Jun 14 2011

Windows MTU Size

How to check Windows MTU size

To check the Vista MTU settings, open cmd.exe Run as Admistrator. Then type the following command:

netsh interface ipv4 show subinterface

It will display the result like below.
MTU MediaSenseState Bytes In Bytes Out Interface
—— ————— ——— ——— ————-
4294967295 1 0 40265 Loopback Pseudo-Interface 1
1300 2 91588 17394 Wireless Network Connection
1300 1 474010728 227948381 Local Area Connection

 

How to set Windows MTU size

To reset Vista MTU size, open command prompt as administrator and the use this following command
"netsh interface ipv4 set subinterface "Connection name" mtu=#### store=persistent"

For example the "Connection name" is Wireless Network Connection, the mtu #### is 1500, you will do: netsh interface ipv4 set subinterface "Wireless Network Connection" mtu=1500store=persistent.


Jun 10 2011

L2TP Over a NAT/VPN Device

By default, Windows XP SP2 no longer supports IPsec NAT-T security associations to servers that are located behind a network address translator. Therefore, if your virtual private network (VPN) server is behind a network address translator, by default, a Windows XP SP2-based VPN client cannot make a L2TP/IPsec connection to the VPN server. This scenario includes a VPN server that is running Microsoft Windows Server 2003.

This default behavior can also prevent computers that are running Windows XP SP2 from making Remote Desktop connections with L2TP/IPsec when the destination computer is located behind a network address translator.

Because of the way that network address translators translate network traffic, you may experience unexpected results when you put a server behind a network address translator and then use IPsec NAT-T. Therefore, if you require IPsec for communication, we recommend that you use public IP addresses for all servers that you can connect to directly from the Internet.

To create and configure the AssumeUDPEncapsulationContextOnSendRule registry value, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.

2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec

3. On the Edit menu, point to New, and then click DWORD Value.

4. In the New Value #1 box, type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.

5. Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.

6. In the Value Data box, type one of the following values:

  • 0 (default)
    A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind network address translators.
  • 1
    A value of 1 configures Windows so that it can establish security associations with servers that are located behind network address translators.
  • 2
    A value of 2 configures Windows so that it can establish security associations when both the server and the Windows XP SP2-based client computer are behind network address translators.

7. Click OK, and then quit Registry Editor.

8. Restart the computer.


Jun 10 2011

L2TP Split Tunneling Control

The default behavior for a Microsoft L2TP VPN add a new default route for the VPN connection and modifies the existing default route to have a higher metric, this causes all traffic to be forced through the VPN Tunnel.  You have a couple of option depending on what the clients need to actually access.

1. To access only devices on the VPN destination subnet over the tunnel you can disable the “Use default gateway on remote network” option.  Select Internet Protocol (TCP/IP) on the Networking tab for the properties of the VPN connection. Click Properties, and then click Advanced. In Advanced TCP/IP Settings, on the General tab, clear the Use default gateway on remote network check box.

clip_image001

2. If additional network need to be reachable you can add manual routes using a .cmd file or other method.  The route commands need to use the IP address that is dynamically assigned during the connection to the VPN client computer (by the VPN server) as the gateway IP address.

Example Command: route add 10.0.0.0 mask 255.0.0.0 [Client IP]

Split-tunneling Security Issues

When a VPN client computer is connected to both the Internet and a private intranet and has routes that allow reachability to both networks, the possibility exists that a malicious Internet user might use the connected VPN client computer to reach the private intranet through the authenticated VPN connection. This is possible if the VPN client computer has IP routing enabled. IP routing is enabled on Windows XP-based computers by setting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Tcpip \Parameters\IPEnableRouter registry entry to 1 (data type is REG_DWORD).

If you must use split tunneling, you can help prevent unwanted traffic from the Internet by doing the following:

Use the Network Access Quarantine Control feature in Windows Server 2003 to check whether connecting VPN clients have IP routing enabled and, if so, do not allow VPN access until it has been disabled.   Use IP packet filters on the VPN remote access policy profile to discard both inbound traffic on the VPN connection that has not been sent from the VPN client and outbound traffic that is not destined to the VPN client. The default remote access policy named Connections to Microsoft Routing and Remote Access server in Windows Server 2003 has these packet filters configured by default.


Feb 2 2011

Chemistry Add-in for Word

http://chem4word.codeplex.com/

Version 1.0 release

We are launching the Chemistry Add-in for Microsoft Word v. 1.0 on 1 February 2011 and are also pleased to announce that we have become part of the Outercurve Foundation (http://www.outercurve.org/) in theresearch accelerators gallery.

The release version of the program is available from the downloads page along with the source code as a .ZIP package. The source code is also available under mercurial from the Source Code tab. Since our beta release in March 2010 we have been making several usability improvements including an improved 2D editor, some bug fixes, and also a completely refactored codebase. The package names have been changed to better reflect what they are doing, we have added new packages and we have moved various pieces of code (for example the navigator) from one package to another.

Introduction

The Chem4Word Project (http://research.microsoft.com/chem4word) began in 2008 as a collaboration between Microsoft Research and the University of Cambridge, designed to make it easier to insert and modify chemical information (labels, formulas, 2-D depictions, etc.) from within Microsoft Office Word, and also to have the chemical information stored and manipulated in a semantically rich manner.

On March 22, 2010, at the ACS meeting in San Francisco, CA, we announced the availability of a beta build, and we are now launching Chem4Word as an open source project overseen by Dr Joe Townsend.


Jan 31 2011

Error when double clicking an Office Document: Windows cannot find the file

Windows would give me an error whenever I tried to open a document outside of Word or Excel.

Windows cannot find ‘path\file’

Opening the file from within Word or Excel worked without an error.

1.In the Office application go to  Options, click the Advanced category, and clear the Ignore other applications that use Dynamic Data Exchange (DDE) check box.

2.In Windows, open a command prompt

3.Navigate to the Office directory.
On my machine that is C:\Program Files\Microsoft Office\Office14

4.Enter these commands:

excel.exe /unregserver
excel.exe /regserver
winword.exe /unregserver
winword.exe /regserver


Oct 22 2009

Exchange 07 One Year after Install
(Event ID: 12018 or 12016)

If your Exchange 2007 Server is approaching or past its one year anniversary you may start seeing the following errors in the Application Event Log

Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Description: The STARTTLS certificate will expire soon…

or

Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12016
Description: There is no valid SMTP Transport Layer Security (TLS) certificate…

Continue reading