Windows Server 2012 R2 Direct Access grabs port 6602 needed by Server Essentials Connector

If Googling brought you here, I hope the title says it all for you. I recently deployed a Server 2012 R2 machine with the Windows Server Essentials role enabled. The Anywhere Access / Remote Web Workplace component was very interesting, but just would not work for me. The Connector would install OK on the client PC, but it was always greyed out and would show “Cannot Connect to [Server]”. Netstat -ano would show SYN_SENT for port 6602 on the client PC, but the server would never respond.

C:\Users\PCUser>netstat -ano|findstr :6602

Server Essentials (and by extension the Server Essentials Role) uses port 6602 to communicate with client PCs. By default, Direct Access grabs ports 6000-47000. You see the problem here, right? Port 6602 is right in the middle there, being grabbed by Direct Access, so Server Essentials can’t talk to client PCs.

What you want to do is make sure that Direct Access gives you your one measly port and it can keep the other ~41,000. Run the below command from an elevated powershell prompt, replacing the x.x.x.x with your server’s IP. The extra pinhole for 8192 is to make sure that the PC backup service can talk to the server too. I cared less about that, but I guess it can’t hurt to help it out.

Set-NetNatTransitionConfiguration –IPv4AddressPortPool @("x.x.x.x,6001-6601","x.x.x.x, 6603-8191","x.x.x.x,8193-47000")

After running that, I ran netstat -ano|findstr :6602 again and saw this

C:\Users\PCU>netstat -ano|findstr :6602

You shouldn’t even need to reboot anything. That Connector icon should go from grey to green pretty quick. Special thanks to Small Business Susan’s blog post about opening this port in Direct Access.

TECH NOTE: How to migrate from AOL to Google Apps

NOTE: This guide is intentionally written very sparsely. It is not a step-by-step guide for a layperson. I cannot and will not hold your hand while you do this. I wrote this guide because I didn’t see anything like it online and I wanted to leave it here as a quick guide for other techs. I can’t offer support for this procedure. If you need computer repair in Houston, then please call me and I would be glad to do this for you.

This was a fun one.

One of the services I offer my clients is help migration from old email systems (AOL, self-hosted, Exchange) to Google Apps. The benefits of Google Apps are numerous, but that’s not the point of this note. The point is to drop a line to fellow techs who might need help migrating a bunch of old AOL mail to Google Apps. The problem mainly lies in the split nature of AOL’s email. There’s some mail that is stored on the server, and that’s easy to access via IMAP. But then there’s probalby loads of mail stored on the user’s PC in their PFC (Personal File Cabinet), also called “Mail Saved on My PC”. While AOL allows you to take “Mail Saved on AOL” and move it to “Mail Saved on My PC”, they don’t let you move it back to AOL. So it’s stuck in the PFC until we liberate it. Here’s what you’ll need to do to get everything migrated over:

Migrating PFC/Stored on My PC Email

  1. Find the user’s PFC file and copy it to your PC. AOL has instructions for finding the PFC file here.
  2. Convert the PFC file to individual EML files using Emailchemy. I used Emailchemy before when converting Apple Mail into a format I could use to transfer to Google Apps and it works very well. It’s a real lifesaver if you’re trying to convert lots of mail to something universal.
  3. Coalesce these EML files into a PST file using EML to PST Converter. The name isn’t anything special, but it does the job well.
  4. Use Google Apps Migration for Microsoft Outlook to upload the contents of this PST file into the Google Apps accounts.
  5. Rinse and repeat for all your AOL users being migrated. You can run multiple instances of Emailchemy and Google Apps Migration in parallel, but you can only run one instance of EML to PST converter at a time, so plan accordingly.

That’s if for the offline email. Now we’ll use another tool for the mail that’s left on AOL’s servers.

Migrating Online Mail/Mail Saved on AOL

  1. Install Google Apps Migration for Microsoft Exchange/IMAP
  2. Set up your GAMME Environment (install GAMME, create user CSV, set up Transfer API)
  3. Begin the migration from AOL to Google Apps

Odds and Ends

  1. Export AOL contacts either from the desktop client or the AOL web interface (I prefer the web interface) and import into the user’s Google Apps account
  2. Use GMail’s Mail Fetcher to collect future email and save in the user’s Google Apps account

That’s it! This was a fun migration. If you’re in Houston and your company needs help migrating to Google Apps, please don’t hesitate to contact me.

TECH NOTE: You can’t skip a CHKDSK on a MacBook Pro running Bootcamp

Something I learned the hard way yesterday. Due to some odd glitch in the Macbook Pro (untested with other models) running Bootcamp 3.2 (untested with other versions) for Windows XP (untested for other versions of Windows), the keyboard (both physical on-laptop and USB) is unresponsive between the point where can hit F8 to get into Safe Mode and the point where Windows XP loads.

That means that anything that runs between the Windows XP logo scroller and the log on screen can’t be interacted with. Further, that means that if your disk has the NTFS dirty bit set, and it needs to run a CHKDSK to fix whatever is wrong and to reset that dirty bit, there’s nothing you can do to stop it. The keyboard is completely unresponsive. The “Press any key to skip this check” will count down no matter how many keys you mash. You’re stuck here. Get a drink.

You can use the keyboard to hit F8 to get into Safe Mode, and you can log on to Windows, but nothing in between.

I’ll leave two things here for future generations:

1. There’s apparently a way to manually reset the NTFS dirty bit, but DON’T DO IT. If NTFS is asking for a CHKDSK, then it has a good reason to do so and interrupting it is asking for a lot of NTFS hurting. These guys talk about it in a little more detail here. HOWEVER, if you’ve asked for a CHKDSK (by typing “chkdsk c: /r” into a CMD prompt) and nothing else is apparently wrong with the drive, then MAYBE you can reset the bit manually. It involves hex editing. You’re on your own here: Manually Reset or Clear Dirty Bit in Windows without CHKDSK

2. Once you’ve given CHKDSK all the time it needs and have booted back into your XP parition, then maybe you want to prevent that from ever happening again. Once again, not recommended, but I’ll leave it here anyways: CHKNTFS.EXE

TECH NOTE: Can’t Activate XP after a Repair Install, because you can’t get past the “Please Wait” screen?

So there’s this fun bug in XP SP3/IE8 where if you do a Repair Install on a computer that already has IE8 installed, you’ll end up stuck on a “Please Wait” screen forever once you get done with the repair install. The fix (detailed here) is to boot into Safe Mode, install IE8 there, then reboot and you should be good to go. But what if it doesn’t even let you log into Safe Mode because it’s complaining about needing to be activated and the only way it can activate is to boot in Normal Mode and you can’t get to it because of the aforementioned XP SP3/IE8 bug?

So here’s what you do (kind of simple, really, but I wanted to document it for future generations)

  1. From a working PC, download IE8 for XP:
  2. Place said download on a USB drive or burn it to a CD
  3. On the dead PC, boot into Safe Mode with Command Prompt
  4. This mode doesn’t complain about not being activated, so we can install IE8 from here
  5. Navigate to your CD (usually drive D) or your flash drive (usually drive E-H) and run the IE8 installer we downloaded earlier
  6. Let it install, then reboot and once you’re booted into Normal Mode, activate XP and go nuts

I hope that helps somebody out there. Go wild, guys.

TECH NOTE: Latest Firmware for the ZyXel ZyWall 10W is v3.62(WH.14)C0

I have a client with an ancient ZyWall 10W that isn’t even listen on ZyXel’s page anymore. I can’t find documentation on it anywhere. It took me forever to find the latest firmware for it, so I thought I’d share it here and hopefully save some people the trouble. I found it on ZyXel’s German FTP site after following some leads on their Ukranian site. Crazy Stuff. They have an FTP with all the firmware versions here:

And the latest (and most likely final) firmware V3.62(WH.14)C0 is linked right here:

And just for good measure, in case the links above go dead, here’s a mirror on my server.


TECH NOTE: How To Remove A Bios Password From an Insyde H2O EFI BIOS [UPDATED]

The old version of this guide was very complicated and convoluted. If you can boot into Windows, then you shouldn’t need to mess around with PLoP or any other nonsense, just change a flag in the ini file of the Windows flash program and you’re set.

I need to add the following disclaimer from my old post

NOTE: This guide is written for tech savvy people who know what they are doing. If you are uncomfortable with the command line, flashing BIOSes or getting your hands dirty, don’t attempt this process yourself. I cannot and will not hold your hand while you do this. I wrote this guide because I didn’t see anything like it online and I wanted to leave it here as a quick guide for other techs. I can’t offer support for this procedure. If you need computer repair in Houston, then please call me and I would be glad to do this for you

From a commenter named Hilal, we have the following instructions:

You can also download the the windows version of the flasher, open the platform.ini file with notepad. In the ForceFlash section, set Password = 1 . It will force the flasher to reflash the password and thus removing it. Then open the flasher exe file and Flash! I tried it and it worked on my Acer Travelmate.

In sequential instruction form, here’s what you do.

1. Download the BIOS update from your computer manufacturer’s website
You should see the option to download a DOS version or Windows version, get the Windows version. This guide will only work with the Windows version of the flash tool.

2. Extract the archive
It doesn’t matter where, so you can throw it on your desktop if you want

3. Edit the platform.ini file
In this file, you’ll see a section called ForceFlash. In there, there’s a value called “Password”, set it equal to 1. If you don’t see “Password” in the ForceFlash section, then just copy and paste this line into that section

Password = 1

4. Run the Flash tool to flash your BIOS
Let the tool run and reboot your computer when it’s done. Hopefully, if all goes well, your BIOS should no longer be password protected.

Thanks, Hilal! I hope it works for everyone here.