Outlook Autodiscover not working after migrating from Google Apps to Office 365

Posted October 12, 2017 by jeremyrnelson
Categories: Uncategorized

I was always a Google Apps fan and a Microsoft hater, but Google seems to have stopped innovating in the Google Apps space about 5-10 years ago, while Microsoft took what started as a lousy product and has improved it by leaps and bounds.  I used to recommend Google Apps to clients, but after several spectacular failures on their part, we now only recommend Office 365.

Recently I had a client that was struggling with problems with Google Apps (that I had moved them to 4 years previously), so we migrated them to Office 365.  Unfortunately, though, we discovered that after the migration, Outlook’s “autodiscover” functionality kept pointing users back to Google for some reason.

Microsoft Tech Support was no help, with 2 different techs insisting for over 4 hours on the phone over the course of a week that the problem had to be DNS (though they couldn’t really tell me what was wrong, since all the DNS autodiscover checks passed just fine).  In the end, I figured out the problem, not Microsoft, but by the time we found it after a week, the cache had finally cleared on its own.

For anyone else dealing with autodiscover not returning the correct service, here’s what you need to do:

1. If possible, verify that this is the acompli.net problem referenced here by making sure that the issue does NOT exist using Outlook 2010 or 2013.  As far as I can tell, this problem is isolated to Outlook 2016, Outlook for iOS, and Outlook for Android.

2. On the desktop client, install Telerik Fiddler, and configure it to capture and decrypt all HTTPS traffic.

3. Start Outlook, enter your email address, then once the Google (or other?) login screen pops up, stop capturing in Fiddler.

4. You should see an HTTPS call to prod-global-autodetect.acompli.net (or something similar?)  In the TextView of the traffic, you should see a reference to your email address, with Google auth information returned.

Acompli is the messaging app that Microsoft purchased and rebranded as Outlook mobile.  Armed with the above information, you should now be able to call Microsoft Tech Support and wade through their “trained monkey” questions to actually get to a solution.  Please post a comment and let us know once you figure out what cache Microsoft needs to clear to get this working!

Advertisements

Multi-Tenant pfSense Setup

Posted March 5, 2017 by jeremyrnelson
Categories: Uncategorized

I’ve run across a number of situations where you have a number of smaller clients behind a single firewall, using VLANs.  This is an attempt to document what you’d need to do this on the firewall side.  We use separate hardware, but here’s a great write up about virtualizing pfSense using VMWare:

http://www.jonkensy.com/multi-tenantvlans-behind-a-virtualized-pfsense-firewall-in-esxi/

Here are a number of issues we’re trying to handle:

  1. It goes without saying that somehow these clients all have to be in separate address spaces.  Avoiding this isn’t in scope here.
  2. Segregating users from one another (obviously)
  3. Multiple WAN connections
  4. VPN to remote sites (using pfSense – other routers are out of scope)
  5. VPN to remote individual clients (using both MacOS & Windows)
  6. DHCP Relay
  7. DNS Forwarding

 

Swann NVR’s from Costco

Posted December 18, 2016 by jeremyrnelson
Categories: Uncategorized

I had an irritating experience where Swann NVR’s we purchased at Costco didn’t have a model number listed, so I couldn’t find the right firmware to fix the problems we’d be having sending emails through GMail.  Hopefully this helps somebody else.

Here’s how Costco lists the item:

Swann 16 Channel HD IP NVR with 3TB HDD, 8 3MP HD – Item# 956587

Turns out it’s an NVR16-7090 – here’s the latest firmware:

http://support.swann.com/customer/portal/articles/2544490

The annoying thing with this setup is that it’s a 16-port NVR, but only 8 ports are PoE.  If you buy extra cameras, you can use PoE bricks, but that’s kind of awful beyond 2-3.  The other annoyance is that you can’t use them across closets/buildings.  Here’s how to set them up using a separate camera VLAN:

  1. Set up a separate VLAN for your cameras.
  2. Set up a computer on 172.16.1.254/24 so you can hit the cameras with a web browser.
  3. Log into the web interface of the NVR (172.16.1.1:85 by default).  Identify the IP for each camera.
  4. Log into each camera (default username/pw is admin/12345), and set it to a static IP. I like 172.16.1.101-116 for readability.
  5. On the NVR web interface, change the ports from Plug N Play to Manual. Set each port to the same static IP set in #4.
  6. Once the cameras are on static IPs, you can put them in any building/closet that is on the same VLAN.  Set up a port on your switch dedicated to that VLAN, and plug it into one of the non-PoE ports on the NVR.
  7. You can probably put a router in and run them across different subnets/VLAN, but that exercise is left up to the user….

 

UPDATE – 9/5/17 – as of now, SwannView Plus iOS app hasn’t been updated to 64-bit so will not even work with iOS 11.  Beware of this if you’re still within return period or considering buying one of these.

Ubiquiti Unifi Showing 0 bps transmit

Posted December 14, 2016 by jeremyrnelson
Categories: Uncategorized

Weird problem – I had an access point that didn’t allow access to the guest network, but worked fine on the corporate network. Strangely, the affected devices were reporting in the controller as a full data rate on receive, but 0 bps transmit (tx).

The problem turned out to be that the switch the access point was connected to had excluded the guest VLAN on that port. Re-enabled that VLAN and all was well…

EM Directory Problems UC 5.3

Posted September 18, 2015 by jeremyrnelson
Categories: Uncategorized

We found what may be a bug in Polycom UC 5.3 – EM Directory didn’t show up as a menu option under Utilities in the web interface.  Upgrading to 5.4 did the trick.  Hope this helps somebody else!

Uninstalling LogMeIn

Posted June 25, 2015 by jeremyrnelson
Categories: Uncategorized

Tags: , ,

We used LogMeIn for nearly 2 years before dumping it in favor of ScreenConnect.  LogMeIn had some nice features, but it was really buggy at times, especially on Macs, and we’ve never been sorry we switched.  They’ve really gotten ridiculous with their pricing over the last year.

One of the things we really hated about LogMeIn was how difficult it was to uninstall and reinstall because of their screwy auto-update process.  After many hours of figuring stuff out, we put together this “brute force” script that more or less gets it ripped out.  It’s not perfect, but it sure beats doing it manually on 300+ machines!  I hope we can save somebody else the pain and make it easier to transition away from LogMeIn.

As an unsolicited plug for ScreenConnect, it’s a perpetual license, and you pay per concurrent license, not per client under management, so we’ll save a bundle.  Some great features include:

  • Super easy entry of interactive commands on one or more guests.
  • Clean and simple uninstall and reinstalls (Macs could be simpler, but still really good).
  • When a machine drops offline, your host connection goes gray and automatically restarts after the machine comes back online.
  • Preview of what’s going on at the guest machine.
  • Reboot into safe mode and ScreenConnect still works
  • Lightweight and easy to push out with group policy
  • Much less cumbersome to start a remote session

There’s a couple of features I’d like to see (FQDN’s in the host listing for one and command results compiled into a common dialog for #2), but those are far outweighed by everything else.

Have fun tearing out LogMeIn!

 

net stop LMIGuardianSvc
REG add "HKLM\SYSTEM\CurrentControlSet\services\LMIGuardianSvc" /v Start /t REG_DWORD /d 4 /f
net stop LogMeIn
REG add "HKLM\SYSTEM\CurrentControlSet\services\LogMeIn" /v Start /t REG_DWORD /d 4 /f
net stop "LogMeIn Maintenance Service"
REG add "HKLM\SYSTEM\CurrentControlSet\services\LogMeIn Maintenance Service" /v Start /t REG_DWORD /d 4 /f
"C:\Program Files (x86)\LogMeIn\x86\logmein" uninstall
"C:\Program Files (x86)\LogMeIn\x64\logmein" uninstall
"C:\Program Files\LogMeIn\x86\logmein.exe" uninstall
"C:\Program Files\LogMeIn\x64\logmein.exe" uninstall

REM *** MsiExec Uninstalls ***
MsiExec.exe /x{0832D8C1-4A3D-44A8-86CB-1B51EF71ED31} /qn
MsiExec.exe /x{32979D13-6A63-4CAC-A328-60A6624F853E} /qn
MsiExec.exe /x{386625D9-3BD3-45F3-BF41-6A890A913F12} /qn
MsiExec.exe /x{53E10F4E-B361-45D7-8DBD-A6BF073236F0} /qn
MsiExec.exe /x{58CF302E-2281-46D3-BDF0-540B11ADCED2} /qn
MsiExec.exe /x{697E7F08-CB6F-442A-83CD-D44F54654272} /qn
MsiExec.exe /x{6A38EDD8-66E4-4FD1-B7D0-DDC37285F44B} /qn
MsiExec.exe /x{72B46C07-7EB2-4146-9B03-422296E12C4E} /qn
MsiExec.exe /x{7FEA5E41-0106-451E-BC88-71B9CD3B0F41} /qn
MsiExec.exe /I{9905E4C1-14D8-4522-88FE-FD00B51A20DC} /qn
MsiExec.exe /x{A8E20B99-B1A2-4FC0-B38A-A255033D339A} /qn
MsiExec.exe /x{AF17B3CE-F7DA-4DDE-A8C8-7AAADB5CD551} /qn
MsiExec.exe /x{AFBB4CC8-12D3-40B0-BE53-80FA37496C63} /qn
MsiExec.exe /x{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A} /qn
MsiExec.exe /x{D8FDCAEB-351D-4FFF-B1FD-B8C3564C1CAD} /qn
MsiExec.exe /x{F099EA75-A298-4A13-93CB-D2446436B137} /qn
MsiExec.exe /x{F93EE340-3735-4032-8B74-0A3E489017A0} /qn

REG DELETE HKEY_CURRENT_USER\Software\LogMeIn /f
REG DELETE "HKEY_LOCAL_MACHINE\Software\LogMeIn, inc." /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\LogMeIn /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\LogMeIn /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\currentversion\run\logmein gui" /f
REG delete "HKLM\SYSTEM\CurrentControlSet\services\LMIGuardianSvc" /f
REG delete "HKLM\SYSTEM\CurrentControlSet\services\LogMeIn" /f

REM******
REM Only after running the install string for each product should these be deleted
REM(Use the product number referring to logmein)
REM Also in HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
REM ***
reg DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\99B02E8A2A1B0CF43BA82A5530D333A9 /f
reg DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9D5266833DB33F54FB14A698A019F321 /f

REG delete “HKLM\SYSTEM\CurrentControlSet\services\LMIGuardianSvc” /f
REG delete “HKLM\SYSTEM\CurrentControlSet\services\LogMeIn” /f
REG delete “HKLM\SYSTEM\CurrentControlSet\services\LogMeIn Maintenance Service” /f

Grandstream GXW-4004 configuration file problems

Posted April 12, 2015 by jeremyrnelson
Categories: Uncategorized

I had a frustrating problem where my Grandstream GXW-4004 wouldn’t accept an uploaded configuration XML file.  I ended up turning on syslog so I could see what’s going on and found this:

PROVISION: Failed parsing cfg.xml (Error 217)

Through a series of trial-and-error steps over several hours, I discovered that the dial plan lines were causing the problem (maybe because of the braces { } ?)  Either way, I removed those, the configuration loaded just fine, and I was able to re-add those lines through the interface and get back to work.