DrayTek Vigor – Reset To Factory Settings

KB ID 0000573

Problem

If you cannot get access to your router, or you have bought, found or been given one, and you cannot access it. The simplest thing to do it to reset to to factory settings. Once the Router has been reset its settings will be as follows;

DrayTek Default Username and Passwords

Model
Username
Password
Vigor Rev. ALL admin admin
Vigor 2600 admin {blank}
Vigor 2800 {blank} {blank}
Vigor 2900+ admin admin
Vigor 3300 draytek 1234

Note: The Router will set itself up with a static IP address http://192.168.1.1) and will act as a DHCP server (Make sure your network card it set to get its address automatically.

 

Solution

Warning: Make sure you have all your Routers settings, before you start, especially your ADSL username and password (ring your ISP and confirm) before resetting the Router as all these settings will be WIPED!

Factory Reset DrayTek Vigor: Option 1 (If you do not know the password)

Note: Model shown is a DrayTek Vigor 2800

1. with the router powered on in normal operation the power light should be blinking (slowly)

2. Use a pen, to depress the factory reset button on the rear of the device.

3. The power light will blink rapidly.

4. Release the factory reset button.

Factory Reset DrayTek Vigor: Option 2 (If you know the password)

If you can log in but just want to wipe the settings, and revert to factory defaults.

1. Connect to the web management console and navigate to, System Maintenance > Reboot system > Tick “Using factory default configuration”.

Factory Reset DrayTek Vigor: Option 3 (If you know the password)

If you can log in but just want to wipe the settings, and revert to factory defaults.

1. Familiarise yourself with the DrayTek Vigor firmware upgrade procedure. But use the firmware that ends in .RST NOT the firmware that ends in .ALL. (Note: The .all firmware just updates the firmware but keeps the settings).

 

Related Articles, References, Credits, or External Links

Draytek Router – Firmware Update

Draytek Vigor Router Port Forwarding

 

Windows – BCDEdit

KB ID 0000097 

Problem

If you’re used to editing boot,ini files in earlier versions of windows then you are in for a bit of strife – Vista and newer OS’s now has its own boot loader, but happily there is a tool to let you edit what it does – this tool is called BCDEDIT.EXE and by default it lives in the windows > system32 directory.

Solution

Simply running the command will tell you what the boot settings are at the moment.

This particular machine (My work Laptop) Has windows XP installed on the C: drive and Vista on the F: Drive – The IMPORTANT thing to note is each OS has an identifier. In this case the XP identifier is called {ntldr} and the Vista Identifier is called {current}

NOTE: In a lot of online forums I’ve seen these labeled with GUIDS and not simple names like this this may have been in Longhorn or the Vista Beta’s

Before you do anything I suggest you backup the setting – bcdedit will do this for you – the command you need is….

bcdedit /export “{drive and path}

Should you need to restore the settings you can do so using the following command

bcdedit /import “{drive and path}

The most common thing you will want to do is change the names on the Boot menu – Vista by default calls XP something horrible like “Earlier son of Windows” and Calls itself SOmething nice like “Microsoft Windows Vista” to Change the display names you need to run the bcdedit command now get the IDENTIFIER for the OS you want to change (remember mine were ntldr and current (see above)) then use the following syntax

bcdedit -set {identifier} DESCRIPTION “What you want to call it

For Example this renames my XP Installation to Windows XP

And this renames my Vista Installation to Windows Vista

The next most common requirement is to alter the timeout period (thou countdown while you select an OS to boot)By default is 30 Seconds to alter this the syntax is…

bcdedit /timeout {time in seconds}

To Change the DEFAULT OS that the boot loader will boot again you will need to know the identifier of that operating system, obviously by default it will be vista but if you want to change it to another OS (In my case) my XP OS the syntax is…

bcdedit /default {identifier}

The Last Thing you might want to change is the order the Operating systems are displayed in again you will need to know the identifier and the syntax is as follows…

bcdedit /displayorder {first identifier} {second identifier} etc

 

Related Articles, References, Credits, or External Links

NA

Mapping Printers based on Computer OU (via Script)

KB ID 0000645 

Problem

Location based printing has long been a pain. In the past I’ve tackled it with Group Policy Preferences, and I’ve even gone ‘old school’ and mapped printers with con2prt.

A few months ago I put in a new network at a school, they were using a vbs script to deploy all their classroom printers, and I had a quick (unsuccessful) attempt to do the same. But time was against me and I used GPP and location variables to solve the problem.

I did however take a copy of the script to have a play with, so yesterday while it was quiet I dropped a copy on the test network, and failed again! So I trawled round the internet and cobbled together a new script which works they way I wanted.

Note: Please do not email me and ask “Can you change the scripts to do xyz” you probably know as much about vbs as I do!

Solution

Requirements

1. I want the script to run and map the printers based on the OU that the computer is in, in these example I’ve only got two OU’s, but in a live environment you might want all the computers in the maths classroom to get the black and white laser printer in that classroom as the default printer and also be connected to the colour printer in the same room.

2. On my test network I’ve only got two printers, an HP 4600 Colour Laser, and an HP 3055 multifunction printer, so to illustrate how the script works I’ll map both printers to the computers in both OU’s, but I’ll change the default printer for OU1 and OU2. Both these printers are already setup and installed on my server.

Note: You may need to add x64 AND x32 bit drivers to your printers if you have a mix of client operating systems, as they download the driver from the server.

Script to Map Printers Based on OU

3. This script will remove any mapped network printers, Note: Local printers are NOT removed. It will then connect the printers you require for each OU. Lastly it will set the default printer.

Note: You need to connect the printer before you can set it as default.

[box]

'=========================================================================<br />
' MAP PRINTERS BASED ON OU<br />
'<br />
' AUTHOR:  PeteLong<br />
' COMPANY: www.petenetlive.com<br />
' DATE:    03/08/12<br />
'=========================================================================<br />
Set objSysInfo = CreateObject("ADSystemInfo")<br />
strName = objSysInfo.ComputerName</p>
<p>arrComputerName = Split(strName, ",")<br />
arrOU = Split(arrComputerName(1), "=")<br />
strComputerOU = arrOU(1)</p>
<p>Set objNetwork = CreateObject("WScript.Network")</p>
<p>'=========================================================================<br />
'STEP 1 - Remove any NETWORK printers (NOT Local Printers)<br />
'=========================================================================</p>
<p>Set WshNetwork = WScript.CreateObject("WScript.Network")<br />
Set Printers = WshNetwork.EnumPrinterConnections</p>
<p>For i = 0 to Printers.Count - 1 Step 2</p>
<p>    If Left(ucase(Printers.Item(i+1)),2) = "" Then<br />
        WSHNetwork.RemovePrinterConnection Printers.Item(i+1)<br />
    End IF<br />
Next</p>
<p>'=========================================================================<br />
'STEP 2 - Connect Printers based on COMPUTER OU membership<br />
'=========================================================================</p>
<p>Select Case strComputerOU<br />
    Case "OU1"<br />
        objNetwork.AddWindowsPrinterConnection "PNL-DC3055"<br />
        objNetwork.AddWindowsPrinterConnection "PNL-DC4600"<br />
        objNetwork.SetDefaultPrinter "PNL-DC4600"<br />
    Case "OU2"<br />
        objNetwork.AddWindowsPrinterConnection "PNL-DC3055"<br />
        objNetwork.AddWindowsPrinterConnection "PNL-DC4600"<br />
        objNetwork.SetDefaultPrinter "PNL-DC3055"<br />
End Select

[/box]

What you would need to change

Simply change PNL-DC for the name of your print server, add your OU’s and printers, you would just add a new ‘case’ for each OU you require.

4. I’m deploying this script as a USER logon script, though If you wanted you could also use a COMPUTER startup script.

What computers in OU1 would see

What computers in OU2 would see

Related Articles, References, Credits, or External Links

NA

No Speakers or Headphones with HDMI Device Connected

KB ID 0000961

Problem

My laptop does not have RGB or DVI on it for an external monitor, it has just got an HDMI connector. While I was working in the office I thought I’ll pop my headphones in and listen to some music, and was met with silence?

Solution

When you connect an HDMI device windows ‘assumes’ that you will be outputting sound to that device, (great thanks).

1. Open Control Panel (Window Key+X on Windows 8) > Sound. Below you can see it has set the monitor as the default playback device.

2. Select your speakers (even if you want headphones, that’s what the HP is for!) > Set Default > Apply > OK.

Related Articles, References, Credits, or External Links

NA

Dual Booting Windows 8 with Windows 7

KB ID 0000653

Problem

In the next couple of months Windows 8 will go RTM. For those of you with Technet, MSDNor Open Value subscriptions you can already get your hands on it. For anyone not wanting to take the ‘plunge’ and reinstall your OS, you can simply ‘Dual Boot’. Then you can get used to Windows 8 in your own good time. If you suddenly find you need Windows 7 simplify reboot and it will still be there.

Solution

Create a Partition for Windows 8

1. From within Windows 7 > Start > Right Click ‘Computer’ > Manage.

2. Launch Disk Management.

3. This machine has one large C: (System Drive). I’m going to ‘Shrink’ the volume that’s on it to free up room for a Windows 8 Partition, but first I’m going to rename it so we know what it is > Right click > Properties.

4. Call it ‘Windows 7’ > Apply > OK.

5. Now Right click > Shrink Volume.

6. Pick the amount to shrink the volume by, Note: Windows 8 needs 20 GB (Minimum) > Shrink.

7. Once complete, right click the newly created ‘free space’ > New Simple Volume.

8. Accept all the defaults and name the volume ‘Windows 8’.

9. Now we have a partition to install to.

Install Windows 8

10. Note: To install from DVD the computer MUST be set to boot from CD/DVD before it’s hard drive. This is set in the computers BIOS, how this is done varies from model to model.

11. Boot the machine and when prompted press any key to boot from DVD. Select your language options > Next.

12. Enter your Windows 8 unlock code > Next.

13. Accept the EULA > Next.

14. Select CUSTOM.

15. Now you can see why I named the partitions, select Windows 8 > Next.

16. Ignore this for now and let Windows 8 install.

17. It will run setup then reboot.

18. At this point Windows 8 will be the OS that boots by default, you will probably want it to be Windows 7 so select “Change defaults or choose other options”

19. Choose the default operating system.

Note: The ‘Change the timer’ Setting changes the seconds countdown shown at boot, as illustrated in step 27 below.

20. Set it to Windows 7 > Back.

21. Now Select Windows 8 to boot into that OS.

22. Run through the ‘Personalise’ steps.

23. I don’t want to login with a Microsoft account so I’m selecting “Sign in without a Microsoft account” > Next.

24. Local account.

25. Create an account to login with > Finish.

26. There’s Windows 8!

27. When you reboot you can now choose which OS you want to use.

Note: The seconds counter below is set to the default of 30 seconds.

28. If you select nothing Windows 7 will boot by default.

Related Articles, References, Credits, or External Links

Windows 8 Shortcuts

Windows 8 -“Windows cannot read the <ProductKey> setting from the unattend answer file.”

 

Exchange 2007 / 2010 change the SMTP Banner

KB ID 0000327

Problem

If you want to shield the outside world from seeing what mail platform you are running, or even if you just want to deter the casual script kiddy who is trying to remote fingerprint a massive range of IP addresses. Changing the SMTP response banner is quite simple to do.

Out of the box we know we are running a Microsoft mail platform

Solution

1. Open Exchange System Manager and find the name of your “Receive Connector” (Server Configuration > Hub Transport > Receive Connectors).

2.Open the “Exchange Management Shell” and issue the following powershell command,

[box]Set-ReceiveConnector “name of the connector” -Banner “220 The text you want to display”[/box]

3. Then your banner should be changed (you don’t need to restart anything).

Changing the SMTP Banner for Exchange 2000 / 2003

1. Drop to command line and issue the following commands,

[box]

cd c:inetpubadminscripts
cscript adsutil.vbs set smtpsvc/vsi number/connectresponse “220 The text you want to display”

[box]

Note: c:inetpubadminscriptsadsutil path may be different in your Exchange server. And “vsi number” is the number of your SMTP virtual server, this is nearly always 1, check in your Exchange System Management console to make sure.

How to locate your VSI Number

2. Then restart the SMTP service.

Related Articles, References, Credits, or External Links

NA

Update Global Address List Error “WARNING: The recipient “xxxxxMicrosoft Exchange System Objects/xxxxx” is invalid and couldn’t be updated

KB ID 0000516 

Problem

Seen when manually trying to update the Global Address List, with the following powershell command:

[box]Update-GlobalAddressList -identity ‘Default Global Address List'[/box]

Error: WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/{A Public Folder Name}” is invalid and couldn’t be updated.

or

Error: WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/OAB Version 2” is invalid and couldn’t be updated. WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/OAB Version 3a” is invalid and couldn’t be updated. WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/Offline Address Book – /o={your domain name}V/cn=addrlists/cn=oabs/cn=123” is invalid and couldn’t be updated.

This is commonly seen when an Exchange environment has been migrated from Exchange 2003. And it happens because the Alias names for the particular public folders have spaces in them (or a character that Exchange does not like).

Solution

1. On your Exchange 2007/2010 Server Launch the Exchange Management Console > Toolbox > Public Folder Management Console.

2. If you error is about OAB / Address books skip to step 5, If it’s to do with a public folder that your organisation has created, expand default public folders and locate one of them that’s causing the error (In the example above I’ve highlighted one called “1045 – Greengairs” > Select its parent > Then select it (in the central pane) and open its properties.

3. As soon as you select the “Exchange General” tab, you will get an error popup which indicates the problem, there is a problem with the Alias name, in this example there’s spaces in it remove them.

Error: The properties on this object have invalid data. If you click OK, default values will be used instead and will be saved if you do not change them before hitting Apply or OK on the property page. If you click cancel, the object will be displayed read-only and corrupted values will be retained.

4. Once removed apply the changes.

5. If your error references OAB or address books, expand system Public Folders > OFFLINE ADDRESS BOOK > Check the properties of ALL its child objects > and on the Exchange General tab remove any spaces or unusual characters.

 

Related Articles, References, Credits, or External Links

NA

Mail Routing Issue ‘451 5.7.3 Cannot achieve Exchange Server authentication’

KB ID 0000791

Problem

While putting in a New Exchange 2010 server today, I test moved a mailbox to this new site, and could not get mail to flow to the Exchange 2010 server at the clients main site.

451 4.4.0 Primary target IP address responded with: “451 5.7.3 Cannot achieve Exchange Server authentication.” Attempted failover to alternate host , but that did not succeed. Either there are no alternative hosts, or delivery failed to all alternative hosts.

Mail flowed from the main site to this new site, and internal mail at the new site was fine, but any mail destined for the main site, or going external (because the main site has the only server that can use the Exchange organization send connector) would fail with this error.

Solution

I did a lot of trawling to try and find the answer to this, and discovered lots of reasons for this to happen, so rather than just posting what fixed mine, from the most popular to the most obscure try these in order, and attempt to send mail after each step.

Note: Any change on an Exchange Server’s Receive Connectors should be followed by you restarting the Microsoft Exchange Transport Service (on the server you made the change on) before you try again.

1. On the server you are trying to send TO, check the properties of the Default receive connector and ensure ‘Exchange Server authentication’ is selected.

2. On the server you are trying to send TO, If you have a connector configured to ‘relay’ mail, make sure that the server(s) or network specified DOES NOT include the IP address of the server you cannot send FROM. Also Make sure on the authentication tab ‘Exchange Server authentication’ is NOT selected.

3. If you have Cisco PIX Firewalls between these two mail servers (running version 6 or earlier) make sure smtp fixup is disabled.

[box]

Petes-PIX>
Petes-PIX> enable
Password: *******
Petes-PIX# configure terminal
Petes-PIX(config)# no fixup protocol smtp 25
Petes-PIX(config)# write mem

Building configuration...
Cryptochecksum: f59a9bd3 3129b8bc 474b2415 52f2db0f

1049 bytes copied in 0.430 secs
[OK]

[/box]

4. If you have Cisco ASA Firewalls between these two mail servers, then remove esmtp from the default inspection map.

Cisco ASA Disable ESMTP Inspection

At this point I admitted defeat and picked up the phone and called Microsoft. One of their support engineers looked at the connectors and settings, and tested the DNS, had me create a new connector, still mail refused to flow. He did however get me pointed in the right direction. When attempting to Telnet to the Exchange server on the main site this is what we saw;

This is what we should be seeing;

Eureka!

I put all the firewalls in, so I know how they are configured, and I know this client has a CSC module in the ASA 5510 at the mail site, I managed to get the output above by rebooting that module, as soon as it was back online we reverted to the short list again. Also while the CSC was rebooting all the mails stuck on the outbound queue cleared.

Enabling CSC Bypass for a Remote Mail Server

Note: Your class-maps, and access-lists may have different names but this should point you in the right direction.

1. Connect to the ASA, view the policy-maps in use.

[box]

Petes-ASA# show run policy-map
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect pptp
inspect ip-options
class global-class <<<<< Here we go
csc fail-open <<<< This is the one we are looking for
!
Petes-ASA#

[/box]

2. We can see the class-map the CSC is using is called ‘global-class’, let’s take look at that.

[box]

Petes-ASA# show run class-map global-class
!
class-map global-class
match access-list global_mpc <<<< Here's how its being applied
!

[/box]

3. Now we know that’s being applied with an access-list called global_mpc, let’s see what that’s doing.

[box]

Petes-ASA# show run access-list global_mpc
access-list global_mpc extended deny ip host 10.1.0.253 any
access-list global_mpc extended permit tcp any any object-group DM_INLINE_TCP_1
Petes-ASA#

[/box]

Note: Remember permit means inspect and deny means don’t inspect, you can see mine’s set not to scan the CSC update traffic because that’s good practice;

Cisco CSC Module – Stop it scanning its own update traffic

4. So I just need to add in the IP of the Exchange server I cannot send from to make its traffic bypass the CSC Module. Remember to put it at the top so it gets processed before the permit or it will get ignored.

[box]

Petes-ASA# configure terminal
Petes-ASA(config)# access-list global_mpc line 1 extended deny ip host 10.3.0.2 any

[/box]

5. Finally save the changes.

[box]

Petes-ASA(config)# write memory
Building configuration...
Cryptochecksum: aab5e5a2 c707770d f7350728 d9ac34de
[OK]
Petes-ASA(config)#

[/box]

 

Related Articles, References, Credits, or External Links

Thanks to Jeebu Mathew at Microsoft for his assistance, and pointing me in the right direction.

Setup and Configure HP Wireless E-MSM720 Wireless Controller with HP E-MSM430 Access Points

KB ID 0000692 

Problem

We got some ‘demo stock’ in the office this week, I don’t do a lot of wireless, so I thought I would get it setup and have a look to see how easy/difficult it was.

Hardware used

HP E-MSM720 Premium Mobility Controller (J9694A)
HP E-MSM 430 Wireless N Dual Radio Access Point (J9651A)
HP HP 2915-8G-P-o-E Switch (J5692A)

The switch and controller are ‘tiny’ so if you want to put them in a cabinet you will need some ‘big brackets’, (or a shelf). I was disappointed that the controller didn’t have PoE on it (hence the reason we were supplied the switch). I was also disappointed the Access Point didn’t come with a network cable (seriously these things are pennies – and if a client buys hundreds of these things, someone will forget they also need an equal amount of network cables). In addition they are PoE, so you don’t get a power cable (or power injector) – so you cant even power them on without the network cable. That said all the gear is typical good quality HP Stuff. The documentation consists of a “quick setup sheet” for each piece of hardware and all the manuals are Online. I’m not a fan of manufacturers documentation at all, and HP’s is the same as most major vendors, to long, too complicated and to difficult to find what I’m looking for – I spent half a day reading pdf documents just trying to get the guest network working (a feat I will accomplish below with about three sentences and the same amount of pictures!)

Also See: Manually Configuring HP Wireless (MSM 720 controller) for Public and Private Wireless Networks

Solution

Initial Setup E-MSM720 Wireless Controller

1. Connect the controller to your network (Note: Don’t use the two dual personality ports 5 and 6).

2. The controller sets itself up on 192.168.1.1 put yourself on the same network range (see below).

3. Connect to https://192.168.1.1.

4. The MSM720 Default username and password are both admin.

5. Accept the EULA > Skip Registration > Set country > Save > Set the new password > Save.

6. Configure Initial Controller Settings > Start.

7. Set System name > Location > Contact > Login Message > Next > We’ve just set the Password so leave it blank > Next.

8. Enable/disable management interfaces > Next > Configure the network interfaces > Next.

These are allocated as follows, (out of the box!)

And are controlled by these two settings,

9. Set the time and timezone > Next > Apply.

Configure a Corporate WLAN with the E-MSM720 Wireless Controller

1. If not already there, select ‘Automated Workflow’ > Configure a wireless network for employees > Start.

11. Create an SSID > Next > Set the WPA Key > Next.

12. Choose what access points to apply these settings to > Next > Apply.

Note: At this point I had not powered on or touched the access points, so I just selected ‘All’.

Configure a ‘Guest’ WLAN with the E-MSM720 Wireless Controller

I had a nightmare getting this running, until I fully understood the VLAN, IP address and interface allocation, but if you set things up as specified above it will just work.

1. Automated Workflows > Create a wireless network for guests > Start.

2. Create and SSID > Next > Configure guest authentication (or leave open) > Set IP Settings for clients > Next.

3. Select APs to apply to > Next > Apply.

Setup the HP E-MSM 430 Wireless N Dual Radio Access Point

Well you have already done all the work! Simply connect the AP to a POE capable network outlet.

By default the AP is in ‘Controlled’ mode, so it will start looking for a controller as soon at it powers on, it can take a little while to boot (go get a coffee), you will see it appear in the controllers web interface when its pulled its configuration down.

Updating Firmware MSM70 and MSM430

Very slick! update the firmware package on the controller, and it will update all the access points for you.

Final thoughts

This is good quality gear, it has built in support for IPSEC, SSL, RADIUS and a myriad of other features that you would expect to find on an enterprise class wireless solution. HP might be concerned by their lack of wireless sales, but they could make the experience with these things better by making the web interface easier to navigate, (ask someone who has never used it before to delete a wireless network! – over 90 minutes it took me to locate the VSC bindings section to remove that!) I’ve already mentioned the documentation, I appreciate that it needs to be comprehensive but come on!

Related Articles, References, Credits, or External Links

HP E Series Wireless – Cannot Access Local LAN

Manually Configuring HP Wireless (MSM 720 controller) for Public and Private Wireless Networks