at ‘outlook.domain.com’.
—> Microsoft.
Exchange.
Migration.
MigrationServerConnectionFailedException: The connection to the server ‘outlook.domain.com’ could not be completed.
—> Microsoft.
Exchange.
MailboxReplicationService.
RemoteTransientException: The call to ‘ https://outlook.domain.com/EWS/mrsproxy.svc’ failed.
Error details: The HTTP request is unauthorized with client authentication scheme ‘Negotiate’.
The authentication header received from the server was ‘Basic Realm=”outlook.domain.com”‘.
–> The remote server returned an error: (401) Unauthorized.
—> Microsoft.
Exchange.
MailboxReplicationService.
RemotePermanentException: The HTTP request is unauthorized with client authentication scheme ‘Negotiate’.
The authentication header received from the server was ‘Basic Realm=”outlook.domain.com”‘.
—> Microsoft.
Exchange.
MailboxReplicationService.
RemotePermanentException: The remote server returned an error: (401) Unauthorized.
— End of inner exception stack trace — — End of inner exception stack trace — at Microsoft.
Exchange.
MailboxReplicationService.
MailboxReplicationServiceFault.<>c__DisplayClas s1.b__0() at Microsoft.
Exchange.
MailboxReplicationService.
ExecutionContext.

Execute(Action operation) at Microsoft

Exchange.
MailboxReplicationService.
MailboxReplicationServiceFault.
ReconstructAndTh row(String serverName, .

VersionInformation serverVersion) at Microsoft

Exchange.
MailboxReplicationService.

WcfClientWithFaultHandling`2.<>c__DisplayClass1 .b__0() at Microsoft

Exchange.
Net.
WcfClientBase`1.
CallService(Action serviceCall, String context) at Microsoft.
Exchange.
Migration.
MigrationExchangeProxyRpcClient.
CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, .

LocalizedException& error) — End of inner exception stack trace — at Microsoft

Exchange.
Migration.
DataAccessLayer.
ExchangeRemoteMoveEndpoint.

VerifyConnectivity() at Microsoft

Exchange.
Management.
Migration.
TestMigrationServerAvailability.
InternalProcessEndpo int(Boolean fromAutoDiscover) — End of inner exception stack trace — IsValid            : True Identity           : ObjectState        : New This was returning the URL ‘ https://outlook.domain.com/EWS/mrsproxy.svc’ which is not correct for this mailbox (this was the OA endpoint in a different datacentre) and external Outlook access is not allowed at this company and so the TMG server in front of the F5 load balancer in the NY datacentre was not configured for OA anyway and browsing the the above URL returned the following picture, which is a well broken scenario but not the issue at hand here.
If OA (Outlook Anywhere) was available for this company, this is not what I would expect to see when browsing to the External EWS URL.
To that end we have EWS URL’s are bypass TMG and go direct to the load balancer.
So now we have either no valid AutoDiscover response or EWS using the wrong URL.
Back to the version of the cmdlet Michael was using as that ignores AutoDiscover: Test-MigrationServerAvailability –ExchangeRemoteMove –RemoteServer servername.domain.com RunspaceId         : 5874c796-54ce-420f-950b-1d300cf0a64a Result             : Failed Message            : The connection to the server ‘ewsinukdatacentre.domain.com’ could not be completed.
ConnectionSettings : SupportsCutover    : False ErrorDetail        : Microsoft.
Exchange.
Migration.
MigrationServerConnectionFailedException: The connection to the server ‘ewsinukdatacentre.domain.com’ could not be completed.
—> Microsoft.
Exchange.
MailboxReplicationService.
RemoteTransientException: The call to ‘ https://ewsinukdatacentre.domain.com/EWS/mrsproxy.svc’ failed.
Error details: The remote server returned an unexpected response: (501) Invalid Request.
–> The remote server returned an error: (501) Not                      Implemented.
—> Microsoft.
Exchange.
MailboxReplicationService.
RemotePermanentException: The remote server returned an unexpected response: (501) Invalid Request.
—> Microsoft.
Exchange.
MailboxReplicationService.
RemotePermanentException: The remote server returned an error: (501) Not Implemented.
— End of inner exception stack trace — — End of inner exception stack trace — at Microsoft.
Exchange.
MailboxReplicationService.
MailboxReplicationServiceFault.<>c__DisplayClas s1.b__0() at Microsoft.
Exchange.
MailboxReplicationService.
ExecutionContext.
Execute(Action operation) at Microsoft.
Exchange.
MailboxReplicationService.
MailboxReplicationServiceFault.
ReconstructAndTh row(String serverName, VersionInformation serverVersion) at Microsoft.
Exchange.
MailboxReplicationService.
WcfClientWithFaultHandling`2.<>c__DisplayClass1 .b__0() at Microsoft.
Exchange.
Net.
WcfClientBase`1.
CallService(Action serviceCall, String context) at Microsoft.
Exchange.
Migration.
MigrationExchangeProxyRpcClient.
CanConnectToMrsProxy(Fqdn serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error) — End of inner exception stack trace — at Microsoft.
Exchange.
Migration.
DataAccessLayer.
ExchangeRemoteMoveEndpoint.
VerifyConnectivity() at Microsoft.
Exchange.
Management.
Migration.
TestMigrationServerAvailability.
InternalProcessEndpo int(Boolean fromAutoDiscover) IsValid            : True Identity           : ObjectState        : New Now we can see the 501 error that exrca was returning.
It would seem that the 501 is coming from the Kemp and not from the endpoint servers, which is why I could not located it in IIS or EWS logs and so in the Kemp System Message File (logging options > system log files) I found the 501 error: kernel: L7: badrequest-client_read [157.56.251.92:61541->192.168.1.2:443] (-501): Management > untick Disable PING from the internet.
Also to allow a tunnel to traverse a NATed router, you need to allow Protocol 41 to pass the firewall.
On a Draytek router this involves creating a new rule in the Default Call Filter rule set and the same under the Default Data Filter set.
The settings are Direction: WAN –> LAN/RT/VPN; Source IP: Any; Destination IP: Any; Service Type: Protocol: 41; Filter: Pass Immediately.
Getting a Hurricane Electric Tunnel.
Visit http://tunnelbroker.net and create an account and request a tunnel.
Once you have requested a tunnel you will get the following information on the IPv6 Tunnel tab (of which only the important information is shown, and where I have changed the values to be generic): IPv6 Tunnel Endpoints Server IPv4 Address: a.b.c.d (the endpoint of the tunnel at Hurricane Electric).
Server IPv6 Address: 2001:xxxx:wwww:65b::1/64 (this has wwww shown in bold and is the Hurricane Electric end of the tunnel they have created for you, and it will end in a 1.).
Client IPv4 Address: w.x.y.z (this is your external IP address of your internet connection).
Client IPv6 Address: 2001:xxxx:wwww:65b::2/64 (this has wwww shown in bold and is your end of the tunnel they have created for you, and it will end in a 2.).
Routed IPv6 Prefixes Routed /64: 2001:xxxx:yyyy:65b::/64 (this has yyyy in bold and yyyy is one number higher than wwww in the IPv6 tunnel endpoints above).
On the Example Configurations tab you will get the choice of operating system to use, and you need to select Windows Vista/2008/7 from the dropdown list.
This will present you with some netsh commands as shown (where the values will be your specific values rather than the generic values I show here): netsh interface teredo set state disabled netsh interface ipv6 add v6v4tunnel IP6Tunnel w.x.y.z a.b.c.d netsh interface ipv6 add address IP6Tunnel 2001:xxxx:wwww:65b::2 netsh interface ipv6 add route ::/0 IP6Tunnel 2001:xxxx:wwww:65b::1 If you are behind a NATed router then you need to change the w.x.y.z value which will show your public IP address for the private IP address of the Windows Server you are going to run this set of commands on.
Run these commands from an elevated command prompt.
Once complete you should be able to reach the IPv6 internet from that machine.
Try ping www.facebook.com and you should get back the IPv6 address for Facebook (showing your DNS server is IPv6 aware – Windows DNS will return AAAA, the IPv6 version of the A record, responses if your client has a valid global IPv6 address).
Another destination you can attempt to ping is ipv6.google.com.

You now have working IPv6 from a single server on your LAN

Configuring The Windows Router.
The next step is to enable this single server as a router.
This will allow the forwarding of packets between the LAN and the IPv6 Tunnel that exists on this server.
NOTE: This series of steps does not use RRAS, and therefore there is no firewall on this router.
Therefore these steps should be for lab environments only, as you need to ensure that Windows Firewall on all your endpoints is secure (remote admin [DCOM], RPC Endpoing and 445 have default rules for open to anyone) – these will need securing to a suitably valid range, or implment IPSec on the servers so connections cannot be made from non domain members.
A good IPv6 port scanner is available at ipv6.chappell-family.com Continuing in your elevated command prompt on the tunnel Windows machine enter the following command: netsh interface ipv6 set route ::/0 IP6Tunnel publish=yes This adds a route for the entire IPv6 address space to go via this machine, and publishes it so that it can be see by other machines on the LAN.
The publish=yes command is the only bit of this that is different from the commands provided by Hurricane Electric.
The next command to enter is: netsh interface ipv6 add address interface=”Local Area Connection” address=2001:xxxx:yyyy:65b::1 This command adds an IP address from the Routed /64 range to the network card on the machine (called “Local Area Connection” here.
If your network card has a different name then change the name, and use the correct address that you want to use rather than the generic one I show here).
I have chosen to end my routers IPv6 address with ::1.
This means that the full address in my example is 2001:xxxx:yyyy:065b:0000:0000:0000:0001 and therefore I could choose anything for the 0000:0000:0000:0001 bit, remembering that one long list of zero’s can be collapsed to :: and leading zero’s can be removed.
Continue with: netsh interface ipv6 set interface “Local Area Connection” forwarding=enabled advertise=enabled routerdiscovery=enabled advertisedefaultroute=enabled privacy=disabled The command (which is long and probably wrapped on your web browser) enables forwarding on the Local Area Connection interface (forwards packets arriving on this interface to others, i.e.
makes this box a router) and it will also advertise it’s routes and that it is a router.
Router advertisement (both advertise=enabled routerdiscovery=enabled) allow clients on your network to find the router and generate their own IPv6 address.

In this example this will therefore turn on IPv6 for your entire LAN

If you wish to do this test on just a few servers then add a valid IPv6 address using DHCPv6 with reservations or add the addresses manually on the machines you want to test IPv6 from (valid addresses are 2001:xxxx:yyyy:065b:z:z:z:z, where z:z:z:z is up to four blocks of four hex digits each).
Privacy (see later) is disabled for this NIC as well.
NOTE: For any website that is IPv6 enabled, any computer that gets an IPv6 address will now use the tunnel to get to the internet.
If the tunnel is down or slow then internet connectivity on all your machines will suffer.
Your tunnel will be slower than your WAN speed and latency is likely to be higher.
Consider carefully the advertise and routerdiscovery settings.
You can always change them to disabled later if you wish (and reset your client network card to pick up the changes with netsh int ipv6 reset).

I managed two days with IPv6 for every client before I changed back to IPv4

There are steps on line to change the prefix policy (netsh int ipv6 show prefix) to put IPv4 above IPv6 as an alternative to turning advertising and router discovery off.
The next command to enter is: netsh interface ipv6 set route 2001:xxxx:yyyy:65b::/64 “Local Area Connection” publish=yes This command publishes the route to your LAN so that the IP6Tunnel network that you created earlier can route packets to the correct interface.
This is the opposite command the the first publish command you ran previously, as that one published the outbound route, this publishes the inbound route.
Finally you need to run this last command: netsh int ipv6 set interface “IP6Tunnel” forwarding=enabled This allows packets arriving on the IP6Tunnel from the internet to be forwarded to other networks on the machine.
Again, this is the opposite of the earlier forwarding=enabled command and allows forwarding of packets arriving on the IP6Tunnel adapter to be forwarded into the LAN.
Connecting to the IPv6 Internet.
Finally you are ready to go.
If you open a command prompt on a Windows Vista or later client on the LAN and run ipconfig you should see an IPv6 address (and maybe a temporary IPv6 address) as well as a default gateway listing your newly configured router (reached via the Link Local address rather than the global IP address of the router if routerdiscovery is enabled on the router).
The IPv6 address you have is calculated from your Routed /64 subnet (the network portion of the address) and your MAC address.
This local portion will therefore always be the same for you.
This means that you are therefore trackable on the internet, as your local portion does not change.
Therefore Windows 7 generates a temporary address which changes every 7 days (netsh int ipv6 show addresses and the Pref.
Life column for Preferred Lifetime).
After seven days the temporary address is recreated.
Open your web browser and visit http://test-ipv6.com/ to see if you have IPv6 connectivity.
You should now be able to ping www.facebook.com or ping ipv6.google.com and get a response back from the IPv6 internet.
Note that if you reboot your router or your client they will take a short while to pick up a valid IPv6 configuration from the Router Advertisements (RADV) that are running on the router (advertising the Routed /64 range you have – no requirement for DHCPv6 in this example).

Having the IPv6 Internet Connect To You (i.e

Publishing IPv6 Services).
On any machine with a valid global IPv6 address you should be able to enable the File and Printer Sharing (Echo Request – ICMPv6-In) rule in Windows Firewall and then visit http://centralops.net/co/Ping.aspx (or another IPv6 online ping test tool) and be able to ping your server or client.
Disable the ping firewall rule if needed and enable or create a firewall rule to allow a port of your choice to be published over IPv6.
Configure the server to support listening on IPv6 if needed and then attempt to browse that service from another IPv6 enabled client.
Got this far – have a go at the IPv6 certification at Hurricane Electric iis Running Offline Web Applications from IIS Server.
By.
February 20, 2012.

2 Comments on Running Offline Web Applications from IIS Server

A feature of HTML 5 based applications is the ability to ensure that applications can still run even if internet connectivity is not present.
How to do this is covered on the W3.org website.
A requirement of offline access is the creation of the offline cache manifest file.
This manifest file is listed in the HTML tag on the page as such: html manifest =”offline.appcache” And a page is saved to the web server with the same name (offline.appcache in this example).
This .appcache file follows the conventions described in the above W3.org web page, but this page needs to be served from the web server with a specific MIME type (text/cache-manifest).
If the web server is IIS 5.0 or later then it will only serve content that has been listed as a valid MIME type in Windows.
If you used a shared hosted webserver then making that change is probably impossible – so from IIS 7.0 or later you can add your own MIME type in the admin UI or modify the web.config file in the root of your web server to add this MIME type.
This is just a text file that you upload and so requires no access to the IIS admin application (again, typically something you do not get with  shared hosted web server).
Note: In the example given below, the web.config file changes two properties.
If you have an existing web.config file then merge these changes into your file and do not replace your file.
The web.config file needs to be as follows: xml version =”1.0″ encoding =”UTF-8″ ?configuration system.webServer staticContent mimeMap fileExtension =”.appcache” mimeType =”text/cache-manifest” /> staticContent system.webServer location path =”offline.appcache” system.webServer staticContent clientCache cacheControlMode =”DisableCache” /> staticContent system.webServer location configuration The two changes set in this web.config file are, firstly, mimeMap in the staticContent section of system.webServer.
This adds the .appcache extension as text/cache-manifest.
The second change is clientCache in staticContent section of system.webServer (but this time in a location section, limiting the effect of the setting to the named file – offline.appcache).
This change stops the web server or client from caching the page, ensuring that the web server always serves the latest copy of the page.
Upload web.config and your appcache manifest file, along with any page that needs to be viewed offline (or indeed any page that you want to speed up loading for, by causing the pages to be cached on the client) and check that when you browse to the .appcache file directly in a HTML 5 aware browser it is visible.
If you get a 404 error on this page then you have not set the MIME type or uploaded the correct web.config file.
certificates hosting iis SSL GoDaddy SSL Certificate Approval with TXT Records.
By.
December 21, 2010.
12 Comments on GoDaddy SSL Certificate Approval with TXT Records.
I had a bit of an issue with Go Daddy yesterday in that they took 5 days to approve a Subject Alternative Name change to a certificate, and as the usual route of adding a file to a website was unavailable to me I decided to prove ownership of the domain by the addition of a new TXT record to the domain.
Go Daddy’s instructions for doing this are only suitable for domains hosted at Go Daddy and there are no clear instructions for doing this if you do not use Go Daddy for your DNS hosting.
So how do you create an SSL approval with TXT record.
You do it by creating a TXT record for a subzone.
The subzone is DZC and the value of the record is the seven character string that Go Daddy sent you via email.
For example dzc.domain.co.uk TXT AbCdEfG.
Once DNS has replicated to ALL of your DNS servers you can return to Go Daddy’s web form and approve your SSL certificate.
You can check if all your DNS servers have your new data by using NSLookup or Dig, but preferred is the use of either of these two tools from an independent third party on the internet – for example www.kloth.net/services/nslookup.php or www.dnssy.com/lookup.php.
2008 iis remote web workplace rww sbs 2008 terminal server ts gateway windows SBS 2008 SharePoint Install Breaks Default SBS Web Site.
By.
March 21, 2009.
No Comments on SBS 2008 SharePoint Install Breaks Default SBS Web Site.
A recent installation of a second SharePoint site on Small Business Server 2008 broke the Remote Web Workplace site for access from the internet.
Intranet access to the site worked fine, but from the internet where the http request to the site is redirected to https had stopped working.
Opening up IIS 7 Manager and checking the bindings of the SBS Web Applications site showed that the site had two http bindings and a https binding.
The https binding was for * under IP Addresses and port 443.
Clicking the Edit button on this binding showed that the certificate was not correct.
This was the reason the site was not working, as a https site requires a certificate.
So I selected the correct certificate and clicked OK.
And got the following error: A specified logon session does not exist.
It may already have been terminated.
(Exception from HRESULT: 0x80070520) The reason is that the installation of the SharePoint site, and the installation of the certificate to support that site broke the binding for the TS Gateway role on the Windows 2008 machine.
The broken binding on the SBS Web Applications site was because of this broken TS Gateway configuration and to fix the above error in IIS required fixing the TS Gateway issue.
Note that at no point in the configuration of the SharePoint application was the TS Gatway role configuration changed – the installation of another certificate on the server broke the TS Gatway which broke the Remote Web Workplace SBS Web Applications site.
Opening Server Manager and navigating to the Roles/Terminal Services/TS Gateway/Servername area showed a message in the middle pane of the Server Manager saying that configuration of the TS Gateway was not complete.
Clicking this link brought up the TS Gateway SSL Certificate page of the Properties dialog.
Click Browse Certificates and select the correct certificate.
In SBS 2008 this will be the Remote Web Workplace certificate.
Click OK to close the dialog and you will now be able to check the https binding on the SBS Web Applications website.
The error will now not occur, and the https binding will be bound to the correct certificate.
If you are not running SBS 2008 then the above is possible, just it is more likely to be a problem with the Default Web Site bindinging instead.
Additionally, I noticed after I had written the above that this error also occurs if you delete the certificate used by the TS Gateway from the IIS box and as well as breaking TS Gateway (which would be expected) it also breaks the “Add a trusted certificate” wizard in the SBS Server Console.
The Add a trusted certificate wizard crashes when started with just a failed application message and nothing in the event log.
To fix make sure the SBS Web Application IIS site is bound to a valid digital certificate.
2008 64 bit access iis oledb proxy sql express windows x64 Windows 2008, IIS 7.0, 64 bit Server, Terminal Services Web Application and Access Databases.
By.
November 25, 2008.
No Comments on Windows 2008, IIS 7.0, 64 bit Server, Terminal Services Web Application and Access Databases.
This is a long list of pre-requisites, but for your information they do not work together.
If you have a web site that uses Access as its data storage and you migrate that site to an x64 Windows machine then access to the Access MDB file ceases with the following error: “‘Microsoft.
Jet.
OLEDB.4.0’ provider is not registered on the local machine”.
On IIS 6.0 you need to set the entire web server to 32 bit mode, but on Windows 2008/IIS 7.0 you can set each application pool to 32 or 64 bit.
This is a property found under Advanced Settings for the application pool.
To gain access to Access MDB files the application pool needs to run in 32 bit mode.
If you have TSWeb installed, then you also have installed the RPC/HTTP proxy component.
If you have the RPC/HTTP proxy component installed any 32 bit application pool will fail upon starting – Error 5139 for Microsoft-Windows-WAS.
So to use Access databases in a legacy web application migrated to Windows 2008, 64 bit, with TSWeb also installed either uninstall TSWeb (and RPC/HTTP proxy), or use a different server, or rewrite the web application to use SQL Express.
Supposedly this will be fixed in the first service pack for Windows 2008.
There – it only took 6 hours to work that one out.
2008 iis rras sbs 2008 sstp vpn windows SSTP (SSL VPN) on SBS 2008 RC0.
By.
June 23, 2008.
No Comments on SSTP (SSL VPN) on SBS 2008 RC0.
Updated 31st March 2008: Please see http://c7solutions.com/blog/2009/03/configuring-sstp-vpn-on-small-business_31.aspx as this new article replaces the below, as the below refers to a pre-release version of SBS 2008.
The working instructions for configuring SSTP on SBS 2008 is much more complicated than the steps below.
SSL based VPN’s are great.
In short it is VPN without firewall or NAT issues (both of which you get with PPTP and IPSec VPN’s).
But the current release of SBS 2008 (RC0) does not enable SSTP VPN’s by default.
It uses RRAS, so SSTP is possible, but it is not as easy as it first looks.
Ensure that you have run the connecting to the internet wizard, and that you are using a third party certificate (as there are less steps if you do this).
Enable remote access from the SBS Console > Network > Connectivity page.
Add some SSTP ports to the VPN in the Routing And Remote Access management program.
Right-click Ports and choose Properties and enable SSTP for remote access inbound connections.
Leave PPTP enabled as Windows XP does not support SSTP VPN tunnels (only Vista SP1 does at this time).
View the properties of your certificate and note down the Thumbprint value.
Ensure that this certificate is associated with 0.0.0.0:443 and [::]:443: certificate bindings on the server.
Type “netsh http show ssl” from elevated command prompt to get this information.
You typically get four entries with IP:port being the first line of each.
Check for IP:port reading “0.0.0.0:443” and [::]:443 as this shows the IPv4 and IPv6 mappings for SSL certificates on the server.
Ignore the :8172 and :987 entries (these are for IIS Management Service and companyweb).
For both “0.0.0.0:443” and [::]:443 make a note of the Certificate Hash.
It needs to be the same for both and the same as the earlier Thumbprint value (ignore any spaces).
If not see http://blogs.technet.com/rrasblog/archive/2007/11/08/configuring-iis-on-the-sstp-server-implications-and-how-to-resolve.aspx for instructions on resetting this, noting that you need to ensure that the correct certificate is bound to the SBS Web Applications website on the SBS 2008 server (in IIS manager).
Install the “Certificate Authority Web Enrollment” role service to Active Directory Certificate Services snapin within Server Manager.
This adds a virtual directory to the default website in IIS called CertEnroll which contains the certificate revocation list for the certificate you are using.
Only do this if you are using the built in default issued certificate.
If you are using certificates from a third party then you need to ensure you can reach their CRL publishing site without issue – see the certificate details for information on the CRL publishing site location.
Expand the Certificate Authority on your server and right-click Revocated Certificates.
Under tasks choose Publish.
This updates the CRL with the new publishing location that SSTP needs to connected to.
Again, use a third party certificate to make this easy!.
On a Vista SP1 client create a new VPN connection and in properties > networking ensure that the Type of VPN is set to SSTP (for normal use set this to Auto, and it will find the best (starting with PPTP), but for testing set it specifically to SSTP).
Also ensure that the name of the server you are connecting to is the same name that the certificate uses for the certificate common name.
Connect the VPN and all should work.
iis Windows SharePoint Services 3.0 Search Not Indexing.
By.
April 2, 2008.
No Comments on Windows SharePoint Services 3.0 Search Not Indexing.
If you get the following error on a WSS 3.0 site: Access is denied.
Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content.
(0x80041205) Then check that you are not being blocked from searching due to Kerberos restrictions.
The search service indexes the content of the site using the default URL for the WSS site, so if this is sts3://servername:port then all should be well, but if this is a FQDN style URL (such as sts3://www.sharepoint.site:port) then you need to either delete the site and recreate with NTLM security or add a SPN to the server.
To add an SPN use setspn from the Windows Server Support Tools.
The command is: setspn -a HOST/www.sharepoint.site SERVERNAME Where SERVERNAME is the server running WSS and www.sharepoint.site is the default URL of the site.
See alternative access mappings in Central Admin for the default URL.
certificates iis ISA Server 2004 ISA Server 2006 SSL Windows Server 2003 Error Code: 500 Internal Server Error.
The network logon failed.
(1790).
By.
October 3, 2007.
1 Comment on Error Code: 500 Internal Server Error.
The network logon failed.
(1790).
This is an error visible in the web browser when connecting to a HTTPS web site behind an ISA Server.
The problem is that the firewall access rule for this web site in ISA Server is forwarding the requests to an internal server on a port that it is not listening on.
For example you connect to https://server.example.com and the ISA Server forwards this request to http://internalsrv.
On the Bridging tab check that the mentioned port(s) are actually working on the internal server.
For example if you are listening in ISA Server on 443 for a SSL connection and the SSL/HTTPS port is ticked make sure that the port is 443, and that the web server internally is listening on 443.
If its another number make sure that it is meant to be the other number and not really 443 or not ticked at all.
Ditto for the HTTP port, which is 80 by default.
2007 certificates iis pkcs powershell web Creating Subject Alternative Name Certificates with Microsoft Certificate Server.
By.
March 13, 2007.
No Comments on Creating Subject Alternative Name Certificates with Microsoft Certificate Server.
A new feature in digital certificates is the Subject Alternative Name property.
This allows you to have a certificate for more than one URI (i.e.
www.c7solutions.com and www.c7solutions.co.uk) in the same certificate.
It also means that in web servers such as IIS you can bind this certificate to the site and use up only one IP address.
A number of commercial companies now sell certificates with the Subject Alternative Name field set, but this article describes how to use the Exchange Server 2007 command line to create certificate requests for other web sites that can be uploaded to Microsoft Certificate Server (which does not support this property in its own web pages) to create certificates for web servers such as IIS (which also do not support this property in the requests that they make).
The command that you need to run is via PowerShell, and specifically via the Microsoft Exchange Server 2007 extensions to PowerShell.
So start up the Microsoft Management Shell and enter the following (replacing your domain names as indicated: New-ExchangeCertificate -GenerateRequest:$true -Path c:\newCert.req -DomainName www.domain.com,sales.domain.com,support.domain.com -PrivateKeyExportable:$true -FriendlyName “My New Certificate” -IncludeAcceptedDomains:$false -Force:$true The DomainName property is set to each URL that you want the certificate to be valid for, with the first value in the string being the value for the Subject field and all the values each being used in the Subject Alternative Name field.
Once you have executed the command above you will have a file with the name set in the Path property.
This file can be opened in Notepad and used in Microsoft Certificate Services: Browse to your Microsoft Certificate Services URL and click Request a certificate.
Click advanced certificate request.
Click submit a certificate….
Copy and paste the entire text of the certificate request from notepad into the Saved Request field on this page and select Web Server as the Certificate Template.
Click Submit.
With a default installation the Web Server template value will not be present and that needs to be enabled by your Certificate Services administrator for your user account.
With the default installation of Certificate Services, the certificate will now be ready to download.
Click Download certificate (or Download Certificate Chain if the end server does not trust your issuer) to save your certificate to the computer.
Install the certificate on to the same computer that you issued the request from (this is a very important step), and then you can export the certificate and import it on your web server or firewalls.
To install the certificate, run the Import-ExchangeCertificate powershell command on the same computer as the request was issued from (this is a very important, it must be on the same computer).
This is a simpler command to run that the creation of the request above.
The syntax of this command is (where the filename is the name of the file downloaded above): Import-ExchangeCertificate c:\newCert.cer To export the certificate to your web server or firewall you need to open the local computer certificate store in the Microsoft Management Console – run mmc, add a snap-in and choose Certificates, Computer account.
You will find your certificates under the Personal store.
You can right-click these certificates and export them (with the private key) to a .pfx file.
This file can then be imported using the MMC tool on the web server or firewall ready for importing using an mmc with the certificates/computer account snap-in load into it.
iis Improving the Performance of IIS 6.0 Applications.
By.
July 5, 2005.

3 Comments on Improving the Performance of IIS 6.0 Applications

Whilst working at a client doing some performance testing of an intranet, web-based, application we came across a little documented way to improve the network performance of the application if the web server is running IIS 6.0 on the Windows Server 2003 platform.
When the IIS 6.0 web server uses Windows Integrated authentication to log users onto a web application it goes through the following process, which is different to how it behaved on IIS 4.0, IIS 5.0 and IIS 5.1 (the versions that run on Windows NT 4.0, Windows 2000 and Windows XP): Client connects to the web server with an anonymous connection for the first object required.
The web server rejects the connection with a 401 status message, which means that authentication is required.
The client sends the request for the page to the server again, along with the current authentication information.
The format of this authentication will differ based on whether NTLM or Kerberos is being used.
Server responds with a 200 status indicating success and the object is transferred from the server to the client.
So far nothing has changed in IIS 6.0 compared to the earlier versions of the software, but now the client makes the request for the second object (maybe a graphic within the page, or a second page on the same server).
This second request, even if it is across the same HTTP session as the first, will be seen by the server as an anonymous request and it will be rejected with a 401 status message.
In earlier versions of IIS this second (and subsequent requests on the same HTTP connection) were treated as being authenticated because the first object request was successfully authenticated.
This can be seen using the following information from an IIS 6.0 log file that was generated by a web browser making a GET request for four pages called auth1.htm through to auth4.htm.
cs-uri-stem cs-username sc-status sc-bytes cs-bytes /auth1.htm – 401 1872 516 /auth1.htm DOMAIN\user 200 509 2307 /auth2.htm – 401 1872 557 /auth2.htm DOMAIN\user 200 510 2348 /auth3.htm – 401 1872 557 /auth3.htm DOMAIN\user 200 510 2348 /auth4.htm – 401 1872 557 /auth4.htm DOMAIN\user 200 510 2348 The client makes a request for the page auth1.htm.
This page is only available to a user via Windows Integrated authentication and so the request is seen as rejected with a 401 status.
The second line shows the successful request for the same page and the fact that a Windows domain account was used to authenticate the request.
From that point on, each request can be seen first as an authentication failure and then a success.
This means additional round trips to the web server, and longer page load times – especially to web servers that are across low latency WAN connections.
For example, the above log data shows that the total bytes sent and received by the web server (the sum of the sc-bytes and the cs-bytes columns) is 21065 bytes.
We will compare this value to one where the IIS 6.0 server has had performance changes made to it later in this article.
IIS 4.0, IIS 5.0 and IIS 5.1 worked by allowing all subsequent requests for objects over a single HTTP session that had already been authenticated to use the authentication information of the first successful request.
With the increase in security that is part of IIS 6.0 this potential security hole has been closed – it might be possible to take over another session and become authenticated with the credentials of that previous session.
This security improvement though, as with many security changes, decreases performance by an increases the number of round trips to the server and the bytes transferred on the network.
If the risk is considered unlikely within your environment and users connect to the web server from remote locations then you can set the IIS metabase setting AuthPersistSingleRequest to false.
This means that the IIS 6.0 web server acts in terms of authentication persistence like an IIS 5.0 web server.
The two metabase keys that need to be set are: NTAuthenticationProviders.
AuthPersistSingleRequest.
NTAuthenticationProviders can be set at the web service or web site level and AuthPersistSingleRequest can be set at the web service, web site, virtual or real directory or at the file level.
To set these two metabase values open a command prompt, change to the \inetpub\adminscripts folder and run each of the following commands: cscript adsutil.vbs SET w3svc/1/NTAuthenticationProviders “NTLM”.
cscript adsutil.vbs SET w3svc/1/AuthPersistSingleRequest FALSE.
The “1” in both the above commands will cause the property to be set on the Default Web Site.
Change “1” to affect another web site or remove “1/” from the command to affect the entire server.
Once the two commands have been executed enter the following to ensure that they have run correctly: cscript adsutil.vbs GET w3svc/1/NTAuthenticationProviders.
cscript adsutil.vbs GET w3svc/1/AuthPersistSingleRequest.
Finally run IISRESET from the command line to restart the web server.
The following data from an IIS 6.0 log file shows the same sequence of GET requests as described above after the NTAuthenticationProviders value has been set to NTLM and the AuthPersistSingleRequest value set to false.
cs-uri-stem cs-username sc-status sc-bytes cs-bytes /auth1.htm – 401 2043 622 /auth1.htm DOMAIN\user 200 259 774 /auth2.htm DOMAIN\user 200 260 557 /auth3.htm DOMAIN\user 200 260 557 /auth4.htm DOMAIN\user 200 260 557 This data can be compared to that above quite easily.
First you can see that the number of round trips is just over half the number on an IIS 6.0 server in its default configuration, as only the first request fails with a 401 status message – the subsequent requests now use the authentication of the first request within the session rather than per request authentication.
Secondly the total number of bytes required within the HTTP session to download these four objects is 6149 bytes.
This is 29% of the bytes transferred under the default IIS 6.0 configuration.
Therefore, if you run web applications that use NTLM authentication and have high latency networks then you can generate significant improvements in page load time at the browser, and at the client I am working at we reduced page load times from their India offices to the USA servers from 18 seconds to less than 10 seconds.
Links NTAuthenticationProviders.
AuthPersistSingleRequest.
2003 2008 2008 R2 iis SQL Enabling ASP.

NET Session State without Installing IIS

By.
May 23, 2005.
1 Comment on Enabling ASP.
NET Session State without Installing IIS.
At a client site, I needed to enable within a web cluster the ASP.
NET session state service (ASP.
NET State Service) and initially this was going to go on one server within the web cluster.
The only problem though, as this configuration is easy, was what happens if the one server in the cluster that this is running on is the server that fails.
The solution we decided was to place the service on the SQL Server back-end database.
Though this is not clustered (as it is not mission critical), if the database is unavailable then so is the application so why not run the ASP.
NET State Service on that machine.
So we changed the web.config file to read: db_server:42424″/> We went to the SQL Server (which was running Windows Server 2003 and so had the.
NET Framework installed), but found that the service did not exist as ASP.
NET was not installed.
So we ran the following, which claims to require IIS to be installed, but successfully enabled the ASP.
NET State Service: aspnet_regiis -i (this is in WINDOWS\Microsoft.
NET\Framework\version folder Set “HKEY_LOCAL_MACHINE\SYSTEM \ CurrentControlSet \ Services \ aspnet_state \ Parameters \ AllowRemoteConnection” to 1 on the server in the above step, set the service to Automatic and started it running.
And it all worked fine.
Select Category 2003 2004 2007 2008 2008 R2 2010 2012 2012 R2 2013 2016 2019 2FA 64 bit AADConnect aadrm AADSync access acdc active directory activesync add-in ADDS ADFS ADFS 2.0 ADFS 3.0 ADFS Connector AdminSDHolder adsiedit Advanced Threat Protection agent AIP android antivirus anycast app password Application Guard archive asterisk asterisknow ATP Authentication autodiscover autodiscover v2 az Azure Azure Active Directory Azure AD Azure Information Protection AzureAD backup baseline bing bios booking bpos branding cafe calendar certificates Chrome citrix Click To Run Click2Run cloud Cloud PBX Clutter cmak compliance conditional access conversation crm cross-forest cyber bullying dell Deployment device device registration dirsync dkim DLP dmarc DNS domain door download draytek DSC duplicate dynamic delivery Dynamics EAS ebs 2008 Edge EM+S email encryption Endpoint Manager enterprise mobility + security Entourage EOP    Exchange Online Protection error EWS exchange exchange online Exchange Server EXO ExpressRoute federation FIDO firewall Focused Inbox FOPE Free/Busy GeoDNS Global Catalog GPO Group Policy groups hosting hotfix https hybrid hyper-v IAmMEC IFilter iis illustration install Intune iOS ip iPad iPhone ipsec ipv4 ipv6 iQ.
Suite IRM isa ISA Server 2004 ISA Server 2006 JetNexus journal journaling Kemp kerberos lab licence Live Event load balancer Load Master loadbalancer logo Lync Server mailbox malware management mcafee mcas mcm mcsm mdatp MDM media player MFA microsoft Microsoft 365 Microsoft Cloud App Security Microsoft Defender Advanced Threat Protection Microsoft Teams migration Mobile Device Management mobile phones modern authentication monthly channel move msExchDelegateListBL msExchDelegateListLink MSOL multi-factor auth Multi-Factor Authentication MVP MX ndr Netscaler networking NTL OAuth OD4B ODFB off offensive Office Office 365 Office 365 Advanced Threat Protection Office 365 Groups Office 365 ProPlus oledb OneDrive OneDrive For Business openmanage orange organization relationships osma Outlook owa OWA for Devices password paxton pbx permissions PFDAVAdmin phish phishing phone factor pkcs pki places policy powershell pptp preview Proof Of Concept proxy pst PSTN PSTN Conferencing Public Folders recovery remote desktop remote web workplace retention retention policies rms room router rras rtp rules rww Safe Attachments Safe Documents Safe Links Salesforce sbs 2008 SCOM sdk search security Security and Compliance Center self-service password reset semi-annual channel send-on-behalf server administrator server core shared mailbox sharepoint sip Skype For Business Online Skype for Business Server smarthost smartphone sms smtp spam spf spoof spv SQL sql express SSL SSO sspr sstp starttls storage card Stream supervision sync error sysprep Teams TechEd terminal server Terminal Services text message Threat Management TLS tmg token2 transport transport agent ts gateway Uncategorized unif unified messaging update upgrade vc++ vhd virtual pc virtual server virtualisation vista visual studio vm VNet Voicemai voicemail.

2014 2 Comments I was turned into a toy

Toy Man.
August 13, 2014 2 Comments I was turned into a toy.
I always knew it would end like this.
Me Toy by CoKreeate.

Pee-wee Shrinky DinkKrull Board Game 2 thoughts on “Toy Man”

Steve August 13, 2014 at 6:56 pm I always pictured you as taller….
Reply August 14, 2014 at 12:14 pm Everything looks smaller when you take a photo of it.
That’s what I tell myself anyway.
Reply.
Leave a Reply Cancel reply.

Required fields are marked Name Email

Send to Email Address Your Name Your Email Address

Download QR-Code ‎Hyperstrike Go

Hyperstrike Go!.
Posted on August 23, 2017 by • 0 Comments.
Gameplay -.
Replay Value -.
Originality -.
9/10 ( votes).
Great Graphics.
PvP mode.
Challenging.

Largely Unoriginal Gameplay (Tower Defense)

Can Grow Repetitive.
App Description.
Hyperstrike Go.
– For those about to fight, we recruit you.
Let the games begin.
From the zany multiverse comes the first real-time, sci-fi, PvP combat card game.
The gaming overlords known as the Spheroids have abducted races from around the universe to compete in cosmic arenas for their gaming pleasure.

You are in command of a diverse team to play in the madcap Hyperstrike Games

Engage your team in fantastic, fast paced combat for interstellar fun and fame.
Collect.

Upgrade and play dozens of cards featuring alien Monstrodons

robotic Metaloids and human Terranauts with all sorts of powers and abilities.
Obliterate your opponent’s towers to win medals, pennants and prestige in outlandish arenas around the galaxy.
Lay ’em, Play ’em and Slay ’em.
BE ADVISED, HUMAN.
Hyperstrike GO.
is a free game to download and play.
However, some game items can also be purchased for real earth money.

If you don’t care to participate in this aspect of Hyperstrike GO!

please disable in-app purchases in your device’s settings.
A network connection is also required.
Especially from earth.
FEATURES:.
Race to grab Hyperstrike power ups to gain momentary combat advantages and sometimes surprising results.
Compete against players from around the galaxy in real-time PvP and rip hard earned Medals from their grasp by crushing their towers.
Thrill to the real time 3D characters, FX and locations.

Earn Cosmo Crates to unlock fabulous rewards

collect powerful new unit cards and level up ones you own.
Obliterate your opponent’s towers to unlock rich Victory Crates from the depths of outer space.
Earn rewards, powers and prestige as you level up your team and collection.
An abundance of unique and fascinating cards to collect, upgrade and play.
Construct your ultimate battle deck to defeat your opponents.
Compete in and earn each arena on your way to the top.
Battle in alien, robot and human arenas for galactic glory.
Trailer Video.
Download Hyperstrike Go!.
Download QR-Code ‎Hyperstrike Go.
BOXI Interactive Corporation.
Filed Under: , Kitchen Panic The Secret of Castel Lupo Send to Email Address Your Name Your Email Address.

The Are You Good Enough To Exist Test is the Rules

Rules.
Rules.
The Rules.
by on Feb.04, 2008, under #36 No whistling in public.
I never thought this would be a contraversial rule, until I proposed it to some apparently idiotic people, who protested.
No, absolutely not.
It’s the height of rudeness.
If I’m standing in line in a shop, the last thing I want to hear is the moronic brainwrong musings of some halfwit, emitting in the form of tuneless, aimless, high-pitched whistling.
If you’ve got perfect pitch, and can generate a beautiful, melodic, and most of all, purposeful tune, then please, contain yourself and wait for an appropriate moment.
If you’re not capable of this, which you’re not, never leave your house again.
#37 Television and radio continuity announcers are not a part of the programmes they talk between, and thus are not allowed to add their contribution .
You aren’t funny, you aren’t in their gang, and it’s not only embarrassing for you, but spoils the moment of the show we were just watching.
Shut it.
(There’s an exception, of course, which is when the announcer is scripted by the show’s writers.

Never better evidenced than by the otherwise dreadful Sofa Of Time on Radio 4

where the announcer dead-panned before it began, “Listeners are advised that the following programme contains an angry giant.”) The Rules So Far 4 Comments more.
New Rules.
by on Apr.25, 2006, under #34 Anyone who uses “110%” (or any number over 100) to imply a degree of effort will be charged with a month’s community service and a £1100 fine.
#35 No talking to people when they’ve gone into a stall/cubicle in a public bathroom/toilet.
When I’m in a cubicle/stall, don’t talk to me about anything – especially if I don’t know you or we weren’t already having a discussion before I went in there.

(Suggested by Rulefinder General KM) 2 Comments more

Valentine’s Rule.
by on Feb.14, 2006, under #33 Valentine’s Day is now a day on which people in relationship s buy gifts for their single friends.
17 Comments more.
Girl Rules – Yuck.
by on Jan.09, 2006, under Imitation is the sincerest form of not being able to think of your own ideas.

Mrs Trellis demonstrates with some of her own Rules for life

Actually.

Lots of these Rules are really good

and I want to steal them.
Others however are about bras and defending driving slowly, which are best ignored.
1 Comment more.
Rules Update.
by on Jan.08, 2006, under More guides for living.
(Oh, and a note to everyone who keeps telling me I’m too miserable and grumpy.

Most of these Rules are now being suggested by other people

I’m just telling the people what the people want the people to know).
#26 You call people the name they tell you.
If someone is introduce d as ‘Nicholas’, then they’re ‘Nicholas’, and not ‘Nick’, until they tell you they can be.
And by the way, this goes for countries too.
What on earth is with this crazed renaming of nations into our own tongue.
Really, we’re still not at a point where we can show enough respect to call a country by the name the people who live in the country call it.
England: No no no, it’s sweet that you think you’re called ‘ Deutschland ’, but actually it’s ‘Germany’.
You know, as in ‘Germanic’.
Deutschland: Well, we’re doing fine with Deutschland.
England: Aw, how endearing.
Well, that’s nice and all, but it’s Germany.
#27 If you don’t have everything with you that you need in order to smoke, you don’t get to smoke.
Bring what you need for your ridiculous behaviour when you go out.
Really – you smoke, but you don’t have a means of setting the thing on fire.
Really.
#28 You leave a message on the second call.

Any third calls in a row will now cause instant disease

If you need to get hold of someone, such that it would warrant needing to phone them three times in one half hour, you leave a damn message on the second failed attempt.
What’s your plan.
Wear them down.
They’re not answering because they want to see if you really mean it.

OR MAYBE THEY’RE BUSY AND CAN’T ANSWER THE PHONE

#29 Don’t ask people, “Could you remind me to…” Just remember for yourself.
Someone doesn’t become accountable for your continued possession of margarine simply because you said to them, “Could you remind me to get margarine?” Here’s who having margarine is important to: you.
So stop passing the responsibility for running the minutiae of your life onto those around you, and just write it down on a piece of paper.
Yourself.
#30 Which means it’s actually ok to make the lame-ass joke as follows: Lazy person: Could you remind me to get more matches.

Innocent person: Remember to get more matches

Yes, it’s not funny at all.

But it’s punishment for breaking Rule #29

#31 While using a mobile phone, you are never to discuss the mobile phone you are using.
#32 You’re not allowed to use the word ‘actually’ any more.
You never, ever need it.
It’s a wasted word, a waste of everyone’s time.
Scientists have shown that the average person uses the word ‘actually’ over 70,000 times a year, wasting 45 hours which could otherwise be used to scream at people who say ‘actually’.
I expect.
As for ‘basically’… Are you using those toenails.
21 Comments more.
The Rules Made Test.
by on Jan.02, 2006, under The excellent OKCupid has a script that allows users to create their own The Spark-style tests.
The Are You Good Enough To Exist Test is the Rules, embellished slightly, and with marvellous illustrations.
I strongly recommend taking site creator Christian Rudder’s tests, especially the initiating Personality Test.
20 Comments more.
New Rules.
By on Nov.15, 2005.

Under The Rules Page #21 When two ‘o’s appear together in a word

no one under any circumstances is allowed to make them into eyes.
For the word ‘look’ it is punishable by death.
#22 Presents may not be presented as from either babies or pets, once the presentee is over the age of 10.
#23 If you live in the UK, the amber light means GET READY.
By the time it’s green, YOU GO.
As it turns green, you are pulling away.
And this is equally the case if you are seven cars back in the queue.
You do not begin pulling away once you see the car in front move – you watch the lights.
If you live in the US, or other countries without an amber before the light turns from red to green, you already manage this fine without the amber, so what the hell is going on UKites.
Aren’t you humiliated.
The rest of the world doesn’t even get the warning and they can manage it.
You’re pathetic.
Sort it out, for crying out loud.
Look at yourself.
It’s embarrassing.
#24 An ‘i’ may only be topped by a single dot.
Adding a circle, or god forbid a heart, does not make you interesting, or kooky, or brighten anyone’s day.
It makes you a moron who cannot manage the simplest of tasks without deliberately ruining everyone else’s lives.
#25 Txt spk is annoying enough in texts.
You can’t say it in 140 correctly spelt and grammared characters.
Phone me.
But outside of texts – utterly banned.
AN EMAIL HAS INFINITE ROOM.
You, under no circumstances need to abbreviate anything.
And here’s why: It’s harder for the person to whom you’re writing to read it.
We learn to read, and we recognise word shapes immediately.
Start encoding those shapes, and translation is required.
It goes from seeing the word “to” without pause, to seeing that there’s the number “2”, translating it phonetically to all its other potentials, working out which one it must be in the context of the sentence, and then re-understanding it as “to”.
IT’S ONE CHARACTER SHORTER.
Stop it.
You’re an idiot.
16 Comments more.
New Rules.
By on Nov.10, 2005.

Under The Rules Page #17 Any sentence that begins

“Am I the only person who thinks…” will always be followed by the most obvious, vacuous and mainstream thought possible.
#18 When walking down the pavement/sidewalk and someone is walking toward you in the opposite direction, the first person to move to one side has the priority.
Moving over to the same side after the first person has moved over gives the first person permission to hit you with a pole.
This situation is not funny in any sense, and nervous laughter in response is outlawed.
#19 If you think someone has forgotten that you’re meeting them, say, “I want to check that you remember that we’re meeting today,” and not, “Are we still on for later today?” or any other feeble attempt to make your accusation of your companion’s disorganisation look like a general enquiry.
#20 You do not need to qualify every comment you make with, “In my personal opinion…” If it’s an opinion you have, then yes, it will be yours, and indeed it will be personal, and indeed it will be an opinion.
Such awful tautology demonstrates that anything qualified with such an introduction can only be the most redundant and idiotic opinion available.
Although chances are it’s nothing of the sort, but something you read in the The Mirror and have unconsciously taken as your own belief.
9 Comments more.
The Rules.
By on Nov.07, 2005, .

Under It’s come to my attention that people aren’t obeying The Rules

It has further come to my attention that this might be because no one has bothered to write them down.
I plan to do this, probably over the course of my life.
When I die, exalted, these rules shall govern Earth, and a utopia will preside.
A message to anyone who considers any of the Rules to be “intolerant”: You are attempting to excuse your wanton inability to follow this entirely reasonable Rule by transfering the intense guilt and shame you feel onto the author responsible for highlighting your crime.
Also: You are being stupid.
Being intolerant of stupidity is the only hope the human race has left.
More rules will be added to the permalinked page here.
Alerts will be given.
Pay attention.
THE RULES #1 If you think of an excellent punning name for a shop or business, you must quit your job there and then, and begin that enterprise immediately.
#2 Never go to a party which has clip art on the invite.
#3 You no longer have to pay £7 to have a conversation with your friends at the cinema.
From now on you may have the same conversation with your friends in the park, for free.
#4 Look at toilets before you sit down, you idiot.
#5 If you are offered a cup of tea or coffee, that is the indication to that it’s not too much trouble.
From now on, if you put this proviso on your reply, you will be obliged to leave.
#6 If you have a t-shirt with writing across your breasts, that means you’ve said it’s ok for people to read your breasts.
#7 No umbrellas.
#8 You no longer have to thank cars for stopping at zebra crossings.
They’re required to stop.
You don’t thank them at traffic lights, so stop it at zebra crossings as well.
#9 Get your wallet/purse out before you put your shopping on the conveyor belt.
#10 You must be involved in the digging of one hole, at least one foot deep, every year.
#11 The right to walk in front of anyone you like at any time you like because you’re pushing a buggy/stroller has been entirely revoked.
You’re back to having to give a crap about anyone else again.
#12 Every time you hear someone use the word “debate” with some sort of explanation that it needs to be bigger than the norm, you absolutely must say, “mass debate” and snigger.
#13 Fake bingo calls are always funny.
“Seven and three, twenty-eight.” “All the fours, nine.” “On its own, eighty-two.” #14 Correcting grammar is to be met with a sense of reverence and awe.
#15 One type of cleaning spray for bathroom and kitchen.
#16 People who get blown up by bombs are not “brave”.
They are “unlucky”.
From now on, they are to only receive awards for “Misfortune”.
21 Comments more.
Rules.
All content on this blog, including Rum Doings, is licensed under the.
Design:.

Clash of Clans is an epic combat strategy game

Clash of Clans.
Posted on September 7, 2014 by • 0 Comments.
Graphics – 10/10.
Gameplay – 9/10.
Replay Value – 5/10.
8/10 ( votes) Sending Clash of Clans is an addictive game with excellent graphics, fun gameplay, and a broad player base.
You’re often left with the satisfaction of a battle won, and even if you lose a certain battle or have your clan destroyed, the devastation of losing a real life battle is far diminished.
The biggest issue with clash of Clans in the feeling of slow gameplay towards the later levels.
While the game is free to play, there is certainly the incentive of increased productivity to buy in-game currency of gems with real life money.
Finally, way too much is put into building a mighty clan to be content with starting over.
While it can be fun to try new things, to go from having the best soldiers at your disposal to the most basic is a little bit jarring leaving replay value in the middle of the score range.
Beautiful Graphics.
None.
Clash of Clans is an epic combat strategy game.
Build your village, train your troops and battle with millions of other players online.
You asked, we delivered: The long-awaited.

Hit strategy game Clash of Clans is officially storming the Android realm

pillaging and raiding your tablets and phones.
The time has come to unleash your inner barbarian.
Get the game, join the fun – it’s free.
Features:.
FREE TO PLAY.
Build your village into a undefeatable fortress.

Battle with players worldwide and take their Victory Points

Join together with other players to form the ultimate Clan

Fight against rival Clans in the epic Clan Wars

15 unique units with multiple levels of upgrades.
Defend your village with Cannons, Towers, Mortars, Bombs, Traps and Walls.

Fight against the Goblin King in an epic campaign through the realm

Gameplay Video.
Download Clash of Clans.
Download QR-Code ‎Clash of Clans Supercell Download QR-Code Clash of Clans Supercell.
Filed Under: , , , , App Apes Free App Review Website Launches Plants vs.
Zombies 2.
Send to Email Address Your Name Your Email Address Post was not sent – check your email addresses.
Email check failed.

Please try again Sorry

your blog cannot share posts by email.

Robot Unicorn Attack 2 is a must play game

Robot Unicorn Attack 2.
Posted on September 9, .

2014 by • 2 Comments Graphics – 10/10

Gameplay – 10/10.
Replay Value – 9.5/10.
9.8/10 ( votes) Sending Robot Unicorn Attack 2 is essentially a playable metal-ballad music video with a unicorn protagonist, sporting a long flowing mane rather than a blonde head of head-bashing hair.
In other words, it is exactly how a sequel should be done, and keeps everything loveable about the first, improves upon it, and adds so much more.
Sure most sequels suck, but not Robot Unicorn Attack 2.
It gallops flamboyantly to greatness.
The animations are very well done, very believable, and that’s saying something since the game is full of unbelievably beautiful landscapes and mythical creatures, including flying whales, ice owls, seahorses, rock golems, and, of course, unicorns.
Lots of them.
Robotic unicorns, flaming unicorns, rainbow unicorns.
The backdrops are diverse and gorgeous, as are the collectables, opponents, and running grounds.
The gameplay is straightforward (literally as it’s a side-scrolling platformer), but it also offers unique challenges.
On top of this, the developers have created two teams, Team Inferno and Team Rainbow, that players can join and feel part of a community, and also compete for daily prizes, make the replay value rich.
With power ups and customizations the fun seems to never end.
In conclusion, Robot Unicorn Attack 2 is a must play game, and one of App Apes highest rated of all time.
So don’t be afraid to race to the app store and download it.
Join a team and help your neigh-bors play to victory daily.
Beautiful Graphics.
None.
Get your hands on the latest, greatest.

Most epic installment of the Robot Unicorn Attack series to date

available for FREE! Brought to you by PikPok and Adult Swim Games, makers of “Monsters Ate My Condo!!” Features:.
Choose between Team Rainbow or Team Inferno and compete on a unique level every day for prizes.
Race through 2 worlds at war, .

One of Rainbows and Harmony and one of Ice and Wonder

Build and customize your very own unicorn, selecting from different bodies, manes, wings, horns, trails and more.
Unlock and arm yourself with 12 different boost abilities, including “Rainbow Savior” and “Gallow’s Gallop”.
Achieve both personal and community goals, updated daily.

Battle mighty giants and dash through their dangerous Solar Beams

Journey through such cosmic spectacles as Space Whales, Leviathan Seahorses, Ice Owls and more.
Both worlds change to new and different layouts every single day.
Personalize your quest (and support the artists) by purchasing new background songs for $.99 apiece, including Erasure’s “Always”.

Full Tablet support for both 7 and 10 inch tablets!

Oh, also.
You can fly now.
Yeah.
Yeah, man.

Download Robot Unicorn Attack 2

Download QR-Code ‎Robot Unicorn Attack 2 [adult swim] Download QR-Code Robot Unicorn Attack 2 [adult swim] games.
Filed Under: , , , , ICEE Maker Game Call of Dead: Modern Duty Hunter & Combat Trigger.
Send to Email Address Your Name Your Email Address Post was not sent – check your email addresses.
Email check failed.

Please try again Sorry

your blog cannot share posts by email.