markwilson.it

Short takes: ADFS certificate expiry; Azure Authenticator setup on Windows Phone; checking if a MSOL tenant name exists

Posted on Friday 11 March 2016Friday 11 March 2016 By Mark Wilson

This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Some more snippets of randomness pulled together to make a blog post…

ADFS certificate expiry

One of my colleagues spotted this in a customer’s Office 365 tenant recently:

Office 365 - Renew your certificates

Thankfully, it wasn’t one we were managing… but I did feel the need to flag it to the incumbent service provider. If this happens to you, my colleague Gavin Morrison (@GavinMorrison) flagged a potentially useful blog post from Jack Stromberg about renewing ADFS Certificates.

Azure Authenticator Setup on Windows Phone

Whilst setting up additional authentication for Office 365 (in effect, Azure AD MFA) I found that I couldn’t add an account until the Windows Phone Azure Authentication app had enabled push notifications. Despite repeatedly enabling it in Settings, completing setup of the account needed a phone reboot, at which point it was ready for me to scan a QR code and continue. Even then the option to allow notifications doesn’t seem to stick!

Checking if a Microsoft Online Services tenant name exists

My colleague Gareth Larter found a neat trick this week for checking if a Microsoft Online Services (MSOL) tenant exists (e.g. for Office 365).

Gareth’s advice is to browse to https://login.windows.net/tenantname.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml and, if you get an error, it should show “No service namespace named ‘tenantname.onmicrosoft.com’ was found in the data store” at the bottom right meaning that the tenant name is available:

On the other hand, if you get a bunch of XML data returned, then that tenant already exists.

Fix sync issues with a Fitbit Charge HR

Posted on Thursday 10 March 2016Friday 11 March 2016 By Mark Wilson

For the last 3 weeks or so, I’ve been getting progressively more and more annoyed with my Fitbit Charge HR not syncing and displaying the wrong time. The Fitbit website acknowledged the problem but just said their engineers were working on a solution:

“Some customers have reported difficulty syncing their Charge HR recently. We’ve also heard reports that the time of day is incorrect on the tracker or other data missing is from the dashboard. Our engineers are investigating the problem, and once the root cause is diagnosed we’ll work on repairing the issue as quickly as possible. In the meantime, try our standard troubleshooting steps in I can’t sync my tracker. If those don’t work, try each of the tips below until your tracker works properly. Note that the problem may reoccur, meaning you may need to revisit these tips again in a few hours or days.”

After whinging on Twitter about the lack of updates to the above, I decided to contact Fitbit support and was actually pretty surprised by the response.

Rather than just referring me to the help article I’d already read (although they did that as well!), the response from Fitbit included the following steps (slightly edited to reflect my experience):

Turn off other Bluetooth devices near to the tracker, make sure the wireless sync dongle is unplugged from the computer.
Turn off Bluetooth on the mobile device that will be used to sync.
Force quit the Fitbit app and turn mobile device off.
While mobile device is off, restart the tracker.
Turn mobile device on, check the Internet connection and enable Bluetooth
[Remove the device in the Fitbit app.]
Set up as a new device.
If, after 3 to 4 minutes it is stuck in “Finishing up” message, close the app, and open again.
In some cases it takes longer, make sure the tracker is near to the mobile device all the time.
If it is still finishing up, Set up the tracker again, Charge HR will be syncing properly after that.

It took a couple of attempts last night to set up the device again but after a while I managed to get things working and it’s actually been pretty good since. Ironically I now see that the app is suggesting there’s an update for my Charge HR – maybe the one that prevents this issue!

Monday morning IT blues: unresponsive Surface Type Cover keyboard/trackpad

Posted on Monday 7 March 2016Monday 7 March 2016 By Mark Wilson

Monday Morning 6.15AM: My alarm goes off – time to get up, drive to the station, buy a ticket and catch a train to London. It’s Monday morning; another week, here we go.

Clearly my Surface Pro 3 was having a similarly bleary-eyed morning. When I got to site, the Type Cover keyboard didn’t want to work. Nothing had changed since Friday when I shut the machine down, so why wouldn’t the keyboard work? Detach, attach, restart, restart again. RTFM. Restart again. Oh, time for a support call.

The great thing about working for the company I do is that even the Directors respond to support requests and I had an answer in minutes about resetting the USB root hub. Trouble is that I don’t have the necessary admin permissions. No worry. I would try and power down the machine. Not a normal power down, but a proper, hard reset. According to The Tech Chat, that’s called a two-button shutdown.

So, after a power down, holding power and volume up for 15 seconds and then exiting the setup menu that was displayed, my Surface started up, recognised the attached Type Cover and I was back in business.

Monday morning 9.45AM: IT 0: Mark 1. Right. Now what’s in store for the rest of the week!

WordPress Backup to Dropbox column offset errors filling up web space

Posted on Saturday 13 February 2016Saturday 13 February 2016 By Mark Wilson

My website has been chewing through disk space recently. I couldn’t work out why and the largest files a few weeks ago were some webstat logs, so I cleared them down. Tonight, as I couldn’t upload anything (or apply any updates) I hunted around and found a couple of error_log files in my webspace. The first related to a PHP file that was reading my Twitter feed using an old API and so was repeatedly failing. I removed the log and the offending PHP but that wasn’t the biggest problem. In my blog’s home folder was a 1.2GB error_log file – loo big to even read properly in Notepad, Word, or anything else I tried.

I managed to download a partial copy of the file (using Filezilla, then cancelling the transfer after a few seconds and saw lots of lines that contained the following error:

WordPress database error Column ‘offset’ cannot be null for query INSERT INTO wp_wpb2d_processed_files (file, uploadid, offset)

That told me it was the (very useful) WordPress Backup to Dropbox plugin, by Michael de Wildt. I don’t really want to disable that but luckily I found a fix on WordPress.org, posted by Rich Helms:

The issue is file wordpress-backup-to-dropbox/Classes/Processed/Files.php

Toward the bottom of the program change from

$this->upsert(array(
'file' => $file,
'uploadid' => null,
'offset' => null,
));

to

$this->upsert(array(
'file' => $file,
'uploadid' => null,
'offset' => 0,
));

so change the offset default from null to 0 and the issue goes away

Sure enough, that change seems to have fixed the problem and whilst the edit to the plugin will be over-written with the next release, hopefully that release will also include a permanent fix!

“Unlicensed Product” errors in Microsoft Office

Posted on Saturday 13 February 2016 By Mark Wilson

Earlier this evening, I noticed that my copy of Outlook was showing as an “unlicensed product” at the top of the screen. That seemed strange, as I pay for an Office 365 Home subscription, which covers my family’s various copies of Office.

So, I took a look at the Office Account settings, and noticed that it wasn’t signed in to Office 365 for some of the connected sources.

Disconnected from Office 365 services

I reconnected to My Office 365 subscription, signing in with my “Work or school account” as that’s what the markwilson.it Office 365 subscription uses, even though the Office 365 Home subscription uses a Personal Account (formerly known as a Microsoft Account):

Which Microsoft account to use?!

After authenticating (and a restart), Outlook was no longer complaining about being unlicenced.

I’m not sure if it’s a complication of having both a Microsoft Account (MSA) and an Organization/Work and School (Azure AD) account with the same email address, but it seems there are various scenarios that can present this issue.

Thankfully this one wasn’t too hard to sort out!

Raspberry Pi FTP server

Posted on Sunday 7 February 2016Sunday 7 February 2016 By Mark Wilson

I’ve been trying to resurrect my SIP-connected Cisco 7940 as part of a review of our home telephony arrangements. In order to do this, I’ve had to configure the TFTP capabilities on my home infrastructure server (i.e .my Raspberry Pi). Previously, I’d served the phone configuration from a Windows TFTP server (long since gone) and the phone had just kept going with the old settings. Now, with configuration changes required, I’ve started to use dnsmasq for TFTP as well as DNS and DHCP (actually, that had always been configured, but without any files on the Pi to serve from TFTP)!

So, how to easily transfer the files? FTP to the rescue. I followed the Pi My Life UP guide to install vsftpd on my Pi, which meant using the following commands:

Update packages and install vsftpd:
sudo apt-get update
sudo apt-get install vsftpd
Edit the vsftpd config with sudo nano /etc/vsftpd.conf, making sure it has the following entries:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
chroot_local_user=YES
user_sub_token=$USER
local_root=/home/$USER/ftp
Create the folder to use for FTP and set the permissions:
mkdir /home/pi/ftp
mkdir /home/pi/ftp/files
chmod a-w /home/pi/ftp
Restart the FTP service with sudo service vsftpd restart.

After this, I could easily upload the files I needed to the folder that I’m serving TFTP from (/home/pi/ftp/files) – although for some reason the FTP server was listening on port 22 (not 21), and then distribute my new phone configuration…

Why Microsoft customers don’t need to worry about EU-US Safe Harbour/Harbor

Posted on Thursday 28 January 2016Friday 29 January 2016 By Mark Wilson

When European Courts judged the 15-year-old EU-US Safe Harbour/Harbor treaty to be invalid last October, Internet news sites started to report how terrible this was for EU companies placing data into cloud services offered (mostly) by American companies. For some, that may be true, but that assumes Safe Harbour is the only protection in place.

This week, IT news sites are at it again. The Register (the tabloid newspaper of IT news sites) has an article titled Safe Harbor 2.0: US-Europe talks on privacy go down to the wire but the actual URI belies a much more dramatic title of “Safe Harbor countdown to Armageddon”. Sensationalist at best, some might even say irresponsible.

I’m no lawyer but, for my customers, who are implementing Microsoft cloud services, there seems to be nothing to worry about and I’ll explain why in this blog post. Of course, Microsoft is just one of many cloud services providers – and for others there may be valid concerns.

The United States Export.Gov website currently displays the following text regarding Safe Harbor:

“On October 6, 2015, the European Court of Justice issued a judgment declaring as ‘invalid’ the European Commission’s Decision 2000/520/EC of 26 July 2000 ‘on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.’

In the current rapidly changing environment, the Department of Commerce will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework. If you have questions, please contact the European Commission, the appropriate European national data protection authority, or legal counsel.”

EU Model Clauses trump Safe Harbour

Microsoft President and Chief Legal Officer, Brad Smith, issued a statement on 6 October 2015. Quoting from that article:

“For Microsoft’s enterprise cloud customers, we believe the clear answer is that yes they can continue to transfer data by relying on additional steps and legal safeguards we have put in place. This includes additional and stringent privacy protections and Microsoft’s compliance with the EU Model Clauses, which enable customers to move data between the EU and other places – including the United States – even in the absence of the Safe Harbor. Both the ruling and comments by the European Commission recognized these types of steps earlier today.

Microsoft’s cloud services including Azure Core Services, Office 365, Dynamics CRM Online and Microsoft Intune all comply with the EU Model Clauses and hence are covered in this way.”

There’s also a follow-on post which talks in general terms about the wider issues and privacy beliefs but the key point is that Microsoft offers EU Model Clauses within its contracts, which go beyond Safe Harbour. Microsoft also has an FAQ on the EU Model Clauses that is worth a read.

Quoting again from the 6 October 2015 statement:

“We wanted to make sure all of our enterprise cloud customers receive this benefit so, beginning last year, we included compliance with the EU Model Clauses as a standard part of the contracts for our major enterprise cloud services with every customer. Microsoft cloud customers don’t need to do anything else to be covered in this way.”

That suggests to me that customers who have signed up to Azure Core Services, Office 365, Dynamics CRM Online or Intune since early 2014 already have greater privacy protection than was afforded by Safe Harbour – and that protection meets the EU’s current requirements. In short, Microsoft customers don’t need to worry about Safe Harbor (sic).

An example of how to engage customers on social media

Posted on Tuesday 19 January 2016Tuesday 19 January 2016 By Mark Wilson

Almost every day, I see a branded account somewhere using Twitter as a broadcast medium, rather than as a tool to engage two-way conversation with customers. Indeed Matt Ballantine (@ballantine70) called Twitter out on this one…

…says anonymous corporate account with a logo for a profile picture… #ohtheirony https://t.co/OQswv2tuwn

— Matt Ballantine (@ballantine70) January 6, 2016

Then there are the accounts that are named something like @BrandnameHelp, which vary tremoundously in the amount of “help” they offer (although creds are due to @TMLewinHelp and @7DigitalHelp who have both helped me out recently with problem orders). @BTCare and @AmazonHelp are less impressive, in my experience.

@NatWest_Help picked up on this, slighty sarcastic, tweet from yours truly:

Clearly no-one at #NatWest Bank bank has ever checked the sign outside the Eastleigh branch branch! cc @NatWest_Help pic.twitter.com/OhWoewr28a

— Mark Wilson (@markwilsonit) December 22, 2015

@LondonMidland does a great job of dealing with disgruntled travellers, including gems like this, with childrens toys to illustrate the issue (sometimes real pics too – it’s easier to be sympathetic of problems getting to/from work when you can see flooded tracks/fallen trees/damaged trains from fallen overhead wires, etc.):

NEW: Owing to a vehicle striking a bridge services between Long Buckby & Northampton are running at reduced speed. pic.twitter.com/FWYJYWWdQM

— London Midland (@LondonMidland) June 12, 2015

There are whole books on this written by people who know far more about customer service and marketing than I do but I’d like to call out one example of what I see as a great use of social media…

Yesterday evening ago, I tweeted about a very amusing Volkswagen ad, noting that my recent car purchase might have been from them had the local dealership not been so completely useless at selling me the car I wanted…

LOL at this #Volkswagen video promoting trailer assist: https://t.co/Q3yE7d1MFd (pity @UKVolkswagen lost my custom through lousy sales)

— Mark Wilson (@markwilsonit) January 18, 2016

Full credit to @UKVolkswagen, they picked up on this and said “can we help”, later following through with an email address to send more details to. The resulting email response was less impressive, suggesting I should supply a phone number if I wanted a response (I didn’t want a response, but my mobile number was already in the email…).

But what really impressed me, and showed:

Excellent social media monitoring skills (clearly tracking disgruntled customers with rival brands); and
An ability to use social media to engage and potentially attract new custom

was the Twitter conversation I had with @ToyotaGB this evening.

@markwilsonit Hi Mark. Did you manage to find a new car? If not, we’d love to help. Thanks. ^MS pic.twitter.com/tZrnEdHSez

— ToyotaGB (@ToyotaGB) January 19, 2016

It was too late, as I’d already bought a Volvo (I may have mentioned that once or twice on Twitter…) but still excellent use of social media. Other brands could learn a thing or two…

Short takes: file and folder management from the command line

Posted on Monday 4 January 2016Sunday 24 April 2016 By Mark Wilson

Turning more open tabs and notes into mini-blog posts…

Some Unix commands when working with directories

A couple of months back, I wrote about having to hurriedly back up my Mac after the file system got corrupted…

Along the way I had to pick up some Unix commands that were previously outside my vocabulary… worth noting here for future reference:

Counting the number of files in a directory with ls | wc -l
Getting the size of a directory with du -sh
Shutdown immediately with shutdown -h now

Force deleting a folder on Windows

I’ve been cleaning down a PC that is no longer needed for regular use, but we’re hanging onto as a spare PC. I figured the quickest way would be to remove some user profiles but Windows Explorer was having difficulty with some temporary files in the AppData folder structure. After a while, I fell back to a trusty cmd prompt…

rd /s /q foldername

The equvalent for a file is del /f /q /a filename.

Thanks to Techverse for pointing me in the right direction.

Encrypting Windows 10 with BitLocker

Posted on Saturday 2 January 2016Sunday 3 January 2016 By Mark Wilson

In common with many small business owners (indeed any business owner, it could be argued), my wife needs to be sure that her customer’s data is adequately protected. In her case that means professional cloud services for email (Office 365) and PC backup (Azure) but the data on the PC needs to be protected too…

All major operating systems come with whole drive encryption technologies these days – and for Windows that feature is BitLocker.

When we replaced my wife’s PC a few months ago, I picked what seemed a good small business laptop from Lenovo – a Thinkpad E550 – and, by and large, I’ve been pleased with the purchase. Somewhat frustratingly though, the PC shipped with Windows 8 (not Pro) and so it has been updated to Windows 8.1 then to Windows 10 Home. That meant that, when I attempted to encrypt the drive by right-clicking in File Explorer, there was no Manage BitLocker option (and the BitLocker Settings stub in Settings, System, About didn’t do anything). Folder-level encryption with the Encrypted File System (EFS) was similarly unavailable (although greyed out, rather than invisible), even when I tried to manually enable it with sc config EFS start= demand.

Whilst there are alternatives available, my support model for my wife’s PC is KISS (“keep it simple, stupid”), as the last thing I need whilst I’m consulting with my own customers is to be worrying about support issues with family devices, so I decided to stick with the technology that’s built into Windows. That meant an upgrade to Windows 10 Pro.

Thinking $99 isn’t too bad a price to pay (after all, this is a business expense for my wife)… I clicked Settings, Update & Security, Activation, Go to Store, only to find that it’s £99.99 in the UK – a £33, or 50%, uplift at today’s exchange rates. By this point I’m starting to feel a little ripped off… although I’m not sure if I’m more annoyed with Lenovo selling a small business PC with an inadequate version of Windows, or Microsoft for only putting encryption in the high-end Windows versions…

“Adding features”… more specifically £99.99 to enable encryption; watch the Windows version when buying a new PC! pic.twitter.com/4pVTuer27P

— Mark Wilson (@markwilsonit) January 2, 2016

The final point to remember is that not all PCs have a Trusted Platform Module (TPM) chip.

BitLocker error on PC without a trusted platform module

That’s not a problem if you’re prepared to use a USB flash drive as a startup-key. It just needs a little policy change (run gpedit.msc, then Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Bit Locker Drive Encryption\Operating System Drives\Require additional authentication at startup) after which you can work through the BitLocker encryption process as usual but with an extra choice whether to use a USB key or enter a password:

Allow BitLocker without a compatible TPM

Choose how to unlock your drive at startup