Dell 3130 printer–odd driver/network behavior

Overall, I’m happy with this new Dell 3130cn color printer, but their drivers are *odd* – and you cannot setup a Windows server print queue to this printer by creating a TCP/IP port and feeding Windows the INF drivers.

I unboxed this printer, jacked it into a /24 network in my office then proceeded to setup a new printer on  a Windows 2008r2 core print server in another routed network.  New port – TCP/IP – hostname – autodetects as LPD… well fine, but I changed it to 9100 port.  Drivers, download R308589 from Dell.com – point to the INF, get a choice of PCL5, PCL XL and PS… humm, lets go PostScript.  Done.  Print test page – queues, queue is empty (as if job sent to printer and accepted) but nothing comes out printer.  Again, nothing.  Check embedded web server on printer – Printer Jobs- completed jobs – nothing but the test page from the unit.  Humm.

Got busy doing other stuff, came back later – and a Port 9100 job was in the completed jobs list from a Mac user in my office that printed directly to the device.  Odd.  Can I do that too – yup, setup the printer on my Win7 workstation using same driver.  “What the heck, a routing issue from server’s network to the workstation network?”  No, because I can get to the EWS – and the routers treat 80/443/9100 all the same.

Answer: Dell’s Admin Guide to Open Print Driver.  You must install all 3 print drivers to your server – then your Configure tab on the printer properties shows the printer model rather than just showing Generic Laser printer

genericPrintermodelSpecific

I don’t know the voodoo behind the driver, model selection, and networking – when Active Model=Generic you can print over port 9100 TCP to the printer if you are in the same subnet.  If printing device (server or your workstation) is in a different subnet – you better follow the Dell instructions to install all 3 drivers (even though you only “use” one of them).

Posted in Uncategorized | Leave a comment

Zotac ZBOX Nano PC

If I had it to do over, I might buy the Zotac ZBOX Nano XS AD11 Plus Mini PC rather than build my own … however now that I read – 19vdc instead of 12/13.8vdc means not suitable for car-puter or in a radio install with 12 volt emergency power.

Zotac US Web site – AD11 Plus product page

My earlier Blog entry on DC Powered Micro Computer

Posted in Uncategorized | Leave a comment

ADModify.NET Bulk AD object manipulation tool

Was looking for a way to remove an AD user attribute (profilePath) – which is way more complicated that just using your favorite Perl, vb or other scripting language to write an LDAP attribute.  In this case you really are removing an attribute.

I’ve seen this before, but don’t recall using it.  Freeware from Microsoft on their codeplex site. 

GUI based, so somewhat the opposite of scripting – but worked well in my situation where I had an entire organizational unit that I wanted to set every user object to the same NULL value for one (or more) attributes.

http://admodify.codeplex.com/

Posted in Uncategorized | Leave a comment

DC powered micro computer

I’m in the process of building a amateur radio digital voice repeater (Dstar protocol).  Several in the area have talked about erecting a Dstar repeater since Icom introduced equipment 6-7 years ago, but the price of Icom’s stack (repeater, controller, gateway software) exceeds $3500 and then one needs a user radio (handheld transceiver and/or mobile rig installed in car or home) which ran $500 and up.

Dstar specifies the handling (layer 3 OSI) of the data stream, but currently Icom only uses the rather old GMSK modulation scheme with no time division.  This makes using off-the-shelf narrowband FM gear possible – and with commercial PMR/SMR users having to narrowband again for 2013 there is more and more quality synthesized gear on the used market from the past 20 years available on the cheap ($25-75 common for a 25 watt 150 or 450Mhz radio that can be programmed into amateur 144-148 or 440-450 ranges).

Without going into the evolution of modem hardware boards, or the discussion of using a modern computer with a soundcard to demodulate the GMSK signal from the radio’s discriminator and modulate direct FM to the transmitter, I like the simplicity and reliability of hardware encoding and decoding. 

One of the best boards available today is the Star*Board manufactured right here in Iowa by Matrix Circuits and distributed by MoenComm for $119

Now back to computers.  I needed something small-ish, but inexpensive.  Preferably running on 13.8vdc common with the radios for emergency power.  I’ve had a Lenovo X120e Netbook for almost a year running the inexpensive, energy-efficient AMD Fusion chipset and processor.  I thought about ‘sacrificing’ the netbook to this project, but a screen wasn’t required, and the unit took 20vdc input.  I quickly decided against 24v power for all equipment – KISS principle and all.

Hey, Asus has a micro ITX form-factor board for the AMD Fusion – and with the processor installed with a big heat sink (read: no need for fans) under $115.  And it consumes less than the PicoPSU power supply so off to Amazon I go:

The computer bundles together quite nicely, and the case is nice quality metal, except for the faceplate which I consider somewhat cheesy in that you have to unscrew (one screw) the cover and slide out to remove the faceplate.

The pix.  Showing the back of the case – the PicoPSU coaxial jack for 12/13vdc is on far right

100_0464

100_0465

Front panel sans faceplate, showing power button and two USB jacks.  These are inaccessible behind faceplate, suggested use is for USB WiFi or bluetooth radio.

100_0466

100_0467

100_0468

100_0470

100_0472

Posted in Uncategorized | Leave a comment

Changing Windows 7 license from MAK to KMS

Had a colleague call today – changed a motherboard on a machine and now Winders says it is no longer genuine/not activated.  Soooo, although it is a Windows 7 Enterprise computer joined to our domain that has had KMS running looooong before Windows 7 ever was released, this machine must have been setup with a Multiple Activation Key (MAK) which requires reactivation with substantial hardware changes (i.e. motherboard replacement).

So, where is the PID.TXT generic activation code that was in \Sources on the Vista installation media as I blogged about in 2008 – ah, that was replaced with \sources\el.cfg – but there is no 25-digit PID key there.

Sigh. To the Googles (Bing might have been faster!) – Microsoft publishes the default volume license 25-digit keys on the web.  Do a /ipk with that VL product key then reactivate /ato.

Microsoft article – changing a MAK activated Win7/WS2008 machine to use KMS

Posted in Uncategorized | Leave a comment

Finding cause of locked-out Active Directory Accounts

Had this problem again today, and in the search for relevant event IDs found a set of Microsoft Tools from 2003 that I can’t believe I’ve not come across earlier.

Download here: Microsoft Account Lockout and Management Tools 

The important tools to me,

  1. LockoutStatus.exe – simply File->Select target, enter short login name.  It queries for all DCs – then checks status on all. LockoutStatus
  2. Ok, that would then allow me to grep… err, filter the security event log on the locked DC for what machine made the invalid login request and caused the lockout.  But THREE log files… Meh.  So we fire up the next tool – EventCombMT.exe  Again, what are the event IDs… back to Goog… err, wait – Searchs->Built in Searches –> Account Lockouts       EventCombMT
  3. well not-so-fast, three-digit EventIDs are Sooooo WindowsXP/2003.  Back to the Googles after-all.  So enter EventID 4740, click Search and you are golden.  (in my example below – I’m only searching ITS-DC1 since LockoutStatus shows the last BadPwd was on my PDC Emulator)EventCombMT2
  4. You get two output files in temp, EventCombMT.txt  and the more interesting %DCNAME%-Security_LOG.txt – the file gives you the dope you want in columns: Caller Computer Name (NetBIOS name of workstation that entered the final bad password attempt), and of course time, date, and Account Name .
Posted in Uncategorized | Leave a comment

Query Device Manager on a remote (Windows 7) Computer

Since it was asked today, it is a little harder on your plain-vanilla Win7 machine than back in the pre-Windows Firewall WinXP days.

1) Firewall exceptions: you probably already have the “Allow inbound remote administration” exception if you are managing anything over RPC to your workstations – but this is of course required

2) Policy to allow remote access Device Manager: Win7 has a separate policy for this setting – Group Policy is your friend: Computer Configuration > Administrative Templates > System > Device Installation  — Select the “Allow remote access to the Plug and Play interface” and enable

3) Remote Registry.  Unlike the “good old days” remote registry is disabled in Win7 by default.  You have to start up the service if you want to interrogate Device Manager: either set it to start automatically which will place a slight performance hit on your machine, and of course a large vulnerable surface or just remember to remotely start the service when you need it.

Posted in Uncategorized | Leave a comment

Google Apps sync for Microsoft Outlook and SMIME signing

To quote Bart Simpson “Mom it’s broken, Mom it’s broken” 

Using Outlook 2010 with the Google Apps Sync – if you want to digitally sign your email with an SMIME (SSL) certificate, you can choose which way to break things for recipients.

If you un-check the ‘send clear text signed message when sending signed messages’

smimefail

Things work for folks reading your mail in Outlook 2010

smimeright

But are busted if read in webmail clients (Hotmail, Gmail, etc).  Recipient gets an attachment – but body of email is blank.

Option #2 – send as clear text.  In this situation your plain text body is readable by everyone.  But SMIME compatible mail clients (Outlook 2010, Thunderbird to name a couple) will not correctly parse and verify your signature – instead the recipient sees this .p7s attachment that is of little use to a human

plaintextfail

Seems we are not alone with this complain about the Google Apps Sync for Microsoft Outlook:

Support for sending emails signed using s/mime

Is it possible to use certifications to sign or encrypt mail using google apps sync for outlook?  (This seems to imply that the problem was fixed and recurred as a regression bug)

It attache a smime.p7s file when i send a digital signed mail over google apps sync for outlook

The only work-around I found was to install the GAS normally, then inside of Outlook create a second mail account using POP/SMTP.  Preferably POP server is working, but has no mail for you (lest you pull a second copy of your mail into Outlook into a PST separate from the ‘normal’ Google inbox).  Hazzah! I have the perfect candidate – our previous mail server

popOCS

Mail sent over SMTP from Outlook 2010 with SMIME to gmail works! (as long as you check the ‘send clear text’ box in Outlook’s Trust Center/Email security).

Posted in Uncategorized | Leave a comment

Moving on to Gmail for UNI

Never say we don’t eat our own dog food in ITS.  Over this week ITS staff are ‘encouraged’ to move their staff email from the Oracle Collaboration Suite we have used since 2006 to UNI’s new outsourced email repository: Gmail.

Inbound mail for @uni.edu recipients still enters our network in CF (we host the MX) and for those who have moved mailboxes gets forwarded out to Google/Gmail.  The transition process run on our end also makes a copy of all your email messages and folders on Collab Suite over to Google.  I had this done to my account Tuesday morning.

One huge gain to Gmail from end-user perspective is your 200MB quota grows to 7.xx GB.  All that historical mail that you rarely access, but cling onto forever in your Local Folders or PST file can now be in your Gmail, accessed from anywhere and *searchable*.  Fantastic!  Now only if I could copy multiple folders easily – and I’m finding that using Thunderbird 3.x as an IMAP client to Gmail is either de-duplicating some messages or losing them.  Especially with folders with 1000+ messages, I’m seeing a fraction of a percent of message count not being copied (really bad loss: local folder with 3436 messages came out with 2599 in Gmail).   This kind of stinks.  I recommend copying a couple hundred messages at a time.

Another thing to realize using Thunderbird as an IMAP client to Gmail: you may have two copies of your sent items.  Thunderbird/Netscape Messenger at UNI has historically been configured by most people to save a copy of all mail you compose in a local folder.  Gmail saves every message you compose on their server side, and tags it as sent.  So you certainly don’t need/want to configure an IMAP client to save a copy of sent messages to the Gmail server as it is totally redundant.

Second huge gain is mobile access.  Where previously we had IMAP or POP for email and Oracle calendar required a SyncML client (usually costs money) for your smart phone – Gmail supports IMAP, POP, and Microsoft Active Sync for email.  Active Sync also can keep your calendar and contacts up to date.  And the best thing is that most modern smart phones (iOS/iPhone, Android, Windows Mobile, Windows Phone, WebOS) all support MS Active Sync out of the box, there is nothing else to buy.  Configuration is easy: servername m.google.com, leave domain blank, enter your username with @uni.edu and your password… done!

Finally – I’m leaning towards ditching Thunderbird for UNI mail and using Outlook with the Google Apps Sync for Microsoft Outlook . You (or your workstation administrator) installs this 10MB application – you start the app, give it your email address and password and VOILA! Outlook (2010 in my case) is automatically configured for mail, calendar and contacts. 

The calendar in outlook is different from what Netscape/Steltor/Corporate Time/Oracle calendar users are familiar with – but so is the Google web-based calendar interface.  If you’ve ever worked in a Microsoft Exchange environment with Outlook, you’ll feel right at home, since Outlook is unchanged – the sync connector does all the work.

Posted in Uncategorized | Leave a comment

Cheap smart phone on Verizon

I couldn’t resist buying a Palm Pixi Plus at the $40 ($45 shipped) price that has popped in and out of DailySteals, DailyDeal, etc over the past month or two.

Palm’s Web OS is really nice, but as I said with the first Palm Pre from Sprint in 2009 – the hardware isn’t fully-baked.  Fit and finish is much improved, but the Pixi is just too damn small – both screen (which is high quality at least) and and keyboard.

Amazon has the Verizon Palm Pixi Plus for $50 today (free shipping)

I activated with Page Plus Cellular, a Verizon Wireless MVNO on a 30-day 1200 minute, 2000 SMS, 100MB pre-paid plan for $29.99

Getting initial activation can be done through Page Plus’ website, or any number of resellers.  I had good luck with Kitty Wireless  although I didn’t pay their $4.99 on the web, instead go through Ebay and pay only $0.99 for activation.

After playing I may keep this phone on Page Plus’ standard plan – you can pay $80, get 365 days before expiring, and pay $0.04 per minute, $0.08 per SMS (in or out), and $0.50 per month to maintain service (data is a lousy $1.20 per MB – so disable data and use WiFi).  Makes for a nice emergency phone if your primary phone is lost/broken or in my case when Sprint loses the only tower with usable coverage into my house (like last night into this morning).

Posted in Uncategorized | Leave a comment