02.08.2019

Ahhh, of course I should know that "An unspecified error occurred (696e647863686b2e 9cb)" actually means "hey, your USB disk is drawing too much power from the USB-port"!

Tags: Configuration Thoughts
0

TL ; DR

  • Suspect your USB connections – allways!!
  • Expect to spend hours on the forums looking for symptoms, hints and stuff to try out!
  • DON’T EVER THINK about getting the Microsoft Surface Dock … piece of heavy junk!

SNAGHTML5f131c

Disk operations onto the BitLocker-drive reports tons of errors1!

Isn’t it great when Windows (and most other software too Smile) gives you completely other symptoms to problems?

In my previous post I tried to get BitLocker to play nicely on my machine. Huge problems with drop-outs, perhaps not even the fault of BitLocker itself, but it turned out that I couldn’t even connect the disk anymore without Windows going completely haywire! Lot’s of messages in the event log like;

“Reset to device, \Device\RaidPort3, was issued”

"The IO operation at logical block address xxx was retried"

"A timeout (30000 millisec) was reached while waiting for a transaction response from the WSearch service"

Trying to salvage the drive – and as a result of reading loads of forum-posts on the net, I saw that I could try to use the old CHKDSK again. Run in as an Administrator with the parameters /F /R and /X (well, F should be automatically implied by R). The most important parameter is the X, which tells CHKDSK to unmount the drive for processing. The first run yesterday evening ran for a full 6-7 hours, and when I returned to the computer this morning, I couldn’t get in touch with Windows at all. Something was stalling the machine 100%!

Disconnecting the USB drive docking and Windows came up (pheew!) without problems. Connect the USB drives again, and boom – everything was stuck.

After many attempts I finally was able to issue the CHKDSK command. It ran for a while, and boink – “An unspecified error occurred”?!?!

image

02.06.2019

How to configure BitLocker so it doesn"t need 72 hours to encrypt 2 TB!

Tags: Software Thoughts Configuration
0

TL;DR

  • Setting up BitLocker the wrong way can be extermely slow. For example – after 72 hours my 4 TB-drive was only 49% finished!
  • Don’t encrypt harddisks full of files. Start with empty drive and enable BitLocker with “Encrypt used disk space only”
  • Use USB 3 – otherwise BitLocker will be extremely slow!

My backup-regime

Albeit I – as a programmer – shouldn’t care too much about backup (haha!), I have always been at the cowards side and backuped everything. Over the years I have been trying out most ways to backup, such as;

  • 1,44 MB diskettes – stacks of them!
  • CD and DVD burners
  • Zip and Jazz drives
  • External harddisks of all kinds and sizes
  • FTP to my NAS
  • Online cloud backup such as Acronis True Image

Even though most of the technologies above does work to some extent, they have allways meant labor, time and cost of different degrees.

This post is about my latest backup-regime. It consists of an USB harddisk docking station for ordinary internal harddisks;

SNAGHTML23a29e13

My model is the ICY BOX from RaidSonic. It swallows two harddisks, either 3,5” or 2,5”. By using these types of harddisks, the price goes down a whole lot, plus I already have a stack of older disks. One of the really cool features about this box, is that it can clone a harddisk, even without the hosting computer running.

The ability to clone is where the backup-aspect comes to play for me. By using a huge 4 TB harddisk as my main backup disk, I clone this from time to time to another similar 4 TB disk. I clone at intervals such as once a week. Then I store the cloned harddisk outside the premises.

This is where the need to protect the disk comes in. I don’t want unprotected disks lie around.

Searching the net brings up several candidates to protect an external harddisk. If you search around for best solutions to protect your external drive, you see that for example applications such as VeraCrypt or StorageCrypt are mentioned a lot. If you have Windows 10 Professional or Enterprise, you already have Microsoft’s own BitLocker. Note that you also need a fairly new computer with a security module in place (the so called “Trusted Platform Module” or TPM). Note that the BitLocker wizard will tell you if you miss anything.

Protection provided by tools like BitLocker comes with a price – mainly since protection is in the form of encryption. And that is time. Time to encrypt (and later decrypt) your stuff as you move files to and from your harddisk.

Read on to see how I have configured BitLocker now …

02.16.2018

How to redirect an URL in Domino and break the Domino-server's attempt to append any URL-parameter like "?OpenDocument" to the target URL!!

Tags: Configuration Lotus Domino
0
This is a story of something that I anticipated should take 5 minutes to fix. It turned out to take a couple of hours instead!

Very briefly - using the redirect web site rules, Domino will transfer any URL parameters (like ?OpenDocument, ?OpenForm etc) from the source URL-pattern to the target URL. If the target URL doesn't like OpenDocument very well, this ends up in an "HTTP Web Server: Invalid URL Exception". This article describes how I struggled worked to break this behaviour!


A picture named M2

11.08.2017

The quest to avoid SMTP Hacking and "Authentication Failed" on Domino-server continues

Tags: Lotus Domino Configuration
0

Update Nov, 11th, 2017: If your are using the sample database, you need a configuration first. Go to the configuration-view and press the "Configuration" button to create one.

*

This blog-post is about a combination of my own agent creating an IP-address list and a product named "IP Blocker". The combination automatically pumps bad IP addresses from Domino log to IP Blocker – and gone are the bad IP address.

Even though I have some sort of control on the numerous SMTP hacking attempts happening every day, I still feel uncomfortable just seeing that they keep on pounding my server. What do I mean?

The log gets lots of messages like this;

07.11.2017 05:00:06   SMTP Server: Authentication failed for user stevens ; connecting host 189.1.185.148

Back in March 2017 I wrote the blog-post Finally I managed to stop the SMTP hacking, generating tons of "SMTP Server: Authentication failed for user ..."-messages. Back then I was using the Windows Firewall to trap the bad IP addresses, and that worked. Every IP address registered was effectively blocked from ever reaching my server. The down-side was to keep up with all the new IP addresses, and somewhat cumbersome user interface to register IP addresses. My blog post goes into detail how that was done.

A reader named David Brown commented on the blog-post and referred to his blog-post Disable SMTP-AUTH To Stop Relay Hackers In Their Tracks, which suggested the somewhat strange tip to turn off the SMTP Authentication server in order to actually automatically fence out the bad IP addresses.

Here the other day I came across another Windows tool named IP Blocker from BeeThink-software. It looks a little outdated, but it turned out to be quite powerful! Below you see it in action on my Windows machine;

SNAGHTML19d532e1

All the red dots are blocked addresses! What was the most important selling point to me was the ability to automatically load IP-address lists.

What if I created an agent retrieving all the "Authentication Failed" messages, extracting the IP addresses and automatically created an IP-address list file to IP Blockere to read?

Read on to meet "Authentication Failed Extractor" database Smile

03.03.2017

Finally I managed to stop the SMTP hacking, generating tons of "SMTP Server: Authentication failed for user ..."-messages

Tags: Lotus Domino Configuration Spam
0

Have you ever seen a bunch of these in your Domino log-database?

image

If so, you are the victim of attempted SMTP Hacking. It means that someone is trying to log on to your server via the SMTP protocol. SMTP was primarily constructed for functionality and not so much security Smile

Unnecessarily to say, it is a waste of cycles to have all this traffic hit your server, not to mention what could happen if they ever succeed entering the system! Obviously the perpetrators uses some sort of directory attack trying out both known and valid mail addresses, in addition to all sorts of other names.

Read on to see how I finally was able to stop specified IPs from even reaching the Domino server (hint, the Windows Firewall comes to rescue!)

Update March 7th, 2017: David Brown over at his site https://port1352.wordpress.com (love the port1352-name!) took the time to chime in and tipsed me about his blog-post Disable SMTP-AUTH To Stop Relay Hackers In Their Tracks . I had actually seen this post too, but I could not get my head around that it would could actually be better to turn off SMTP-authentication in order to have better security. I asked a question on his post, and he posted a thorough answer to why this might be a good idea here. Thanks David for taking your time to answer this question!

02.22.2017

How to setup Gmail's smtp.gmail.com as the outgoing mail server on both Domino and on iOS

Tags: After Hours Lotus Domino Configuration
0
One of the fun things with software, and perhaps especially server software, is that there is lots of ways to get things done. Sometimes you just drown in settings, configurations and restarts. Suddenly things start to work, and you really don't know exactlywhat fixed the problem! This is a story along those lanes, and I write about primarily to remember the steps for later for my own part. Perhaps it can be beneficiary to others too.
 
From having my own Domino server and using it for both incoming- and outgoing mail, things has transformed over the years to only handle incoming mail, and relaying outgoing mail to other SMTP-servers. In my case it has been the Telenor server "smtp.online.no" for many years. Up til now I have been very satisfied with Telenor and smtp.online.no too. If you are interested, you can read more about the history of my server at the end of this article.
 
The Problem

However, in January 2017 something happened on the the Telenor-side, and suddenly their SMTP-server wouldn't accept relayed mail from my server anymore.
 
Sending mail from my Domino server quickly resulted in the following log-entry, along with a non-delivery report sent back to the sender
 
06.02.2017 23:06:48   Router: Message 00796504 NOT transferred via SMTP to SMTP.ONLINE.NO for some.recipient@somewhere.com 553 5.3.0 <some.recipient@somewhere.com>... We do not relay from 84.202.240.155
 
If I tried to send from my iPhone or iPad, which also had the smtp.online.no as outgoing mail server, I received this;
A picture named M2
The above is in Norwegian, and says; “Cannot Send Mail – A copy has been placed in your Outbox. The Recipient {name} was rejected by the server.”
 
I have now been in touch with the support-departments for both Canal Digital and Telenor, and to make a long story very short; Hopelessly problematic to get any sensible answers at all!!!


First Canal Digital: From filing a support-request via their own support-pages, I didn't get any answer at all. First when I posted on their Facebook-page, they answered instantly!
So, note-to-self, don't bother to write anything in support forms or send email, that won't be answered anyway. Only use channels that obviously hurt a little if requests stay unanswered. That must feel like the other side of the coin for Canal Digital…
The answer to my problem? Canal Digital just points to Telenor and basically says "it's their fault, we do nothing with mail".
 
Ok, over to Telenor, and a very similar story unveils with them. Sensible enough they don't have a Facebook page where customers can rant (they have learnt the lesson that Canal Digital is learning …) However, after registering a couple of cases, were the latter pointed to a huge document with very detailed information about the problem, I finally got an answer today;
 
We don't do e-mail support at all via e-mail ….

 
….. Ha ha ha, are you kidding me?!?! No e-mail support via e-mail ?!?!? (choke choke …)
 
However, they points me to Telenoreksperten, a call-center charging you no less than approximately USD 3 per minute. I guess this is no other logic than if your washing machine breaks down. Nobody will even touch your washer if you don't stuff their deep pockets full of money ….

Tags

Calendar