UniFi Access Point.. Go Home

I have a UniFi AP’s at home, two to be exact. It’s likely overkill, however I am in “IT” and I have to do everything overboard at home. Plus my plaster walls inside my house are terrible for wireless connectivity. I hard wire what I can, the remaining such as phones and tablets have no choice.

I will be forthright, I really like the system and it’s potential, it has some awesome features and some software bugs I have run into time to time. Hence the post…

I new router at home meant I was changing my IP scheme, relatively easy task once AD/DNS was flipped over. The problem I ran into was once the scheme changed the AP’s lost connectivity with the controller and POW! Wireless Down!

No worries, I thought, reboot, get DHCP, and they are back… No
No worries, I thought, reset to factory defaults, and they are back… No
No worries, … Damn these things were not coming back…

Aside from the factory resets using UniFi Discover to finding a small enough paper clip for resets, no dice. I ended up using SSH and the UniFi default admin UN/PS to access the AP’s. Executing info gives me..

Status: Server Reject (http://1.1.1.1:8080/inform)

 

In troubleshooting I found that the controller was rejecting the AP’s. To fix, do the following in order.

  • Reset (each) AP to factory defaults
  • Remove (each) from the device section of the controller software/site
  • Run “set-inform http://1.1.1.1:8080/inform” on one at a time
  • Within the device section of the controller, select adopt on the AP you ran the command on
  • Wait…
  • Magic

I found a few other posts on the issue, ranging from the obscure to strange. Mine was relatively simple and avoidable. Lesson learned, have putty handy at all times.

AP Firmware: 3.7.39.6089

https://community.ubnt.com/t5/UniFi-Wireless/Adoption-and-Server-Reject/td-p/565829

https://community.ubnt.com/t5/UniFi-Wireless/Troubleshoot-Server-Reject-Error/td-p/888804

https://community.ubnt.com/t5/UniFi-Wireless/UAP-set-inform-Decrypt-error-or-Server-Reject/td-p/1568794

https://community.ubnt.com/t5/UniFi-Wireless/AP-s-can-t-discover-controller/td-p/588425

SharePoint 2013, InfoPath and External Data Connections

I will be brief today, busy day, however I wanted to get this one out there.

Here is the list…

Broken Infopath Form (You do not have permission to access a database that contains data required for this form the function correctly) – Check!
External Data Connection, SQL – Check!
SharePoint 2013 – Check!
Data Connection Library Created – Check!
Secure Store Service Application Setup – Check!

I have run into this quite a few times. SharePoint 2013, Web Applications have kerberos enabled and the form breaks. This usually doesn’t happen “just because” unless you have a residual form that someone found recently… Either way, it’s broken.

Find the UDCX file in the data connection library of the site the form resides in. Generally under site contents. Make a copy of it and edit, notepad works.

Here is the change that is needed.

Before. Uncomment and set the Application ID.

</udc:UpdateCommand>
<!–udc:Authentication><udc:SSO AppId=” CredentialType=” /></udc:Authentication–>
</udc:ConnectionInfo>

After. Enter in the App ID and Cred Type.

</udc:UpdateCommand>
<udc:Authentication><udc:SSO AppId=’InfoPathForms‘ CredentialType=’NTLM‘ /></udc:Authentication>
</udc:ConnectionInfo>

This has fixed it most of the time.

 

 

SharePoint: The INSERT statement conflicted with the FOREIGN KEY SAME TABLE constraint “FK_Objects_Objects”. The conflict occurred in database “SP_Config”, table “dbo.Objects”, column ‘Id’

SharePoint issues… meh

I was provided a standard license for a SharePoint farm in lieu of needing enterprise for Access and Excel services. After the farm build, I attempted to make this right…

I attempted to convert the license, however this option was not available.

sharepoint-the-insert-statement-conflicted-with-the-foreign-key-same-table-constraint-fk_objects_objects-the-conflict-occurred-in-database-sp_config-table-dbo-objects-column-id-a

Attempting to Enable Enterprise Features, the timer job runs which eventually fails to this..

Unknown SQL Exception 547 occurred. Additional error information from SQL Server is included below.

The INSERT statement conflicted with the FOREIGN KEY SAME TABLE constraint “FK_Objects_Objects”. The conflict occurred in database “SP_Config”, table “dbo.Objects”, column ‘Id’.
Table ‘LastUpdate’. Scan count 0, logical reads 2, physical reads 0, read-ahead reads 0, lob logical reads 0, lob physical reads 0, lob read-ahead reads 0.
Table ‘Objects’. Scan count 0, logical reads 2, physical reads 0, read-ahead reads 0, lob logical reads 0, lob physical reads 0, lob read-ahead reads 0.
Table ‘Classes’. Scan count 0, logical reads 2, physical reads 0, read-ahead reads 0, lob logical reads 0, lob physical reads 0, lob read-ahead reads 0.
Table ‘Objects’. Scan count 0, logical reads 2, physical reads 0, read-ahead reads 0, lob logical reads 0, lob physical reads 0, lob read-ahead reads 0.
The statement has been terminated.

While I found a few posts to fix this, either manipulating the webpage by enabling the disabled functions on the convert license type page or of course the always, not recommended, manual update to the database.

In the end, since this was production, I opted for dropping the attached servers from the farm, deleting the necessary databases (it’s new, so no need to save most), and creating another farm.

After getting central admin online, I now see my farm license is all ok and I can continue on. A more official method would be to uninstall/reinstall the SharePoint bits to properly assign the license, however considering the farm was showing me the correct license and there isn’t any higher to go, I am good with this.

sharepoint-the-insert-statement-conflicted-with-the-foreign-key-same-table-constraint-fk_objects_objects-the-conflict-occurred-in-database-sp_config-table-dbo-objects-column-id-b

 

SharePoint 2013: Error: ID3204: WS-Federation SignIn request must specify a ‘wtrealm’ or ‘wreply’

As you may know, I work with Microsoft products, SharePoint specifically lately. I ran into an issue with the setup of utilizing ADFS as a claim token provider for authentication on a specific URL.

The issue was…

Error: ID3204: WS-Federation SignIn request must specify a ‘wtrealm’ or ‘wreply’

There was more to this with custom errrors on. I like it when I get the full spiel from .NET.

While I care very much for wreply in my situation, I didn’t get initially what was broken… the setup of a token issuer is quite simple, especially ADFS, it’s less fuss and a Microsoft product. Plus my scripts usually don’t fail me much.

After a quick working environment comparison and running a few powershell scripts, I saw that my realm providers did not have the URN attached.

Key                                        Value
—-                                      —–
https://URL1/
https://URL2/
https://URL3/
https://URL4/
https://URL5/
https://URL6/
https://URL7/

Bah Humbug…

A quick clear, of the values.

$ap = Get-SPTrustedIdentityTokenIssuer
$ap.ProviderRealms.Clear()
$ap.Update()

And re-run my script… and voila…

Key                                        Value
—-                                      —–
https://URL1/                     urn:fancy1:fancy1
https://URL2/                     urn:fancy1:fancy1
https://URL3/                     urn:fancy1:fancy1
https://URL4/                     urn:fancy1:fancy1
https://URL5/                     urn:fancy1:fancy1
https://URL6/                     urn:fancy1:fancy1
https://URL7/                    urn:fancy1:fancy1

The urn:fancy1:fancy1 provider realm matches the ADFS relying party I had setup before. Now my site works…

 

 

 

 

Please Reset My Password

Yesterday I was faced with logging into a website I knew the username and password, while I didn’t “own” this information of my wife’s, we share almost everything (except pizza, she isn’t cool with sharing pizza) I thought I would login to save her time. Of course our account was locked which resulted in a call. While I had all the info they required, username, password, account number, last four of social, the helpful person on the other end decided not to reset based off my “male” voice because my wife’s name is female. While I understood, I was frustrated since I had what they wanted and I didn’t get what I want. I thought to myself, this business set their requirements and decided, hey, just because you sound like a dude, no way. Frustrated or not, we cordially hung up the phone and I gave up.

This got me processing, no longer are passwords over the phone or e-mail a way to reset in a secure way. I know what you are thinking, what if I can’t get in, I need to call someone. The beauty of technology means that, no, you don’t need to call anyone. While very few companies have deployed two factor authentication, most of the world relies on remembering 2-3 passwords which people use for everything (You know who you are). Kids birthdays or the ever more important family pet.. This puts one important factor on the table, a single password can turn your life upside down.

As you and I have seen the past few years, everything is hack-able (NSA Hacked?) and it’s scary to me and should be to you too. I know, there are a billion people out there, no way am I the one, unfortunately what if you are? Just like you would never get in a car accident?

While I can talk all day about this, here are some articles in regards to services being “hacked” and how they may affect you in some way.

Dropbox 68 Million Users Passwords on the Internet
Target Credit Card’s Stolen
NSA Hacked? (Valid?)
Twitter, 33 Million Passwords
11 Data Breaches that Stung US Consumers

So reading these, is your twitter or Dropbox password the same as your banking password?

I just want to get you thinking about the what if? If someone cleans out your bank account, you ok with that? Or signs up for a new credit card? Trust me, it can happen to you and it takes time, effort and money to fix it.

While I talked long enough, let’s get to the part where I tell you how to fix this…

Let’s focus first on passwords since this is the easiest change.

  • When possible, use a tool like 1Password, Keypass, etc (Recommendations). Change your passwords to complex passwords when possible and unique for each website or service. Even the shopping sites since most save your credit card info.
  • Update your security questions… Mother’s maiden? “Bob Loblaw”. A product like keypass has a notes section where you can store a non-traditional security question note. Just don’t forget your keypass password.
  • Enable two factor authentication. What the hell is that you say? If you have a mobile phone with text / SMS capabilities, you tell the service or website the number, they text you at login (Usually only once if it’s the same computer or phone). Why is that secure you say? Anyone else recieving text messages to your number? It’s an additional security layer that I personally like and enable when possible (Even on wordpress). While not everyone has this, it’s generally under the password change or security section of a website.
  • On a more extreme route, use unique usernames, again I know… crazy. However with a tool, this becomes relatively easy.
  • Credit monitoring, most of these services are junk, like an extended warranty the cost outweighs the real benefit here. Most banks provide services like this as part of their offerings, see if you can get it for free.

Now credit cards… Most people really don’t understand how credit cards work, and with the recent ATM and credit card skimmers, it’s more evident this is going to become common place.

  • First and foremost, you aren’t secure unless you utilize chip technology in your card. That 1/4 inch little chip on the front, while real’ pretty, is a way to encrypt your transaction, and this is good. FAQ about chips.
  • Use your iPhone, android or accompanied watch to pay at the terminal. Again, your credit card data is stored encrypted and uses token technology, read more about it. To add an additional layer here, you need a eye (no pirates please) or finger (If you use your toe, wear sandals) even use the service.
  • Paypal. It’s been around for a long time. Not all sites accept this method, however because of the technology, your banking info is never sent to the merchant. They also have iPhone apps that support some secure payment transfers. Read more here.

From a consumer perspective, these are what I believe are the best and easiest options for you. Security is becoming an important part of life, more so than ever before, so keep an eye out and change your password from “password” to “Password1”.

 

 

ML110 G6, Please Don’t Die

In a recent post I talked about my purchase of a ML110 G6. Well, purchase is a strong word, I would call it free as it appears to be the result of a known “bug” with these machines where they just fail / die / power off  without notice or event. Great, I found a winner… The replacement server I received has been rock solid, so let’s not start off on the wrong foot yet.

A few go(ogle)d searches and found the following..

http://community.hpe.com/t5/ProLiant-Servers-ML-DL-SL/HP-Proliant-ML110-G6-Breaks-down-offen/td-p/4786107

http://community.hpe.com/t5/ProLiant-Servers-ML-DL-SL/HP-Proliant-ML110-G6-Breaks-down-offen/td-p/4786107/page/2

https://social.technet.microsoft.com/Forums/en-US/fc303b36-91be-4335-9d7e-2e13e43b0f3f/server-stops-answering-suddently?forum=smallbusinessserver

Summary of suggestions..

  • Patch firmware, drivers and BIOS
    • Possibly a BIOS vs. Hardware resource issue
  • Use HP memory specific to this model
    • Duh, why does HP have to be that picky
  • Use a HP array in lieu of the B110i on-board
    • HP P212 or P410 models?
  • Motherboard Rev C instead of A
    • Possibly, considering there are different revision makes you consider
  • New Motherboard
    • No warranty…
  • Power supply under powered
    • Possibly, however why drop out once in a while and not all the time
  • Disable Memory Interleaving
    • You lose half the memory as this won’t utilize both channels
  • Buy something else
    • I think this may be the answer

For me, I noticed improvement when I did the following. Meaning, failures once in a while vs. multiple times daily..

  • Patch firmware, drivers and BIOS
  • Use a HP array in lieu of the B110i on-board
    • HP P212

Preforming the above alone improved the machine dramatically.

Ilo responds, however it does not respond to any of the virtual power commands, screen is dead, which screams hardware issue. So I am still having to hard reset once in a while, now it’s just less frequent. And when the machine is under heavy load, i.e. CPU 100% for long period of time or a lot of network transfer, it has a 6TB RAID on the P212, it dies more frequently.

Strange enough the second server I received has not died once since initially booting. Considering the unstable machine is a secondary server I may look into this again one day, for now it’s on the list… Or just buy another one and use this one for possessed parts works too.

Hyper-V Replication

I recently decided my home server was a little much for my needs. While the dual Xeon and 48GB of memory was ample for me years ago, I find I spend less time at home and more time at work in regards to testing. Because of that, I of course got excited and delved into looking at new hardware.

I liked the ML150 G6 I had been using, so I opted into purchasing two ML110 G6, same design and build, however only a single Xeon and capped at 16GB of memory. With SSD so cheap, disk isn’t and shouldn’t be a concern for anyone.

Of the two I purchased, one was the “main” machine, holding the 16GB of memory I needed for a few VM’s and a single build of SP. The other held disk resources, admin and the replica partner… aw, they are getting married! The replica housed much more disk space and way less memory. In the event of a failover, it would keep the lights on, relatively speaking, albeit slow due to the RAID5 and 6TB volume the VM’s were sitting on. I wasn’t too worried as it would only take a few hours to rebuild it all anyways.

After installed Windows 2012 R2 and getting Hyper-V up and running with the exact same configuration. Replication setup was relatively simple, painless and easier than I expected since my time with VMware had shown it shouldn’t be “that easy”. The steps to configure a partner in the same domain involved a few simple steps, selecting a server and some easily understood configuration options. They were in the same domain, plus, I used CredSSP, plus plus, all other settings were best recommendation and made sense to me, plus plus plus.

And now on to the not-so-fun-parts.. Some things I didn’t like…

  • Because I am picky about paths being the same between servers, I ended up completing the following list so that all the disks and configuration was in the same path. I know… why do I do this, I blame the internet or too many cartoons as a kid.
    • replicating to replica server
    • removing replication on replica server
    • re-setup replication to original primary server
    • replicate from replica to primary
    • removed replication
    • cleanup up replication on initial replica server
    • Re-setup replication

Overall, a good and quick experience. Now my VM’s are relatively safe (meh, who needs backups) from disaster.