Error 456 for Exchange Online autodiscover

If some of your Office 365 users are receiving an error 456 when trying to connect to Exchange autodiscover, then multifactor authentication could be the culprit!

To see if your users are experiencing this issue, have them go to https://testconnectivity.microsoft.com and run the “Outlook Autodiscover” test using their own credentials. If the result is a failure, save the whole results to HTML and do a search for “456” in the saved HTML document.

Specifically, you are looking for this error: –

An HTTP 456 Unauthorized response was received from the remote Unknown server. This indicates that the user may not have logged on for the first time, or the account may be locked. To logon, go to http://portal.microsoftonline.com.

This could mean that you have multifactor authentication “enforced” at the account level, rather than via specific scenarios such as those available for Conditional Access. As autodiscover does not know how to handle multifactor authentication, and the account itself has multifactor authentication enforced, the service is unable to be used by the affected account.

The resolution is to disable the user for multifactor authentication and then have them re-setup and use conditional access rules to require multifactor authentication instead for the required services.

SMTP error from remote mail server after end of data: 550 Action not taken

Have you set up a new mail server, configured DKIM and SPF correctly, but for some reason you still have email being intermittently rejected when forwarding to Gmail and other services with messages that are unhelpful like: –

SMTP error from remote mail server after end of data: 550 Action not taken

If that’s the case, you may need to set up a DNS PTR record for your mail server’s IP address. It appears that, depending on the circumstances of the forwarded email and the domain performing the forwarding, this step is crucial to ensure smooth email forwarding delivery.

Of course, you should ensure that the PTR record IP address and hostname match what you see in the SMTP header.

Update 31st Oct 2018:

Since writing this article a few days ago, I encountered some further issues with reliable mail delivery, specifically through Exim on cPanel.

Normally, when configuring forwarding, you should also enable SRS (Sending Rewriting Scheme), which adds additional information to the mail headers to inform the receiving MTA that the email has been forwarded and “signed” by the forwarding MTA (in my case, Exim on a cPanel/centOS installation).

While this was enabled in the Exim config, I did not realise that it wasn’t actually operating correctly.

Below is what you SHOULD see when SRS is operating correctly (forwarding to a Gmail account): –

Received-SPF: pass (google.com: domain of srs0=lu0ygv=nl=senderoriginaldomain.com=senderfirstpartemail@yourforwardingdomain.com designates <your MTA IP> as permitted sender) client-ip=<your MTA IP>;
Authentication-Results: mx.google.com;
dkim=pass header.i=@yourforwardingdomain.com header.s=default header.b=HnochmZG;
dkim=pass header.i=@senderoriginaldomain.com header.s=default header.b=C8B9JAt8;
spf=pass (google.com: domain of srs0=lu0ygv=nl=senderoriginaldomain.com=senderfirstpartemail@yourforwardingdomain designates <your MTA IP> as permitted sender) smtp.mailfrom=”SRS0=Lu0yGv=NL=senderoriginaldomain=senderfirstpartemail@yourforwardingdomain.com”;

Here’s what it looks like WITHOUT SRS (again, forwarding to a Gmail account): –

Received-SPF: fail (google.com: domain of senderfirstpartemail@senderoriginaldomain.com does not designate <your MTA IP> as permitted sender) client-ip=<your MTA IP>;
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of senderfirstpartemail@senderoriginaldomain.com does not designate <your MTA IP> as permitted sender) smtp.mailfrom=senderfirstpartemail@senderoriginaldomain.com;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=senderoriginaldomain.com

As you can see, in the SRS example, the sender information is modified to include information about the forwarding domain (i.e. your domain) so that it is clear that your MTA is not trying to forge or spoof the original sender’s domain.

In my case, SRS was turned on properly, however it seems that the cPanel archiving functionality was somehow breaking this on the version of cPanel that I was running. As a workaround, I will be disabling email archiving to ensure that SRS is applied to my forwarded messages and applying any cPanel updates as they are released that will hopefully resolve the issue.

Final Update 3rd November 2018:

Further to my last update, it seems that I had another factor contributing to this issue – Namecheap (my previous provider) had been intercepting my SMTP traffic through the use of a transparent SMTP proxy of some description (they were not forthcoming with information).

It seems that this was also causing mail delivery issues that were causing the likes of Gmail and Microsoft to return 550 back to my server after transmitting messages.

After unsuccessfully attempting to persuade Namecheap to allow me to bypass this technology, I have moved to a new VPS provider and my emails are again being delivered perfectly.

Example Arduino code for debouncing and long pressing buttons

I’ve recently been playing around with Arduino, and put together a code snippet that I am running on an ESP8266 WiFi module.

It’s very basic, and just registers button presses of more than 50ms, but less than 5000ms as a normal/short press, and anything over 5000ms as a long press.

This can be handy when you have a limited number of buttons (e.g. only one) and you want to provide different options for using that button (short press and long press) and also want to ensure that the button is debounced (electrical “noise” is filtered out to avoid spurious button presses being registered).

Below is the code, which can be adapted to suit your purpose.

const int buttonPin = 0; // input button pin number
const unsigned long longPressThreshold = 5000; // the threshold (in milliseconds) before a long press is detected
const unsigned long debounceThreshold = 50; // the threshold (in milliseconds) for a button press to be confirmed (i.e. not "noise")

unsigned long buttonTimer = 0; // stores the time that the button was pressed (relative to boot time)
unsigned long buttonPressDuration = 0; // stores the duration (in milliseconds) that the button was pressed/held down for

boolean buttonActive = false; // indicates if the button is active/pressed
boolean longPressActive = false; // indicate if the button has been long-pressed

void setup() {
pinMode(buttonPin, INPUT); // set the button pin as an input

// Start serial debugging
Serial.begin(115200);
Serial.println();
Serial.println("Serial debugging started");
}

void loop() {

// if the button pin reads LOW, the button is pressed (negative/ground switch)
if (digitalRead(buttonPin) == LOW)
{
// mark the button as active, and start the timer
if (buttonActive == false)
{
buttonActive = true;
buttonTimer = millis();
}

// calculate the button press duration by subtracting the button time from the boot time
buttonPressDuration = millis() - buttonTimer;

// mark the button as long-pressed if the button press duration exceeds the long press threshold
if ((buttonPressDuration > longPressThreshold) && (longPressActive == false))
{
longPressActive = true;
Serial.print("Long press detected: ");
Serial.println(buttonPressDuration);
}
}

// button either hasn't been pressed, or has been released
else
{
// if the button was marked as active, it was recently pressed
if (buttonActive == true)
{
// reset the long press active state
if (longPressActive == true)
{
longPressActive = false;
}

// we either need to debounce the press (noise) or register a normal/short press
else
{
// if the button press duration exceeds our bounce threshold, then we register a short press
if (buttonPressDuration > debounceThreshold)
{
Serial.print("Short press detected: ");
Serial.println(buttonPressDuration);
}

// if the button press is less than our bounce threshold, we debounce (i.e. ignore as noise)
else
{
Serial.print("Debounced: ");
Serial.println(buttonPressDuration);
}
}

// reset the button active status
buttonActive = false;
}
}
}

How to quickly delete a folder when Windows says the path is too long

If you’ve ever had a folder that won’t delete because Windows says “the path is too long”, you’ve probably felt the frustration of trying many different methods in vain.

Luckily, if you’re running a modern version of Windows (which everyone should be), you’ll have robocopy, which can help you out in this case.

To delete that pesky folder, follow these steps: –

  • Create a new blank folder called whatever you like (for example, “DeleteMe”)
  • Open up a command prompt (depending on the folder you’re trying to delete, you may need to run as an administrator)
  • Run robocopy using the example below, assuming that the folder you are trying to delete is called “C:\PeskyFolder” and the blank folder you created is called “C:\DeleteMe”

robocopy “C:\DeleteMe” “C:\PeskyFolder” /e /mir

The above command will “copy” everything out of “C:\DeleteMe” and “paste” it into “C:\PeskyFolder” overwriting any existing contents… Which in this case, deletes the entire contents of the folder.

When it’s done, simply delete the folder itself.

OneDrive/SkyDrive not syncing

I had a recent issue where Microsoft’s OneDrive (formerly SkyDrive) was not syncing changes to their cloud. I noticed there was no Windows service that I could restart, so I just tried a PC restart to see what would happen.

In the system tray, hovering over the OneDrive icon shows that “OneDrive is starting…”, but never moved on from that state (still hours later). A manual sync didn’t seem to work, neither did cancelling and retrying the sync.

Here is the solution that worked for me to kick OneDrive into gear: –

  • As an Administrator, open a command prompt (Win + R, type cmd, and press CTRL + SHIFT + enter)
  • Run “skydrive /shutdown” (notice that internally the executable is still called “skydrive.exe”)
  • Notice that the system tray icon disappears (you may need to hover over it for it to disappear)
  • Run “skydrive”

The system tray icon should re-appear and this time when hovering over it, it should tell you its sync progress

The Windows Server Backup console crashes when trying to connect to another server

If you’re trying to remotely configure Windows Server Backup on another machine (maybe because it’s running Server Core), you may find that the MMC snap-in for Windows Server Backup crashes when trying to use the “Connect To Another Server…” option. In this case, an error may occur stating the MMC has detected an error in a snap-in and will unload it.

I have found that this may occur when only the Windows Server Backup console is installed, but not the Windows Server Backup feature itself (which the snap-in appears to rely on).

In order to resolve this, simply install the Windows Server Backup feature on the machine that you wish to run the Windows Server Backup console from.

Gigabyte T1000P Netvertible: First Impressions

The free netbook I received from TechEd Australia 2009, an HP Mini 2140, decided to die on me a couple of weeks ago. I’ve always had trouble with HP hardware, and even more with their support, so it wouldn’t have been my choice of netbook if I was to buy it myself, but it was free so I was more than happy to take it home.

Well, I realised that I had become quite used to carrying a netbook around for being on-call, so I decided to find a replacement. A new motherboard for the 2140 was around $200 on eBay, which is compatively cheap to what I ended up with, but I think it was worth it.

So I ended up buying a Gigabyte T1000P “netvertible” (the unofficial term for a netbook/tablet hybrid), which so far is a pretty decent little machine.

What’s in the box?

  • Quick start guide
  • User’s manual
  • Utility and driver disc
  • Warranty card and information
  • Spare stylus
  • 6-cell battery
  • Power supply
  • Cleaning cloth
  • Magnetic closing case
  • The T1000P

What’s good?

  • The touch screen is very responsive for a resistive touch screen panel (the best I’ve used)
  • The screen isn’t super-glossy, which means it might not look as asthetically pleasing, it doesn’t show fingerprints as much (but it’s not immune)
  • The eSATAp (eSATA/USB) port for attaching external SATA hard drives
  • The Intel Atom N470 1.83GHz 64-bit processor
  • 1Gbps network card (standard in notebooks these days, but netbooks are still catching up)
  • The 10.1″ multi-touch WXGA HD LED backlit screen with a display resolution of 1366 x 768
  • Upgradable components are easily accessible via panels on the underside of the system

What’s not so good?

  • There’s no accelerometer for auto-screen rotation, so you need to use the Gigabyte SmartManager software to manually alter the screen rotation
  • The screen could be nicer, especially if they made it flush with the bezel rather than recessed
  • There are no PXE boot options in the BIOS, so boot from external optical drive or USB are your other only main options
  • The System UUID, which is meant to be a unique value normally based off the MAC address, looks like it’s still a generic testing UUID
  • There’s no Windows Security Button, which means you need to flip out of tablet mode to use the keyboard to press CTRL + ALT + DEL to log in to a domain
  • Mouse buttons require a hard press
  • No option for a 7200RPM drive
  • Stylus feels a bit un-natural to remove from the recess – A magnetic release would be nice

Photos (taken with a low-res camera, sorry)

http://img21.imageshack.us/g/imag0515u.jpg/

Overall, I think this machine deserves about a 3.5/5

Upgrading, repairing or servicing your Dell Studio One desktop

Recently I organised a new computer for my little brother. As usual, I recommended Dell because of their in-home warranty, which helps considerably considering I’m in a different state and can’t help with hardware issues.

He has a Macbook at the moment, which is probably a decent unit, but when I’m trying to give technical support or deploy updates or extra software it can get a bit troublesome considering my experience is primarily with Windows systems.

We went with the Studio One desktop computer from Dell, because it has that Mac look-and-feel to it, but comes with Vista OEM which should keep us both happy. Here it is below: –

 

Anyway, the main concern with this system, was it’s upgradability and serviceability, so when it arrived at my office last week one of the first things I did was determine what components were used, and how to replace them.

The Dell Studio One is a self-contained system, where the PC components are stored in the same housing as the LCD panel (directly behind it), so it’s not as simple as just opening up a standard ATX case and replacing dead RAM or a hard drive. Here’s how you can do some basic servicing: –

  1. Disconnect the system from power, and unplug any peripherals
  2. Place system system LCD panel down on to a soft cloth or the original foam bag out of the box
  3. On the bottom edge of the system, there is a groove on either side of the stand where you can use soft leveraging to release the back panel from the first two clips (the clip locations are marked in the image below)
  4. With the first two clips released, gently work around the edges of the panel until all clips are released, as per the locations in the image of the removed panel below
  5. With the back panel removed, you will have exposed the interior metal panel which covers the system components – You may also notice that there are clear markings on this panel to indicate the location of the internal components, as well as the screws to remove to get access to the components (I have marked the component locations in blue, the screw markings in yellow and the screws themselves in red in the picture below)
  6. Remove the screws as marked in the image above to remove this panel to expose the main board of the system, and the majority of the sytem components
  7. The hard disk drive is a standard 3.5″ sized SATA II disk (320GB pictured here)
  8. The system memory is SO DIMM, notebook size (3GB pictured here)
  9. The optical drive is a slot loading, SATA DVD-ROM drive
  10. The CPU is a standard 2.94GHz Core 2 Duo processor

You’ll probably also notice that the main board and cooling system is much closer to a notebook than a desktop machine, so this limits some upgrades, but your major components and readily obtainable from just about any retailer.

When you’ve finished servicing your system, be sure to use the provided cleaning cloth.