Meraki Block Page http://wired.meraki.com:8090 ‘Not Found’

KB ID 0001365

Problem

If you have a Meraki Security device and have enabled ‘Content Filtering’, instead of a nice ‘block-page’ informing you why you are being blocked you may see this;

http://wired.meraki.com:8090

This is happening because your Corporate DNS is resolving ‘wired.meraki.com’ to 54.241.7.184, which you can also see if you look at the URL you are trying to connect to it on port 8090. A quick nmap of that IP will tell you port 8090 is not open,  (only port 80 and port 443 are).

This is happening because if you were to use your Meraki Device for DNS forward lookups, it would ‘DNS Doctor’ the return DSN packet and insert its own IP address in there instead. That’s fine but most corporate networks don’t want to use their Meraki devices for DNS forward lookups. 

The easiest way to resolve the problem, is with your own corporate DNS servers.

Solution

First you need the inside IP of your Meraki device(s). You can get these from the Meraki Dashboard (Security Devices > Addressing and VLANS). If you browse to that IP, you should se something similar to below;

Armed with that information, go to one of your DNS Servers, and create a new forward lookup zone.

Next > Primary zone > Next > To all DNS Servers… > Next.

Zone Name = wired.meraki.com > Next > Allow only Secure… > Next > Finish.

In the newly created zone, create a ‘New Host (A or AAAA) record.

Enter the Inside IP or your MX device (only) > Add Host > Repeat for each Meraki device, if you have more than one.

Now you will receive a slightly more friendly blocked page.

Related Articles, References, Credits, or External Links

NA

Error When Trying to Set Out of Office ‘Your automatic reply settings cannot be displayed because the server is currently unavailable. Try again later’

KB ID 0000897 

Problem

When attempting to set my Out of Office automatic replies within Outlook, I was greeted with this.

Your automatic reply settings cannot be displayed because the server is currently unavailable. Try again later.

If I logged into Outlook Web Access, (Options > Set Automatic Replies) I could set it up and it worked fine.

It’s never really bothered me, but my colleagues were complaining about it, and when they used Outlook on our Terminal Server they also got this.

MailTips could not be retrieved.

Solution

Before proceeding you need to make sure of TWO things.

1. You are logged in, or authenticated against your domain.

2. If you are accessing web pages via a proxy server, the name of the Exchange server should be added to the Proxy Exceptions list. (Note: If you have multiple entries, you separate them with a semi colon).

Assuming you have met the two requirements above, then do the following.

1. Open Outlook > In the task bar (in the system tray) > Hold down CTRL and Right Click the Outlook Icon > Select Test E-mail AutoConfiguration.

2. Enter your details > Use AutoDiscover > Test.

Note: Here I got the following error message;

Autoconfiguration was unable to determine your settings

This was because the client I was on, could not resolve autodiscover.my-domain-name.co.uk, once that was rectified I could get further.

3. In the first section Locate the URL that is being used for OOF, and make a note of it.

4. Open your web browser and make sure you can open that URL. (Note: It will redirect to Services.wsdl that is normal).

Note: If you are asked for logon credentials, you are NOT authenticated against the domain.

5. Repeat the same with the URL that is listed in the HTTP section of the test.

6. At this point mine started working. My problem was the lack of DNS resolution, if you find another fix drop me a line and Ill update this article (link at the bottom of the page).

Incorrect Permissions on the EWS Virtual Folder.

Just after I wrote this site follower Peter Dorner Emailed me to say,

Another common problem, is that the EWS virtual directory has misconfigured permissions in IIS.

So I checked permissions on some working systems, to see what they should be.

EWS Permissions Exchange 2007 on IIS 5

EWS Permissions Exchange 2007 on IIS 6 onwards

EWS Permissions Exchange 2010 on IIS 6 onwards

Note: As shown anonymous is enabled for the IUSR account.

EWS Permissions Exchange 2007 on IIS 6 onwards

EWS Permissions Exchange 2013 on IIS 7 onwards

Note: As shown anonymous is enabled for the IUSR account.

 

Related Articles, References, Credits, or External Links

NA