Sunday, 14 November 2010

Ipad update and more problems with mail and SSL.

Well, I know a few people did not like how negative the last entry was, however I do not really think that anyone really disagrees!

The fact is, I love using the Ipad, and it is great for viewing PDFs/Ebooks, browsing the internet and emails - Which I did a lot on Friday/Saturday (and it was a joy to use), but after that, it is just a big Ipod/Iphone and I can not really see any "extra" benefits, if anyone wants to prove me wrong or say why you like it so much, please feel free.

Anyway, now a little update about the email problem.... and a bit more technical.

My setup here is basically a bog standard mail server that uses the standard SMTP, POP3 and IMAP ports, in addition, I have port 26 for Secure SMTP and 144 for Secure IMAP.... This is in addition to ports 465 for secure SMTP and 993 for Secure IMAP which the Ipad uses as default.

The reasons for alternate secure ports is simply down to the fact a few clients had problems connecting through some ISPs that blocked. It is not really the point, AFAIK, this should not affect anything as you can configure the ports on the Ipad.

The SSL / secure ports are set in the mail server using a self signed certificate with no chain. The mail server itself was the root of this certificate. In addition, this certificate is installed on any client machines that allows it, this includes a mix of Windows, Linux and Mac machines, as well as Iphones, Blackberrys, Nokias and a bunch of other devices. Apart from one Mac machine about a week ago, there has never been any problems connecting to the server.

Now comes the tricky bit!

I found the Iphone configuration utility (Works for Ipods and Ipads!). It is a brilliant tool that allows you to see a console log of the device


I used wireshark to try and understand what is going on at a deeper level. It seems that the Ipad tries to do some "funky" stuff and if the server either does not allow SSL or has a standard certificate, there is no problem. If however you have a self signed/single chain certificate, it fails.

I tried installing the certificate, it installs without problem, but the mail just doesn't seem to work.

Next, I always wanted to have a proper signed root certificate that I can sign other certificates against - for a brief time I used the Microsoft solution but that was a while ago. I just wanted a very small easy solution, so I used OpenSSL.

I created my root certificate, distributed it to all client devices, and created a new certiicate for the mail server (with the new root in the chain). When I applied the root certificate, it worked!

In this time, I also created a new SSL certificate for my intranet, website and a few other things.

I did this on Thursday night, and I was so happy - not only did I finally have my own root certificate configured, I got mail on my Ipad!!! Everything was fast and good - it worked just as you would expect.

When I went to a business event on Friday/Saturday, everything was perfect, (even connected well to my Microsoft VPN Server). I was using the web browser and mail the entire time and I cannot say how much I enjoyed it (which being from Apple, I am ashamed to say!).

Coming home, I was feeling a little tired so stopped at a service station for a little rest (and a quick email check!) - This time it was a public WIFI point. Again, after getting a little confused by the BT Opezone sign on system (I don't like the way Ipad opens up the page, and if you cancel, it disconnects... I found it a little weird, but I want to investigate it later), it worked fine.

Then I got home yesterday and the real fun begun. Over the trip, I must of connected to about 9 wifi points that I will never use again. One of my hates over all IOS devices is that there is no option to delete old WIFI points, so I chose the "Reset Network Settings" option... BIG MISTAKE.

(Additional Problem here, but one I can live with - even if you have a profile set that includes a WIFI SSID and code, it will keep the profile "installed" but will wipe the code - you need to retype. I can see this being a problem in enterprises as unless you have a 3G device, or reconnect it (via wire) to the configuration utility you will have to manually type it.)

Now comes the big problem - for some unknown reason, since then, MY MAIL STOPPED WORKING AGAIN.

The log shows:


I have tried everything I can imagine, deleting and reapplying the email account and the root certificate have not helped at all.

But, things get even worse now - I performed the same "reset network settings" option to the Ipod Touch here, and now it as well can no longer connect to the mail server (either unencrypted or encrypted).

In addition to this, it just appears that the root certificate does not get applied correctly - It is too hard to explain/show via Mail, so using Safari, I can show the following pictures.

Picture speak a thousand words, so here is something that I hope may help someone to help me...

Visiting an Intranet site with the Root certificate installed, or removed produces this:


Clicking details with the root installed: - Note the "Not Trusted".


Clicking on "Details" with the root removed :


Profile showing that the root is installed:



Using Safari and browsing to the certificate with the root installed (notice that it is trusted):


Using Safari and browsing to the certificate with the root removed:



Please note that even if I specifically install the certificate, it still does not work - this is not relevant as installing the root is all that should be necessary.

The last two are exactly as I expect it should work, I just can't explain the second picture - It knows the root, but isn't verifying.

This time, I have no idea. Because of all my previous problems, I can only conclude that SSL on the Ipad (and possibly other IOS devices) simply does not work as it should.

Oh - and, final note, Apple support are completely and utterly useless... their solution - "You can set up a Gmail account and forward your emails there"... When I tried to ask about SSL in particular, they put me on hold whilst they check... After the call was on for about 10 minutes, they hung up. Next call, I spoke to an idiot. Apple really do not make it easy for someone to try to like them...

I have tried reporting this, ask for help/feedback, but I am just getting no where. If anyone wants an email account on one of my servers, the public root certificate, a link to an SSL site protected by the root, or anything - I am happy to help if you think you can help!

Wednesday, 10 November 2010

My Ipad two day review

Well, I recently won an Ipad from a competition at a London Trade show after setting up a Coraid SAN in 10.6 seconds!

Well, what can I say... I hate Apple, but this is a bloody nice device! - I can't honestly say I think it is worth its price or would I have paid for it, but I do like it.

From the moment I first lifted it out the box, I thought it was a lot heavier than it looks. Having only previously seen pictures or other people with them, this caught me off guard!

I think after using Microsoft Surface for a few days a while ago, it is amazing to use Google Maps and manipulate a map in your hands! ... (Hey, have to mention MS somewhere!...), When I first saw MS Surface, I thought it was amazing - and has many benefits not in any other product, but it just is not being brought to mass market (Price, Size etc.), so I am happy to see some of this technology go mainstream, even if it is Apple with the Ipod Touch, Iphone or Ipad.

In addition to the above, With the release of Microsoft Kinect, I do wonder if surface will hit a dead end or merge in to something else.

I love the fact that I can use the majority of Iphone applications on it - it is a really nice feature.

Whilst messing around, in one application I rotated quite a few times, at one point I was using the device upside down without realising! It was only when I wanted to go back to the home screen I realised that the home button was at the top!

Now that I have given the positives, time for some negatives!

I will go in gently, not really a negative, but I wonder why the keyboard has the "touch/feel" positioning lines on "F" and "J", Just seems a little weird.

I would say, what I hate more than anything is that Apple have tried in most areas to go for simplicity over configuration/micro management. If they were to add just a few more features, it would make me so happy, For example (some apply to Ipod Touch/Iphone as well):

When connecting to wireless networks, it saves the connection so you can connect again later - You can only delete previous connections when you are in range of the network. From what I have read, you have the option to go in to "Settings > General > Reset > Reset Network Settings", however this just deletes them all. Would it really be so hard to have a list of previous connections?

When setting up Email accounts, you cannot configure anything advanced until after the initial setup, then you can change port numbers and more - Why can't they just have an advanced button and save you a bit of time.

Next, Consistency! This really surprises me being from a company that pretty much forces a single style on their desktop OS, but what gets on my nerves the most is how it appears to be random if you can or cannot rotate the screen to get a bigger keyboard. When turned it on for the first time, I went straight to the Maps application, it found my wireless connection and asked me to connect, but I fancied rotating, however it locked in to portrait mode and would not give me a bigger keyboard.

Going in to the Itunes Store from the device showed some weird and just bad styles. For example, I was browsing the TV episodes section and there is text that does not fit the buttons / style of the application either in portrait or landscape.

In my honest opinion, it is a lot better on the Ipad than on the Iphone/Ipod touch, however it can still catch me by surprise and I wish it was universal. There are a few other things I can mention on this, but I would rather wait until I have played a little longer.

The initial setup wasn't perfect - The first time I plugged it in, It started by saying that I previously plugged in this device and would I like to restore an image from an Ipod Touch (Before you say - did he purchase something from Apple - NO! It was my brothers before he got an Iphone!). I have no idea what would of happened if I continued. After this, Why on earth do Apple need so much information to set up a device... And I made a little image of what I think of the EULA (below).


When I finished this and it was time to actually sync, I thought I only had a few Gigs of data to transfer, however I didn't realise that it would copy across 16GB (well, 14GB according to Apple, I won't go in to that!) - so I can let it off the 4+ hours it took - However, it is still a lot of time with just a crappy little bar. Would it be too hard to give a bit of technical data that says xx/xxGB, or time remaining etc.

Getting deeper in to Itunes!... What can I say... Well, it isn't as bad as I thought it was. I have to do a lot of tweaking, disable update service, make sure it doesn't start with the computer etc. however, when actually in it, I like how it "brings things together", I am addicted to Itunes U, and podcasts.

Praises aside, I hate the music player/organiser, I think it would be so much better if it just supported the ability to sync music folders over - like you can with pictures.

I hate how slow Itunes in general is. When I want to the Itunes store, I hate the wait after clicking on something to download then having to wait after clicking the back button. I can understand multi tabs not being user friendly, but I would just love for something to be improved here.

When browsing a device, the applications section (Granted I have quite a few) is pretty slow, on the verge of unusable.

Next, again, I do have a lot of applications, but when going to the left most of the home screen to the search feature, it hangs for a few seconds after typing the first letter. I am surprised the device does not have better indexing/searching.

Camera - Ok, I can see that it doesn't really go, and I can understand why Apple left it out, but still, it would be nice for just a basic low res camera in the back or something like cheaper tablets have.... I have seen many Ipod AR applications and I think this could of been amazing on a bigger screen.

GPS - Again, the big screen seems to go to waste... I know the Ipad isn't a GPS device, but I still think that when paying all that money, it isn't a lot to ask for when the cost of GPS modules is insignificant and what it can add to the device.

Basic tools - Stop Watch, Timer, Alarms, Calculator etc. Do Apple just hope/think everyone has an Iphone? Even if they did, would it of killed them to add these applications? It would be nice to have a full graphing calculator, but I just think it is a shame not to even have a basic one. I don't want to purchase applications that do these features, or want a free one that has adverts all over it. I just think it is a real shame that these are not included by default.

Syncing (again) - Apple has so many technologies it loads up with Itunes (some good, some not so) - I just can't believe that they haven't got full syncing over wifi - I am guessing that this is simply because of them thinking it will take ages for large apps or movies etc, however, that is where having a descent progress bar that can tell you where you are can help! Right now, when I sync, and if it performs an automatic backup, I don't know if it is going to be a two minute job or over half an hour... annoying.

Video saving. - Just during my messing around, I wanted to try that Talking Tom application that I have heard. so much about... I love it! I recorded a video and sent it via email, however I then went in to saved messages to try and save a copy / spy on how the Ipad handles attachments, and I tried to click on it then the download, but it just did nothing. I am unsure if this is related to my next problem... the big one...

Email... No matter what I do, I cannot get this to work. If you want to know the real technical details, I have said everything on the Apple Stack Exchange Site and the Apple Support Forums - to this moment, I have not had a response. In addition, there is a bug that prevents the deletion of SMTP servers with the same name as the main account. Renaming first allows you to delete fine.

Without going in to too many details, I have a semi-advanced setup - A self signed root certificate and Imap/SMTP on non standard ports. No matter what I try, I just can't receive emails. I am sure this is a bug as I have no problem on any other device - my Ipod touch or my brothers Iphone - or for a lot of my clients with I that I host for (although, I don't know if anyone else uses an Ipad).

I have to say, this is a big one and something that annoys me the most, if it doesn't get resolved, I will be mad.

I just wanted to say, I thought that the Ipod Touch (I think second generation) was amazing for it's size, but still quite big. After using the Ipad, when I pick up the Ipod, it feels amazing just how small the thing is, the screen feels absoloutely squished and minute!

It is as if my mind has reversed the order they came out in - Rather than thinking of the Ipad as a big Ipod/Iphone, It just seems like the Ipod/Iphone is a small Ipad! As someone who likes to get inside electricals, I do wonder why the Ipad is as big as it is - if it is not more powerful than an Iphone 4g - (with the exception of a bigger screen), why is it so much bigger/heavier, unless it is all battery back there? I may be wrong here, I welcome comments!

Well, I think that is about it for this one! I hope this has been a good read. I won't lie and I said it before, I am pretty much an Apple (company) hater, but I can appreciate good hardware from whatever company it comes from. If I had a Ferrari, I could probably find flaws with a floor mat - these are just my oppinions from using the device for a few days.

Sunday, 19 September 2010

Enable Google Chrome's hidden PDF reader

I had a download manager I used a while ago in order to test RTMP downloading (it failed!), and it has been annoying me for a while, intercepting some Chrome Downloads.

I tried looking through the extensions menu, but could not see it listed so I was a bit confused on how it was doing this.

So, I uninstalled the software and then the next time I did a download, I got to a page that said "Missing plugin".

Having another look in the menu, I cannot see anywhere to configure plugins, only extensions - The extension page is "Chrome://extensions", so I took a stab in the dark and typed "Chrome://plugins" and it worked!

On this page, I was able to fully remove the plugin I no longer wanted, but I got a surprise and found "Chrome PDF Viewer"

I disabled Adobe PDF reader and enabled this.

On it's first run, it is a little slower (I guess the plugin was starting), but once it was loaded, everything about it is much faster and it enables me to highlight and copy text in PDFs where Adobe's reader sometimes fail.

I have no idea why this is disabled by default, but I am certainly going to be using this from now on. Lets just hope Google come out with a Flash alternative soon!

Connecting Ubuntu (or other distributions) to a Windows Server VPN

After someone said about the Microsoft VPN Server being locked to Microsoft clients, I decided to give it a further look. Long story short, it works fine! Here is how to do it:

I tested using an Ubuntu Live disk.

I went to "System" on the menu, then "Preferences" and then "Network Connections".

Select the "VPN" tab and add a new connection.

Type the address and username. You can type the password if you do not want to type it each time.

By default, Ubuntu does not use VPN encryption, so this option needs to be turned on under the advanced option.

Then, select the network menu near the top right hand corner, go down to VPN and connect.


If you have a Windows Server and have not set up VPN access yet, read this guide to get it going in less than five minutes!

Friday, 17 September 2010

Fix no / invisible / blank picture in Tweetdeck, Seesmic or other twitter clients.

From time to time, I see tweets in Tweetdeck (the client I am using) from people who do not seem to have a profile picture.

Took me a while to figure it out. Whilst Twitter itself allows you to upload .JPG, .BMP or .PNG pictures, for some reason, twitter clients only like .JPG files.

If you or someone you know is having this problem, simply go here - http://twitter.com/settings/profile and change your picture to .JPG

If you do not know how to convert your picture, the easiest way is to go to your Twitter page and download your big profile picture, then use a service such as this that will do it for you or alternatively, open it in Paint (or any image editor) and choose save as, and choose .JPG image.

Now upload this new image, and it should be fixed!

In Tweetdeck (possibly others), your picture is drawn as and when you Tweet, you will only see the picture from this point on and not for previous tweets.

Many thanks to @Blowdart for telling me that I was one of the people who had this - I simply had no idea and not sure how anyone would know that they are affected unless someone has told them.

Thursday, 9 September 2010

How to configure Windows VPN in less than 5 minutes!

There are many software and hardware solutions out there that allow VPN connections in to your home network. Some of these solutions are free and lightweight, however (perhaps foolishly), I have just never trusted them as they usually go via a third party service.

I have always wanted to have proper VPN access to my home network but have just never got around to it for one reason or another, however, I have a machine doing nothing here and I thought it was about time... and it is seriously so easy to do, I wish I had done it sooner!

With this guide, you should be able to get a full Windows VPN tunnel set up in less than 5 minutes!

For Windows Server 2003 Server go to 2b.
For Windows Server 2008, read below.


1. To start, In Windows 2008, you have to go to server manager and install the following roles:

[ ] Network Policy and Access Services [NPAS]
[ ] Network Policy Server [NPAS-Policy-Server]
[ ] Routing and Remote Access Services [NPAS-RRAS-Services]
[ ] Remote Access Service [NPAS-RRAS]

2 a). Next, Go to computer Management and expand Services and Applications.

2 b). (For Windows Server 2003) Go to "Administration tools" > "Routing and Remote Access"

2 c). Right click and choose "Configure and Enable Routing and Remote Access"


3. The predefined VPN templates require two network cards and if you only have one, it will come up with an error. I am unsure why as it is not actually required. To continue, choose the "Custom Configuration" option.

4. Select the "VPN access" option.
5. Confirm your selection and finish the wizard

6. By default, Routing and Remote Access will pass DHCP requests through, however, I have encountered mixed results through this option (I think due to gateway settings), and prefer selecting the "Static Address Pool" option which I also think is a lot faster at connecting.

You can configure this by right clicking on the computer (where you clicked above in stage 2c) but this time choose properties, and go to the IP tab.

Assign as many IPs as concurrent VPN connections you want - make sure they are working IPs within your current subnet. If they are covered by your current router (or DHCP server) and you are not able to setup exclusions, you can simply make DHCP reservations for fictional MAC addresses and that will keep them unregistered by DHCP clients.

7. Go to Computer Management > Users and groups and create a new user. Make sure that you allow remote access in the "Dial in" tab.

8. At your firewall/router, make sure that UDP port 500 (IPsec) and TCP port 1723 (PPTP) are forwarded to the server.

And that's it! Done!



If you are not sure how to create a VPN connection to the server in Windows, follow this guide (For Windows 7/2008):

Go to "Network and Sharing center" and choose "Setup a new connection or network" option.

Simply type the ip address of your server, and the username and password that you set up (leave domain blank) and you are done!


Under the quick connections menu on the taskbar, you will be able to easily connect to the VPN whenever you want (and when outgoing ports are not blocked!)

I did a quick speed test when out and about and was able to reach a download speed of my home upload speed! It works very well and is satisfying to see my own IP address on IP checking sites!



FYI - I love everything I have seen about DirectAccess - it is a far superior solution, but I simply do not have the infrastructure at home to support it. Hopefully in the future, I will be able to deploy it and write a similar guide (although I think it will be more than 5 minutes work!)

*Windows Server 2008 Web edition is not supported, It requires the Remote Access role to be installed.

Tuesday, 23 March 2010

Netgear wireless devices disables XP welcome screen

Over the past few months, I have had so many jobs in for repair because people think that there is a problem with their machine as the Windows XP welcome screen disappears and instead the classic logon screen / Domain login screen is there instead.

To fix this, simply open up registry editor and navigate to

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\winlogon

From here you should see a key called Ginadll with a value of mrvgina.dll - Simply delete this and you should instantly see the welcome screen.

There are quite a few Netgear products that come with this driver and I have no idea why - it doesn't seem to do anything and everything works fine when the key is deleted.

If you do not want to do this manually, here is a .reg file to run which should do the same job: http://ezpcltd.com/netgeargina.reg

Hope this helps you!

As this has been quite a little earner with a lot of jobs, I wasn't sure to publish this, but I think the sort of person who would self-fix wouldn't come to someone like me for a repair anyway... and I want this blog to be a honest source of good information!

Thursday, 11 February 2010

BT peak hours change

Just seen the interview with a man from BT on Working Lunch Iplayer Link (Valid for 7 Days).

Basically, BT are changing the off peak hours from its current time of 6PM-6AM to a new time of 7PM-7AM.

What a load of rubbish! I understand what the bloke from BT was saying on the show - and on Working Lunch, the figures were about making call every day - however, I am not that different.

I usually make a 10-20 minute call every other day at around 6:30, this is currently completely free with BT - now I will be paying about £15 a month for these calls unless I sign up to their any time package at £4.99 a month.

I think that is just a way of getting cash from people who do not know about this change or a way of forcing people on to their £4.99 a tariff.

I have long hated BT, but I am on a LLU internet package that I love and there is little other choice. Personally, I think I would rather change my habit and make my calls after 7:00 instead rather than give a penny more to BT. How they can defend their position and say that not many people make calls straight after 6:00, I have no idea.