Exchange Certificate Woes - The name on the security certificate is invalid or does not match the name of the site

Recently, I had to replace an expiring Exchange 2010 SSL certificate however the issuer was unable to sign for a .local hostname (although previously this had been OK).

This meant that the new certificate only covered the external FQDN and not the internal ones:

Note the old Cert has a .local address listed

New Cert doesn't have the .local!

Once the new certificate had been installed, users began to see this error in Outlook:

"The name on the security certificate is invalid or does not match the name of the site"

The fix was to change the Exchange server settings for local lookups to point to the FQDN (so instead of servername, it would point at mailhost.domain.com). Here are the steps to take:

1. Ping mailhost.domain.com and confirm it resolves to the local IP of your Exchange server, if it doesn't you need to add the appropriate DNS entries to your local DNS server before proceeding.

2. Open the Exchange Management Shell and run the following commands:

Set-ClientAccessServer -Identity servername -AutodiscoverServiceInternalUrl https://mailhost.domain.com/autodiscover/autodiscover.xml 

Set-WebServicesVirtualDirectory -Identity "servername\EWS (Default Web Site)" -InternalUrl https://mailhost.domain.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "servername\oab (Default Web Site)" -InternalUrl https://mailhost.domain.com/oab

3. Open IIS Manager on the Exchange Server

4. Expand Local Computer and Click Application Pools

5. Right Click on MSExchangeAutodiscoverAppPool and choose Recycle

Close and re-open your Outlook client and you should no longer have the errors   

Windows Server 2012 (including R2) loses GUI after a role or feature install

I was asked today by a colleague about an issue he was experiencing with Server 2012 R2 where he would install the IIS role and associated features and then lose the GUI upon reboot, becoming a Server Core install.

The thing that he didn't mention was that he was removing .NET 4.5 as a feature each time. Under 2012 and R2, if you remove the .NET feature, it removes any dependent roles or features, such roles include Hyper V and the GUI. 

Simply adding the roles and keeping .NET ticked allows you to install the role AND keep the GUI.

But I already did that and googled for help...

If this happens, you need to reinstall the GUI from Powershell. The commands for doing this are:

1. Install .NET and Powershell from command line

DISM.exe /Online /enable-feature /featurename:NetFx4 /all

DISM.exe /online /enable-feature /featurename:MicrosoftWindowsPowerShell /all

2. Reboot then run the following Powershell commands....

Install-WindowsFeature Server-Gui-Shell

Install-WindowsFeature Server-Gui-Mgmt-InfraRestart-Computer

Why I'm voting no to independence

In just 8 days time, Scotland will go to the polls to vote on whether or not to become an independent country from the rest of the UK.

When the campaigns for and against the union kicked off two years ago, nobody actually thought things would come down to the wire and a near 50-50 split but a combination of continued dissatisfaction with the policies of the UK government in Westminster, a generally arrogant and backwards attitude from the "No" camp and a spirited social media driven campaign from the "Yes" side has edged the needle toward the middle for polling.

I've read a lot of "I'm voting yes" stories, some with very convincing arguments but personally I am voting No and here's why...

1. The big questions that haven't got answers
I'm not niaive enough to assume that every single possible factor and outcome should be considered and planned for but it really feels like nothing has been planned! The white paper that was published by the Yes camp a year ago is unable to offer a cold hard plan, just a lot of "we want this, we want that" making it more of a manifesto than a plan for disolving the union.

Some questions that have genuinely got no formal answers:

- Currency: The Yes side seem convinced that they will get the pound (and one way or another they will) but tying your fortunes to the very nation that you claim is cutting off your potential seems very backward to me. How will an independent Scotland be able to manage an economy that is directly affected but the decisions of a UK government in Westminister?

- Healthcare: Despite the fact that the Scottish parliament has 100% control over the NHS in Scotland, somehow things will be improved in an independent Scotland. This argument continues to baffle me

- Defense: Somehow we will be able to form, fund and run a defense force out of the ashes of Trident, the british army and the RAF

- Benefits: A large proportion of the Yes voters seem to be those who claim a lot of social care. They're going to be pretty disappointed when they find out that their benefits will be cut to fund all the other promises!

- Jobs: Somehow, despite the fact that the loss of the various state jobs that will come with a removal of Westminister and introduction of a "streamlined" Scottish Government, we are promised more jobs.

2. To certain parts of the country, it really won't matter
I live in the north east of Scotland, an area that tends to get limited interest from both Scottish and UK governments so regardless of how many people vote Yes, this area will still get passed over for infrastructure funding for road and rail, stimulus for business and generally every thing other than defense.

3.  Oil money
Sir Ian Wood, an expert in all things oil was cited by the Yes campaign repeatedly at the start of their campaign and oil was going to be the backbone of an independent scots economy, but when Sir Wood came out and said there was 20 years worth of oil remaining suddenly he was no longer trustworthy to that same Yes campaign and they now speak of a broad base of scottish industry including farming and tourism being the backbone.

My concern here is that aside from tourism, Scots industries are not in a position to support a whole country, particularly one whos chief export market will be the very place they want to be independent of! I recieved a very nice Yes leaflet recently which highlighted all the ways that Scotland can make money, but Oil was still the biggest by far.

Whether or not oil lasts for 2, 20 or 200 years, it will be the backbone for Scotlands economy and needs to be at the forefront of the discussion, not shoved out of sight when it doesn't suit!

An argument I hear frequently tossed is the McCrone report which, in a nutshell was a buried UK government report on oil in the 1970s which strongly implied that Scotland could survive on its Oil without the rest of the UK.

My answer to that is simply that 40 years is a long time and a great many things have changed including the size and age ranges of the population, the numbers now on some form of social care or benefits and the costs of running a country.

I won't sit and defend the UK government for burying a report 40 years ago but I also won't punish the current government for something it didn't do. In other words the report is a null point in modern life and a null point in the referendum campaign.

4. Xenophobia and ignorance
Let me preface by saying that I will always respect the opinion of anyone who respects mine and i've had some spirited debate with people who are voting yes.

There is however a great deal of xenophobia surrounding the Yes campaign, with far too many people voting Yes with a "F*ck the English" attitude as their motivation, particularly people who are following friends or family with this attitude rather than making up their minds based on facts.

Yes, the poll tax and Thatcherism were brutal for Scotland but it has been several decades since then and the governments of today and the problems and solutions of today should be the forefront of the debate, not ancient grudges.

I'm aware that some of the problems of today are related to or were caused by the issues of the 70's and 80's but how will going independent change that? Will Alex Salmond be recommissioning mining in the central belt in two years time? I doubt it...

5. Immediate Consequences
At the end of the day, despite any promises to the contrary, it will be at least five years before the impact of an independence vote will really be felt by people and ten years before the true extent of what has happened and what lays ahead will become clear.

The days and months following a Yes or No result will be critical in shaping the future of both Scotland and the UK but the true result will be what is felt by our children and their children and that needs to be at the forefront of any decisions we make.

Yes, some people and even some businesses will have snap reactions to the result, some may be violent but it's so important that we get it right and don't descend into infighting.

Conclusion
I doubt that anyone reading this will have been convinced to change sides suddenly but I hope that I may have made you stop and think about the process you are using to make your decision.

I am voting no for the reasons i have outlined here and because for all its faults - and there are many - the UK is the safest horse to bet on in this race and I don't want to leave my kids futures in the hands of giant question marks.

RIP Rik Mayall (1958-2014)

Yesterday lunchtime, Rik Mayall, one of the pioneers of British alternative comedy in the 1980's and 1990's passed away at 56 years old.

Whats apparent is just how few news outlets have gone beyond Wikipedia in their research of the man. I have read the same exact paragraphs on at least five different sites in the 24 hours. To that end, I wanted to pay tribute to Mayall without using the same quotes from Ade Edmondson and David Walliams that EVERY news outlet is running.

To a young boy growing up in a religious household in the 1990s, the comedy stylings of Bottom were a thing of legend. I happened to catch a repeat on BBC2 late one night when everyone else was in bed and from then I was hooked. The OTT slapstick violence was an amazing thing to see. I remember prancing around to the end credits with my brother until the inevitable eye-poke and then getting roared at to get back to bed because we were making such a racket.

Later, as a young adult I remember rediscovering Mayall's work through the constant stream of BBC archive DVDs being trotted out in the 2000's and rolling with laughter again at the mayhem and mania, this time with a greater understanding of the double entendre and subtext of some of the gags. I also recall a genuine delight at the outtakes showing just how much fun these gents had making those shows.

One of the first things my future wife and I happened to watch together was Drop Dead Fred, a film that only survives in my memory because of Mayall's manic brand of comedy.

Mayall was someone who could capture attention and admiration from those he watched, because there was not a single subtle thing about him. He was a loud, brash, unapologetically funny guy.

I just want to say thanks to a giant of comedy for a lifetime of laughs.

The Yodel Game

It's that time of year again when we order a lot of things online for Christmas. Dealing with most couriers in the North East of Scotland is a nightmare, the main distribution hubs for the big couriers are located in Aberdeen and Inverness, with a mish-mash of local and/or independent couriers filling the gaps further afield. This generally means that if you are quoted a delivery date of 1st December by the mainstream courier, that date actually reflects when it reaches their final hub, BEFORE it's passed on to the indie couriers. This can add a day or two onto the expected delivery date, what I call "The Highland Rule". The exception to this rule is Parcel Force, who use the Royal Mail network and so can meet the delivery date.

This time of year is also the most common time to play "The Yodel Game".

The Yodel game, for the small minority who have not played is quite a simple one to learn, but a very hard one to win.

Here's how to play:

1. Place an order for home delivery with Amazon, Argos, Littlewoods or one of the many companies that use them
2. Wait at home on delivery date (plus next working day after for the "Highland Rule")
3. Discover that you have missed your delivery by one of the following:
-Get card stealthily put through door without a knock or a ring
-Tracking website informs you that you have been carded, even though you don't have a card
-Tracking website informs you that you have already signed for the item

4. Call company you ordered from or call Yodel and receive same incorrect information as on tracking website and be told it will be redelivered
5. Repeat steps 2 - 4 for up to 7 days
6. Receive Parcel (Probably, otherwise start again at step 3)

Yodel is a special kind of courier (as seen on Watchdog), they claim to be the UK's biggest by quite some margin and they handle far too many of the UK's deliveries (purely on a cost basis, no doubt) but in reality Yodel is a extremely loose network of independent drivers, each with their own habits and hours of operation. This is Yodel's @HOME brand.

The @HOME Yodel model is a fairly simple one (and not one that is exclusive to them either). Yodel employs independents to deliver their parcels, with a commission of 40-70p per signed for delivery. Each day, the big Yodel van will turn up at the home of an independent and drop off the parcels to be delivered that day. This delivery can occur any time during the working day, so your local delivery bod may not recieve parcels until late afternoon. They are then responsible for delivery of said parcels to their recipients.

And here's where the system really starts to fail...

Say Mrs Smith from ten minutes down the road is your local Yodel delivery person, trying to make a bit of extra cash to suppliment the family income. Now Mrs Smith has recieved some rather large parcels for you, but they won't fit in her little Corsa, she'll have to wait until her Son is free at the weekend so she can get him to drop it off in his van. Does she come and tell you this? Does Yodel phone you to advise? No, of course not. You're just left to wonder if you will recieve your parcel.

What about Billy down at Number 42? He likes a night out with his mates, the Yodel stuff was dropped off at 4.30pm and he was just about to head down to the pub. Will he tell his mates to wait until he does his deliveries? I doubt it. Will he feel like delivering tomorrow when he has a brutal hangover? Don't count on it. Maybe he'll just scribble some signatures down so he gets his commission and maybe he'll drop them off when he feels more up to it. Again, does anyone pass on a revised delivery date? Does anyone care?

Now I mentioned that the Yodel game is a hard one to win, suggesting that there are ways to win. Based on the disaster that was last years Christmas delivery season, I can make the following "strategic suggestions":

1. Put a sign on your door instructing couriers to Knock/Ring the Bell and if no answer then please leave in such and such a place. Sign it and put your name underneath (like a letter). This counts as a delivery signature/instruction and most couriers will respect this. Of course, if your delivery person is Mrs Smith or Billy, then this won't work, but for the delivery person who doesn't intend on hanging about it works pretty well - just be careful where you have them leave it and check this place regularly!


2. I work in Aberdeen, so wherever possible I get parcels delivered to my office. This means that I'm close to a main distribution hub and my parcel will be delivered by the original courier rather than play pass the parcel with Indies.


3. Choose delivery options that aren't Yodel/Independent friendly - many websites have delivery options that Yodel can't do such as a one hour window (DPD) or by 1pm (Royal Mail). This one can be a bit of a pain because unless the website lists which courier provides which service, you can only assume that it won't be Yodel.

The reason these big companies choose Yodel is because they are cheap - and very much for a reason, but we need to take some responsibility too. The next time you tick "Free Delivery" on Amazon, think about whether or not you want to play The Yodel Game.

Citrix Error 61 on Mac

Recently, one of our clients updated the SSL certificate for their Citrix remote access website. This proved to be quite an issue for users with Macs running the Citrix Reciever, which didn't want to play ball. Generating the error message SSL Error 61: You have not chosen to trust "<authority>", the issuer of the server's security certificate. Error number 183  when they tried to launch an application.

Doing what all IT Professionals do best, I googled it. Unfortunately, the majority of the results referred to different scenarios, mostly under older versions of the Citrix client (The dreaded ICA!).

After a very long afternoon of back and forth with one of the affected users, I was able to get things working by taking these steps:

1. On a PC, browse to the problem Citrix website with Internet Explorer
2. Open Tools >> Internet Options >> Content >> Certificates >> Intermediate Certification Authorities
3. Find the name of the cert in the error message (Above) and click on it and click Export
4. Click Next >> Select DER encoded Binary X.509 (.CER) >> Next
5. Save as the same name as the original error message. (e.g. COMODO SSL CA) and Finish the wizard
6. Rename the saved file extension to crt and transfer this file to the Mac
7. On the Mac, open Applications/Citrix ICA Client and create a folder called keystore
8. Open the keystore folder and create a subfolder called cacerts
9. Copy the crt file you created into this folder
10. Open Keychain and click logon from the left pane
11. Choose File>>Import items
12. Browse to the crt file and import. Set all permissions to trusted for the certificate
13. Close browser completely and re-open, browse to problem page and open an application, it should now load successfully
 
That's right, you use a PC to fix the Mac. Good Times...

Sony Bites Back: PS4 Announced

So, the worst kept secret in the videogame industry was outed last night when Sony officially announced the Playstation 4 - scheduled to be in your living room this Christmas (or undoubtedly Easter for those of us in the Eurozone).

This announcement is significant in a lot of ways for Sony, the Playstation brand and indeed for Microsoft - the arch nemesis for said brand.

Playstation 4 announced in NYC

I am a diehard Playstation guy, having owned every Playstation console to date but I was concerned that for the second generation running, Sony was going to be playing catch-up to Microsoft. Yes, rumors of SDK's going out to developers were persistent but there was more talk of Xbox 720 release timescales and reveals than anything else. I would say I've heard more about the Xbox 720 in the last year than I have about the WiiU - a console that is already on shelves!

When Sony announced their "Playstation 2013" event, I was sceptical - moreso following the reveal of the tablet controller patent a few weeks ago - I thought we would see some combination of the tablet, a Vita hardware refresh or something new for Move. I was also concerned that Sony was again all to content to sit back and see what Microsoft was up to. The seventh console generation caused the Playstation Brand a lot of damage early on, with the console being seen as second best for at least half of its lifetime before games like the 2nd and 3rd Uncharted titles and the LittleBigPlanet series broadened appeal.

But as February has moved forward, the rumor mill has gone into overdrive - every gaming site has had an exclusive about the Dualshock 4 controller, analysing and arguing over whether any of the steady stream of pictures was infact legit or just what the new buttons would do and it got to the point last night where a last pang of concern hit me - what if it's really not being announced?

If Sony had played the same game as before and left things until later, then the Playstation brand could have been damaged beyond repair. Microsoft would have delightedly announced the next Xbox at E3 in the summer and Sony would see an increase in pre-owned console sales over Christmas.

Thankfully that has not happened and now it's Microsoft caught on the back foot and that is the best thing for them - the 360 has peaked and is now in steady decline. The innovation that helped the console has deserted it and now Microsoft needs to innovate to get back in the game. My prediction is that Sony will demo the actual console hardware at E3, which will again steal thunder from Redmond, who are still on track to announce then.

Sony has bitten back in a big way with the sudden appearance of the PS4 and it may be enough to win the 8th generation war in the way Microsoft and Nintendo took the 7th by storm.