Saturday, June 26, 2010

Active X Warning on Cisco WVC210

SkyHi @ Saturday, June 26, 2010

Active X Warning on WVC210 - Can't install so can't 'view Video' - Help


Hi, I've installed my Linksys WVC210 and I can access it via the Web
(name.linksysnet.com:1024) from my Laptop at home, my PC at work even my
iPhone. I've tried to view my Cam on my travel laptop which has Win XP,
AV up to date, latest patches etc, but when I click on the Active X
bar, I get a message saying that' Windows has blocked this software
because it can't verify the Publisher'  - Unkown Publisher.  Seems that
the Digital Certificate expired on 7/11/2009. I can still access the Cam
from my existing laptop, iPhone etc.

I don't know how to
update this as the Linksys\Cisco site have no reference to this -  the
file it tries to install is Linksys210viewer.cab - anyone anyideas?


Solution:


Are you using IE 8?  Please let me know, as I just discovered this today.

Here is the workaround.

Click tools on the top, then Internet options. In the new window that opens, click the security tab on top. Then click the custom level button towards the bottom. In the new window, scroll down until you see ActiveX controls and plug-ins. Scroll down in this category until you find, Download unsigned ActiveX controls (Not Secure) Change from disabled to enabled. Click Ok on bottom then apply and ok on next windows.
Now click to view camera and install activeX.  once done go back and undo the security changes.  A 1 time process.


2.




You'll need to go here and download an executable file to
install the new key. Close your Browser, run the file and when you
reopen the Browser there will not be anymore error message.

http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=1.0.0&mdfid=282414033&sftType=Internet+Camera+Firmware&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+WVC210+Wireless-G+PTZ+Internet+Video+Camera+-+2-way+Audio&treeMdfId=280249565&treeName=Physical+Security+and+Building+Systems&modifmdfid=null&imname=&hybrid=Y&imst=N&lr=Y




REFERENCES
http://homecommunity.cisco.com/t5/Cameras/Active-X-Warning-on-WVC210-Can-t-install-so-can-t-view-Video/m-p/270258
















Thursday, June 24, 2010

2007 Office cannot be used on Terminal Server

SkyHi @ Thursday, June 24, 2010

SYMPTOMS

When you try to start a Microsoft 2007 Office program within a
Terminal Server client session, you may receive the following error
message:
This copy of Microsoft Office Program cannot
be used on Terminal Server. Please contact your local authorized
Microsoft retailer for more information.


CAUSE

This issue occurs when a retail edition, a trial edition, a pre-installed edition (PIPC), or an OEM edition of a 2007 Office program or suite is installed on a Terminal Server computer. Terminal Server does not support the installation of these editions of 2007 Office programs or suites.

RESOLUTION

To resolve this issue, remove these editions of the 2007 Office suite or
program from the Terminal Server computer. Then, install an edition
that uses a Volume License Key with the 2007 Office suite or a program
that does not require License Activation.

MORE INFORMATION

To resolve this issue, remove these editions of the 2007 Office suite or
program from the Terminal Server computer. Then, install an edition
that uses a Volume License Key with the 2007 Office suite or a program
that does not require License Activation.


REFERENCES
http://support.microsoft.com/kb/924622




Wednesday, June 23, 2010

Cygwin OpenSSH

SkyHi @ Wednesday, June 23, 2010
According to some cygwin gods, the
only official document that you should use is  /usr/share/doc/Cygwin/openssh.README
which is probably valid, but it seems to aim at users with a fair bit of Linux/Unix knowledge.

The purpose of this tutorial is for Windows users who are perhaps less familiar
with Unix commands wanting to try out the famous
Open Source ssh server (openSSH) on a desktop Windows XP ,
Windows Vista or Windows 7
 
.

The behavior of Windows 2003 Server is different. Follow this link
to install OpenSSH on Windows 2003 Server, by Stephen Pillinger of the
School of Computer Science, University of Birmingham. Or this link to install Cygwin SSH server on Windows 2003 Server, by  Kevin Scully at the University of Waterloo, Ontario, Canada.


There seems to be some problems when using cygwin ssh with McAfee 8.0i. A
work around to that problem is available below.


Please don't send any questions to the cygwin mailing list to ask questions about this page as
it seems to provoke
them severely. They considered and declared the instructions on this page "broken" and "random" but won't constructively
say what is "broken"; instead some went on launching personal attacks. The information here is provided "as is,
in good faith
" with no guarantee
it will work. If it doesn't work, then it doesn't work.
Don't send any questions to the Cygwin mailing list to ask why to
provoke them. If you must go to Cygwin mailing list to ask, you better off
completely
remove Cygwin
 before you go to the mailing list to ask questions and
don't even mention that you have looked at this web page (to avoid provoking them
off).


Read this
Disclaimer


Constructive comments are of course welcome, in the original spirit of the
Internet, sharing experience and knowledge regarding bug fixes and improvements
to benefit other users of the Internet community.
My email address is




cygwin-openssh   


How to install a ssh server (called sshd, from OpenSSH) on a
Windows 2000 or XP

How to install a sftp server on a
Windows 2000 or XP





If you need a PDF converter, the post powerful
pdf converter package
available is Investintech's

pdf server
software bundle.

g
After
you installed OpenSSH, you will find it simple to install
application software on your Windows XP/Vista that will effectively
turn your PC into a complete security camera system. Install security cameras
into the back of your computer and you will have the ability to
remotely access your security system over a network or Internet.


The ssh server is an emulation of the UNIX environment and OpenSSH for Windows, by Redhat, called cygwin.
The file system on your target machine should be journalled (e.g. NTFS) because FAT file system has bugs in file access.


(1a) Login as Administrator

Windows XP -
login as a user with Administrator privilege;


Windows 2003 Server: login as local admin, it will not work for domain users or
domain admin.


(1b) Make sure the current admin/user has a Windows password set.

If not, use g Control Panel...User Accounts to create a password.


Just to be on the safe side, after you created a password, logoff and then log
in again.


(2a) Create a folder c:\cygwin


(2b) g Download cygwin's setup.exe from http://www.cygwin.com/ and save setup.exe
in c:\cygwin


Cygwin's setup.exe has some uncommon properties,
click here
to find out more.


Click Start...Run...and type c:\cygwin\setup.exe



If you are asked to select "Just Me" or "All Users", choose "All Users"


When
it asks for "Local Package Directory",
type
c:\cygwin



Choose a download site that is "close" to you.

When a selection screen comes up (you can resize the windows to see better),

click the little View button for
"Full" view  g,

find the package "openssh", click on
the word "skip" so that an x appears in Column B,

see this illustration.
(optional) find the package "tcp_wrappers", click on the word "skip" so that an x appears in Column B,
if you add "tcp_wrapper", you will most likely get "ssh-exchange-identification: Connectiion closed by remote host" error.
If you get that error, edit the file  /etc/hosts.allow and add these two lines
ALL: 127.0.0.1/32 : allow  
ALL: [::1]/128: allow
before the PARANOID line.
(optional) find the package "diffutils", click on the word "skip" so that an x appears in Column B, 
find the package "zlib", click on the word "skip"
(it should be already selected) so that an x appears in Column B.



Notes:
tcp_wrappers provides host-based access control and possible need you to edit "/etc/hosts.allow" 

zlib is the compression and decompression library that is used by many
programs.
Thanks to Lex Sheehan on the diffutils tips, and Thomas Braun for the hosts.allow tips.


Click next to start installing cygwin and ssh.

Size of the basic cygwin system is more than 50 Meg, this may take a while.


Take a coffee break and wait.g


SherWeb
While you wait, take a look at SherWeb's Exchange server hosting.

(3) Right click My Computer,
Properties, Advanced, Environment Variables

See this illustration (red dots)

Click the "New" new button to add a new entry to
System variables:

variable name is CYGWIN

variable value is ntsec tty


(4) Right click My Computer, Properties, Advanced,
Environment Variables

See this illustration (green dots)

Select the Path variable and click the "Edit" edit button:

append  ;c:\cygwin\bin   to the end of the existing
variable string.



(5) 


For Windows 7 and Windows Vista
 
significant deviation from the steps for Windows XP requie a separate page.
Click here on how to install cygwin sshd under Windows Vista and Windows 7 

For Windwos XP, you should login as a user with admin privilege and that user belongs to a Windows "Users" group.

For Windows XP ,
open a cygwin window by double clicking theg
icon; a black screen pops open,

For Windows Vista and Windows 7

, right click the g
icon and choose "run as administrator";
a black screen pops open, type

With recent releases of cygwin, there are many permission problems. Add these 6 commands as work around:

chmod +r  /etc/passwd
chmod u+w /etc/passwd
chmod +r  /etc/group
chmod u+w /etc/group
chmod  755  /var
chmod 664 /var/log/sshd.log


ssh-host-config    (manuall answer Yes to questions except)
If the script says "This script plans to use cyg_server, Do you want to use a different name?  Answer no.

cyglsa-config

reboot the computer.

Thanks to David Spillett of Londdon, UK on the permission tips.
Thanks to Dave Lennert of Portland Oregon for the WIndows 7 tips.
Thanks to Frank Martin for the cyglsa-config tips.


When the script stops and asks you for "environment variable CYGWIN="     your answer is ntsec
tty
 


(click here for an explanation of
ntsec)

(click here for an explanation of
tty )

(thanks to Peter Reutemann of New Zealand and Ron Dozier of University of
Delaware)

(thanks to Mike and Michael Pechner for the Windows Vista tip)
(thanks to Kevin Hilton on the Vista tips in the ssh-host-config section)


See Note 25 near the end of this web
page if you need to run ssh-host-config again.

Run "rebaseall" as desribed in http://www.acooke.org/cute/CygwinSSHS0.html

(6) While you are still in the (black) cygwin screen, start
the sshd service,
type

net start sshd

or

cygrunsrv  --start  sshd


Click here
on how
to stop the sshd service.

If the service fails to start, try (thanks to Ross Beveridge of HP for this tip)
chown system /etc/ssh*
chown system /var/empty  or chown sshd_server /var/empty
net start sshd

If you get "ssh-exchange-identification: Connectiion closed by remote host" error.
edit the file  /etc/hosts.allow and add these two lines
ALL: 127.0.0.1/32 : allow  
ALL: [::1]/128: allow
before the PARANOID line. Thanks to Thomas Braun for the hosts.allow tips.

(7)
Make sure every Windows user has a password set, if not, 

go to g Control Panel....User Accounts and create a password.


(7a) Make sure every Windows user has done the following at least
once:

Login in as the Windows user, pop a console command screen by clicking
Start...Run....cmd

Thanks to Magno CorrĂȘa of Brazil for the tip in (7a)


(8) important Pop a cygwin gwindow, harmonize Windows user information with cygwin, otherwise they cannot login

mkpasswd   -cl   >   /etc/passwd

mkgroup   --local    >   /etc/group


If your XP logs on to a domain, you most likely have to manually edit
/etc/group. See this page.

If  your local account name is the same as the domain name, then you would need to use Windows's User admin function to
rename the loacal account from name to name.local
Then
rebuild the passwd and group files as shown above, then edit the
/etc/group file as shown above. Open firewall's TCP port 22
 
(Thanks to Christopher Poda of Venturi Wireless, Sunnyvale, California)

If your XP logs on to a domain, you may want to edit /etc/passwd to replace /home/username by //unc_server/path_to_home 
(thanks to Geoff Thomas)


mkpasswd creates a password file from Windows' user list,
click here
for more details.

mkgroup creates a group file from Windows' user list,
click here
for more details.

Thanks to John Skiggn of Cingular Wireless in Redmond, Washington for his tweak
on domain user /etc/group




Test to see if sshd is working, pop a cygwin gwindow (note: the command below is case sensitive)

whoami

ssh    localhost

or

ssh  -vvv  localhost

or

ssh    "$USERNAME@127.0.0.1"


if
ssh complains "The authenticity of host xx.xx.xx.xx can't be
established .... Are you sure you want to continue connecting
(yes/no)?"  Answer yes  (Thanks to Daniel Griscom of Suitable Systems)

g
If you get an error message like "ssh-exchange-identification: Connection closed by remote host",

it is probably caused by McAfee 8.0i, see this page
about
the fix
. (Thanks to Ron Dozier of University of Delaware, USA)

Error is also related to /etc/hosts.allow file, see http://www.cygwin.com/ml/cygwin/2008-12/msg00678.html

g If you get an error message like "entry point _getreent", or "QuerryService Status: Win32 error 1062", it is probably
caused by the existance of an older version of "cygwin1.dll" located in the search path.
Do
a full serarch of "cygwin1.dll" and remove the old version, except the
current version at c:\cygwin\bin  (Thanks to Joe britton)


If you get a prompt without error messages, type

cd  
/cygdrive/c

ls


if you see a directory listing, success! g g g

(type exit to end the cygwin ssh
session)  

Thanks to Roger Pack for his tips clarifying between Microsoft's ls.exe
(installed by MS compilers) and cygwin's ls.exe


If you have a Windows username that contains space, expand the space into \ [space],

e.g. if the Windows login name is  Mickey mouse

ssh  Mickey\  mouse@127.0.0.1


If you have a Unix system that does not know what to do with TERM cygwin, add these scripts to .login



If you have troubles ssh into the server, try
run
ssh-user-config



Thanks to Jared Kilgour for above $USERNAME variable substitution.

Thanks to Justin Kerk for the tip on quotes around $USERNAME to allow for spaces in username.

Thanks to Ron Dozier of University of Delaware for the Unix .login tweak.




g

Windows XP
SP2
  open the Windows Firewall to allow TCP port 22 through



Click Start...Control Panel....Security Centre....Manage Security Settings for Windows
Firewall....Exceptions tab....Add Port...

"Name of port" is ssh    "Port number" is 22
(check the "TCP" checkbox)


(Thanks to Stefano of Sardegna, Italy
for his
Windows Firewall reminder)

If you don't have sufficient privileges to open port 22 above, possible due
to a group policy or other reasons,

you can create an exception for SSHD.

Click Start.. Control Panel...Security Center ... Windows Firewall...select the
"Exception" tab.

Click "Add Program" button  .. Browse to c:\cygwin\bin\sshd.exe

(Thanks to Thomas Johnson for this work around)


If you previously used Windows XP
SP1
and installed sshd service, then upgraded to Windows XP SP2,

The upgrade disables the sshd service and deletes the CYGWIN environment variable.

Re-enter the environment variables and path.

Click Start...Control Panel....Security Centre....Manage Security Settings for Windows
Firewall....Exceptions tab....Add Port...

"Name of port" is ssh    "Port number" is 22 (check the "TCP" checkbox)


(Thanks to Chris Davitt of New Zealand
 
for this SP1 to SP2 problem)




Multiple Windows users g



Create other Windows users using the g Control Panel...User Accounts.

After you created (or removed) Windows users

pop a g cygwin windows to harmonize Windows user information with cygwin, otherwise they cannot login

mkpasswd   --local   >   /etc/passwd

mkgroup   --local    >   /etc/group



g

Don't get too carry away with multiple users, if a user can successfully ssh into the box, he can
"cd"
to just about any directory.

Note: 
The behaviors of Windows 2003 Server is different.

Follow this link to install OpenSSH on Windows 2003 Server, by Stephen Pillinger of the School of Computer Science, University of
Birmingham.

 



Users from the internal network (geeks call this a LAN) can

ssh
 usersname@ip_address   (e.g. ssh
  john@192.168.0.100)

On Unix/Linux systems, user names do not contains spaces. On Windows system, user names can have spaces.

If you have a Windows username that contains spaces, expand each space into \ [space],

e.g. if the Windows username is  mickey mouse

ssh  mickey\  mouse@192.168.0.100




g


If you have a NAT firewall, port forward (D-link calls this Virtual Server) TCP port 22 to the
(internal) IP address

of the
Windows box where the sshd server is running. See above diagram.


Users from the outside (geeks call this a WAN) can   (the IP address is your firewall/router's WAN address)

ssh
 username@external_ip_address  
(e.g. ssh   john@64.64.64.64 )

ssh  mickey\   mouse@external_ip_address  (e.g.  ssh  mickey\  mouse@64.64.64.64 )




Caveat Emptor
:

-assuming you have an IP address that is accessible from the outside world; some
ISP give non-accessible IP address (RFC1918). to their  customers.

-assuming your ISP does not suffer from extreme paranoia, he/she allows "port 22
TCP" traffic through their network.

-assuming your corporate firewall allows TCP port 22 and port forwards to the
computer running the ssh server.

If your install includes tcp_wrapper and you get an error message like "ssh-exchange-identification: Connection closed by remote host", do
start ... run ... c:\cygwin\setup.exe , add "mc Midnight Commander" package (a friendly editor for those who are unfamiliar with Unix editors),
Invoke cygwin g
cd /etc

mc   highlight the file /etc/hosts.deny and edit (F4)
change the line ALL:ALL EXCEPT localhost:DENY to
ALL:ALL EXCEPT localhast AND '192.168.':DENY   (assuming your internal network is 192.168.xx.xx )
and edit the content of the file /etc/hosts.allow to be just one line.
sshd: ALL
(Thanks to Carl Falk of Sweden for the hosts.allow and hosts.deny content)

In some extreme cases,
if you want to use TCP port 443 as the sshd listening port
 (instead of the
default SSH port 22),
see this page.
(Why?
Port 443 is normally assigned to https traffic, even severely paranoia
IT geeks
will leave this port open. Some IT will even intercept TCP port
443 traffic and redirect them to a proxy server, these are the
extreme total control freaks).




g


g  As a
bonus, openssh includes sftp and sftp-server for
doing encrypted file transfers.

These two programs function much like the familiar ftp-client and ftp-server.


g
For example, from a remote laptop, you can transfer (send and retrieve) files to
your home computer (see above diagram).

sftp   username@ip_address   (e.g.  sftp  john@32.97.166.74 )

sftp   username@hostname  
(e.g. sftp  john@supercomputer.ibm.com )

openSSH [which uses openSSL] has strong encryption capability.

The encryption used by openSSH can be either AES-128, AES-192, AES-256, 3DES,
Blowfish, cast-128, arcfour (RC4)

The default encryption algorithm (cipher) is AES-128-CBC.

You can

force a particular encryption algorithm preference
(cipher) by adding a directive such as


Ciphers   blowfish-cbc,aes128-cbc,3des-cbc
 
to /etc/sshd_config for faster transfer.

The sftp client I like best is
Filezilla
.




Caveat Emptor
:

-assuming you have an IP address that is accessible by the outside world, some
ISP do not give out outside-accessible IP address.

-assuming your ISP does not suffer from extreme paranoia, he/she allows "port 22
TCP" traffic through their network.

-assuming your firewall allows TCP port 22 and port forwards to the
computer running the ssh server.




After you establish a ssh or sftp connection into the Windows box,

changing directory is rather painful, for example, to change to "my documents",
type

cd    "/cygdrive/c/documents and
settings/$USERNAME/my documents"


Similarly, to change directory to d: drive

cd   
/cygdrive/d



To reduce pain, use a graphical sftp client such as
Filezilla
.




Where can you find a ssh or sftp client ?

(1) Putty
is the best ssh client for Windows, it also
has psftp.exe which is a console mode sftp client.

(2) Commercial software vendors such as VanDyke Software.

(3) Filezilla,
a free, GNU (GPL) licensed sftp client.

If you prefer to use a graphical client to do sftp file
transfers,

purchase a high quality commercial software called SecureFX

from VanDyke Software in Albuquerque, New Mexico, USA

or use Filezilla, a free, GNU (GPL) licensed sftp client,

or use WinSCP,
a free, GNU (GPL) licensed sftp and scp client.

Also, ftp.ssh.com in their /pub/ssh directory, there is a Windows version
of ssh and sftp client for non-commercial use,

thanks to Stephan of Rutgers State University of New Jersey g for the link.




Once you have a sshd working and you can ssh into the machine (from LAN or WAN), there are many things you can do with it.
For example, www.sysinternals.com (now absorbed by Microsoft http://technet.microsoft.com/en-us/sysinternals)
has many console mode utilities you can use.


Other very, very useful things
you
can do with ssh is to tunnel tcp applications under the

ssh protocol, giving them a strong cryptographic
protection while traveling over the insecure public network.

openSSH [which uses openSSL] has strong encryption capability.

The encryption used by openSSH can be either AES-128, AES-192, AES-256, 3DES,
Blowfish, cast-128, arcfour (RC4)

The default encryption algorithm (cipher) is AES-128-CBC.

You can

force a particular encryption algorithm preference
(cipher) by adding a line such as


Ciphers   blowfish-cbc,aes128-cbc,3des-cbc
 
to /etc/sshd_config (Blowfish runs faster than AES-128)



tunnel tcp traffic using ssh


Below are some popular plain-text, pure TCP protocols that are unfortunately
still in common use today.

Fortunately these protocols can benefit from
the protection of a ssh tunnel:

POP3
(tcp port 110) 

IMAP (tcp port 143) 

SMTP (tcp port 25) 

TELNET (tcp port 21) 

VNC (tcp port 5900)

Print server traffic (typically tcp port 9100)
Windows Share, or Samba Share, SMB protocol (tcp port  445)


Note:

The world is moving away (rather slowly) from plain text protocols by hardening them with TLS or SSL:

newer versions of POP3 servers have TLS support at port 110; and SSL support at port 995

newer versions of IMAP servers have TLS support at port 143; and SSL support at port 993

newer versions of SMTP servers have TLS support at port 25

A
version of "
smtps" uses port 465 with SSL support, now
it becomes legacy (depreciated).

SMTP can also use port 587 in plain text or TLS.


newer versions of telnet servers have SSL support at port 992


See this page
on how to tunnel VNC traffic under ssh
.

See this page on how to tunnel TCP
applications under ssh.


See this page on how to set up a
dedicated PPTP VPN server
at your home office or main office.
See this page on how to tunnel SMB traffic under ssh.


Sometimes, there are applications such as midnight back-up of files
to a remote Linux server using "rsync encrypted with ssh", 

you want to be able to ssh from one machine to another machine (without a person sitting at a console to type
the password).

See this page on how to ssh from one machine into another machine without typing a password, i.e,


how to use public key authentication.


Once you can ssh from one machine to another machine without typing a
password, your task of doing rsync over ssh

is practically 90% done. Furthermore, creating a batch file and invoke the batch
file using Control Panel's "Schedule Tasks" (Task Scheduler)

will do "secure backup" automatically to a remote server. In Linux world, add a cron job to invoke "rsync
-e ssh
"



public-key-authentication




How to install a ssh client (called ssh)

Click here for a tutorial on
how to setup a ssh client on Windows 2000 or Windows XP g


How to install a smtp server [exim] on a
Windows machine


Click here for a tutorial
on how to setup exim, a mail transfer agent

on Windows 2000 or Windows XP g as a
learning
exercise


Note 25: if you run ssh-host-config when sshd is installed, ssh-host-config will not ask for
the CYGWIN
value.

In that case,  stop and remove the sshd service, then run the ssh-host-config
script again, see below.


cygrunsrv  --stop  sshd

cygrunsrv  --remove sshd

ssh-host-config

cygrunsrv  --start sshd


Go to Control Panel, Classic View, Administrative
Tools, Computer Management,

or click Start...Run...compmgmt.msc

delete the sshd user account.


Thanks to Dave Abrahams of Boost Consulting for the sshd user account
deletion hint.


REFERENCES

http://pigtail.net/LRP/printsrv/cygwin-sshd.html