AlphaCron Datensysteme - Blog


Marc Pauls


    LANCOM Router and IPv4 rules / rulesets

    Marc Pauls  11 April 2022 09:33:51
    When working with IPSec on LANCOM routers you might need to create IPv4 rules / rulesets to manage SAs between you and the remote site.
    Always take care not to name the ruleset equal to any rule! In case you did you will see that the single IPv4 rule will be used instead of the ruleset where the rule is included.
    LANCOM should prevent the double naming conditions in its firmware.
    Comments Disabled

    Exchange Server 2016 / 2019 stops delivering mails from 01.01.2022 :-)

    Marc Pauls  1 January 2022 13:17:06
    For everyone wondering why their on-premise Exchange Server doesn't deliver any mails anymore - there is a kind of a year 2022 problem :).
    You may suddenly see an error from "FIPFS" (error code 5300) in your event log stating "can't convert 2201010001 to long".

    For a quick workaround:

    start the Exchange Management Shell

    cd $exscripts


    restart the MSExchangeTransport service

    net stop msexchangetransport
    net start msexchangetransport

    Dear Microsoft: signed int32 max value can only be 2.14... * 10^9 - and 2147483647 < 2201010001 :-D

    Looking forward for a Hotfix published my Microsoft.

    HNY 2022!

    Comments Disabled

      NCP Enterprise VPN Client with Allied Telesis AR4050S

      Marc Pauls  14 October 2021 22:52:55
      As the AR4050S determines all IKE-IDs with an "@" in it as FQUN and without an "@" as FQDN in its IPsec
      implementation it was difficult (especially with the Mac client where no expert mode exists) to establish

      a proper connection without much handwork if you want to use usual usernames that are not email addresses.

      Now NCP released a new client plugin in their SEM that has the possibility to define the FQDN or FQUN

      manually (in the client template or delegated to the client itself).

      This makes it finally possible to use the NCP client together with the great firewall products of Allied Telesis
      in a perfect way without the need of any strange OpenVPN clients.

      Both together - the NCP Client and the AR4050S firewall - let you build a solid and reliable VPN login platform
      for your business. The outstanding performance in IPsec routing in comparison to other competitors makes
      this combination an excellent solution for a secure access to your company network.

      Thank you NCP for the excellent job!

      Comments Disabled

        Windows DC desktop icons

        Marc Pauls  7 October 2021 11:56:36
        After promoting a Windows Server to a DC you can't access the desktop icon menu anymore.

        desk.cpl ,,5

        Comments Disabled

          upgrade to HCL Domino 12.0

          Marc Pauls  13 June 2021 20:10:51
          worked perfect...
          Comments Disabled

            Thüringer Schulcloud nicht von überall erreichbar

            Marc Pauls  24 April 2021 08:35:23
            Am 22./23.04.2021 war die Thüringer Schulcloud bzw. der dortige Login-Bereich nicht von allen Anschlüssen erreichbar.
            Grund dafür war eine aktivierte DDoS-Protection bei dem zuständigen Hoster 1&1 IONOS. Dort wurden ganze Netzbereiche vorsorglich gesperrt, von denen man meinte sie könnten eine "Gefahr" darstellen. Nach einiger Korrespondenz mit dem Support konnten wir nun ein Whitelisting zumindest unserer IP-Adressbereiche erwirken.
            Comments Disabled

              Canon printers and MacOS BigSur

              Marc Pauls  16 April 2021 21:45:15
              After upgrading to BigSur your Canon printer might print only empty pages.
              To fix this use the driver:

              Comments Disabled

                Telekom CompanyFlex Pure - LANCOM

                Marc Pauls  10 April 2021 09:21:42
                When setting up a Telekom CompanyFlex Pure account (with use of a "foreign" access) with the LANCOM wizard it is necessary to enable/enforce the TLS 1.2 encryption afterwards in the line settings.
                ComanyFlex Pure seems to work only with encryption from outside the DTAG network.
                Comments Disabled

                  diable annoying security request in MacOS

                  Marc Pauls  17 August 2020 08:52:13
                  To disable the security request when installing an application in MacOS just type

                  sudo spctl --master-disable
                  Comments Disabled

                    enable SMBv1 on Windows Server 2019

                    Marc Pauls  28 July 2020 14:56:34
                    To enable casual (old) SMBv1 on a Windows Server 2019 as a client (e.g. to access a QNAP NAS, etc.)

                    - enable CIFS/SMBv1 in Windows Features

                    then execute:

                    sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi

                    sc.exe config mrxsmb10 start= auto

                    Comments Disabled