Disabling Google Chrome QUIC protocol with GPO

Google Chrome has this neat protocol called QUIC (Quick UDP Internet Connections, which is another perfect acronym, right up there with MAD – Mutually Assured Destruction). The downside is that it can be very traffic intensive, especially on a busy network. This leaves you with essentially two options: disable the protocol in Chrome or block the application at your firewall. The second option is simple enough but it can have some unintended consequences. The first being that Google’s websites support this. So if you try to go to google.com, you’ll probably have a bad time. The first option, disabling it, can be a bit tricky as you’d probably have to manually update each computer to not use it. In a large network, this isn’t possible so we have the next best thing: Group Policy Objects.

QUIC is helping to drain network bandwidth – except it was pulling over 5 Mbps before I captured a screenshot!

Google Chrome GPOs

If you’re not using Chrome’s GPOs, you’re missing out on a lot. If you don’t have them, you can get the templates from here. Once you get the template imported, create a new GPO policy. You’ll want to go to User Configuration > Policies > Administrative Templates > Classic Administrative Templates > Google >Google Chrome. From here find the setting “Allows QUIC protocol” and set to Disabled.

After all or the majority of the computers receive the GPO update, you should begin to see QUIC traffic drop and speeds improve.

Getting up and running with GNS3

GNS3 is a great tool for those of you who are looking at becoming a network engineer, sharpening your networking skills, or looking to advance your career with network certifications. I love it for all three of these reasons. I’m using it in a context of helping me get my CCNA as, admittedly, I never bothered to get it. Being a network admin, it’s a blemish on my resume. Getting up and running with GNS3 can be a little bit tricky with the newer versions so follow this post if you happen to run into any of these issues.

Items you need

  • GNS3 – download from here (login required; free account)
  • VMWare VIX API – download from here (login required; free account)
  • VMWare Player – download from here (login required; free account)
  • GNS3 VM image for your respective hypervisor – download here (no login)
  • Cisco IOS images – download from here (login required; active Cisco contract required)

Procedure

The installation of GNS3 is pretty straight forward. Once GNS3 is installed is where you may encounter some issues.

The first issue you’ll probably encounter is an error that VMWare vmrun tool can’t be found. The URL in the error message will point you to the tool documentation, but the download link is difficult to find on the page. See the download link above to resolve this error.

If you receive this error (Error while save settings: GNS3VM: Error while executing VMware command: vmrun has returned an error: Error: Service type…), you have the wrong VIX installed. For some reason, 1.6.2 comes up a lot in the search results. This was released in 2008 but does not support VMWare Workstation Player 12. Use the link above to get the correct version.

This error may also occur if the VM isn’t started or was started and GNS3 was then updated. It’s a little tricky sometimes – you may have to restart GNS3. Use the Servers Summary to give you an idea. Both should be green for there to be no issues.

If you run into any issues, just let me know and I’ll do my best to help.

SecureCRT Tip: Logging (Poorman’s Audit Log)

SecureCRT is a great terminal program by VanDyke Software. If you’re a network engineer, I highly recommend it over Putty. It comes with a price tag ($99) but I find that the cost is totally worth it. If you’re curious, there is a free 30-day trial so you can check it out for yourself. I call it Putty on drugs.

One of the great features is logging. When you’re in and out of different servers, routers, switches, and anything that you can do damage in, it’s always good to have logging for either a) covering your bacon because you will mistype something at some point (yes, I’ve accidentally removed the wrong ACL and had to drive 40 minutes to the data center to reboot a switch before) and b) it helps with documentation because you will forget to write something down. If you have TACACS+ running, chances are that server is already centrally logging everything so this is moot (or maybe you just want better logs for you).

To setup logging, open up SecureCRT and head to Options > Global Options > General > Default Session > Edit Default Settings… > Terminal > Log File. For backup purposes, I set my log file to reside within my OneDrive so it’s synced. For the file name, I used the name %H-%S-%M%D%Y.log and enabled the options Start log upon connect, Start new log at midnight, and Append to file. This generates file names such as 10.1.1.1-Core1-09202017.log. This makes it easy to track down what device and the date. When you click OK, make sure you apply to all sessions.

Blocking annoying elements in Soomo web texts

I am taking some college courses to finish my degree online and one of the courses I am taking this term uses Soomo web texts. Web textbooks are annoying because you dump so much money to use them for a few weeks and you don’t get anything out of it. Even more so, it appears that Soomo has decided to add an annoying Facebook-like instant messenger to it’s web texts popping up bloody automated messages when you’re trying to do stuff. Fret no more, these can easily be blocked. Get yourself uBlock Origin and then add the following filters:

www.webtexts.com##.intercom-messenger-frame > iframe
www.webtexts.com##.intercom-launcher-frame
www.webtexts.com##.intercom-messenger-frame
www.webtexts.com##.intercom-authored-container-top
www.webtexts.com##.intercom-blocks

This will kill it off so you can do you work in peace.

SCCM Task Sequence Failed 0x80070002

When you go to deploy an operating system through SCCM, you may encounter the following error: The Task Sequence failed with the Error Code 0x80070002. For more information, contact your system administrator or helpdesk operator.

Like most things, this ends up being a software deployment permissions error.

To resolve this, open up your System Center Configuration Console and navigate to Administration > Site Configuration > Sites > and click on your site. Click on Configure Site Components and select the Software Distribution component.

Navigate to Network Access Account and add your SCCM admin account.

Reboot your PC you were trying to image and you’ll be good to go!

Windows 10 – There are currently no power options available

If you’ve run across an issue with some of your Windows 10 PCs (possibly after downloading the Creator’s Update) telling users that there are currently no power options available, you might have been pulling your hair out trying different solutions. You’ve probably come across many threads telling you that there’s either a registry option or you need to modify some user rights in a GPO.

Some users may see “There are currently no power options available” and others may not.

As with all technical fixes, your mileage may very. The cause for us was actually an easy one. For some reason the Default Domain Controllers Policy gets applied to some of these workstations. The fix is simply disabling the link on the entire domain and leaving the link in place on the OU that holds your domain controller.

Updating Windows 10 Enterprise

File this under the “Not-so-kosher” department, but if you’re behind a few Windows editions and you’re running Windows 10 Enterprise (typical for volume license customers), you’d need to update by having your administrator upgrade your computer with updated Windows 10 media. For example, if you’re on the Anniversary Update and you want to go to the Creator’s Update and running the Enterprise SKU of Windows 10, then this workaround will get you to the latest build.

So to do this, you need to have Windows 10 Enterprise and a Microsoft Account (if you have an XBOX account, Windows Live or Outlook account, you’ve got a Microsoft Account).

Go to Settings and open Update & Security. On the left hand side, go to the Windows Insider Program and enroll your computer. This is where you’ll need your Microsoft Account. Once that’s done, you’ll be asked to reboot your computer. Once you reboot, go back to the Windows Insider Program tab. Change your release frequency to fast. Wait a few minutes and then check Windows Update. If you see a large download that is labeled “Feature Update”, then this is the next version of Windows. Once it installs and you’re rebooted, check the desktop area next to the clock – it should be empty. For example, it should look like this:

If there is white text in that region that says “Microsoft Windows 10 Enterprise Build #####”, then you’re on a preview build and you’ll have to stay in the Windows Insider Program until the next final build comes around. You can click the button to stop insider builds when the next full version comes and you can set yourself to the slow ring.

A word of warning: don’t do this in a managed enterprise environment such as your work. It’ll make your IT person mad if you break something and not all software may be compatible with the latest build.

SupportPal Ticketing System Review

So there’s a lot of information out there when it comes to help desks and ticketing systems. I’ve used everything from homebrew systems, to Kayako, to Manage Engine ServiceDesk Plus, to osTicket, to the systems that come bundled in with customer management platforms such as WHMCS. I’ve been using a wonderful system for a while now called SupportPal (formerly Arctic Desk). A little back history – Arctic Desk first came on the scene around late 2012 as a contender to the vast array of possible web hosting help desks out there (at the time, the most popular but expensive Kayako) and it’s still not as widely known today despite bringing a lot to the table for the very affordable price tag. Today, SupportPal (renamed at the version 2.0 release in early 2016)  is an excellent competitor to many ticketing systems out there. Let’s look at SupportPal more in depth. If you want the TL;DR, just go to the bottom of this post!)

A UI that is functional & elegant

So when I look at software, I look at functionality as the primary goal. I’m not one to care directly about what it looks like, per se, but does the UI just make sense? There’s a lot of ugly software out there, but it’s functional. With SupportPal, you get functional and it’s pretty to look at! I call that a double win!

A look at my actual installation showing some open tickets

It’s easy to see how beautiful it is, yet how functional it is compared to many other software of the similar type. If we look at a sample ticket, we can also see how elegant and pleasant it is to work in, but at the same time it’s extremely functional.

Even the individual ticket is displayed in a manner that is functional, yet elegant.

As you can easily see, it pulls relevant information from WHMCS about the customer such as products and invoices currently open so your staff can easily get the picture of the customer without having to change systems, if there is billable work involved, we can quickly open an invoice, and we also get a snapshot about the user – recent tickets, when they signed up, and where they are in the world – handy if you have to call someone or need to reach out to them.

The frontend that your customers use can also be customized to fit your look or you can even keep the default if you’d like. We’re still working on site iteration so we’re just using the stock for right now.

Features that’ll make you happy

Some of the amazing features are the ability to merge and link tickets, split replies into their own tickets, close and lock tickets (preventing those “thank you” responses from re-opening tickets or to kill off reply-alls that tickets may get included in), custom ticket numbering schemes (you might have noticed, my company uses “AR-YYYYMMDD##” format in the Billing department and the Catchall department uses “YYYYMMDD0####” format), and the big seller for me which many other platforms either don’t have, is poorly implemented, or costs a buttload extra to add on to your license is multichannel support so we can help our customers on Facebook and Twitter much easier. Anything posted on our Facebook page and any message sent to us on Facebook becomes a ticket in the backend so if a customer has a concern about a billing question, for example, we can route it to our Billing team and they’ll be able to interact with the customer on Facebook. The same goes for Twitter – any at replies or DMs open up tickets which allow our staff to easily communicate with and manage what is normally a mess and a challenge. Since we’re a small company, I really only staff the Twitter account a few times a day. If a customer or lead reaches out to us, I don’t want to miss it and that’s where having SupportPal handle the communications is great. A new feature implemented in the 2.1 release is the ability to have multiple brands. I haven’t taken advantage of this yet as it’s an extra license cost, but from what I’ve tested is that it works great. I’d love to see them maybe throw in an additional brand for free or just open up the feature entirely in the future. SmarterTrack, written on ASP.NET, offers unlimited additional brands at no extra charge.

Another bonus of SupportPal is that it is not SaaS (however, if you do wish to have it cloud hosted and managed by my hosting company, NodeSpace, we’ll be more than happy to assist you!) so it runs on your server. All you need is PHP (5.7 or 7), MySQL, and the latest IonCube Loader for PHP. It’s a breeze to get up and running. So it will run on Linux servers primarily, but you could also install it in a Windows environment easily.

Something that is a major selling point for the affordable price tag is that you can have unlimited help desk agents. A lot of software limits the number of agents you can have active though licensing – Kayako was one before they switch their model but I believe it’s still true, SmarterTrack, ServiceDesk Plus, BMC Track It, and basically all the other commercial packages limit the number of agents. So if you’ve got a large team, you’ll have to pay anywhere from several hundred to several thousand. Even on some of those platforms, simply 5 agents can cost several thousand. So this is another major advantage SupportPal has.

The full SupportPal feature list is available here.

Getting Support

I’m also quite happy that SupportPal has excellent customer support. I have a strange issue between WHMCS and SupportPal causing upwards of 50+ API calls per minute. SupportPal kindly stepped in and while they were not able to solve the issue (it’s so strange they’re even having issues with it), they’re definitely helping to resolve it. Support is quick and friendly and that alone is a winner. I’ve gotten worse support from products I’ve paid top dollar for.

Final Thoughts (or TL;DR)

Overall, I’m really happy with SupportPal. Licensing is affordable for budgets of all size (monthly license is $19.95/mo with additional brands at $9.95/mo/brand; owned license is $399.95 with six months of updates and support and each additional brand is $199.95 one time, per brand). Since my ticket volume is relatively small, I’m not sure how SupportPal handles a high volume of tickets, but my guess is that it can do it fairly well. The interface is functional and pretty, and it is feature loaded. Overall, it’s a great value and I think it’ll fit in perfectly in any kind of company that needs a powerful and useful ticketing system.

The IT Cave Rating: 4/5

There’s still some work to be done and some shortcomings, but it’s an excellent product and I’m not leaving it anytime soon.

The one folder that’s unsyncable

o365-logoI’ve been working a lot more with the Office 365 cloud platform lately. Both personally and for business. I love it and I think it’s absolutely fantastic. I love having Exchange over a basic IMAP and having Skype for Business is also a plus as it allows me to directly contact vendors, colleagues, and clients effortlessly. OneDrive for Business is also the best – 1 TB of storage. I can now move my documents entirely to the cloud and I’ll have them wherever I’m at. However, there seems to be a limitation with what you can sync. There seems to be an interesting issue (one that I ran into with a customer as well as myself) where you cannot have a folder called “forms”. If you do, OneDrive will not sync.

2016-09-24-23_48_16-onedrive

There it is… the unsyncable. If you have that folder, your files will not sync. OneDrive will throw errors left and right. Get rid of the folder and everything syncs up.

cPanel, please stop changing my DNS records

Tcpanel11-50logohis is an issue that has me stumped. I can’t seem to find any record of it but I’m posting it here in case someone from cPanel comes across this or maybe someone who has found a fix can help me. Otherwise, I hope I educate you on why cPanel is becoming the worst piece of software ever. Ever since switching a customer over to Office 365, cPanel has become unhappy with some of these DNS records. For example, the CNAME “sipdir.online.lync.com” cPanel insists on silently changing it to “sipdir.online.lync.com.cpanel.domain”. So for example the record looks like:

sipdir.online.lync.com.

but then it changes silently to

sipdir.online.lync.com.example.com.

thus breaking everything. I’ve also noticed in SRV records, cPanel also insists on removing the protocol. So for example:

_sip._tls

will change to simply

_sip

It’s becoming pure madness.

If I find a fix, I’ll be sure to document it here. cPanel, please fix this in an upcoming build. This is just pure madness. This is also why I offer pure dedicated servers without control panels to customers.