WeetA

Quand normalement rime avec rarement !

Denon / Airplay works during few minutes

My Denon receiver is not visible on our iOS devices.

After a cold restart of the receiver (power off, unplug, wait, plug), it works during few minutes and stops working.

The culprit was "IGMP Snooping Status" on my Netgear Switch (JGS524Ev2).

Just after disabling it, the receiver appears.

Connect to your switch, go to System > Multicast > IGMP Snooping

Set "IGMP Snooping Status" to disable and Save the configuration

It should also work for the other Netgear ProSAFE (JGS516v2)

[Update]

I've read a lot of threads that advise to enable IGMP Snooping on the switch to make Airplay work.

So, i set it back to enable and i also enable "Validate IGMPv3 IP header".

I looked at my Ubiquiti Unifi Wifi access point and i found that "Enable multicast enhancement (IGMPv3)" was not enabled.

After enabling it, it seems to work with IGMP Snooping enabled.

On Ubiquiti Unifi console, you can modify "Enable multicast enhancement (IGMPv3)" option in global settings > Wireless Network > Edit your Wifi_Network > Advanced Options

 

Fortinet Fortigate - Deep inspection - Untrusted certificate issue

You have configured SSL deep inspection with your own PKi CA certificate.
Most of the time, it works as expected. The Fortigate automatically generates a certificate signed by your PKi CA certificate.
The client browser doesn't report any error.

Some time, the generated certificate is not signed by your PKi CA certificate but by the default Fortinet "Fortinet_CA_Untrusted" certificate. Of course, you have not deployed this CA certificate on your computers as it should not be used. So, you obtain a SSL error.

Why the Fortigate generates a certificate with the wrong CA? The destination certificate seems to be fine. No error reported on a browser of a computer without deep inspection.

Quick answer. The destination certificate is not trusted by the Fortigate because of missing intermediate certificates on the destination server.

To avoid this issue, you have to define your PKi CA certificate for untrusted certificate. It can be done only through Cli.

FORTIGATE # config firewall ssl-ssh-profile
FORTIGATE (ssl-ssh-profile) # edit "MyDeepInspectionProfile"
FORTIGATE (MyDeepInspectionProfile) # set untrusted-caname "MyPkiCA"
FORTIGATE (MyDeepInspectionProfile) # end

Replace "MyDeepInspectionProfile" by your custom deep inspection profile and "MyPkiCA" by your PKi CA Certificate name

Pi-Hole v3.3 - Whitelisting through Web UI doesn't work as expected

When you add a domain in whitelist through Web UI, the website is still blocked.

Solution 1 - Use command line:

Remove the domain from Web UI and add it by using pihole command line

pi@raspberrypi:~ $ pihole -w weeta.net
  [i] Adding weeta.net to whitelist...
  [i] weeta.net does not exist in blacklist, no need to remove!
  [i] weeta.net does not exist in wildcard blacklist, no need to remove!

  [i] Using cached Event Horizon list...
  [i] 121,709 unique domains trapped in the Event Horizon
  [i] Number of whitelisted domains: 8
  [i] Number of blacklisted domains: 7
  [i] Number of wildcard blocked domains: 2
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] Force-reloading DNS service
  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled

Solution 2 - Move to dev branch:

The problem has been resolved in development branch.

pi@raspberrypi:~ $ pihole checkout dev
  Please note that changing branches severely alters your Pi-hole subsystems
  Features that work on the master branch, may not on a development branch
  This feature is NOT supported unless a Pi-hole developer explicitly asks!
  Have you read and understood this? [y/N] y

  [i] Shortcut "dev" detected - checking out development / devel branches...

  [i] Pi-hole Core
  [✓] Switching to branch: 'development' from 'refs/heads/master'

...

  [i] The install log is located at: /etc/pihole/install.log
  Update Complete! 

Add the domain in whitelist through Web UI.

Exchange 2016 CU2 and CU3 Configure External access domain server list empty

I just made a fresh install Of Exchange 2016 CU3.
I wanted to configure External access domain from Exchange Admin Center but Server picker didn't return any server.

It seems the problem started with CU2 (https://social.technet.microsoft.com/Forums/office/en-US/d9920875-dd18-4329-9413-f2b432953df6/no-server-displayed-in-configure-external-access-domain-window?forum=Exch2016GD)

After some investigations with IE Developer tools, i found that two filters are not defined in Query String of Server picker page request (/ecp/CertMgmt/ServerPicker.aspx)

I compared binaries from RTM and CU3, i found a difference in "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp\VDirMgmt\EditExternalCASDomain.aspx"  

The following lines between </Columns> and </ecp:EcpCollectionEditor><br /> are missing in CU3 version.

                                <Content>
                                    <var data-control="Parameter" data-key="ServerRole" data-value="ClientAccess" ></var>
                                    <var data-control="Parameter" data-key="MinMajorVersion" data-value="14" ></var>
                                </Content>

 I copied them from RTM file and pasted to CU3 file but it didn't help.

Then, i compared Get-ExchangeServer | fl ServerRole result on an Exchange 2013 (as it's a fresh install of 2016 CU3, i don't have 2016 RTM installed) and on my Exchange 2016 CU3 Lab.

On Exchange 2013 (probably the same on Exchange 2016 RTM and CU1), i get the following result:
ServerRole : Mailbox, ClientAccess

On Exchange 2016 CU3 (probably the same on Exchange 2016 CU2), i get this one:
ServerRole : Mailbox

As you can see, ClientAccess is no more present.

So, i implemented the following workaround to get the server list picker working properly:
Add the following lines in "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp\VDirMgmt\EditExternalCASDomain.aspx" between between </Columns> and </ecp:EcpCollectionEditor><br />

                                <Content>
                                    <var data-control="Parameter" data-key="ServerRole" data-value="Mailbox" ></var>
                                    <var data-control="Parameter" data-key="MinMajorVersion" data-value="15" ></var>
                                </Content>

You have to close "Select a Server" and "configure external access domain". After that, you should have your Exchange 2016 servers in the list.

Be careful if you have an 2013/2016 environment. Do not add Exchange 2013 servers with mailbox role only. Setting virtual directories will fail.
No problem because you installed Multirole servers of course ;)

VMWare Fusion / Restart Network services

$ sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --status
DHCP service on vmnet1 is running
Hostonly virtual adapter on vmnet1 is enabled
DHCP service on vmnet8 is running
NAT service on vmnet8 is not running
Hostonly virtual adapter on vmnet8 is enabled
Some/All of the configured services are not running

$ sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --stop
Stopped DHCP service on vmnet1
Disabled hostonly virtual adapter on vmnet1
Stopped DHCP service on vmnet8
Disabled hostonly virtual adapter on vmnet8
Stopped all configured services on all networks

$ sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --start
Enabled hostonly virtual adapter on vmnet1
Started DHCP service on vmnet1
Started NAT service on vmnet8
Enabled hostonly virtual adapter on vmnet8
Started DHCP service on vmnet8
Started all configured services on all networks

$ sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --status
DHCP service on vmnet1 is running
Hostonly virtual adapter on vmnet1 is enabled
DHCP service on vmnet8 is running
NAT service on vmnet8 is running
Hostonly virtual adapter on vmnet8 is enabled
All the services configured on all the networks are running

If you have Fusion 8.1 and have a NAT issue, see Workaround for the NAT port forwarding issue in Fusion 8.1