Friday, December 30, 2011

Search (and replace) Newlines in Excel

Excel is a great tool for simple and easy data management.
But sometimes there are just limitations (of the user).

For example replace all new lines (line breaks) with some other character sequences.
It can be done, you just have to know how:

1. Open the search replace dialog
2. In the search field enter CTRL+j  (It's OK, it shows nothing)
3. In the replace field enter the new sequecne (For example \n or 0x0a etc.)
4. Hit on "Replace all"

That's it, the magic is done.
Of course microsoft does not tell you this in his offline/online help (For whatever reasons)

Wednesday, December 21, 2011

Doing a Liferay migration from 3.6.1 to 6.0.6

Perhaps you have a older liferay installation and wish to get it updated to the current 6.0.6 release.
The normal upgrade procedure is doing it setp-by-step and it should work.

For me it worked only partially, I had to make some special steps to get a fully working upgrade across these versions.


The full details can be read here:

http://www.liferay.com/de/community/forums/-/message_boards/view_message/11773827#_19_message_11784521


Any yes, Liferay 6 rocks

Thursday, December 1, 2011

Using free variables in nagios/icinga for snmp community settings

With icinga you can monitor your it environment. It's a fork of the well known nagios monitoring solution.

It's a dropin replacement of nagios with some good extensions/enhancements.

One of the pains to monitor services via SNMP is, that you usually have different SNMP communities per server. The simplest way is to define one service per service+host and there define the snmp community.

But after a your IT environment expands you will get many many service definition, all identical with the exception of the snmp community.

There is a simple way out of this: Use custom object variables
The original documentation can be found here.

The documentation is somewhat short, so here a complete example:
  • On the host configuration, define a variable named _SNMP_COMMUNITY and assign it the value for the specified host.
  • In the check command, specify the $_HOSTSNMP_COMMUNITY$ as the parameter for your command.
The trick is, that your variable names must always start with a underline character. (So it does not clash with other definitions).
The second trick is used when referring to the defined variable: Icinga/Nagios do prefix the variable name you defined with _HOST / _SERVICE or _CONTACT, depending on the place where the variable was specified.
The last trick is, that the leading _ of your variable definition is removed before the final name is built in the evaluation.

Example of such a command definition

define command {
        command_name check_snmp_disk_group
        command_line $USER1$/check_snmp_storage.pl -H $HOSTADDRESS$ -C $_HOSTSNMP_COMMUNITY$  -w $ARG1$ -c $ARG2$ -m $ARG3$ -r -T pl -f
        register                        1
}

The corresponding host definition has then to be similar to this:


define host {
        host_name                       servername
        alias                           serveralias
        address                         ipaddress
        _SNMP_COMMUNITY                 mysnmppassword
        register                        1
}


A great tool to manage your icinga/nagios configuration is NagiosQL.

Tuesday, November 15, 2011

Running windows 2008 r2 adprep on a server in a different language

When you have a older active directory system, for example based on a Windows 2003 or Windows 2008 server, you have to upgrade the ads schema by running adprep.exe

The adprep.exe tool is found on the windwos 2008r2 DVD in the support\adprep directory.
You can copy over the whole content of the directory (including subdirectories) to your ads master  server.

If the "old" server is running a 32-bit windows, then you can start adprep32.exe instead of adprep.exe.

Now adprep.exe should tell you something about "At least windows 2000 sp4 required"
If you don't get any messages from adprep, then the languages of the windows 2008r2 dvd and your old ads server do not match.

It might be tempting to just type "c" for continue, it will then do some of the work, but unfortunally not everything you need.
adprep does write a logfile, which can be found in C:\windows\debug\adprep (or C:\windows\system32\debug\adprep for a 32-bit system)
You will see error like

There is a syntax error in the input file
Failed on line 169.  The last token starts with 's'.
An error has occurred in the program

The reason for this is, that there are some strings missing for the adprep utility.
To get it working correctly, you have to rename the language subdirectory to match the servers language. (Chaning it in the control panel is not enough)
For example if your new server is running german, then the subdirectory is called de-de.
If the old server for example is installed in english, you have to rename the de-de directory to en-us.

Now you can again run adprep, you will receive the prompts in the original language from the dvd, but everything will process as expected.

Wednesday, November 2, 2011

Using FTPS with the commons jakarta net library

Using FTPS via the jakarta commons library is not that complicated.

But it has a few things to know:

The correct sequence is this:

FTPClient.connect("YourServer"); 
FTPClient.execPBSZ(0); 
FTPClient.execPROT("P"); 
FTPClient.login("YourUserName","YourPassword"); 

If you skip the execPBSZ or execPROT calls, then your ftps server will probably deny access to you.

If you receive strange errors like:

java.io.IOException: DerValue.getOctetString, not an Octet String 10 

or

Caused by: java.security.cert.CertificateParsingException: java.io.IOException:
DerValue.getOctetString, not an Octet String: 10
        at sun.security.x509.X509CertInfo.(Unknown Source)
        at sun.security.x509.X509CertImpl.parse(Unknown Source)
        at sun.security.x509.X509CertImpl.(Unknown Source)
        at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown S
ource)
        at java.security.cert.CertificateFactory.generateCertificate(Unknown Sou
rce)
        ... 16 more
Caused by: java.io.IOException: DerValue.getOctetString, not an Octet String: 10

        at sun.security.util.DerValue.getOctetString(Unknown Source)
        at sun.security.x509.Extension.(Unknown Source)
        at sun.security.x509.CertificateExtensions.init(Unknown Source)
        at sun.security.x509.CertificateExtensions.(Unknown Source)
        at sun.security.x509.X509CertInfo.parse(Unknown Source)

Then you (or your pfts server) are probably behind a checkpoint firewall.
There is nothing you can do, just talk with the firewall admin and tell him to fix the "FTP Bounce" attack.
He will see this in the logs:

Attack Information: The packet was modified due to a potential Bounce Attack (Telnet Options)

Here is the option to disable this on a checkpoint firewall:

Monday, October 17, 2011

Building Thunderbird 3.1.15 for Ubuntu 11.10

If (for whatever reasons) you with to continue to use Thunderbird 3.1.x on Ubuntu 11.10, then you will have to build it yourself.

You can follow this guide, with a few exceptions:

Use the latest thunderbird 3.1.x (For example 3.1.15)
Then, when building it directly you will receive a few errors:

1. Patching os2.cc
--- a/gfx/ots/src/os2.cc
+++ b/gfx/ots/src/os2.cc
@@ -1,12 +1,14 @@
 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
  
+#include
+
 #include "os2.h"
  
 #include "head.h"
  
 // OS/2 - OS/2 and Windows Metrics
  
 namespace ots {


2. Add GC 4.6 backward compatibility option in your mozconf file:
export CXXFLAGS="-fpermissive"

3. Patch the makefile to use correct linking order

+--- a/mail/app/Makefile.in
++++ b/mail/app/Makefile.in
+@@ -127,6 +127,8 @@ APP_XPCOM_LIBS = $(XPCOM_LIBS)
+ endif
+ 
+ LIBS += \
++ $(STATIC_EXTRA_LIBS) \
++ $(MOZ_OTS_LIBS) \
+  $(STATIC_COMPONENTS_LINKER_PATH) \
+  $(MOZ_JS_LIBS) \
+  $(EXTRA_DSO_LIBS) \
+@@ -185,8 +187,6 @@ DEFINES  += $(STATIC_DEFINES)
+ CPPSRCS  += $(STATIC_CPPSRCS)
+ EXTRA_DSO_LIBS += $(STATIC_EXTRA_DSO_LIBS)
+ REQUIRES += $(STATIC_REQUIRES)
+-EXTRA_LIBS += $(STATIC_EXTRA_LIBS)
+-EXTRA_LIBS += $(MOZ_OTS_LIBS)
+ 
+ ifndef MOZILLA_1_9_2_BRANCH
+ 
 


After these changes you should be able to build thunderbird 3.1.x under Ubuntu 11.10

Friday, September 23, 2011

MS SQL Server 2008 R2 SP1 fails with error 84C4000E

Windows updates are fine, they make sure your system gets updated when needed.

Sometimes you get strange error numbers with the message that a update did fail.

Today we had a error 84C4000E when installing SP1 of SQL Express 2008R2 on a Windows 2008 Server.
Normaly google helps solving the problem, not (completely) this time:

The only reference to the error number I was able to find was:

http://social.msdn.microsoft.com/Forums/es-ES/sqlserveres/thread/05050d46-d6f9-41e4-8276-46750dabe88f


Spanish... ok, google helps translating....

So it turned down to the following issue:

  • Your windows server is installed/configured in a language not supported by SQL 2008R2
  • Such "wrong" combinations are for example German-Swiss and trying to install a German edition of SQL 2008R2 (Or aparently also some variants of spanish)

The simplest thing to solve this:
  • Just change your user locale from German-Swiss to German-Germany
  • Install the service pack
  • Change the user locale back to what is was previously

During installation we had similar problems and after some talk with MS support it did turn out that a German SQL Server 2008R2 can't be installed if the user locale was no German-Germany.
So changing it to the requested locale did the trick.

Strange enough, we later on wished to enter the product key... again the same problem and after more talk with MS support, changing the locale again did the trick...

According to MS support it should also be possible to change the locale to English-US and a german SQL Server should also be "installable"...

Thursday, September 1, 2011

Adding more redundancy to postfix with ldap store

When using postfix with a ldap backend for storing user data is a common setup.

There exist a lot of guides on how to do this, for example:

http://www.howtoforge.com/postfix-virtual-hosting-with-ldap-backend-and-with-dovecot-as-imap-pop3-server-on-ubuntu-karmic-koala-9.10

or

http://linuxgazette.net/124/pfeiffer.html

These are good starting points for getting your MTA up and running.
When your business grows and becomes more "mission critical" it's time to look at what you can do to provide moreprotection against system failures.

As you might have seen, in the config file you have to add these ldap host definitions:

domains_server_host =

To protect you against ldap server failures, you can simply specify multiple ldap url's
in the standard ldap syntax.

This gives then:

domains_server_host =  ldap:// ldap://



You can even add more servers to the list if required.
If you use smtp authentication for mail submission, then you probably also have saslauthd configured. To benefit from the same redundancy just modify the ldap_servers line in the saslauthd.conf file too

ldap_servers: ldap:// ldap://


After reloading postfix and saslauthd the new configuration is active

Tuesday, August 23, 2011

Yet another mobile OS is history

In the last days HP announced that they stop working on their WebOS.

Not so big a problem for me, since I currently work on Android.



My personal OS history on the desktop is:
  • TI-99/4A
  • Atari/ST
  • Windows NT 3.x
  • Different Windows NT+ versions (Up to Windows 7)
  • Various Linux versions, mainly Ubuntu on Laptops

The history on my PDA/Phones is:
  • PalmOS on a Palm III
  • Symbian (On various SE Phones up to the P1i)
  • iOS (For 2 weeks)
  • Android

What is interesting, is the fact that PalmOS, Symbian and now WebOS all stopped existing in 2011.

PalmOS had a very good start and a lot of applications, but they did stop development when they had a very big market share. They missed the jump into multitasking...

Symbian, was a very promising system, but always had multiple GUI systems. So if you did develop a application for a Nokia Symbian, it did not run on a SE Symbian system.
When apple did then publish it's first (very limited) iPhone, Nokia and SE got hysteric and did mess up things. SE left the Symbian community and Nokia wanted to make it open source, with a single GUI system. But that step did take 1-2 years before even developers could start working on it...

I think still think that symbian has many advantages over iOS/Android, but due to such a weird GUI and horrible mobile data charges in the past, had no chance to survive.
And the Nokia company did a horrible job in press communication, so all developers started looking for other systems. (If you look at Nokia and the current "work" on MeeGo you see many paralels :( )

I'm not sure Nokia will be a big player in the future, this realy depends on what will happen with WM7.

iOS, yes, good marketing, sell a phone which does not even provide MMS, video conferences etc. But a cheap data plan, that did made the trick.
Personally I can't identify myself with iXXX products, but a valuable product, but too much in control of apple.

So we are reaching Android,
when it was becoming clear that Symbian will have not future (About 1 year after the launch of the P1i) I looked out for alternatives, there where only iOS and Android (Ok, Android only promising at the horizont at that time)
After two weeks of testing a iPhone 3 I returned to my P1i and waited for Android 2.x
The HTC device then came with a nice data plan, and it was love to the device. At first touching the screen was a bit strange, but now it works. (But I still miss the keyboard sometimes)
The main advantage of Android is, that I can write and install a application, without having to ask steve if he shows me his grace and allows my application.
Also I don't think that one phone model covers the need of all people of this world.

The main drawback of Android is currently the various versions and the (missing) updates.
Here Google has to make sure that the users get the updates. I had to wait many month for getting Gingerbread on my phone and even that was unsure.
In that area, the iPhone is better situated, of course, only one brand and 2 current phone models to support.

So what the future will bring us?
  • More iPhone/iOS devices, but only a few at a time
  • Even much more Android devices
  • WindowsMobile devices... there will be such devices but I'm not certain that they will have a big market share. MS has enough money to push WM in the next years, but is that enough ?
  • Blackberry, no, I don't think they have a big future with their own OS
  • Other OS ? No, what for ? 

iOS covers the needs of the "All-in-one" liking users
Android covers the needs of all liking the diversity of the world
WindowsMobile if you still think it works best together with your desktop
There just is no need for yet another mobile OS, and if you see how much the different competitors fight against each other with patetents, then a startup just has no place (And no finance) in these ridiculous patent fights.

What do you think, has another mobile OS chances to reach a considerable market share ?

Wednesday, June 15, 2011

Webproxy auto configuration, the (hard) MS way

In windows you can use automatic proxy detection to configure all your local clients to use the proxy settings you wish.

In short you do the following:

  1. Create a file named wpad.dat on a webserver named wpad.mycompany.local (Or whatever your dns domain is)
  2. In that file you put the prxy definition, which ports, urls etc. (See here for the details)
  3. Make sure your DNS answers the query for wpad.mycompany.local with the web server delivering the wpad.dat file

So far, everything is simple and easy to understand, but... it does not work if you use microsoft products for DNS and/or Webserver.

There are two pitfalls in the MS products:

1. DNS problem

Do a query for wpad.mycompany.local (Like nslookup wpad.mycompany.local)
You would now assume your DNS server returns you the configured IP.
Nada, nothing, it just return a message telling you it's not a known name. Double check it, it's just not working.
The DNS server does not answer the question properly.

The reason for this is "security", looks like the query for wpad. is a dangerous query, so MS blocks these in the DNS servers. Don't believe it ? Look here

The simplest way is to just disable that queryblocklist on your DNS server(s)

dnscmd [dnsservername] /config /enableglobalqueryblocklist 0

2. IIS problem

When you finally got past the DNS problem and your dns servers answer queries for wpad.mycompany.local correctly, then the next problem jumps in.

Just open your web browser and enter: http://wpda.mycompany.local/wpad.dat
You would expect that you see the content of that text file, but no, IIS thinks it's not something we wish to deliver to the clients.

The reason is, that the .dat extension is not assigned to a mime type, so IIS does not deliver these files and just returns a "File not found"

As the last step you make .dat known as mime type "application/x-ns-proxy-autoconfig"

Monday, June 6, 2011

SBS 2011 and web access

In the microsoft SBS 2011 you can login to your server/network via a simple webbrowser.
For this the setup asks you the external dns name of your server and then magically configures everything.

So when you for example use: myserver.mycompany.com as server name, then you can access to the RWA (Remote Web Access) part with the url https://myserver.mycompany.com/Remote

The Outlook Web Access is found on https://myserver.mycompany.com/owa

So far everything is fine.
But when you now wish to have the users directly redirected to the webinterface of OWA when they enter the server url, then you have a problem.

http://myserver.mycompany.com is always redirected to https://myserver.mycompany.com/Remote

According to MS this is "By design" and can not be changed/modified.
Normal people would configure such a redirect in the IIS Manager and define the target url there. Apparently MS SBS developers are not part of the "normal people" group, they have probably hard coded this redirection in some dll, .net stuff or who ever....


In SBS 2008 server the same was also true, but you could at least hack it to make the redirect as you wished.


The recommendation for SBS 2011 is to setup a external website with some kind of webmail.mycompany.com URL and then make there a redirect to https://myserver.mycompany.com/owa

Very cool feature, the all-in-one solution of MS does require additional web servers to configure your server as you wish it.

The other readical solution to this problem is to completly remove the /Remote virtual stuff from your IIS (And loosing the corresponding functionality) and then just put a redirect at that level on the server....

SMTP SSL in Exchange 2007/2010

In exchange 2007 and higher, the default connector are configured to accept passwords only when using a secured connection (Like SSL or TLS).
A good idea
, but...


The SSL option is only available for POP and IMAP, on SMTP you miss this option, here you can only configure a TLS secured connection.

Not a problem.... do you think?
When you still have users accessing your mail server via POP3/SMTP with MS Outlook 2003 (Not uncommon these days) then they don't have the option to use SMTP with TLS, only SMTP with SSL is available...

Other products from the same company not offering SMTP with TLS are: Outlook Express, Windows Mail....

So you will either have to upgrade all clients to a new MS Office version, or downgrade security on your exchange server and allow the SMTP connector to also accept password over unsafe connections.

Or, probably the best thing to do: Just switch to a real mail user agent like thunderbird.....

Wednesday, June 1, 2011

Migration of MS SBS 2003 to MS SBS 2011

Microsoft has a good document about the steps to migrate a SBS 2003 server to SBS 2011.
It is normally easy and well documented. But as always, there are things not working es expected or documented.

Here a few things:

Migration fails when joining the domain (dcpromo)
  • When installing the new server it should automatically join the old domain
  • If that join fails, then the migration wizard shows a fatal error and tells you to restart with the whole installtion. (Of course at this point you already had waited about 1-2 hours)
  • When you google (or bing) arround, you will see that a "recovery" of the setup process is still possible. Look here for more details.
  • One problem might be, that your migration account (usually the Administrator) is using a weak password, one not meeting 2008R2 complex password rules
  • Another might be, that your migration user is not member of all required groups

DHCP reservations are not migrated
  • Yep, can occure, sometimes it works, sometimes not
  • In that case export the leases from the old server and then either add them manually on the new server. See here how to do it almost automatically

After mailbox migration to the new server, the mailboxes are not available and/or the owa shows just a empty screen after login

  • Make sure the all required exchange services are running (For example the "MS Exchange RPC Client" is one to not correctly autostart after a server reboot
Other potential MS exchange migration issues

  • Access to smtp, pop and imap is no longer allowed with plain text passwords. So you should confiure your clients to use either POP/IMAP with (start)tls or/and with SSL
  • IMAP and POP3 connectors are not started by default, you have to enable these services in the service manager
  • For external SMTP access to your server (for non-outlook users) it is best to create a SMTP connector on Port 587 (Submission port), that way you can prevent problems when your ISP blocks connections to the standard smtp port


Fax migration
  • You still have to configure the fax service on the new server before doing the fax migration

Tuesday, May 3, 2011

Allow SMTP users to send emails in Exchange 2010

When you need to integrate normal email clients in a exchange 2010 environment, you probably get problems with sending mails to the outside world.

To solve this you normaly do the following:
  1. Create SMTP connector your users will use for sending mails
  2. This connector must require user authentication
So in normal environments this would be enough to start sending mails.
But unfortunally Exchange does still return a error message like:

"550 5.7.1 Client does not have permission to send as this sender"

To solve this, you have to allow all authenticated users to send mails via this connector.
This can be done via the Exchange shell with this command:
Add-AdPermission -Identity "MySMTPConnector" -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

Unfortunally non-english servers just won't find the corresponding group, since it is named differently (Read localized)
To find out the correct group name you can use this command:

Get-Adpermission -Identity "MySMTPConnector" | format-table -view identity


For a german installation the corresponding group is "NT-AUTORITÄT\Authentifizierte Benutzer"

So the final command for the german exchange server is:

Add-AdPermission -Identity "MySMTPConnector" -User "NT-AUTORITÄT\Authentifizierte Benutzer" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

Wednesday, April 27, 2011

Java server side connector for CKEditor

We just published our first version of a java connector for CKEditor V3.x

You can find it here: http://sourceforge.net/projects/jckconnector/

It allows you to integrate file browsing/linking in your java server application.
Technically it uses vaadin the webinterface to the user.

You can provide your own version of the file store and link store.

It's the alpha release with probably some security holes "included"

Wuala now also available for Android

The secure online storage system Wuala (by Lacie) has just released the Android version of the client software.

Now you can access your files from Windows, OS-X, Linux, iOS and Android (And public files via Webinterface)

Wednesday, April 13, 2011

Disk partition alignment in windows

When creating partitions under windows, you should take care to get the correct alignment.

With the correct alignment you can gain/loose between 10-40% of performance.

The technical details can be found here:

http://msdn.microsoft.com/en-us/library/dd758814%28v=sql.100%29.aspx

It's a document about SQL 2008 server, but the same applies for "normal" applications too.

Wednesday, March 16, 2011

Daylight rules in Grandstream 2010 provisioning

Provisioning Grandstream 20xx phones via TFTP is easy, but one thing which causes problems is provisioning daylight saving values.

Normaly you should be able to set the P246 property to the correct value for your country/location.

It appears that inside the GXP, the firmware uses the same routine to decode the config file as is used to decode the data posted via a web browser. In other words, the data MUST BE URL-ENCODED.

For example, the following (current New Zealand 2007-onwards DST rule) will not work:

P246=9,1,7,2,0;4,1,7,3,0;60

But, if you URL-encode it, you will get:

P246=9%2C1%2C7%2C2%2C0%3B4%2C1%2C7%2C3%2C0%3B60

And guess what - the phone will accept it, and you're on your way :-)

If you've got python installed, you can encode things pretty easily. If you're using a different language, ask Google.

import urllib
print urllib.urlencode({'P246': '9,1,7,2,0;4,1,7,3,0;60'})

And here a online encoder
http://www.albionresearch.com/misc/urlencode.php

With that value you can set the correct daylight saving rules
for all grandstream phones in your network.

BTW: Perhaps someone should pass along this information to the fruits company, looks like iFruit is (not for the first time) having time problems ;)

Monday, January 17, 2011

Java application under windows 7

Developing java application fro windows 7 ?

Then look at this library, it might help integrate better with windows 7.
Not a "must have" but your users will appreciate it as a "nice to have".
And 50% of application functionality are "nice to have"

http://www.strixcode.com/j7goodies/

Wednesday, January 5, 2011

Your computer has no CD/DVD drive ?

A simple way to install most older and current linux systems is by creating a bootable USB stick.

Some distributions have a option to do this from the live CD, but you still have to first boot from that downloaded iso file.....

Here is a simple flexible solution:

http://unetbootin.sourceforge.net/

Just follow then instructions.

Beside this:

UNetbootin can also be used to load various system utilities, including: