Thursday, December 10, 2015

Installing Server OS on a Dell with a DRAC card and without a DVD Drive

Simple process for installing a server OS on a Dell server that came with a DRAC card (which I recommend in all cases).  

Download the ISO for the installation DVD (typically from the MS VLSC) such as the Windows 2012 R2 DVD ISO.

I recommend that you boot up the server and go through RAID configuration using Control - R to set up your RAID array before continuing.  RAID is not configurable inside Windows setup.

Open the DRAC web interface (default location is with a username/password of root/calvin).  

Open a virtual console.

In the virtual console.

Click Virtual Media -> Connect Virtual Media

Click Virtual Media -> Map CD/DVD

Choose the ISO file from your local machine (the ISO file should be located on your phsyical machine - not at all on the server).  I highly recommend you do this over a wired connection.  It'll take 20+ minutes over a wired connection to transfer the contents of a 6 GB ISO file and more than an hour over wireless.

In Next Boot, choose virtual CD/DVD/ISO.

Wednesday, December 2, 2015

Take ownership of a folder without affecting existing NTFS permissions

I'm not positive of the reason, but sometimes, when I take ownership of a folder (perhaps it has to do with applying ownership to all subfolders) all the existing permissions are gone.  Here's a DOS command you can run in an elevated command prompt on the server to adjust ownership without affecting existing NTFS permissions:

TAKEOWN /A /R /F c:\SomeFolder

Thursday, November 19, 2015

Deleting a folder with file names that are too long to be deleted

Simple process for deleting all the contents in a folder that are too long for Windows or DOS to delete.

Create a new folder called "del" with nothing in the del folder..
Let's say the folder with all the data you want to delete is in e:\shares\public

Run this command:
robocopy e:\del e:\shares\public /mir

This process will mirror the contents of e:\del into the folder e:\shares\public

Easy peasy.

Wednesday, November 18, 2015

Fixing November 2015 issue of iphone users sending calendar acceptances over and over again

In October and November 2015, we found that in some cases, users would send calendar appointment acceptances over and over again to the meeting owner.  We think this is caused by the newest iPhone IOS update.  Here's the fix that Microsoft recommends:

1. Configure affected user's mailbox in Outlook in Online Mode (disable cache).
2. Download MFCMAPI tool from
3. In O365 web portal from the Exchange Admin Center, open the affected user's profile, then select Mailbox Features > Mobile Devices > Disable Exchange ActiveSync.
4. Remove the mailbox from the user's mobile device.
5. On the system with Outlook is configured in Online Mode, run MFCMAPI.
6. Click OK to close the Usage Notes screen.
7. Click Session > Logon.
8. Select the Outlook profile set up for the affected user.
9. Double-click the display name of the affected mailbox.
10. In the new window, expand the Root Container menu.
11. Expand ExchangeSyncData menu.
12. For each listed AirSync device, right-click the item, then select Delete Folder and select the checkbox for Hard Deletion > OK.
14. Once all listed AirSync devices have been successfully deleted, from the main navigation select Actions > Exit.
15. Select Session > Logoff.
16. Select QuickStart > Exit.
17. In O365 web portal from the Exchange Admin Center, open the affected user's profile, then select Mailbox Features > Mobile Devices > Enable Exchange ActiveSync.
18. Add the mailbox to the user's mobile device.
19. The issue should be resolved and may be monitored via the Sent Items folder of the configured Outlook.

Tuesday, November 17, 2015

Hyper-V VM stuck on stopping

On my Windows 2012 (not R2) Standard server, I run several VMs.  In the process of trying to shut them down, I consistently find an issue where insead of shutting down, the virtual machine get stuck saying "stopping"

In this helpful thread, people say that the problem is actually Routing and Remote Access (RRAS) being on the same server as the VMs.  As such, I had luck restarting the RRAS service on the affected server.  For me, this worked.  I've tried the other suggestions of killing the process - to no avail.

Sunday, November 8, 2015

Setting up SNMP via CLI (for Fortigate 40C or lower)

The Fortigate 40C doesn't have a GUI method of enabling SNMP.  This is lame.  I use PRTG Traffic Grapher to monitor bandwidth usage.  I found CLI instructions here:

I made some slight adjustments and entered these CLI commands.

config system interface
    edit "internal"
        set allowaccess ping https ssh snmp fgfm

config system snmp sysinfo
    set description "Enter your company name here"
    set location "Enter your company location here"
    set status enable

config system snmp community
   edit 1
           config hosts
                edit 1
                     set interface "internal"
                     set ip
      set name "public"
      set trap-v1-status enable
      set trap-v2c-status enable

Wednesday, November 4, 2015

Altering active DHCP scope's subnet

You can't alter an active DHCP's scope subnet.  I needed to alter a 24 bit subnet to a 23 bit subnet, but I didn't want to delete the scope (and all its DHCP reservations) and start over.  I found this post on how to alter the subnet without deleting the scope:

It worked as advertised.

Wednesday, October 28, 2015

Keep Windows 7 from installing drivers updates

I found these steps for keeping Windows 7 from installing driver updates.  This is particularly important for Toshiba Portege laptops that can become unstable with non-Toshiba approved drivers (particularly video, WLAN, and audio).

I follow the steps above on all Toshiba laptops.

Thursday, October 1, 2015

Pros and cons of on-site phone system vs cloud based phone system

In 2015 and beyond, most small businesses choose between an on-premise and cloud based phone systems.  The big difference between the two is where the brain of the phones live.  Do you have physical equipment in your office or is the brain of the phone system in the cloud?  Often people use the term VOIP for phone systems with a brain in the cloud, which is technically inaccurate but almost always the case.

On Premise Systems


  • Long term costs are lower
  • Voice quality is highest


  • Initial investment can be relatively high (prices would start at $7k for a small system for eight employees, add another $2k or so for each eight employees so 32 employees would be ~ $13k)
  • Equipment may need maintenance (perhaps done by your IT guy, perhaps phone vendor)
  • Hardware can fail or become obsolete and need to be replaced (typical life - 5 to 8 years)

Cloud Based Systems


  • Larger featureset than on-premise systems in most cases
  • Allows for users outside of the office to have an office phone and participate fully as if they are in the office
  • Upgrades of backend software are automatic - no hardware that becomes obsolete


  • Even in best case possible setups, can have some voice quality issues (not often but frequency can vary)

Let's use some numbers from recent systems I have put in place and use them as examples.  In this case, I'm assuming a small business with approximately 15 employees.

Client 1: NEC SV8100 with fifteen 24 button phones, PRI module, voicemail to email licenses - $9k, PRI at $400 per month from Windstream
Client 2: Telesphere (now Vonage Business) at $518 per month for 15 phones/licenses, $350 for dedicated ethernet over copper voice circuit at 5x5, add $500 for POE switch on day of implementation

Based on the numbers above, total cost of ownership for six years as follows (graph based on these numbers further below):

Start Year 1 Year 2 Year 3 Year 4 Year 5 Year 6
On Premise $9,000 $13,800 $18,600 $23,400 $28,200 $33,000 $37,800
Cloud $500 $10,916 $21,332 $31,748 $42,164 $52,580 $62,996

Wednesday, September 23, 2015

Disabling banner sheet on Xerox Workcentre machines

The options in the Xerox Global PCL 6 driver don't seem to provide an option for disabling the banner sheet.  Instead, the easiest option is to disable the banner sheet in the copier properties.

Go to the IP address for the copier, click Login and enter the credentials (default is admin/1111).

Click Properties across the top
Click Services up the left hand side
Click the Printing dropdown
Click Print Mode
Choose No for Print Banner Sheets

Friday, August 21, 2015

Setting up Automator to back up Mac on startup to Google Drive

I've written about using Automator to back up a Mac here.  I've had trouble getting that to work, so I now do this.

Open Automator
Create a new Application

In your Google Drive, create a folder called Backup
In the Backup folder, create a folder Desktop, Documents, etc for each folder you want to back up.

Create these processes:

Get Specified Finder Items
(choose all the folders in the Backup folder - not the Backup folder itself)
Move Folder Items to Trash
Get Specified Finder Items
(choose Documents)
Get Folder Contents
Copy Finder Items
(copy to the Documents backup folder location and choose replace existing files)
Get Specified Finder Items
(choose Desktop and click options and choose Ignore this action's input)
Get Folder Contents
Copy Finder Items
(copy to the Desktop backup folder location and choose replace existing files)

Repeat these steps for each folder you want to back up

Get Specified Finder Items
(choose FolderToBackup and click options and choose Ignore this action's input)
Get Folder Contents
Copy Finder Items
(copy to the FolderToBackup backup folder location and choose replace existing files)


Save the Automator application to the Applications folder
Go to System Preferences -> Users & Groups
Click Login Items
Add the application you created in Login Items

Wednesday, August 19, 2015

removing Windows 10 notification

Option 1:
I created a file that will adjust four registry entries to disable the Windows 10 Upgrades here:

Save that file and run it.

Option 2:
Manually make the adjustments below (credit to the resources comes from here):

1. Type regedit in RUN or Start search box and press Enter. It'll open Registry Editor.

2. Now go to following key:


3. Create a new key under Windows key and set its name as GWX

So the final key path would be:


4. Now select GWX key and in right-side pane create a new DWORD DisableGWX and set its value to 1


1. Again in Registry Editor, go to following key:


2. Create a new key under Windows key and set its name as WindowsUpdate

So the final key path would be:


3. Now select WindowsUpdate key and in right-side pane create a new DWORD DisableOSUpgrade and set its value to 1


1. Again in Registry Editor, go to following key:


2. In right-side pane, look for two DWORDs AllowOSUpgrade and ReservationsAllowed and change their values to 0

Tuesday, August 4, 2015

Configuring Fortigate for VOIP phones behind it

These are the general steps for allowing VOIP phones behind a Fortigate to work properly.  Please also note these steps to put QoS on voice traffic for better performance.

  1. Open the Fortigate CLI from the dashboard.
  2. Enter the following commands in FortiGate’s CLI:
    1. config system settings
    2. set sip-helper disable
    3. set sip-nat-trace disable
    4. reboot the device
  3. Reopen CLI and enter the following commands – do not enter the text after //:
    1. config system session-helper
    2. show    //locate the SIP entry, usually 12, but can vary.
    3. delete 12     //or the number that you identified from the previous command.
  4. Disable RTP processing as follows:
    1. config voip profile
    2. edit default
    3. config sip
    4. set rtp disable
There might be other settings that you need to configure depending on the FortiOS version that you are using. If you continue encountering issues related to SIP ALG, please contact Fortinet Support.

Monday, August 3, 2015

Setup of Dell branded Aruba wireless access points

These are the basic steps for setting up Dell branded Ariba wireless access points:

  1. connect to WLAN named "instant"
  2. open non HTTPS page
  3. will be redirected to
  4. log in as admin/admin
  5. in the top middle, click on edit next to the MAC address and give the WAP a new name
  6. in the top left under networks, click on New to create a new SSID
  7. Click on system in the upper right hand corner
    1. - change name to more descriptive name
    2. - Change time zone
    3. - Change preferred band to 5 Ghz
  8. Clicki on the admin tab and change the admin password
  9. Click on RF in the upper right hand corner
  10. - in band steering, change value to Force 5 Ghz
  11. in upper left hand corner under networks, delete the SSID of instant

Sunday, August 2, 2015

Hyper-V virtual machine at 100% CPU inexlicably

In some cases, I've seen Hyper-V virtual machines run at 100% CPU usage.  I can't explain it - but the cause is Windows Update on the VM itself.  The fix is to disable the Windows Update service from automatic startup and stop the service.  This fixes the problem.  You'd need to install updates manually going forward.

Wednesday, July 22, 2015

Quickbooks H202 problems/thoughts

I can't explain how I have so many problems at one client with Quickbooks server/client issue - whereas I have other clients with the same setup with no problems.

After spending 8 hours on it yesterday, here are some more things to troubleshoot/look at:

  1. On the Quickbooks host, ping the host itself with NETBIOS name (meaning if the host is machine X, open a DOS prompt on machine X and ping X).  If you get anything other than an IPv4 address in the reply, make an entry for the QB host in the HOSTS file,
  2. On the Quickbooks host, telnet to each of the ports that should be open to make sure you know what should be open (telnet NETBIOSNAME 8019).  List of ports is below.
  3. On a Quickbooks client, telnet to each of the working ports to make sure they aare working properly (and if not - adjust firewall settings as appropriate).

And even with the above in place, you *still* might have trouble.  I had a Windows 7 physical machine set up optimally that would just not work right.  Whenever a client tried to convert the QBW file to multi-user mode, Quickbooks would give an H202 message.  I also had a Windows 2008 32 bit Hyper-V VM machine that was optimally configured as well.  I would also get an H202 error when trying to put a client (logged in as admin) in multi-user mode.  Every possible thing I could see was optimal.

I ended up creating a new Windows 2008 R2 VM - configured no differently than the two above machines in any meaningful way - that worked.  IP address was given through a DHCP reservation.  There was a HOSTS file entry on it.  I made the firewall adjustments.  I shared out the folder that had the QBW file with appropriate permissions.  I ran the QB database server tool and scanned the appropriate directory.  The initial ND file looked no different than the ND file from the above two machines (Win 7 and Win 2008 RTM 32 bit).  I can't explain it, but at 5 am - I was able to get a reproducible successful state.

Quickbooks ports that need to be open in the firewall:
QuickBooks 2015: 8019, 56725, 55363-55367
QuickBooks 2014: 8019, 56724, 55358-55362
QuickBooks 2013: 8019, 56723, 55353-55357
QuickBooks 2012: 8019, 56722, 55348-55352
QuickBooks 2011: 8019, 56721, 55343-55347
QuickBooks 2010: 8019, 56720, 55338-55342

Initial ND file when you first create it:
// This is QuickBooks configuration File. It exists while users are connected
// to a company file. Do not delete this file yourself. QuickBooks may not
// operate correctly if you manually delete this file.
FilePath=C:\QB\TestCompany, LLC.QBW

Final ND after it is successfully used:
//This is QuickBooks configuration File. It exists while users are connected
// to a company file. Do not delete this file yourself. QuickBooks may not
// operate correctly IF you manually delete this file.
FilePath=C:\QB\TestCompany, LLC.QBW


Friday, July 17, 2015

Installing a Netgear 341U Sprint Mobile Broadband Card on a Mac

I've had some trouble getting a Netgear 341U to install on a Mac.  Here's what I've found to work and also what you're looking for.

The proper Netgear 341U setup shows WWAN LTE as an option as a network to connect.  When the Netgear 341U is plugged in, the WWAN LTE will show as connected.

I've let the drivers install when you first plug the card in, but this did not work for me.  Somehow, they just didn't show the WWAN LTE connection.  The solution seems to be go to Sprint's site and download the drivers from there with the card plugged in.  Download the drivers.  Install the drivers and reboot - all with the card still plugged in.

Drivers located here:

Thursday, July 16, 2015

Disabling WSUS on a formerly SBS 2008 network

Windows SBS 2008 networks define the Windows Update server as the SBS 2008 server.  This works well until you decommission the SBS 2008 server, and you need/want your computers to start searching for updates on the internet again.  Personally, I've found that as long as you have sufficient bandwidth, I prefer getting updates from the internet over managing/maintaining an internal WSUS server.  I'm sure many disagree with me.

The WSUS server is defined in Group Policy.  The Group Policy Object on an SBS 2008 network is called "Update Services Common Setting Policy."  Here's a screen shot of where you disable the setting (change the value to disabled):

Wednesday, July 15, 2015

Set up for a new Mac on a PC network as of 7/15/15

  1. Boot up laptop and log in as admin and create a local password with the domain admin password
  2. Install all applicable Apple updates and make sure the system is on the latest OS and OS patch
  3. Create new user as local administrator that matches (though doesn't necessarily need to match) the user's login name on the Windows domain with matching domain password
  4. Log out and log in as user
  5. Install newest applicable version of MS Office
  6. Set up VPN
  7. Set up all applicable printers
  8. Install applicable antivirus
  9. Set up network drives
  10. Test VPN and ability to access network drives over VPN
  11. Configure Outlook and let email download completely
  12. Configure any applicable broadband card
  13. Add VNC/screen sharing password
  14. Add serial number and computer specs to inventory spreadsheet

Tuesday, July 14, 2015

Moving Hyper-V from Windows 2008 R2 to Windows Server 2012 R2

You can't import a virtual machine created on Windows 2008 R2 into a server running Windows 2012 R2.  There's some aspect that's incompatible.

Here's what worked best for me:

Stop the old VM on the Win 2008 R2 machine
Copy the VHD file to the Win 2012 R2 machine
Create a new virtual machine and tell it to connect to an existing virtual disk
Choose the VHD you moved

If you get error 0×80070569 like I did when you try to complete the new VM wizard, restart the Hyper-V Virtual Machine Management per this page:

Saturday, July 11, 2015

Downloading symbols for use with windbg when analyzing BSODs with windbg

99 times out of 100, I use BlueScreenView to analyze BSODs.  It's a great program for initial analysis.

If I need to go more in depth, I use windb from here

However, when you run windbg, you get errors about missing symbols. I read about the fix for the symbold problem here:

The fix for the symbol error is to type this command at the bottom of the window (part to type in bold):

0: kd>  !symfix
then save the workspace and close and reopen windbg

Now you get no symbol errors when you open the minidump.  Now, you can get get more detail about the BSOD with this command:

0: kd> !analyze -v

Thursday, July 9, 2015

DOS commands to view WLAN status

I found this command to be very helpful in giving me details about my WLAN and all the WLANs around me.  It allows you to get the channels of all the WLANs around you and their signal strength relative to you.

netsh wlan show networks mode=bssid

For info just about your current connection, enter:

netsh wlan show interface

Wednesday, July 8, 2015

uninstall SBS 2008 from domain

My broadstroke steps to uninstall SBS 2008 from my domain.

  1. delete all offline address books in EMC
  2. delete all public folders with these two PowerShell commands:
  3. Disable and then purge all user mailboxes (you do not delete mailboxes as this also deletes the active directory accounts as well)
    a. You do not delete mailboxes, but rather you go to recipient configuration -> mailbox in EMC and highlight all mailboxes and choose "disable"
    b. You'll see all the mailboxes go to the disconnected mailboxes section
    c. Now, you run these two commands to purge the mailboxes in an elevated Exchange Shell:
    d. $users = Get-MailboxStatistics | where-object { $_.DisconnectDate -ne $null } | Select DisplayName,MailboxGuid
    e. $users | ForEach { Remove-Mailbox -Database "Mailbox Database" -StoreMailboxIdentity $_.MailboxGuid -confirm:$false }
    f. Credit for those two commands goes here:
  4. Uninstall Exchange (required following several KBs with steps on deleting things like OAB, user mailboxes, public folders, send connectors, etc)
  5. Transfer the 5 FSMO roles to a new domain controller with the global catalog role via these steps
  6. Remove Active Directory Certificate Services
  7. Demote the SBS server
  8. Remove the SBS server from the domain (put in a workgroup)
  9. Disable and/or remove WSUS from group policy via these steps
IMPORTANT NOTE - When I did a dcpromo to demote my SBS 2008, it somehow broke my DFS namespace even though the SBS 2008 server was *not* the host of this namespace.  I ended up having to create a new namespace after I had demoted the SBS server.  This is definitely something to check on future SBS uninstallations.

Tuesday, July 7, 2015

transferring FSMO roles when decommissioning and SBS server

When decommissioning an SBS server, you need to trasnfer the 5 FSMO (Flexible single master operation) roles.  Here's the process:

Start -> Run

Type roles
Type connections
Type connect to server
where is the name of the server you are transferring the roles to (such as "connect to server contoso1")
Type q
Type transfer rid master
Type transfer infrastructure master
Type transfer pdc
Type transfer schema master
Type transfer naming master

Monday, July 6, 2015

SEP 12.1.5 disabling internet based on "traffic has been blocked from this host svchost.exe"

We use Symantec Endpoint Protection in an unmanaged scenario in our small network.  In certain cases, some staff get their internet access disabled when SEP says "traffic has been blocked from this: svchost.exe"

The quick fix:

1. clicking on Options next to Network Threat Protection
2. Click "Configure Firewall rules"
3. Find "Block UPnP Discovery" and change it from BLOCK to ALLOW

Saturday, July 4, 2015

Set internet failover on Fortigate 40C on firmware 5.2.3

On the Fortigate 40C, setting the dead gateway detection (aka WAN failover, aka link failover) can only be done by command line interface on firmware 5.2.3.

Why?  I have no idea.  But per support, here are the steps to create failover if WAN1 is your primary circuit:

config system link-monitor
edit 0
set srcintf "WAN1"
set server ""
set protocol ping
set gateway-ip
set source-ip
set interval 5
set timeout 1
set failtime 5
set recoverytime 5
set ha-priority 1
set status enable

If you want to check status of the failover, here is the command:

diag sys link-monitor status

Thursday, July 2, 2015

Fix for Netgear C3000 that will not connect to VPN

I found a fix for users with a Netgear C3000 cable modem router that are unable to connect to PPTP VPN.

In my test case, the user was on Comcast and getting error 800 when connecting to her company VPN.

First, make sure you can log into the router.  Default login and password are admin/password.  You'll need to be able to log in.

Netgear has this page which gives a download which makes an update to the router firmware to allow VPN passthrough:

In my test, I had to apply the update and then manually reboot the router, but afterwards, I was able to connect to the PPTP VPN per normal.

Wednesday, July 1, 2015

Invalid partition table on a new Windows 7 install (UEFI vs legacy boot)

I rarely ever edit anything having to do with UEFI, but I found a situation where I was getting "invalid partition table" on a new Windows 7 installation from DVD.

The problem was that I was booting to the DVD from UEFI and then botting Windows from legacy BIOS (or so I think).  When pressing F12 on my Dell Latitude E7240, I got these options:

I was booting to the DVD ROM using "UEFI: HL-DT-ST DVD+/-RW GU60N"

However, presumably when the machine rebooted, it was trying to boot from the legacy hard drive.  If I booted to the UEFI hard drive when botting from the UEFI DVD drive, it would work.  But if booting to the Internal HDD from the legacy boot, I get "invalid partition table."

That's my theory as to why I was getting "invalid partition table"

Based on a sample size of one, this holds true.

Monday, June 29, 2015

Intel 7265 wireless trouble on Unifi WAP

I'm running the latest driver (as of 6/29/15) of the Intel 7265-AC wireless card.  As of this writing, it's  Oddly, the connection to the Unifi access points (Unifi-AC and standard Unifi access points) drops intermittently.  I still have an IP address, but I can't ping anything on the network.

My fix at this point is:
Ad Hoc QoS Mode - WMM Enabled
HT mode - HT Mode
U-APSD support - Disabled

I'm testing this fix (documenting what I've seen here):
(this is where I got most of the info from)

Thursday, May 14, 2015

Downloading Youtube videos

Came across an easy way to download youtube videos from this youtube:

add "ss" in front of in the link of the video you're watching.

So if you want to download - you'd go to

This worked great in my test.

Wednesday, May 6, 2015

Office 2010 Office Customization Tool (OCT) adjustments

This post documents the changes I make to the Office 2010 Customization Tool to get settings the way I like them.

Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Junk E-Mail -> Enabled
Set to No Protection

Microsoft Outlook 2010 -> Outlook Options -> Other -> Autoarchive
Disable FileArchive -> Enabled

Microsoft Outlook 2010 -> Outlook Options -> Other -> Autoarchive
Autoarchive settings -> Enabled
Clear the box for Turn on Autoarchive

Microsoft Office 2010 -> Privacy -> Trust Settings
Disable Opt-in -> Enabled
Enable Customer Experience -> Enabled
Automatically receive -> Enabled

I also add shortcuts for Outlook, Word, Excel, and PowerPoint to the desktop in Configure Shortcuts.

When using Office365 or Google Apps as I only do, I do not configure the mail profile.  Other than inserting the installation key in Licensing and User Interface, I don't make any changes.

Wednesday, April 29, 2015

Get list of active users and last logon time in Office365 PowerShell

This PowerShell command will give you the list of users in the system and their last logon time:

Get-mailbox -resultsize unlimited| Get-MailboxStatistics | select displayname, lastlogontime | sort-object lastlogontime

Thursday, April 23, 2015

checklist for new laptop purchases - updated 4/23/15

This is my checklist when buying a new computer.  I've had some Dell reps not key in my information properly, which has caused problems - so I need to check over each order to make sure all I want is included.

Items to check:

  1. Processor: Core i5 or better
  2. RAM: 4 GB or more (as required)
  3. Hard drive: 256 GB or more (SSD preferred for most laptops)
  4. Webcam built in
  5. Warranty as required (3 year with accidental damage protection preferred)
  6. Docking station (if required)
  7. Windows 7 Pro 64 bit
  8. OEM software (Office or Adobe Acrobat as needed)
  9. Dual band wireless card
  10. Battery size as required (4 cell or larger)
  11. Default display resolution as preferred

Thursday, April 16, 2015

Office365 Whitelist and Blacklisting

This is a consolidation of information I've found on blacklisting and whitelisting in Office365:

Whitelisting or blacklisting by IP address:

Exchange Admin Center -> Protection -> Connection Filter -> connection filtering by IP address

Whitelist by domain name:

Exchange Admin Center -> Mail Flow -> Create New Rule -> Bypass spam filtering -> Apply this rule ... if the sender domain is

Powershell configuration:

Sunday, March 29, 2015 adware removal

In Chrome on a client computer, each time she'd open a window, you could see the browser looking to the site for content.  This included when she'd click to reply to a message within her Exchange webmail.  There was no program in add/remove programs.  There were no extensions in Chrome.  Malwarebytes, rkill, adwcleaner, and all other cleaners I use found nothing.
This problem persisted in even a new Chrome user profile (same Windows profile).  I even searched through the registry and found nothing.  Eventually, I came across this site:

Per the page above, the fix was to set Chome to default settings.  This worked.  I don't know how/why, but somehow this site embeds itself somewhere I couldn't find it at all.

Friday, March 20, 2015

Autodiscover points to incorrect location after cpanel update

For a domain on Office365, I had autodiscover stop working.  My main clues were that user setups would not autoconfigure and Outlook would lose its Outlook RPC over HTTPS settings.

The problem was that a cpanel update created an autodiscover entry that superseded the standard autodiscover entry that Microsoft suggested customers put in place.  This would affect domains in these situations:

1) Use Exchange as their email server (Office365 or any other Exchange server, on premise or outsourced)
2) Have a valid third party SSL certificate on their web site
3) Use WHM/cpanel on their web server

My clue that autodiscover was pointing to the wrong location (aside from the aforementioned problems) was that server replying with autodiscover.xml information was the domain's web server when running the Outlook Autodiscover test from

Implementations vary, but typically autodiscover (for Office365 at least) will be configured by a CNAME record of to  In the case here, a WHM/cpanel update created a autodiscover response at  Outlook checks before it checks so if Outlook finds a response at, you will have a problem.

In the case of the WHM/cpanel update, would forward to - which gave the incorrect autodiscover response.

There are two fixes.

The first/proper fix is to disable autodiscover using WHM.  Log into your WHM in your web browser and log in as root.  In my case, I logged in to my BlueHost WHM via (where is your server's IP address).  Go to Server Configuration -> Tweak Settings.  Make sure Proxy subdomains is turned ON.  Make sure Thunderbird and Outlook autodiscover and autoconfig support are turned OFF.

The second/manual fix (courtesy of comment at 2/14/2015 10:21 AM at
  • Log in as root on your web server
  • Edit /etc/httpd/conf/httpd.conf
  • Search for autodiscover, you should find a ScriptAlias line referencing it
  • Comment this line out or remove it completely
  • Edit /usr/local/cpanel/APACHE_CONFIG and find the same line and remove it or comment it out
  • on BlueHost, run "/usr/local/cpanel/bin/apache_conf_distiller --update"
  • run "service httpd graceful" to restart apache

Afterwards, test your autodiscover via and presuming a successful tests - all is well since the web server is no longer responding to autodiscover requests.

Monday, March 16, 2015

Superfetch causes 100% disk usage on Windows 8 machines

I was working on a Samsung laptop with Windows 8.1 where the machine's performance was subpar and I found that Task Manager shows disk usage was 100% (CPU and memory usage were normal).  When I opened resource monitor, I didn't see any programs using any more disk than normal.  Mostly from this page:

I decided to disable superfetch, which worked for me.  Disk usage dropped to single digits and would rise to 100% if/when the superfetech service was re-enabled.

Wednesday, March 4, 2015

using rsop.msc to check group policies applied to a domain machine

In troubleshooting another problem, I came across a suggestion to run rsop.msc on the client machine.  Rsop.msc displays all the group policies that are applied to a domain machine.  In my case, it helped me track down a group policy that was forcing machines on the domain to never go to sleep.  I guess that policy makes sense with desktops, but a particular user did not want this behavior on his laptop.

Anyway, rsop.msc made this much easier and is a tool I'll keep in mind.

Tuesday, February 17, 2015

Outlook for iPhones

On 1/29/15, Microsoft released a new iphone and Android app for email.  This app is listed as Microsoft Outlook (and should be the first choice when you search for "Outlook" in the app store) The Outlook app isn't that different from the native iphone mail app , but overall, I've learned to like the new Outlook app better.  The main selling points for me - 1) focused inbox (where the most important messages are listed together separate from most other stuff you get) and 2) one swipe delete (where it took a swipe and a press to delete in the native mail app for iphone), 3) a consolidated inbox (my Exchange, Yahoo, and gmail inboxes are all together instead of three separate inboxes).

I've created instructions for installing the new Outlook app and the setup of an Exchange account here:

Thursday, February 12, 2015

Manual setup of Office365 (on Exchange 2013)

If for some reason autodiscover isn't working or you can't put autodiscover in place, here are manual instructions for setting up Outlook for Office365 (when using Exchange 2013):

Tuesday, February 3, 2015

Paychex Preview Payroll to do list

Preview Payroll for Paychex needs a couple things to be in place.

You need to use Internet Explorer.

If using IE 11, you need to make sure that and * are listed in compatibility mode.

You should make sure that is listed in trusted sites.

You need the latest version of the Citrix receiver from here:

You may also need the latest version of Java and *may* need to add as an exception in control panel -> Java on the security tab.

Monday, February 2, 2015

Virtual Network Queuing causes poor performance on Dell servers

In troubleshooting some poor network card behavior on my Dell PowerEdge T420 running Windows Server 2012 with three virtual machines on it, I came across these articles that describe problems with virtual network queues enabled on Broadcom NICs.

I upgraded to the latest drivers and disabled the virtual machine queues.  My sample size was small and problems intermittent, so it's hard to say if I resolved the issues, but it's worth noting.

Wednesday, January 14, 2015

Enabling advanced features in Fortigate firmware 5.0

You can enable some hidden/advanced features in Fortigate OS 5.0 via System -> Config -> Features and turn on Advanced Routing,

In my case, I was looking for "dead gateway detection" so I could switch to my secondary ISP when my primary ISP failed, but the option wasn't there in Router -> Static -> Settings.  Once Advanced Routing was turned on, I had the option for dead gateway detection.

Thursday, January 8, 2015

Troubleshooting Quickbooks PDF problems

Here's a good list of steps for troubleshooting problems printing/saving to PDF in Quickbooks.  In my case, I was troubleshooting errors when saving to PDF on Quickbooks 2009 for a user.  I use the PDF repair utility and it solved the problem.
  1. Make sure you have the most current revision of your year of QuickBooks, as earlier revisions are more likely to have problems. For example, QuickBooks 2013 R6 has at least 7 fixes that directly relate to correcting PDF problems in various circumstances
  2. Try the the PDF Repair Utility from Intuit, which works through a number of different issues with the various drivers and Windows settings. This works for MOST cases.
  3. Make sure you have proper access permissions to the “temp” folder in Windows (details for how to do this are in my article on QuickBooks/Windows 8 PDF problems, which has a few additional tips).
  4. If this is QuickBooks 2011 or older, check the outline below.
  5. If all else fails, try the Intuit support site for PDF problems, which has some other things to try.

Saturday, January 3, 2015

Intel cloning tool for future clones

I wrote about using Clonezilla to clone a drive in an upgrade here.  The one obstacle was that the cloning mirrored the drive size on the new drive.  If the old drive was 128 GB and the new drive was 512 GB, Clonezilla would create a 128 GB partition on the new drive and 384 GB of unallocated space.

For my next clone, I'll try Intel's data migration software:

I almost always buy Crucial drives - I don't know if this Intel software will work on the Crucial drives (or if it'll only work on Intel drives), but we'll see.  The person who used the Intel software raved about ease of using it.

Friday, January 2, 2015

Clone with Clonezilla experience

I used Clonezilla to clone my first hard drive the other day.  I was upgrading a 128 GB hard drive in a Dell XPS 13 to a 512 GB hard drive.  I used Tuxboot to download and install Clonezilla to a flash drive (using the i686 pae Clonezilla download version).  Basically, I did this:

plug in nothing but the flash drive to the existing laptop and boot to that device
After the computer boots to the flash drive, plug in the second drive that you are cloning to (typically with some kind of USB to SATA or USB to mSATA adapter)
Choose Clonezilla Live (default settings)
Choose English
Choose Don't touch keymap
Choose Start Clonezilla
Choose device-device (to clone directly from one drive to another instead of using an image as an intermediary)
Choose the source drive
Choose the destination drive
Let it run.
It'll take somewhere from 30 minutes to 3 hours depending on the quantity of data.

In the case of this Dell computer, the clone worked great and once i put the new drive in, the computer booted up normally.  This is in contrast to a Toshiba Portege Z30a-1301 that would give a BSOD on every bootup.  For the Toshiba, even though I followed the exact same steps that worked with this Dell, I had to do things differently.  After failure after failure, I ended up building Windows from scratch using a Windows 7 volume license.

The catch at the of the clone was that the C drive was only 128 GB.  I had 300+ GB in unallocated space.  And I couldn't merge the 128 GB partition with the unallocated space because there were other partitions physically located between the 128 GB partition and the unallocated space.

Here's how I fixed that . . .

The drive looked similar to this where the C drive was not right next to the unused space:

I downloaded and installed Mini Partition Wizard 9.1 from here.

The goal is to move the 449 MB partition to the end of the disk so that the unallocated space is right next to the C drive.  I clicked on the 449 MB partition and chose move/resize:

I dragged the slider all the way to the right.

I hit OK and then applied the changes.  Afterward, the 449 MB partition was at the end and the unallocated space was right next to the C drive:

I right clicked on the C drive and extended the volume and was able to get the C drive the full size I wanted.