ISO CA US UK - the PowerShell Active Directory Country Gotcha

by Ed Sparks

While writing some PowerShell scripts to update a few Active Directory fields en-masse, we discovered a distinct lack of documentation on updating address information; particularly the country field.

While it appears these fields would be free-form text (as they are when editing through AD GUI tools), through PowerShell they are actually normalized and must be in the ISO Country Code format!

So, using "Canada" as a country will not work.  Rather you must use CA.  Which isn't California.

Failing to use one of the ISO codes will result in PowerShell throwing invalid errors when it writes the AD object.

Here is a list of the ISO country codes.
 

Here is a good Technet script for copying AD properties, as well.

GDR3 vs KitKat - A Tale of Two Updates

by Ed Sparks

There's hope for Windows Phone.

A tiny hope, at least. 

We've recently been testing a couple of Windows Phones including the HTC 8X, and the surprising little $99 wonder called the Nokia Lumia 520.

While initial impressions were a mixed bag, the recent update to what Microsoft ridiculously calls "GDR3" has brought a new lease on life to the device.  Incidentally, when WHEN will this company fire their naming strategy people?

GDR3 improves the multitasking substantially by making it much clearer how to kills apps, and updating the still overly-complex and confusing "back stack" to be more consistent with other platforms.  Even more impressively, it dramatically speeds up the OS's performance.  Coupled with the arrival of, or big updates to, a number of necessary big-name apps like Instagram, Facebook, etc. it's an incredibly capable device that works exceptionally well for user's in a Microsoft environment.  Again - this was bought and paid for with NO contract - for under $99!

It's definitely worth checking out, and a great stepping stone to the flagship Lumia models.   

Windows Phone has been somewhat of a behind-the-times also-ran since it's inception, but with these recent updates, and finally a decent app story, 2014 could very well prove to be the year it solidly comes into it's own.  The "Threshold" release of Windows and Windows Phone is next.  Fingers crossed.

 

On the flip side, the recent Android update to 4.4 (Kit Kat) has proven nothing short of train wreck across multiple devices.  Google's outward hostility to Microsoft and their users showed up again with a completely broken ActiveSync client, and the entire OS - despite promising even more 'buttery smooth' UI - seems laggy, slow and buggy.

The gains Android has made against iOS in fit and finish and apps has been nothing short of incredible, but the recent leaps by iOS 7 and Windows Phone show this race is far from over, and Google's definitely getting a bit high on it's perch.  I'd say the personnel changes taking place on the Android team, including the loss of the founder, are showing. 

There are cracks in the Android juggernaut yet.

806 - Actiontec Killed the VPN Star

by Ed Sparks

This was one of those "pull your hair out" cases, with a completely non-obvious cause and, thankfully, a surprise happy ending.

While troubleshooting a VPN connection problem for a client, we noted the inability to connect to some PPTP VPN servers while behind any TELUS (Canadian ISP) provided Actiontec V1000H DSL modem/router.

Of course, we didn't initially connect the dots, and tried all order of troubleshooting steps related to client OS (Windows 8, 8.1, 7 and 2008 all were unsuccessful, as was iOS). Strangely some Hyper-V hosted test VMs were able to connect, which indicates that they somehow must encapsulate the packets differently.

After much head-scratching and hyper-specific web searches, a few articles were found discussing Actiontec devices arbitrarily blocking GRE - the mysterious and troublesome protocol that allows PPTP to work.  

Sure enough, if we then tried all of the same devices connecting to PPTP over a cellular connection - bingo - they worked like a charm!  This ruled out the OS at least.

Sadly, these combo router/wifi/modems provided by telcos are wonderful non-user-serviceable and tend to be patched and upgraded at the whim of the provider.  We needed a resolution though, as these are widely deployed with our customers and their employees so this could be a big support nightmare.

In a rare win, however, TELUS came through and provided a heavily upgraded firmware for the device which not only resolved this issue, but improved the overall DSL connection speed and dramatically improved wireless range, stability and performance. As a bonus they've added IPv6 support internally, and for a future external deployment.

Solve your headaches: call TELUS (or your local equivalent) if you have an Actiontec V1000H or V2000H and ask for early access to the latest firmware.  It makes a dramatic difference.  You're VPNs and WIFI devices will thank you!

The magic firmware versions:
V1000H:   31.121L.11
V2000H:   31.122L.11

On the flip-side - the broken buggy firmware version appears to be 31.30l.57.

at.png

For another common and annoying issue with Windows L2TP VPNs  see our older article here.

Yes, we know PPTP is ancient and proven somewhat insecure, but it's still generally the easiest to get going for basic needs without all the bother of IPSEC or certificates.

Microsoft to compete, by giving itself away?

by Ed Sparks

The post-Ballmer changes are well underway at Microsoft, and so far we like what we see.  Hopefully the new CEO, in conjunction with what appears to be a pretty clued in group that's new feverishly backtracking and consolidating the products, can turn this giant ship around.

First we heard of the bringing back of the actual start menu (and let's hope the banishment of the ridiculous Start Screen on Server forever!).  Now numerous reports that - smartly - Microsoft is considering giving away Windows RT and Phone to OEMs.

Let's be honest: they're getting their butts kicked by Android and iOS, so this is better late than never move that removes a key advantage of the other platforms.  
Windows Phone is on the right track, but with little OEM support and a feature-set that offers precisely nothing to end-users over Android and iOS, this can't happen soon enough to hopefully encourage a better, larger ecosystem.

Oh while you're at it Microsoft, can we please have a notification centre already?

Let's get on it!

The Verge  Toms, and GigaOm all have more.

free.jpg

Two-Factor Authentication Comes of Age

by Ed Sparks

Two-factor Authentication - "something you know, and something you have" - is the number one thing you can do to protect yourself online.  While this used to be a complex and difficult process to setup and utilize, it has now become a relatively common and simple affair thanks to the ubiquity of smartphones and "authenticator apps".  

Lifehacker has just updated their excellent article titled "Here's Everywhere You Should Enable Two-Factor Authentication Right Now"

Check it out, then immediately go and turn on two-factor everywhere you can!  You'll be thankful when the next huge security breach of a major website happens.

SharePoint Large Upload Limits - The Definitive Article

by Ed Sparks

There's a tremendous amount of confusing information on the internet surrounding configuring SharePoint to properly allow large uploads.  Much of the confusion is due to differences in SharePoint versions (2007 ("12"), 2010 ("14") and WSS / Foundation) along with changes Microsoft made to the underlying OS and IIS.

For our sanity - and everyone else's - here's what we've found is truly the only full proper way to make this work consistently across Document Libraries, Lists and everything in between. 

The following example would be to allow 500+MB uploads, and you would need to adjust the numbers to match your needs.  Keep in mind the numbers are (in true Microsoft fashion) in MB in some places, KB in others, and bytes in still others! 

We've also made these steps a fully GUI based affair, as many admins are still uncomfortable about hacking around in config files manually. 

Note: This process applies to SharePoint 2010 or greater on Windows 2008 R2 or newer.  On Windows 2008 (non-R2) manual edits to web.config would be required using the same settings, or download the Configuration Editor as part of the IIS Administration Pack.

  1. In Central Administration, under Application Management/Manage Web Applications find the web application to update and select it.  Then from the ribbon choose General Settings.
  2. Update the Maximum Upload Size to the desired size – i.e. 512 MB and click OK

Repeat the following steps on EACH Web Front-end Server and for each IIS site representing each SharePoint zone:

  1. In IIS Manager navigate to the Sites node and choose the appropriate site representing the chosen SharePoint Web Application
  2. Click Advanced Settings in the Action Pane.  Under Connection Limits increase the Connection Time-out to at least 300 seconds and click OK
  3. In the middle pane double click on Configuration Editor
  4. Under Section, choose system.webserver/security/requestFiltering
  5. Expand requestLimits and change the maxAllowedContentLength entry to a value of at least 536870912  (this is in bytes).  Click out of the entry box, then choose Apply in the action pane
  6. Under Section  choose system.web/httpruntime
  7. Modify the entry maxRequestLength to a value of at least 524288 (this time it's in KB!) and the executionTimeout value to 3600.  Click out of the entry box, then choose Apply in the action pane
  8. Open Command Prompt As Administrator and execute
    iisreset
  9. Go forth, and upload! 

All of these steps are required to fully and properly support large uploads across libraries and lists.

Does your SharePoint environment need help?  Contact us today.

Image courtesy Techbush

Image courtesy Techbush