Dec 3, 2016

Office 2016 - Outlook AutoDiscover.xml

Recently one of my client have upgraded their Microsoft Office from 2013 to 2016 version and have encountered problems in creating an Outlook profile for their new employee(s).

What I have discovered is that Outlook 2016 no longer provide the "Outlook Anywhere" features whereby all Outlook accounts must be connected to Exchange server directly for .ost synchronization thus the feature is no longer available.

According to Microsoft the reason behind the changes is having .ost directly connected to Exchange server is for more stability & reliability... yeah rite. To me it seems more to forcing customers to upgrade their Exchange server for the new functions & features.

Anyway, luckily I am not the first one to encounter this problems any there are many solutions out there, but this is one particular solution that have worked for me.

And here are the steps :-

1. First you will need to create an "autodiscover.xml" file with the following contents. You can do this by using notepad.

<?xml version="1.0" encoding="UTF-8"?>
-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
-<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
-<Account>
<AccountType>email</AccountType>
<Action>redirectUrl</Action>
<RedirectUrl>https://autodiscover.[FQDN]/autodiscover/autodiscover.xml</RedirectUrl>
</Account>
</Response>
</Autodiscover>

Note : Change the [FQDN] to your domain name (eg. domain.com or domain.com.my)
 
2. Next is to modify the registry so that Outlook 2016 is aware of the "autodiscover,xml" file and its path.
 
3. Open --> regedit --> Browse to --> HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover.
Note : Create "AutoDiscover" key if not available.
 
4. Create --> String Value = [FQDN].
Note : Change the [FQDN] to your domain name (eg. domain.com or domain.com.my)
 
5. Then modify the value of the "String Value" = [Path to "autodiscover.xml" file], for example (C:\AutoDiscover\autodiscover.xml)
 
6. Below is the example of the registry, you may use this to import the registry but remember to modify it accordingly before importing.

Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\outlook\AutoDiscover]
"[FQDN]"="[Path]\\autodiscover.xml"
 
 
7. Now you can open Outlook 2016 and use its wizard to configure user's account accordingly, Outlook should be able to locate your Exchange server now and will prompt for username and password.
 
8. At certain times, Outlook will prompt for username & password twice or thrice or sometimes more (depends whether your Exchange's autodiscover is published correctly or not), and sometimes it may prompt for certificate installations.
 
9. This is normal as your Exchange is trying to authenticate you by using both MAPI & HTTPS protocol and certificate (if any). Thus the multiple prompts for username & password.
 
Some user(s) have claimed that this also works with Office 365 environment, but I have to test it out and unsure of the outcome. But for my customer's environment this just works perfectly.
 
!!! HAPPY COMPUTNG !!!
 

Nov 16, 2016

Windows 10 - Anniversary ISO Download

Now I think all of you are aware that Microsoft have released an update called "Anniversary Update" to the public. To me... well its just another service pack release.

I wanted to point out that the stable release version is 1511, the "Anniversary" version is 1607, you can check your current system version & build by going to --> START --> Settings --> System --> About.


Now there are several methods available to download this update :-
  1. Download via Windows Updates.
  2. Download via Windows Updates Assistant.
  3. Download the ISO file directly.
We are not going to discuss method #1, which is relatively simple & straightforward. Instead we will be focussing more on method #2 and method #3.


Method #2.

This method is relatively also simple and doesn't poses much challenges. But the only drawbacks is that it will required a stable internet connection and it works on a single machine.

1. Just browse to this website Download Upgrade Assistant and click on the "Get the Anniversary Update now" button (as shown below).


This will download the update assistant into your computer, the filename is "Windows10Upgrade28084.exe" and its only 6MB in file size.

2. After download completed you will need to run utility, the utility will automatically detects your current operating system version and build and will auto-select the latest version & build to download. Just follow the on-screen instructions.

3. This utility will only detect & recommend the latest version & build and then proceeds to download the updates from Microsoft server and finally automatically install it for you. You may need to restart your computer 1-2 times for the updates to complete installing.

Note : the advantage of this method is simple for user but only works for a single machine and required a stable internet connection.


Method #3.

This method is to download the ISO file directly and later perform mass deployment to multiple machines and doesn't required an internet connections. Very suitable for enterprises with more than 10 machines & above.

1. To download the ISO, browse to this link Download ISO here.

2. Now at the "Select Edition" section (as shown below), you will need to select the desire edition you need and then click the "Confirm" button.


Note that there is 3 versions available for download :-
  1. Windows 10.
  2. Windows 10 N.
  3. Windows 10 Single Language.
If you resides outside of Europe, you can download the "Windows 10" file.
If you resides in Europe, you can download the "Windows 10 N" file.
If you are using other languages such as Japanese, Chinese version then download the "Windows 10 Single Language" file.

I am not going to explain the difference of these versions, you will need to google up yourself. As I'm a resident in Malaysia thus my standard version will just be "Windows 10" file.

3. Next you need to select your preferred language, well "English International" will just works fine for me. Then click on the "Confirm" button to continue.



4. Next you will need to select your architecture (as shown below), either "32-bit Download" or "64-bit Download" version. Just click on the corresponding button and the download will start.



5. The ISO file size is approximately 3.94GB and depending on your internet speed, the download may varies. Once the download completed, you can use any of your preferred tools to burn the image into a DVD disc or you can even copied to an USB flash drive.

I hope you guys enjoy Windows 10 as much as I did and just for your information, you guys did know that Microsoft is going to end the support for Windows 7 right ?

So its time to upgrade to Windows 10.

!!! HAPPY UPGRADING !!!

Nov 7, 2016

Windows 7 - Unable to detect USB drives

Recently a colleague requesting my assistance on why the USB flash drives are not detected in the newer notebook model (eg. HP ProBook 640 G2).

It seems that the UEFI/BIOS are able to detect the USB flash drive & recognized it correctly... it was able to boot (it was configure to boot earlier into Windows 7) but unable to be detected during the installation wizard and not showing in "diskpart" utility.

Showing up in the "diskpart" utility is the first steps of the configuration they need to perform in order to continue to other steps. And they are in dire needs to have this solve the soonest... I think customer is squeezing their neck.... hehehe.... ;p

After some research & studies, I'm suspecting the USB3.0 drivers was the culprits behind the problems as Windows 7 are not bundled with USB3.0 drivers thus causing such problems. In order for the boot-up process to load the USB3.0 drivers and subsequently during the installations wizards to load the same drivers, I must first modify the "boot.wim" & "install.wim" files respectively.

Luckily, I found an utility to help me with it and thus minimizing my time spend for the solution. It's called "DISM GUI" from CodePlex. This utility is a GUI version for "dism" CLI. Much more easier to work with & easy to understand.

Now let's start the fun :-

1. First you will need a working bootable "Windows 7" USB flash drive (I am not going to write another How-To for this, there is already tons of guides on the internet).

2. Create a temporary working folder (eg. D:\WIM).

3. Create two (2) sub-folders inside D:\WIM, first folder is D:\WIM\USB3 and the second folder is D:\WIM\Mount.

4. Now in your bootable USB flash drive (assuming [G:\] is your USB flash drive), browse to G:\Sources folder and copy both boot.wim & install.wim files to the temporary working folder which is D:\WIM.

(Note : This may take a while, so be patience)

5. Once completed, you will need to download the "DISM GUI" utility from CodePlex, you may find the download link here (https://dismgui.codeplex.com/).

6. Next you also need to download the USB3.0 drivers from your manufacturer (recommended) or you can also use a generic drivers from Intel (only for Intel's chip). The download link is here (https://downloadcenter.intel.com/download/25476/Windows-7-USB-3-0-Creator-Utility)

(Note : For the sake of easy download, I have packaged all the required downloads here)

(Note : It is always recommended to download the correct USB3.0 drivers from your manufacturer if its not Intel chip).

7. After you have download the Intel drivers, extract the files and copy only the USB_Drivers\x86 &  USB_Drivers\x64 folders to D:\WIM\USB3\ location as shown below.



8. Now run the "DISM GUI" utility "as Administrator", a new windows is open as shown below.



9. At the "Mount Control" tab, click on "Choose WIM" button then browse & select "D:\WIM\boot.wim" file as shown below.



10. Next click "Choose Folder" button and select the mount point to "D:\WIM\Mount" folder. And then click "Mount WIM" button, this may take a while.



11. Once mounted, browse to "Driver Management" tab, then click "Choose Driver Folder" and select "D:\WIM\USB3" folder only. Ensure that both "Force Unsigned" and "Recurse" option is selected, next click "Add Drivers" button to continue, please wait for it to complete.



12. Go back to "Mount Control" tab, click on the "Dismount WIM" button, when prompted to commit changes, just click "Yes" button and wait for it to complete.



13. Now exit the "DISM GUI" utility.

14. Now copy the newly created "D:\WIM\boot.wim" file back to your USB flash drive and replacing the original file (G:\Sources\*.*).

15. Now repeat the same steps from #8 onwards for "D:\WIM\install.wim" file but this time you need to ensure that the correct "Index" is selected.

If you are not sure, click "Display WIM Info" button to show the correct index. This is steps is critical should the ISO image you used to create the bootable flash drives contains other editions of Windows 7 (such as Home, Professional, Enterprise, Ultimate).

Thus selecting the correct "Index" also ensure you are selecting the correct edition to load the USB3.0 drivers into it.



16. You will need to repeat this steps for each edition you want it to have the USB3.0 drivers. Else you just need to only perform this once for the edition of your choice.

17. Once you have commit the changes & unmounts, copy the "D:\WIM\install.wim" file back to your USB flash drive and replacing the original file "G:\Sources\*.*" and once completed you may eject the USB flash drive.

18. At the new computer (laptop in my case), you need to ensure the UEFI/BIOS is configured to be able to boot from USB flash drive. Once booted up via the USB flash drive, you should now be able to use "diskpart" utility and able to detect the USB flash drive itself correctly.

19. Below is the picture taken before the modification, you can see clearly that the USB flash drive is not detected in "diskpart" utility.



20. Below picture taken is after the modification, where I have added the USB3.0 drivers to both "boot.wim" and "install.wim" files. Here "diskpart" utility detected the USB flash drive correctly and indicated by the assigned [G:\] drive letter.


I hope this will help others as well and thanks for reading.

!!! HAPPY COMPUTING !!!

Oct 4, 2016

Exchange Server 2013 - POP3 Mail Collector using MDaemon

The new Microsoft Exchange Server 2013 no longer supports POP3 mail collection from a 3rd party hosting provider. It have caused some difficulties for small & medium enterprise where they still replies heavily on this provider for their business email communications.

Some hosting provider does supports IMAP collections while some are not, this is because the server(s) the hosting provider is using was unable to support such protocols (due to whatever the reasons), so you are stuck in the middle to resolve this problems.

So either you change the hosting provider (which may incurred more cost) or you use an old Exchange server that still supports POP3 protocols (which you will not have the latest features & functions).

There are many solutions out in the internet that provide a workaround for this and I find many to be either ridiculous, too little functions/features, too complicated to configured or just plain unstable due to whatever the reasons.

I found that Quantum Software Solutions  Exchange Connector to be the simplest software to use & to configure but due to unknown reasons, the software been giving me a lot of problems lately when my users reached more than 50 users and also I need to constantly monitor the server to manually restart it should it become freezes. It also causes missing emails, unable to send emails to my Exchange server and many more.

So I tried another solution based from my past experiences by using MDaemon Mail Server which I have deployed many times to many clients successfully. And some are still running fine without any problems until today..... now that's what I called stability.

After some trial and error, I have managed to make it work & to cut the story shorts below are some examples of the configurations :-

1. Install MDaemon Mail Server (you may need to check the compatibility list & plan your deployment accordingly). Just follow the on-screen instructions.

2. Goto --> "Setup" --> "Primary Domain" options --> "Domain/ISP" tab as shown below.

a) Domain name = [any local domain name will do, it must NOT be your actual domain].
b) HELO domain = [same as above]
c) Domain IP = [the IP address of the host you are running MDaemon].
d) ISP or smart host's IP or domain name = [your exchange server's IP address].


Note : DO NOT USE your company's actual domain name (eg. company.com.my), you must configure it to use something else (eg. company.local). You will understand why later when I describe how the mail flow works.

3. Goto --> "Ports" tab as shown below and change the "Create outbound SMTP events using this TCP port" option to something that are not standard (eg. 524).



4. Leave the rest configurations as default and click "OK" button.

5. Now goto --> "Setup" --> "Even Scheduling" and configure as shown below then click "OK" button when done.


Note : Some hosting provider limit time access to their server & to avoid lockup, ensure you configure this accordingly to your hosting provider, if in doubt check with them.

6. Now login to your Exchange's ECP, goto --> "mail flow" options.



7. Then goto --> "receive connectors" tab.



8. You will see a list of default transports, click on the plus sign "+" as show below.



9. At the "General" option --> "*Name" box, create a sensible name (eg. POP3 Receive Connector) as shown below.



10. Next goto --> "security" option and ensure its selected as per below options.



11. Then goto --> "scoping" option, configure as below & click the "save" button when done.

a) Ensure the IP address matches your LAN (eg. 192.168.0.*/24).
b) Ensure the port number is specified (eg. 524).
c) Ensure your Exchange server's FQDN is correct (eg. server.company.com.my).



12. Now proceed to logout from your ECP and return back to your MDaemon server, we are now ready to create users for MDaemon (I assume you have already created all the required users in Exchange server).

13. Goto --> "Accounts" menu --> "Accounts Manager" --> click "New" button, then it will display another windows as below. Under "Account" tab configure as shown.

a) Full name = Daniel Cheah
b) Mailbox name = daniel.cheah
c) @ = company.local
d) Account Password = [Password]



14. Browse to "Forwarding" tab --> select "This account is currently forwarding mail" option. Then key-in the FQDN email account (eg. username@company.com.my) as shown below.



15. Next is goto --> "MultiPOP" tab --> select "Enable MultiPOP mail collection for this account" option as shown below.



16. Now type-in your hosting provider's mail server details (eg. pop.provider.com.my) and the username & password (which you have already created in hosting provider's mail server) as shown below, once done click the "Add" button.



17. Once added, you will be able to see the list created as shown below, now click "OK" button to exit.



18. Now you can close all open windows and try send a test email, I will suggest using your own personal Hotmail or Gmail for this testing purposes to ensure MDaemon are able to collect the emails from the hosting provider's mail server and then automatically forward it to your local Exchange server accordingly.

The in your computer, open Microsoft Outlook (which you already configured to connect to your local Exchange server) and check whether you have receive the test email or not. If everything is correctly configured you should be receiving it around 5 mins time.

19. Below is a sample diagram of the incoming mail flow using Quantum Software Solution's Exchange Connector (QSS EC).



20. Below is a sample diagram of the incoming mail flow using MDaemon server.



21. From comparisons both diagram is almost the same but bear in mind that MDaemon is a full fledge server unlike QSS EC which are not.

So how does QSS EC works ?
  1. It collects emails from hosting provider's server via POP3 protocols.
  2. Verify recipients validity by cross checking with Active Directory via AD/LDAP protocols. 
  3. If correct then forward the emails to your local Exchange server via IMAP4 protocols.
  4. Clients collects emails from Exchange server via IMAP4 protocols.
  5. If failed, then it will forward to the "Mail Master/Administrator" mailbox.
This means that QSS EC required constant verifications with AD & Exchange which I suspect was the culprit behind the constant freezes and the "access denied" error in the logs.

22. Now comparing to MDaemon's processing.
  1. Collect emails from hosting provider's server via POP3 protocols.
  2. Verify recipients with MDaemon's local DB (that is why the MDaemon server must not use the same domain name).
  3. Auto forward emails to "Smart Host" (which is your local Exchange server) via SMTP protocols on custom port.
  4. Exchange server verify the recipients & send to local mailboxes.
  5. Clients collects emails from Exchange server via IMAP4 protocols.
As MDaemon is using the "Smart Host" functions to deliver emails to your local Exchange server, the domain name in MDaemon must NOT be the same with your Exchange server. Else MDaemon will thought that this is a local account & no forwarding is required even though you configured it.

23. As for the sending emails out, clients will be using the IMAP4 protocols to send emails to your local Exchange server and then the Exchange server will send the emails out directly. It's the same for both QSS EC & MDaemon.

Of course you can also configured your Exchange server to forward it to your hosting provider's SMTP server and this is up to your decisions. But do keep in mind about the hosting provider's server where it might be lockup due to too many SMTP request from the same IP & thought its was a "spam overflow/DoS" attacks.

That's all and HAPPY EMAILING !!!

Jul 30, 2016

TeamViewer - Forgotten Option Password

I think some of you might have encounter this problems whereby you have configured the "Option" password and forgotten what password you have configured previously.

Thus locking yourself out from the "Option" menu.



Just like me.... (sadly) but I found 2 methods to solve this :-

1. Uninstall & Reinstall TeamViewer all over again.     ....duh....

2. Registry hack of TeamViewer.

So I'm NOT discussing about the 1st method as it's very simple, so lets discuss about the 2nd method.

Method #2:

1. Run --> regedit.exe utility.

2. Browse to --> "HKLM\Software\WOW6432Node\TeamViewer" folder.
(depending on your version, you might a sub-folder called "Version X", as mine is version 10 thus there's no sub-folder available).

3. Select --> "OptionPasswordAES" key as shown below.


4. Right-click on that key and select "Rename" option, rename the key to "OptionPasswordAES_old" and then close the registry editor.

5. You will need to restart TeamViewer for it to take effects.

6. Once restarted, you should now be able to access the "Option" menu and modify the settings again.

My advises is once you are able to access it, the first thing is to create back the "Option" password and this time please do try remember it.

Now I need to emphasized that this is no way for you to hack or modify the TeamViewer's option if your TeamViewer is licensed and pre-configured by your IT Administrator. This is just mere workaround should you lost/forgotten the password only. Please do refer to your IT Administrator for more information about the "Option" configurations.

!!! Happy Remoting !!!

Jun 28, 2016

Linux - Tails OS (Safe Surfing)

With the ever increasing security risks nowadays such as phishing, viruses, malware, spammers and worst the ransomware. A more secure system/protection is required and for an IT person like myself, I do most of my transactions online.

A recent attack of "ransomware" on one of my friend's computers make me wonders, is my computer really safe ? No ? How could I secure it at on a more robust way ?

So after some studies and research, I've decided to setup a few things in my home network :-
  • Firewall Server.
  • Backup/Storage Server.
  • Norton Security Standard (Anti-Virus & Anti-Malware).
For this particular post, I will be showing how to create a portable OS (not just any OS, it must be safe, secure & lightweight) for my internet browsing & online transactions.

I came across this Linux distribution called "Tails OS", based on a Debian kernel and fully customised with one thing in mind, safe, secured & leaves no traces.

1. Download the latest version of Tails OS v.2.4 iso file (1.2GB).

2. Download the Tails 2.4 Signature file and the Tails Signing Key file. These files is also available in their download page, same page where you download the iso file.

Note : You need to ensure that all Tails files (iso, signature & key) resides in the same folder.

3. Download the latest version of Gpg4Win utility (this is to verify whether you're downloading the correct iso file and its not being tampered with).

4. Install the Gpg4Win (aka Kleopatra) utility, the installations is simple, just follow the on-screen instructions.

Don't worry, it's in "English" language.


5. After Gpg4Win is installed, run the program called "Kleopatra" and the following screen will be shown. Click on "Import Certificates" button.



6. Browse the signature file you have downloaded earlier. Select "tails-signing.key" file.



7. Once successfully imported, the following certificate will shown as below. Now you can exit the utility.



8. Now run "CMD" program and change the directory to where you have saved the Tails files earlier. This steps is required, as Gpg4Win cannot work if the signature key & iso file is not in the same folder.




9. Type the following command --> gpg --keyed-format 0xlong --verify tails-i386-2.4.iso.sig tails-i386-2.4.iso --> press [ENTER] key.



10. Please be patience & let it run, once completed you should have the results as shown below. This shows that the iso file is verified and confirmed correct.



11. Download another utility called "Universal USB Installer", you can visit their website at PenDrivelinux.com for more information. This utility is portable thus no installations required.

12. You will need a USB flash drive (at least 4GB) and then run the utility & you will see the screen as shown below, now follows the screenshot steps.

--> Step 1 : Tails
--> Step 2 : [ISO file location]
--> Step 3 : Select the correct USB flash drive.
--> Step 4 : Select "We will format...." option.
--> Step 5 : Click "Create" button.

!!! WARNING !!!
Ensure the flash drive is empty as this steps will format it, also ensure it's the correct USB drive selected, please unplug all USB storage devices before proceeding.



13. The progress display as shown. Please be patience and let it complete.



14. Click "Close" button when completed.



15. Unplug the USB flash drive, let's name it USB#1 for the convenience of this tutorial.

16. You will need another empty USB flash drive (USB#2), this flash drive will be your working drive and may contains your data thus a larger capacity is required.

17. Now restart your computer with USB#1 plugin and select boot from USB drive (booting to USB drive steps differs & depends on manufacturer), once booted you should see the following screenshot, select "Live" boot option and press [ENTER] key to continue booting.



18. You will be prompted with the following screen, click "Login" button to continue.



19. Once successfully booted, you will the following desktop as shown below.



20. Now plugin the empty USB#2 drive (note that the first USB drive aka USB#1 drive is still plugin) and then goto --> Applications --> Tails --> Tails Installer.



21. Click on "Install by cloning" option as shown below.



22. When prompted, select USB#2 drive as shown below. Ensure its the correct drive.



23. When prompted, click "Yes" button to continue.



24. The following progress will be displayed, please be patience and wait for it complete. If you disrupt this process it will rendered your USB#2 drive unusable.



25. Once the installation completed, click "Close" button.



26. Now you will need to shutdown the system, on the top right corner click on the drop-down arrow and the sub-menu will be displayed, click on the "Power" icon as shown to shutdown.



27. Once shutdown, unplug USB#1 drive but leave the USB#2 drive plugin. Then switch on back the computer & select boot from USB drive. Select "Live" boot option when prompted.



28. Click "Login" button to continue.



29. This steps is optional if you want to read/write your data files into the flash drive. Now to enable the "Persistent Volume" option, where you can read/write your data files into the flash drive, goto --> Application --> Tails --> Configure persistent volume.



30. It will prompt you for a "Passphrase", key-in your preferred passphrase (recommended to have at least 6 alphanumeric with special characters & hard to guess name, such as your favourite foods or drinks, your pet's name etc.). Next click "Create" button.



31. Wait for the installation to be completed, the progress screen is as shown below.



32. Now you will be prompted to select which services can be saved into the flash drive, the default selection is enough (unless you know what kind of services you will be using, then you can select more). Click "Save" button when you are done.



33. Just close the windows when prompted.



34. Now you need to restart the system in order for the new features to be activated, once restarted you will be prompted a new login screen as shown below. Click "Yes" button under "Use persistence ?" option and then click "Login" button to continue.



35. That's all, you can now surf the web safely.

So what do you do with USB#1 drive ? Well its entirely up to you, it can be reformatted for other purposes or leave it as a backup in case you need it.

So whenever I travel, I will surely bring this USB#2 drive along. You will never knows when you need it. It is very suitable when used in public computers (eg. Internet Café) or using your friend's computer (when you are unsure its safe or not). Whatever the reasons, it is better safe than sorry later.

I have tested this OS on the following models and it works :-
  • HP ProBook 6470b.
  • HP EliteBook Folio 9470m Ultrabook.
  • HP Compaq Presario CQ42.
  • HP Compaq Pro 3000 MT.
  • Lenovo IdeaPad Z500.
On my next weekend project, I will be setting up a firewall server and configure it. So stay tune and until next week then.

HAPPY COMPUTING & SAFE SURFING !!!