Technical Blog on all things WIFI, Cisco, Meraki, Microsoft, Apple, Security, With Special Interests in Apple Home Kit, Automation, C-BUS, Office 365, Ethernet POE
30 Jan 2020
Poor Wifi Performance with Meraki and Zebra
Had Customer getting poor performance between Meraki AP and Zebra Scanner. The new custom app would freeze and lockup.
I checked the Wifi installation and apart from some AP mounting issues the wireless was good.
Speed tests from the device to the WLAN PI were showing 400 Mbps and using Wifi Scanners there were very few retransmission's.
Next was a WIFI Capture using Air-check G2. Make sure you capture the connection to the network (4 ways handshake) so you decrypt the packets later in wireshark.
Analysis in wireshark showed a lot of TCP retransmission's but why ?
Pings from the network to the wireless device were rock solid and were < 1ms and this is where I should have realised something was wrong. It was too good for a wireless network., but I did not pick this up.
Meraki are great you can do packet captures on the wireless and wired side of the AP.
A capture on the wireless side showed the same as the Air-check G2 capture a lot of TCP re transmission and resets.
I do not know why but I did a capture on the WIRED side and I was glad I did.
This show another MAC using the same IP address (A Printer !)
Was the issue as simple as a duplicate IP. After checking the DHCP scope the printers static IP was exactly in the DHCP range !
Changing the printer to be a DHCP reservation and rebooting the wireless device the device got a new IP and all was working fine....
This was good new as the customer was going to get another scanner to test with and it would have worked perfectly and then might have wrongly assumed that the other scanner was faulty.
After talking to the IT support dept they had received calls with issues with the printer but they thought was resolved as the scanner was not used over the last 2 weeks (till I came in !)
Contributing to this was the LONG DHCP least time so the scanner kept getting the same IP address from DHCP.
So a wireless issue was a simple duplicate IP.
I should have picked up at the PING stage, I was pining the printer on the LAN not the wireless device. !!!
But did resolve AP install issues and optimised the wireless for these devices.
26 Jan 2020
Disable 365 Azure Directory Windows Hello
Microsoft 365 Azure Directory is great way to manage corporate Machines
By default Windows HELLO is enabled
This if fine if there is ONLY 1 user on the PC and it is NOT shared
Do disable you need to go to IN TUNE console
https://portal.azure.com/#blade/Microsoft_Intune_Enrollment/EnrollmentMenu/windowsEnrollment
now here...
https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/windowsEnrollment
then
22 Jan 2020
New Cisco AP Fails to Join Controller
Field Notice: FN - 70479 - Out-Of-The-Box AP Fails to Join Controller or Joins with Single Radio Due to Country Mismatch - Replace on Failure
https//www.cisco.com/c/en/us/support/docs/field-notices/704/fn70479.html
A newly installed Access Point (AP) fails to join its controller or it joins the controller, but is only able to bring up one radio due to a manufacturing mismatch between the AP's domain and the radio's domain.
On a Mobility Express (ME) AP, the 2.4GHz radio will come up in Day 0 mode; however, after you configure the correct country code, the internal AP might fail to rejoin or might bring up only one radio.
AP28xx
AP38xx
AP48xx
AP18xx
You can use this URL to check the serials
http://serialnumbervalidation.com/70479/cgi-bin/index.cgi
NOTE: if using a BARCODE SCANNER to read the serial numbers off the BOX Cisco prepends a "S" to the Serial and the "S" needs to be removed.
20 Jan 2020
Meraki WiFi Cameras
Meraki WiFi Cameras Gen 2
Are 1x1 Dual Band 802.11AC 2.4Ghz and 5Ghz Client.
Can have 3 SSID Primary and Secondary and backup
(I connect the backup to Phone Hot Spot for config)
Small Patch Antenna (in MV32) has 2 antennas to pick from (remember it is a client) hard for a camera of this quality with all metal chassis to make wireless work but they did.
Outdoor Cameras have the antennas hidden under plastic dome
Another handy power feature for Camera or (other POE device) You need this to power if Wireless ONLY. or other POE adapter. this is good if there is existing 12V power from old camera.
Remember Meraki Cameras record ONBOARD so the wireless will have little use unless viewing footage.
The Meraki Device
AUTO Voltage and AUTO Polarity Sensing
12Vdc 2.75A 24V AC 2.2A
POE 54V 23W (not quite POE Plus but more than POE.)
MA-PWR-MC-LV or called the "Eyepatch" power supply
Active Directory, Azure Directory Sync
You Need
DirectorySyncClientCmd.exe
Force a SYNC to office 365 NOW (if you don't want to wait for 30 min for the sync)
From Power Shell (Admin)
Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"
Start-ADSyncSyncCycle -PolicyType Delta (whats changed)
Or
start-ADSyncSyncCycle -PolicyType Initial (total resync)
Enable ADSI Editior (if registry is corrupt and not showing in MMC)
regsvr32 /u adsiedit.dll (remove)
regsvr32 adsiedit.dll (add)
Making missing fields visible
http://activedirectoryfaq.com/2014/10/ad-attribute-editor-missing-make-search-visible/
List Domain Information
Ldifde –f domaindump.ldf
Connecting Power Shell to office 365 account
Connect-Msolservice
Get-MsolUser -UserPrincipalName joe@fred.onmicrosoft.com | fl
17 Jan 2020
ADSL 10/1 to NBN FTTC 50/20 Change over
Changed a customer over from ADSL 10/1 to NBN FTTC 50/20
FTTC Fibre to the Curb
Fibre to the PIT outside and VDSL over copper to inside modem
Did you know that the customer modem supplies power to the PIT equipment ! (you are paying to power telco equipment !)
Certainly an improvement
Latency went from 60ms to google to 20ms And so far the loss is 0%
16 Jan 2020
Win10 Wifi SSID and Password you have saved
This is handy to see the PSK for already connected to Wifi Networks
run command prompt as ADMIN
netsh wlan show profile
show the profiles
netsh wlan export profile folder=c:\ key=clear
Saves the password in .xml files in c:\
15 Jan 2020
DeBloat Fresh Windows 10 for Corporate
When you get Windows 10 Pre installed on New PC a lot of non used apps
This is a great tool
https://www.pcdecrapifier.com/
For 3rd party apps
But for MS apps I use this script.
Open a ADMIN Power shell
and Paste in between the lines.
===================================================================
# Description:
# This script removes unwanted Apps that come with Windows. If you do not want
# to remove certain Apps comment out the corresponding lines below.
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1
Write-Output "Elevating privileges for this process"
do {} until (Elevate-Privileges SeTakeOwnershipPrivilege)
Write-Output "Uninstalling default apps"
$apps = @(
# default Windows 10 apps
"Microsoft.3DBuilder"
"Microsoft.Appconnector"
"Microsoft.BingFinance"
"Microsoft.BingNews"
"Microsoft.BingSports"
"Microsoft.BingWeather"
#"Microsoft.FreshPaint"
"Microsoft.Getstarted"
"Microsoft.MicrosoftOfficeHub"
"Microsoft.MicrosoftSolitaireCollection"
#"Microsoft.MicrosoftStickyNotes"
"Microsoft.Office.OneNote"
#"Microsoft.OneConnect"
"Microsoft.People"
"Microsoft.SkypeApp"
#"Microsoft.Windows.Photos"
"Microsoft.WindowsAlarms"
#"Microsoft.WindowsCalculator"
"Microsoft.WindowsCamera"
"Microsoft.WindowsMaps"
"Microsoft.WindowsPhone"
"Microsoft.WindowsSoundRecorder"
#"Microsoft.WindowsStore"
"Microsoft.XboxApp"
"Microsoft.ZuneMusic"
"Microsoft.ZuneVideo"
"microsoft.windowscommunicationsapps"
"Microsoft.MinecraftUWP"
"Microsoft.MicrosoftPowerBIForWindows"
"Microsoft.NetworkSpeedTest"
# Threshold 2 apps
"Microsoft.CommsPhone"
"Microsoft.ConnectivityStore"
"Microsoft.Messaging"
"Microsoft.Office.Sway"
"Microsoft.OneConnect"
"Microsoft.WindowsFeedbackHub"
#Redstone apps
"Microsoft.BingFoodAndDrink"
"Microsoft.BingTravel"
"Microsoft.BingHealthAndFitness"
"Microsoft.WindowsReadingList"
# non-Microsoft
"9E2F88E3.Twitter"
"PandoraMediaInc.29680B314EFC2"
"Flipboard.Flipboard"
"ShazamEntertainmentLtd.Shazam"
"king.com.CandyCrushSaga"
"king.com.CandyCrushSodaSaga"
"king.com.*"
"ClearChannelRadioDigital.iHeartRadio"
"4DF9E0F8.Netflix"
"6Wunderkinder.Wunderlist"
"Drawboard.DrawboardPDF"
"2FE3CB00.PicsArt-PhotoStudio"
"D52A8D61.FarmVille2CountryEscape"
"TuneIn.TuneInRadio"
"GAMELOFTSA.Asphalt8Airborne"
"TheNewYorkTimes.NYTCrossword"
"DB6EA5DB.CyberLinkMediaSuiteEssentials"
"Facebook.Facebook"
"flaregamesGmbH.RoyalRevolt2"
"Playtika.CaesarsSlotsFreeCasino"
"A278AB0D.MarchofEmpires"
"KeeperSecurityInc.Keeper"
"ThumbmunkeysLtd.PhototasticCollage"
"XINGAG.XING"
"89006A2E.AutodeskSketchBook"
"D5EA27B7.Duolingo-LearnLanguagesforFree"
"46928bounde.EclipseManager"
"ActiproSoftwareLLC.562882FEEB491" # next one is for the Code Writer from Actipro Software LLC
"DolbyLaboratories.DolbyAccess"
"SpotifyAB.SpotifyMusic"
"A278AB0D.DisneyMagicKingdoms"
"WinZipComputing.WinZipUniversal"
# apps which cannot be removed using Remove-AppxPackage
#"Microsoft.BioEnrollment"
#"Microsoft.MicrosoftEdge"
#"Microsoft.Windows.Cortana"
#"Microsoft.WindowsFeedback"
#"Microsoft.XboxGameCallableUI"
#"Microsoft.XboxIdentityProvider"
#"Windows.ContactSupport"
)
foreach ($app in $apps) {
Write-Output "Trying to remove $app"
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers
Get-AppXProvisionedPackage -Online |
Where-Object DisplayName -EQ $app |
Remove-AppxProvisionedPackage -Online
}
# Prevents "Suggested Applications" returning
force-mkdir "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content"
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content" "DisableWindowsConsumerFeatures" 1
====================================================================
14 Jan 2020
Show Hidden Devices in Windows
When a device is NOT connected to windows computer you can not see it in device manager
This can be a pain when you want to remove old drivers for a device that is not working.
People also do not realise that installing the same device in a different USB port installs new device instance.
This is why when you have NO Serial ports but when you install one it sets up as COM9 as you have 8 hidden com ports in device manager.
to see hidden devices you need to set environment variable "devmgr_show_nonpresent_devices" equal to 1
you could do at command prompt (run as admin)
Type:
set devmgr_show_nonpresent_devices=1
devmgmt. msc
or if you want it permanent then add to a system environment variable
In device manager go to VIEW and select SHOW hidden devices.
you can then see them grey... and you can edit and remove them
Also good for removing old devices when you upgrade a motherboard or graphic card
This can be a pain when you want to remove old drivers for a device that is not working.
People also do not realise that installing the same device in a different USB port installs new device instance.
This is why when you have NO Serial ports but when you install one it sets up as COM9 as you have 8 hidden com ports in device manager.
to see hidden devices you need to set environment variable "devmgr_show_nonpresent_devices" equal to 1
you could do at command prompt (run as admin)
Type:
set devmgr_show_nonpresent_devices=1
devmgmt. msc
or if you want it permanent then add to a system environment variable
In device manager go to VIEW and select SHOW hidden devices.
you can then see them grey... and you can edit and remove them
Also good for removing old devices when you upgrade a motherboard or graphic card
Meraki Client VPN (Windows 10)
Meraki Client VPN has always been tricky to setup on windows 10.
To make matters worse Microsoft introduced a BUG in windows 10 latest builds that the GUI stops the VPN connecting if you use the standard VPN connection method of clicking on the network icon in the bottom right.
Go get around this bug you need to right click on the network icon "Open Network and Internet Settings"
and select VPN here
Then select the VPN connection and press connect. The advantage of doing it this way is you see the connection progress and errors.
Users find this particularly hard to remember.
Also setting up the VPN requires going into OLD GUI (as new GUI does not have this setting) to turn on PAP Authentication.
This is not easy to get to either requiring over 6 menus and mouse clicks.
Windows 10 Still has the old RASPHONE program I have discovered this is a much better way to do the client VPN
This always works from experience, and is easy way to check the VPN
properties to make sure the only protocol checked is "Unencrypted
password (PAP)" by clicking the properties button , You then always connect using the rasphone
client.
You create a
shortcut on Desktop (or push one out within GPO) to
target: C:\Windows\System32\rasphone.exe
Much Easier !! (You can even change the ICON if you want too)
**NOTE**
Also be aware that if the CLIENT gets an IP V6 Address due to a Meraki Bug the VPN will not connect. This some times happens when clients are hot spotting with there phones. The fix here is do disable IPV6 on the interface that is connecting to the host spot. The event log will log the message, "msg: unsupported ID type 5."
If the identification field value is 5 in the identification payload,
this means the payload is carrying the ID type 'ID_IPV6_ADDR.' Meraki
does not currently support ID type 5, so an error will appear for these
ISAKMP messages.
A question for you group policy experts out there.
I have been trying to put the Meraki L2TP VPN Client config in Group Policy. I have done it all except the L2TP preshared key. if you know how to so this PLEASE let me know in the comments.
Additional Links
11 Jan 2020
Cisco WiFi Links that I use regularly
Wireless LAN Compliance Lookup
Country Codes Lookup too
https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html
Cisco Aironet Antennas and Accessories Reference Guide
https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/product_data_sheet09186a008008883b.htmlCisco Wireless Solutions Software Compatibility Matrix
Cisco Access Point and Wireless Controller Selector
DHCP OPTION 43 for Lightweight Cisco Aironet Access Points
8 Jan 2020
All POE Splitters are not the same
There is an great device called the WLANPI is it very use full in all aspects of WLAN testing.
https://www.wlanpi.com/
I will do a another blog on this later......
This device has a GIG Ethernet network and can do IPERF speed testing. Sometimes the only hassle is powering the device (USB Micro).
POE is generally 48V way to much for the WLANPI 5v but I saw a device that splits out the power and converts to 5V micro USB
I bought one and it worked fine but could only get 100Meg I then realised the the network cable ONLY had 2 pairs.
You need all 4 Pairs for GIG Ethernet. Got another one from
https://www.iot-store.com.au/products/gigabit-poe-splitter
and this one is GIG.
if you compare the 100Meg one and the 1000Meg one they look the same
the only difference you can see is there is ONLY 2 PAIRS in the 100 Meg one
7 Jan 2020
Connectors in WIFI
Generally if you use one vendors access points and external antennas you may not notice that the plugs and sockets are special.
I have been working with Cisco Access Points for years and they use the Reverse Polarity TNC connector.
On your BBQ they have a special reverse thread so the general public cannot just use general plumbing parts to connect gas and need specialized parts.
The same was applied to WIFI, So users could not just plug in the biggest antenna they could get at the local shop the connectors needed to special so the vendor could try and control the MAX power output of their APs
Most AP vendors use the Reverse Polarity connector approach
Standard Connector
Reverse Polarity Connector
A reverse polarity coax connector is a variation of a standard polarized connector in which the gender of the interface has been reversed. The term “reverse polarity” refers to the gender of the center contact pin.
I got caught today I was using a radio receiver and need a 2.4Ghz antenna. I just grabbed one off a access-point I had laying around and thought all was good.
What looked like a good connection was not. No signal to antenna.
Looked tight and good.
no center pin
You can get all sorts of adapters on EBAY !
one with 2 pins
Fixed....
I have been working with Cisco Access Points for years and they use the Reverse Polarity TNC connector.
On your BBQ they have a special reverse thread so the general public cannot just use general plumbing parts to connect gas and need specialized parts.
The same was applied to WIFI, So users could not just plug in the biggest antenna they could get at the local shop the connectors needed to special so the vendor could try and control the MAX power output of their APs
Most AP vendors use the Reverse Polarity connector approach
Standard Connector
Reverse Polarity Connector
A reverse polarity coax connector is a variation of a standard polarized connector in which the gender of the interface has been reversed. The term “reverse polarity” refers to the gender of the center contact pin.
I got caught today I was using a radio receiver and need a 2.4Ghz antenna. I just grabbed one off a access-point I had laying around and thought all was good.
What looked like a good connection was not. No signal to antenna.
Looked tight and good.
no center pin
You can get all sorts of adapters on EBAY !
one with 2 pins
Fixed....
6 Jan 2020
NBN
Love that CAT5E cable need to be compatible with the National Broadband Network ! All cat5e cables are compatible even old ones. So many scams due to miss information.
You MUST upgrade you PABX so NBN compatible. They don't tell you all PBX can work on NBN you just need the right converter box.
SPA8000 8 Line Converter box
Types Of NBN
- Fibre to the premises (FTTP)
- Fibre to the node (FTTN)
- Fibre to the basement (FTTB)
- Fibre to the curb (FTTC)
- Hybrid Fibre-Coaxial (HFC)
- Fixed Wireless. ...
- Satellite (Sky Muster)
Generally you can get 100/40 speeds on FTTP, FTTB, FTTC and HFC
But FTTN speed depends on cable length (VDSL2)
So you need to know how far your node is.
Nodes physically looks like this (without the sign !)
Subscribe to:
Posts (Atom)