Definition Update for Windows Defender – infinite loop

I recently came across an odd situation involving Windows Server 2016 and WSUS updates.

On the WSUS server, I typically see several new Definition Updates for Windows Defender (KB2267602) every day. E.g. on 2017-11-26, Microsoft released:

  • 1.257.995.0
  • 1.257.996.0
  • 1.257.998.0
  • 1.257.1001.0
  • 1.257.1003.0
  • 1.257.1005.0

The update with the highest number will supersede the others, so I only approve that one. I then install this update on my other servers, and verify that they’re all up to date with patches (0 needed).
NB Windows Defender only runs on Windows Server 2016, not Windows Server 2012 R2 (or older). I’ve only tested this on core server, not the GUI edition.

Continue reading “Definition Update for Windows Defender – infinite loop”

Windows FTP clients

I’ve recently been setting up a new FTP server, and I wanted it to support FTPS. However, I ran into a few problems when I tested it, which turned out to be partly due to the client software I was using. I’ve been using CuteFTP for several years: I registered for version 1.0 back in 2001, and I’ve been using version 8 since 2007. However, I’m now abandoning that in favour of FileZilla.

Continue reading “Windows FTP clients”

Upgrading Cisco Unity Express

I recently upgraded an NME-CUE (Cisco Unity Express Enhanced Network Module) from version 3.2.1 to 8.6.7. This module was moving from a 3845 router (running CUCME 7.1) to a 3945 router (running CUCME 10.5), so these versions match the compatibility matrix. On the whole, this went fairly smoothly, but there are a couple of issues to be aware of.

In brief, there were 4 main steps:

  1. Backup the current configuration and data.
  2. Download and install the upgrade package.
  3. Migrate licences to CSL.
  4. Sort out the Message Waiting Indicator (MWI).

Continue reading “Upgrading Cisco Unity Express”

Native IPv6 in dd-wrt

As I mentioned in a previous post, I installed dd-wrt (kernel 2.6, VOIP, build 14896) on my wireless router (Linksys WRT320N), which connected to a VDSL modem using PPPoE. After that, it worked fine for IPv4, so I had the same functionality as the original Linksys firmware. However, the purpose of the exercise was to get IPv6 support: this turned out to be easier said than done. I was eventually able to get it working, so if you only want the short answer and aren’t interested in all the troubleshooting steps that I went through, scroll down to the Conclusion section at the bottom of this post.

Please refer to my IPv6 router post to get an overview of what I’m trying to achieve here. Most of the documentation that I’ve found assumes that you’re using a tunnel: this is similar to a proxy server, where you have an IPv4 connection to a machine on the internet, then that machine connects to your real destination using IPv6. However, I have native IPv6 connectivity from my ISP.

Continue reading “Native IPv6 in dd-wrt”

IPv6 router

As I’ve mentioned before, I switched my home ISP to A&A so that I could get IPv6 on my internet connection. That gave me 2 pieces of the puzzle (OS support and internet connection), but I still needed to sort out my network infrastructure, specifically my router. This post says what I’m trying to achieve, and it would apply to any router, regardless of the hardware/software involved. I’ll save the details of how I actually went about it for other posts, which are specific to the particular equipment.

On the client side, this should all be invisible. Someone should be able to turn up with a suitable device (e.g. an iPad or a laptop running Windows) and automatically get IPv6 internet access without having to do anything extra. They may have to type in the key for the wireless network, but that’s the same for IPv4 and IPv6. Similarly, they shouldn’t notice whether they’re accessing a particular site (e.g. Facebook) over IPv4 or IPv6; the only visible difference should be that IPv6-only sites (e.g. Loops of Zen) are now available, whereas they weren’t before. I’ve bought an iPad app to help me with my testing (IPv6 Toolkit) but that’s just a diagnostic tool and you don’t need it to actually use IPv6. In fact, as of IOS 9, it’s a requirement for all iPad apps to support IPv6.

On the router side, I want feature parity between IPv4 and IPv6 (where it makes sense). For instance, NAT (Network Address Translation) is a necessary evil in IPv4 and I’ll be glad to see the back of it, so I don’t want an IPv6 equivalent (NAT66). However, if a router says that it supports IPv6 and PPPoE then I expect it to support IPv6 over PPPoE. I also expect to be able to ping IPv6 addresses; I’d prefer to use the same command (ping) for both IPv4 and IPv6, but I don’t mind if I have to use separate commands (e.g. ping6 in Red Hat Enterprise Linux 5) as long as the functionality is built in.

I would like to have some kind of firewall built into the router (e.g. ip6tables), but that’s not essential; if necessary, I’m willing to use a separate device for that.

When I set up a router for an IPv4 xDSL (ADSL/VDSL) internet connection, I don’t have to type in the public IPv4 address: that comes from the ISP. In a similar way, I would like an IPv6 router to pick up the equivalent IPv6 address range automatically. However, if I have to type in the router’s IPv6 address manually then I can live with that; this is just a one-off job until I change my internet connection, rather than something I’d have to do on a daily basis.

Continue reading “IPv6 router”

VDSL modem

Back in 2011, I had VDSL installed in my flat. As part of the installation, the BT engineer replaced the faceplate on my master phone socket and also supplied me with a new modem:

Modem 1

Earlier this year, the modem developed a fault and I couldn’t get online. Annoyingly, this happened on a Friday evening, so A&A’s tech support had closed for the weekend. I got in touch with them on Monday morning, then BT sent someone out on Tuesday morning and I was back online by 09:30. So, I didn’t have internet access for 3½ days, but if the same problem happened midweek then presumably it would be resolved more quickly.

Continue reading “VDSL modem”

CompTIA CE

In 2007, I passed CompTIA’s A+ exams; that gave me a qualification which is valid for life. In April 2012, I enrolled in the CE (Continuing Education) program. In April 2015, I passed the Network+ exam, which gave me the Network+ ce qualification (valid for 3 years). Since I was within the deadline, I could also use this exam to get the A+ ce qualification, but that involved navigating CompTIA’s website: this blog post explains how to do it, since they haven’t made it obvious.

My main concern was that I’d cut it quite close with the timings. I took the Network+ exam on 2015-04-24, and the deadline for A+ ce was 2015-04-26. When I got the printed report after the Network+ exam, it said: “Please allow five business days for your CompTIA web record to be updated with exam results.” So, if the website didn’t process my results until after the deadline had passed, would I still be ok? Also, I took the exam on Friday and my deadline was Sunday, so I had less than 1 working day. However, it was all fine so if you’re in a similar situation then don’t worry about it.

Continue reading “CompTIA CE”

CWTS

Last month, I took the Certified Wireless Technology Specialist (CWTS) exam. This is issued by CWNP, who are similar to CompTIA, i.e. it’s a vendor-neutral exam rather than being based around specific technology (e.g. Cisco access points).

The CWNP website says: “The CWTS certification validates the knowledge of enterprise WLAN sales and support professionals who must be familiar and confident with the terminology and basic functionality of enterprise 802.11 wireless networks.” Similarly, when I booked the exam on the Pearson Vue website, they list it as: “PW0-071: Certified Wireless Technology Specialist – Sales (CWTS)”. This exam isn’t a pre-requisite for any of the higher qualifications, so you could start with the CWNA instead (“the foundation level enterprise Wi-Fi certification for the CWNP Program”). As I understand it, the main difference between the CWTS and the CWNA is “what vs. how”, although I don’t really know enough about the CWNA yet to comment in detail.

Having said that, I learnt a lot by preparing for this exam, and I think there is quite a bit of technical detail in here. For instance, here’s section 3.6 of the exam objectives:

Understand and apply basic RF antenna concepts

  • Passive Gain
  • Beamwidth
  • Simple diversity
  • Polarization

I think there are a lot of IT professionals who would struggle to define all of those terms. Similarly, here’s one of the sample questions from the start of the textbook:

What can contribute to voltage standing wave ratio (VSWR) in an IEEE 802.11g wireless LAN circuit?

  1. Output power of the access point
  2. Impedance mismatch
  3. Gain of an antenna
  4. Attenuation value of cable

So, this is a bit more involved than just saying “Buy a wireless router and plug it in at home”!

Continue reading “CWTS”

Installing dd-wrt on a Linksys WRT320N wireless router

Back in 2011 I switched ISPs to A&A, primarily because they support native IPv6. Incidentally, 3 years on I see that you still can’t get IPv6 from Zen, so I made the right choice by switching.

Windows has had IPv6 support included by default since 2006 (i.e. Vista onwards), so the missing piece of the puzzle was my wireless router (a Linksys WRT320N). Unfortunately, the built-in firmware doesn’t support IPv6. (Source: Linksys devices that support IPv6.)

So, I investigated open source alternatives. There are a few different firmware projects out there, which all seem to be based on Linux. According to the OpenWRT wiki, it isn’t supported on the WRT320N. However, the WRT320N is listed in the dd-wrt router database, so I chose that instead. JP Hellemons wrote about this in 2010 (How I upgraded my Linksys WRT320N to DD-WRT v24); he also checked Tomato and HyperWRT, and neither of those were compatible. However, apparently the NoUSB edition of Tomato USB does support the WRT320N.

Update (2019-03-15): OpenWRT does now claim to support the WRT320N, although they don’t recommend it. Meanwhile, the Tomato USB website is now inactive, because the developer has ceased work on that distribution.

Just to forewarn anyone else who’s in a similar position, this isn’t a simple process. Here’s a good (valid) rant about how complex it is. I heard a good phrase a while ago: “Open source software is only free if your time is worthless.” I.e. if you assume that your time is valuable, consider how long it will take you to get a system working. Is it worth paying money to save yourself some time? For instance, in this case I could replace my router with a different model that has IPv6 support built in. (You will still need to invest some time in learning any system, but maybe you could reduce that from a day to an hour.)

In brief, I (eventually) got the router working fine with dd-wrt over IPv4. IPv6 took a bit longer; I’ve elaborated on that in another post (Native IPv6 in dd-wrt).

Continue reading “Installing dd-wrt on a Linksys WRT320N wireless router”