Microsoft NCSI – prompt for proxy authentication

NCSI has been around for a long time now.

 

It can be disabled by using the policy at Computer Configuration\Computer Configuration\Administrative Templates\System\Internet Communication Management \ Turn off Windows Network Connectivity Status active tests

however, disabling it has impacts on technologies such as direct access.

Recently a client was getting prompted for auth form their proxy, for all connections, wired, wireless and 4G.

Msftncsi.com had been added as un-authenticated location for proxy access, but it was still occurring on Windows 10 1809.

Googling this found a few sites talking about proxy issues, disabling NCSI or re-directing this. I did not want to disable or re-direct, and the proxy issues didnt seem to fit our situation.

I ended up going down the wireshark path and discovered that www.msftconnecttest.com is now the DNS name used for NCSI resolution.

Added this to the list of sites which do no required auth – and all is good with the world again.

Direct Access – routing non internal domains through the corporate network

I implemented Direct Access for a client of mine recently – and all went well, up until they tried to use force tunnelling.

This client has a couple of websites that their employees use – and traffic coming from their IP address’s gets additional access to these web tools, so it was preferable for them to present the company IP, rather than use split tunnelling.

Unfortunate thing is, force tunnelling has some issues, as we found out and as this guy talks about here – http://wmug.co.uk/wmug/b/mattwhite/archive/2014/12/18/directaccess-force-tunneling-and-a-corporate-proxy 

So, I tested another way….

Contrary to the wording of the dialogue box, which seems to say (at least to me) that the specified DNS server will be used (not that all traffic for the domain will be routed over the DA connection, which is implied, but not stated), adding in a domain name and the DNS6to4 server address, will result in traffic for that domain being routed over DA.

This solution does have a couple of drawbacks

1) If your internal network does not use an inline proxy or filter, then you are going to have to either open the firewall of your default gateway for these sites, or get force tunnelling working with a proxy.

2) If the site your visiting gets data and images from multiple locations (such as shacknews.com) then some traffic will be routed over DA and some wont. This is likely to be less of an issue if its for specific corporate web services as opposed to consumer gaming sites!

 

DA

Blog hosting – SiteGround

As per my previous post, I have moved from wordpress.com to a hosted provider – and the experience has actually been quite good.

I used Nadolu Co Media to help me transfer the site, come up with a new theme and work out a few kinks. Initially, we did some other business related work, but it turned out so well that I decided to get him to move the blog over as well. He’s a good bloke, a good communicator and does good work, so I would recommend checking his company out if you want web design type work complete.

For hosting, I went with SiteGround based on a few reviews I have seen around the web.

The control panel interface is quite good, but their support has been awesome – always quick to respond and their answers have (so far at least) always been actual answers.

 

Welcome to www.hayesjupe.com

I have finally moved my blog to a “full” version of wordpress on a hosted service.

Below is the last post from the old hayesjupe.wordpress.com

 


Hi all,

just a heads up – I have finally bitten the bullet and registered www.hayesjupe.com and will be moving this blog over to that site this weekend (20/21st December)

I have cleaned up a little, got a new theme – and being on a hosted service, all features of WordPress are available – and I have a couple of things I will be trying out with the new site over the coming months. In addition, over the xmas break, while there is time, I hope to write a few new articles and update some existing favourites.

There will be a site redirection implemented from hayesjupe.wordpress.com to www.hayesjupe.com, however for those of you that have subscribed, I believe you will need to re-subscribe on the “new” site.

Downloading using FTM with IE11

http://stealthpuppy.com/work-around-for-getting-file-transfer-manager-to-download-from-technetmsdn/

direct downloads are normally a good thing – and download managers normally suck, but in the case of TechNet/MSDN downloads – where the download sizes are large (up to 6gb generally for me) – Microsoft File Transfer Manager is great.

I think why I like it so much is that it performs basic functions well – and that’s it – none of the additional bullshit and spyware that is so common in most download managers.

Anyhoo – Stealth puppy has an article on putting IE11 into IE9 compat mode to enable the use of FTM. A choice within the site would be nice….

Home audio distribution – another thing that seems to be way harder than it needs to be!

So, we’ve almost been in our new house a year now – and things are slowly getting done.

Based on the advice of an electrician mate, we went with a btcino home automation system….. suppoedly its one of the btter ones around…. i think because he’s used to comparing it to the (seemingly) universally panned clipsal “automation” solutions.

Im completely baffled as to why each endpoint (such as a light or a switch) doesnt have an IP address – and a central management station allows association between a light/switch/dimmer/sensor etc etc… but thats another story – im sure there are reasons why this is not common place – and i would really love someone who’s in the know in that area to tell me why! From an IT nerd point of view it seems so incredibly logical! (i realise there is control4, creston, x10 etc – but trying to get a hold of these devices seems inordinately difficult…. or in the case of creston, they want you to use an implementation partner… <and i couldnt get any of the implementation partners to talk to me when i told them it was for a home install – they just didnt care> i.e. mega-bucks!)

Anyway, back on topic…. so the btcino has an audio distribution system with 8 x RCA inputs and an AM/FM radio module…. so, my first thought, lets get a device with multiple audio outputs and stream mp3’s and internet radio though the device into the inputs – which are then setup in 5 rooms around the house…. nup, none of them seem to be around… how about a PC with a multi-output soundcard… dont seem to exist (although there are a couple of solutions for using a 7.1 soundcard as a 4 x a 2 speaker stereo output… which i thought was pretty smart) – to add to that, windows 7 (and ive assumed 8) doesnt support playing multiple audio streams simultaneously though different cards (again, there seems to be a $20 app to solve that)… so with a bit of dicking around, it may be possible – and im going to give it a crack (and ill post results here if it turns out!)…. BUT….. i cant be the only one that wants to have PC level flexibility to stream multiple audio sources from any location i choose into an audio distribution system…. so WTF ?

Ofcourse – one could argue (and i will) that a decent home automation system would have the ability to allocate a DLNA streamed playlist, internet radio station etc to audio channels natively…. but that seems not to be the case.

Anyhoo – any electrcial engineers interested in an open source project  to fix this fucking stupid state of affairs ? (and, in the mean time, if anyone has run into a multi-channel sound card that google cant seem to find, let me know)

Ericsson video compression

Every now and again – i do a quick search to see what new compression techniques are coming – as obviously any advances in this area have a large impact on many aspects of what we do…

Came across this article – http://www.computerworld.com/s/article/9230510/New_video_compression_tech_will_cut_bandwidth_use_in_half_Ericsson_says

claiming a 50% reduction in bandwidth for streaming….. as per usual, the article is scant on detail… but it will be interesting to see what comes of it.

 

Still on compression, visited a client yesterday who is implementing silver peak WAN optimisation (http://www.silver-peak.com/)

He’s saying in their (so far) limited roll out, he’s seeieng an 90% reduction in SAN replication traffic, 70% in SMB and around 30% in non-cached HTTP…. impressive figures indeed, will be interesting to see if the figures are still as good when it is fully deployed. On the down side, the silverpeak stuff is bloody expensive… but with the potential savings on telco charges – it may be something worth looking at.

The oatmeal and a Tesla museum

http://theoatmeal.com/blog/tesla_museum

i love the oatmeal (in a hetrosexual kind of way…. not that there would be anything wrong with it if it was in another way)

I dont agree with everything he says or does – but i do agree with  a lot of it…. and using your popularity to generate funds towards something in the real world – especially something of real significance (IMO), is something i strongly agree with (or as he would put it…. “like the shit out of it”)

In this case, i think its unlikely that the funding goal will be reached unless some corporates get involved…. but hey, i very much want it to succeed and willbe putting in my donation.

If your a nerd (which is pretty likely if your reading this blog) – you may want to have a look.

Steve Wozniak isn’t a fan of the cloud

http://www.dailytech.com/article.aspx?newsid=25351

I haven’t exactly made my disdain for “cloud” services a secret – the whole “who owns your data” is pretty fucking important….. but with so many of the big players selling “cloud” as a silver bullet, there is bound to be some take-up. (Granted, mainly by people that dont understand the basics of data security, ownership and who view finding competent admins as too difficult)

anyhoo – interesting to see a well known IT personaility publically state something logical…. i spose it helps that apple products are primarily aimed at media consumption… and that they are making more money than they know what to do with!

Freelancer – not so rosy now….

a couple of things have happened since my last post

1) the freelancer who completed my web page has contacted me saying that my “account issues” are holding up his withdrawal…. when i have no account issues… so while i feel bad for the guy, that he’s not getting paid – im powerless to do anything about it – additionally, he’s hassling me – as the freelancer support staff have effectively re-directed the issue…. looking at a few other pages, soome suggest that this is freelancers business model… to not pay their freelancers, or at least delay payment

2) I have posted a .net coding job – and, well, interpretation is a wonderful thing…. i would read “log reader that updates immediately when the file is updated” to mean “log reader that updates immediately when the file is updated”… but apparently it means update on a timer…. i have no confidence that this project will ever see an end – especially through freelancer…. but im going to see it through – as i have also read articles about how difficult it is to get money back out once it has been deposited.

if this type of site was run legimately – it could work…. but the more i deal with freelancer – the less legitimate it seems.