Reporting Web Service for Office 365

There’s an interesting web service that could be used to pull reporting data from Office 365, assuming you can authenticate using your tenancy’s service admin. Here the URL for the service:

https://reports.office365.com/ecp/reportingwebservice/reporting.svc/

Microsoft provide a plug-in to Excel that uses this service and it can be used to pull mail protection statistics from your Office 365 tenancy: https://www.microsoft.com/en-us/download/details.aspx?id=30716

File extension for Windows Language Packs

For some reason I have a mental block and can’t seem to remember this, but instead of using dism to install language packs on Windows 7 or above, like this…

dism /online /add-package /packagepath:<path to language pack .cab file>

…you can also simply rename the .cab language pack file to have the .mlc file extension and double-click it.

There’s yet another way too, and that’s to run the lpksetup.exe utility and point it at your .cab file I think. Haven’t tried that though as I think the .mlc method is easier.

Secrets of configuring DHCP policies for Lync handsets alongside other vendors

After battling with a non-Microsoft DHCP server to get it to configure multiple vendors of handset I figured out some very useful undocumented ‘habits’ of Lync handsets which might help someone else…

1. Lync handsets (e.g. the Polycom CX600) use TWO vendor IDs during their DHCP requests

The first vendor ID that is used during negotiation of an IP address is “CPE-OCPHONE”. This is the legacy ID that was used during the OCS 2007 days. Despite being legacy it is actually the first one that appears on the wire. Knowing this if you are struggling with getting Lync handsets to do vlan tagging you’ll hopefully realise that CPE-OCPHONE is the vendor ID you need to be using in option 60 for the vlan tagging configuration policy in DHCP.

The second vendor ID used is the modern Lync handset ID, namely “MS-UC-Client”. This is the one you use in option 60 when you provide the configuration to the phones.

2. If you have to use a non-Microsoft DHCP server (e.g. QIP) and you are in the middle of migrating from an IP-PBX (e.g. Alcatel) over to Lync but need to use the same voice vlans for both handset vendors, make life easy and use Vendor Class policies.

Using Vendor Class policies assigned to your voice networks means you can have multiple DHCP policies available on a single subnet! This way you can have non-voice clients that get a standard policy, and multiple vendor handsets that can get their own configuration sets. You could configure each individual IP address to have a single DHCP policy and statically assign phones to pre-configured IPs, but that doesn’t scale and it’s horrible to deal with.

Microsoft use vendor classes, and for good reason, so make sure you do your best to configure your non-Microsoft DHCP to use them too. Having to use multiple vendors’ phones is a pretty rare thing so you may not be able to get much support from anywhere.

3. Get hold of a simple network hub and use this with wireshark on a laptop to monitor DHCP traffic. It’s much easier than guessing what settings are (or are not) working.

4. If your network switches support LLDP-MED for goodness sake use it!

LLDP-MED is so much easier to handle and can be assigned to all ports on a switch instead of having to assign a specific voice vlan for a specific port. That and if you can use LLDP-MED you will not need to configure the phone to know what vlan to use for tagging because the LLDP protocol will do that for you.

5. When you’re stuck with a non-Microsoft DHCP server, read this article and this one from TechNet. The info you’ll need is there, they just haven’t really explained it too well.

I plan to do a deep dive into the stages a Lync handset goes through at boot-up and initial configuration in a later article, so if you find any of this of use you may wish to watch out for it.

Use a D-Link DIR-825 to automatically IPv6 your network

(Please note this article is now somewhat out of date as D-Link have started to trickle out a new version of software for this router which changes its ipv6 functionality and completely fixes the ipv6 router advertisement issue – here is an EU beta version that I found after scouring the d-link forums: DIR-825 2.05EU, and I think the US version is available from the US ftp site too.)

My cable router died recently so I took the opportunity to replace it with something good. I grabbed a D-Link DIR-825 (revision B) since I knew it supported IPv6 natively after doing lots of research and finding an excellent list on SixXS.net. It was a bit pricey (£120) but I believe it was worth it for the massive feature set – including the quad-band wireless which has prooved excellent so far.

Set-up was super easy. As with most cable setups, just plug it in to the modem and you’re away since there’s no mess with internet credentials, at least in my case anyway.

Now the IPv6 bit. I have a subnet obtained from Hurrican Electric’s Tunnel Broker and when you’re given a subnet they offer you a /64 subnet, and a routed /48 subnet as well. You should only need the /64 subnet, but you can get the /48 as well if you like, we won’t use it here.

Assuming you’ve signed up at HE and acquired an IPv6 subnet, keep the tunnel details page handy so you can use them in the admin interface of the router.

In the advanced section of the DIR-825 switch to the IPv6 page. Then change the connection type to “IPv6 in IPv4 tunnel”. Now we start entering addresses…
The remote and local addresses match up with the addresses on the tunnel details page, so for the Remote IPv4 address use the “Server IPv4 address” from the tunnel details page, Remote IPv6 address is the “Server IPv6 address”, and so on for the local addresses, using the “Client” addresses.

Key here is making sure you don’t include the “/64” bit and also remember to not use the short notation for the v6 addresses. For example if you have a server ipv6 address that says: “2001:470:1234:567::1/64” you should instead enter “2001:470:1234:567:0:0:0:1″. That’s because IPv6 addresses are usually given in a more human-readable format and they miss out the pointless bits, like the zero-sections at the end (where shorthand like :: is used to mean :0:0:0: ). Do the same for the client IPv6 address too.

Now you want to type in your routed /64 address in to the LAN IPv6 Address for the router. The tunnel details page will just give you a subnet notation (e.g. 2001:470:1235:567::/64) so stick a 1 on the end before the /64 and that’ll be your router’s internal LAN address, (e.g. 2001:470:1235:567:0:0:0:1). Notice that the  3rd section of the address will be 1 number higher than your client IPv6 subnet.

Finally in the address autoconfiguration section, check the enable autoconfiguration box and switch to Stateful (DHCP v6). This will give IPv6 addresses to your clients that support DHCPv6. I believe you don’t have to do this, and you can use stateless to do it aswell, but I wanted fully public IPv6 address, so I’ve gone for stateful in my case.

And so finally we click the Save Settings button at the top, and you’re done! Time to test it out. Try ipv6.google.com for starters 🙂
Ocassionally it doesn’t work. If not check on the tunnelbroker.net site and make sure you router’s wan ip address is listed on the tunnel details page. If it isn’t you need to get that filled in, so click the link next to the client ipv4 address entry and fill it in. Hopefully you have a static IP don’t you…! There does seem to be a way of dynamically updating the client ipv4 address with hurricane electric, but that would still mean updating the config on the router which would be annoying of course.

Here’s a sanitised screen-shot of my router config for reference:

Added on 20th Feb 2011: I realised recently that IPv6 wasn’t quite working all of the time on my computers served by my router and after extensive investigation I discovered that the router wasn’t advertising it’s link-local address often enough (or at all). As a result my IPv6 clients were finding they didn’t have the necessary routes to talk IPv6 to the internet.
The solution turned out to be to add a persistent static route to the IPv6 internet via the internal Link-Local address of the router.
Here’s the fix, just run it from an admin cmd prompt, and replace the [link-local address] section with your router’s link-local address (which you can find on the ipv6 config page):

route -p add ::/0 [link-local address]

Get your own IPv6 address range

IPv6 Certification Badge for njfclarkI recently decided to learn about IPv6 and signed up to get my own IPv6 address range. It’s all free and your learn loads in the process.

Just visit http://www.tunnelbroker.net sign-up and get learning about IPv6!

They provide a free PPTP VPN tunnel service so you can set your laptop to have its own static IPv6 address no matter where you’re connecting to the internet from. Plus you get free DNS management and rDNS too!!!

I have to say, it’s pretty cool to be able to give my laptop a static forward and reverse AAAA record.
Oh and if you do it soon you might get a free T-shirt too. Just make sure you put in your correct home address details and T-shirt size in the personal details section. It’s all to aid promoting the switch to IPv6.

— A follow-up post on how to use your new IPv6 range on a D-Link DIR-825 cable-router to give your whole network IPv6 automatically is here

Removing Troublesome Crapware

My mum just got a new Dell Studio laptop. The thing completely rocks and blows even my desktop PC out of the water. There’s a small problem, and that is of course that it’s a Dell and it came filled with crapware! So naturally I’ve removed it all. However one of the applications was a real pig….

The culprit was the “Dell DataSafe Local” client. It has two components, a support component and an application component. The support part removed easily, I expect it was just documentation. However when I ran the uninstaller for the application part (elevated of course – this is a Vista x64 machine) the uninstall would begin but after a little while taskmgr shows it’s using 100% of one of the CPU cores (thank god for dual-core!) and the memory usage is rising heading for infinity, a nice little memory leak. Great that’s not going to work.

So I think maybe a reboot and a repair then uninstall again will help. No, can’t do that as the installation source media is not on the original application support DVDs. Most likely it’s buried somewhere inside a hidden .wim file on the support partition – I’m not downloading the WAIK on a brand new laptop just to get to that! OK so now what? Surgically remove it from the registry and unregister all the dll’s? No way, it’s hundreds of MB and I expect it’ll leave crap everywhere and mess up this lovely new laptop in the process.

I’ll stop wasting time…the answer with most problems like this is to use the fantastic sysinternals tools from the godlike Mark Russinovich (he has a great blog by the way). So I grab psexec, drop to an elevated command line and – the naughty bit – I run a cmd.exe as the system user… running the setup from there as system works like a charm and the crapware is dust 🙂
In all likelihood the problem was the usual crap installshield uninstaller and it was probably wrongly changing elevated states so couldn’t gain access to the files it needed to delete.

Anyway, if you have trouble uninstalling something, try removing it as the system user using psexec, it more than often will sort the problem good and proper.

How to remove “Dell DataSafe Local”:
click the start button
cmd.exe (ctrl+shift+alt return) [this runs cmd.exe as an elevated user]
cd\
psexec -d -s -i %comspec% [runs cmd.exe as system, interactively, and without waiting for it to close]
– switch to the new cmd window that has opened –
"C:Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe"

Find a computer’s model using the command line or in a batch file

Say you’ve got a script and you want to run something in that script that only runs if you’re on a specific type of machine, what can we do to find out what machine we are on?
Some might say “use vbscript and do a wmi call”. Well yes you could do that, but that’s needlessly hard! Use this simple command instead…

wmic csproduct get name

On my machine that returns two lines, one saying Name and another with my machine’s model name: HP Compaq dc7600 Small Form Factor
How cool is that!! Basically here we’re using a WMI command line tool. There’s lots to it, just type: wmic /?

So to use this in a script we’ll need to check for the existence of a particular machine name being returned, we can use the find command a different way and return the number of lines with a specific word in it. If we get 1 or more lines with that word then we’re on the machine we’re looking for.
Here’s an answer:

wmic csproduct get name | find /c /i "7600"

On my machine that returns a 1, so we just need to parse that into a variable and use a simple if statement and we’re there:

@echo off
for /f "delims==" %%a in ('wmic csproduct get name ^| find /c /i "7600"') do set /a machine=%%a
if %machine% geq 1 (
echo Running on a 7600 machine
) else (
echo Not running on a 7600 machine
)

[script now works, thanks to the comment pointing to the pipe-char issue]

You could modify that to do a goto to jump to another part of your script I guess. Just change the "7600" part for something that uniquely identifies the machine you’re looking for in your environment.

Ths works on XP and Vista. I think it should work in WinPE too as long as you have the WMI add-in installed.

— Updated 2011-10-06 —

And now here’s a better version of my script which will help people who want to use it to batch things a bit more easily!

@ECHO OFF
REM do a wmi query to get the info we want and put it in a variable
FOR /F "tokens=2 delims==" %%A IN ('WMIC csproduct GET Name /VALUE ^| FIND /I "Name="') DO SET machine=%%A
ECHO Computer model: "%machine%"

REM Now we have the model in a variable we can do some logic and run commands, for example...
REM Watch for stray spaces at the end, take out all spaces with: SET machine=%machine: =%
IF /I "%machine%" == "Latitude E6410" (
REM do something specific for an E6410
) ELSE (
REM do something for other types
)

— Updated 2013-09-21: new version of this article using PowerShell here