iOS activation requires a SIM (after upgrade)

Unless you’ve been hiding under a rock for the last couple of days, you probably noticed that Apple had a big event yesterday, and that they also released iOS 9.3.

My son, being the 11 year-old geek that he is, updated the old iPhone 4S that the boys use as a dumb iPod Touch (i.e. not as a phone) so, surprise, surprise, the update was quickly followed by a call of “Daaaaad!” (from his younger brother).

After an update, iOS goes through a welcome sequence. Unfortunately though, that sequence includes activating the device – and if it’s an iPhone it expects to see a SIM.

There appears to be no way around this; however I happened to have some spare giffgaff SIMs around (even better they were the “3-in-1” type that fit standard SIM slots, micro SIMs and nano SIMs). It didn’t matter which network (the device was unlocked anyway) or whether the SIM was active – just the presence of the SIM was enough to get past the activation stage and start using the device again.

Checking for a Windows 10 Mobile update on Windows Phone 8.1

I have a Nokia Lumia 830 for work, running Windows 8.1 Update 2 (with the Lumia Denim updates). That’s fine but, working for the UK’s number one Microsoft partner (as I do!), I want to be running Windows 10 Mobile.  I haven’t been messing around with developer builds but now Microsoft has started the rollout, I’m hoping to upgrade soon.

Unfortunately, there’s nothing appearing for me when I check for system updates:

Charlie Maitland (@CplCarrot) responded and tipped me off about the Upgrade Advisor Windows Phone app though. That gives me more information – it seems that I need to wait for my mobile operator to approve the update (so I hope Nothing Nowhere EE get a move on…).

[Update 5 May 2016: for further reading, see Brian Burgess’ post on upgrading Windows Phone 8.1 to Windows 10 Mobile]

Extending Azure network security with a Barracuda NextGeneration F-Series firewall

I’ve been working on a project to move a customer’s IT infrastructure and application services to the cloud – in this case Microsoft Azure and Office 365.

Azure allows the creation of sophisticated virtual networks with multiple virtual networks, subnets, load balancers, network security groups (NSGs), VPN connections over the public Internet or using a dedicated MPLS link. It also operates with high levels of security (more details in the Microsoft Trust Center).

My customer is a public sector organization and had some specific security requirements that needed a greater level of monitoring of traffic between subnets than we could provide with Network Security Groups alone – essentially the ability to perform logging and to provide application-level awareness. The customer’s security team were keen that it should be possible to identify malicious activity and we confirmed that NSGs have minimal monitoring without any deep packet inspection.

So, in this case, we needed to turn to a network virtual appliance (NVA) solution. The Azure Marketplace has a variety of NVAs, including products from major player like Checkpoint, Cisco, Fortinet, F5 networks, Sophos, etc. The one we selected though (partly from technical requirements, and partly based on advice from Microsoft) was the Barracuda NextGeneration F-Series firewall.

I’m no network architect, but from my position in the world of Microsoft technology, just needing a network solution that could provide the flexibility, reliability and security that my customer needed, the Barracuda solution looks pretty outstanding. We’ve got an advanced firewall with Intrusion Detection System, VPN concentrator and proxy server – all in a single appliance running in Azure under a bring your own licence arrangement.

There’s a great video from Microsoft Channel 9 and Barracuda, talking about the NextGeneration F-Series firewalls, including some of the capabilities available if we put another device on-premises for VPN failback, etc. Well worth a look if you’re considering implementing an IaaS (or indeed PaaS) solution on Azure.

A few tips for easier expense claims with Concur

Since our company switched Expenses systems from Xero to Concur a few months ago, I’ve been having a monthly rant about the amount of time it takes to submit an expense claim (typically 3-4 hours a month).

Finance teams may be more efficient but what about the rest of us?

There are a few tips though that can help with the form-filling. And I am trying to spread the load by doing things as I go…

  1. First up, use the ExpenseIt app. This goes further than the normal Concur apps by performing some analysis on a picture of a receipt and pre-populating some of the metadata for the claim.  It’s not perfect, but after photographing a pile of receipts I can make some edits in the app whilst travelling/watching TV/in a couple of minutes whilst waiting for a conference call to start and then bulk upload.
  2. Once the expenses are in exported to Concur, I bulk edit as much as I can. Fields like project code, business purpose and customer name can be edited for several receipts at once.
  3. Receipts that arrive electronically (e.g. PDFs of parking receipts, train bookings, etc.) can be emailed to receipts@concur.com – and as long as they come from your registered email address they will be available automatically for attaching to a claim.
  4. Mileage claims for journeys can be bulk-entered from the quick expenses form.
  5. If at this point there are any receipts that have warnings, there’s no getting away from the need to individually edit them and add things like the type of meal.

It’s still far from streamlined… but a few tips like this save me a lot of time. Sadly the ExpenseIt app is not available for Windows Phone…

Short takes: ADFS certificate expiry; Azure Authenticator setup on Windows Phone; checking if a MSOL tenant name exists

Some more snippets of randomness pulled together to make a blog post…

ADFS certificate expiry

One of my colleagues spotted this in a customer’s Office 365 tenant recently:

Office 365 - Renew your certificates

Thankfully, it wasn’t one we were managing… but I did feel the need to flag it to the incumbent service provider. If this happens to you, my colleague Gavin Morrison (@GavinMorrison) flagged a potentially useful blog post from Jack Stromberg about renewing ADFS Certificates.

Azure Authenticator Setup on Windows Phone

Whilst setting up additional authentication for Office 365 (in effect, Azure AD MFA) I found that I couldn’t add an account until the Windows Phone Azure Authentication app had enabled push notifications. Despite repeatedly enabling it in Settings, completing setup of the account needed a phone reboot, at which point it was ready for me to scan a QR code and continue.  Even then the option to allow notifications doesn’t seem to stick!

Checking if a Microsoft Online Services tenant name exists

My colleague Gareth Larter found a neat trick this week for checking if a Microsoft Online Services (MSOL) tenant exists (e.g. for Office 365).

Gareth’s advice is to browse to https://login.windows.net/tenantname.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml and, if you get an error, it should show “No service namespace named ‘tenantname.onmicrosoft.com’ was found in the data store” at the bottom right meaning that the tenant name is available:

On the other hand, if you get a bunch of XML data returned, then that tenant already exists.

Fix sync issues with a Fitbit Charge HR

For the last 3 weeks or so, I’ve been getting progressively more and more annoyed with my Fitbit Charge HR not syncing and displaying the wrong time. The Fitbit website acknowledged the problem but just said their engineers were working on a solution:

“Some customers have reported difficulty syncing their Charge HR recently. We’ve also heard reports that the time of day is incorrect on the tracker or other data missing is from the dashboard. Our engineers are investigating the problem, and once the root cause is diagnosed we’ll work on repairing the issue as quickly as possible. In the meantime, try our standard troubleshooting steps in I can’t sync my tracker. If those don’t work, try each of the tips below until your tracker works properly. Note that the problem may reoccur, meaning you may need to revisit these tips again in a few hours or days.”

After whinging on Twitter about the lack of updates to the above, I decided to contact Fitbit support and was actually pretty surprised by the response.

Rather than just referring me to the help article I’d already read (although they did that as well!), the response from Fitbit included the following steps (slightly edited to reflect my experience):

  1. Turn off other Bluetooth devices near to the tracker, make sure the wireless sync dongle is unplugged from the computer.
  2. Turn off Bluetooth on the mobile device that will be used to sync.
  3. Force quit the Fitbit app and turn mobile device off.
  4. While mobile device is off, restart the tracker.
  5. Turn mobile device on, check the Internet connection and enable Bluetooth
  6. [Remove the device in the Fitbit app.]
  7. Set up as a new device.
  8. If, after 3 to 4 minutes it is stuck in “Finishing up” message, close the app, and open again.
  9. In some cases it takes longer, make sure the tracker is near to the mobile device all the time.
  10. If it is still finishing up, Set up the tracker again, Charge HR will be syncing properly after that.

It took a couple of attempts last night to set up the device again but after a while I managed to get things working and it’s actually been pretty good since. Ironically I now see that the app is suggesting there’s an update for my Charge HR – maybe the one that prevents this issue!

Monday morning IT blues: unresponsive Surface Type Cover keyboard/trackpad

Monday Morning 6.15AM: My alarm goes off – time to get up, drive to the station, buy a ticket and catch a train to London. It’s Monday morning; another week, here we go.

Clearly my Surface Pro 3 was having a similarly bleary-eyed morning. When I got to site, the Type Cover keyboard didn’t want to work. Nothing had changed since Friday when I shut the machine down, so why wouldn’t the keyboard work? Detach, attach, restart, restart again. RTFM. Restart again. Oh, time for a support call.

The great thing about working for the company I do is that even the Directors respond to support requests and I had an answer in minutes about resetting the USB root hub. Trouble is that I don’t have the necessary admin permissions. No worry. I would try and power down the machine. Not a normal power down, but a proper, hard reset.  According to The Tech Chat, that’s called a two-button shutdown.

So, after a power down, holding power and volume up for 15 seconds and then exiting the setup menu that was displayed, my Surface started up, recognised the attached Type Cover and I was back in business.

Monday morning 9.45AM: IT 0: Mark 1. Right. Now what’s in store for the rest of the week!

WordPress Backup to Dropbox column offset errors filling up web space

My website has been chewing through disk space recently. I couldn’t work out why and the largest files a few weeks ago were some webstat logs, so I cleared them down. Tonight, as I couldn’t upload anything (or apply any updates) I hunted around and found a couple of error_log files in my webspace.  The first related to a PHP file that was reading my Twitter feed using an old API and so was repeatedly failing. I removed the log and the offending PHP but that wasn’t the biggest problem. In my blog’s home folder was a 1.2GB error_log file – loo big to even read properly in Notepad, Word, or anything else I tried.

I managed to download a partial copy of the file (using Filezilla, then cancelling the transfer after a few seconds and saw lots of lines that contained the following error:

WordPress database error Column ‘offset’ cannot be null for query INSERT INTO wp_wpb2d_processed_files (file, uploadid, offset)

That told me it was the (very useful) WordPress Backup to Dropbox plugin, by Michael de Wildt. I don’t really want to disable that but luckily I found a fix on WordPress.org, posted by Rich Helms:

The issue is file wordpress-backup-to-dropbox/Classes/Processed/Files.php

Toward the bottom of the program change from

$this->upsert(array(
'file' => $file,
'uploadid' => null,
'offset' => null,
));

to

$this->upsert(array(
'file' => $file,
'uploadid' => null,
'offset' => 0,
));

so change the offset default from null to 0 and the issue goes away

Sure enough, that change seems to have fixed the problem and whilst the edit to the plugin will be over-written with the next release, hopefully that release will also include a permanent fix!

“Unlicensed Product” errors in Microsoft Office

Earlier this evening, I noticed that my copy of Outlook was showing as an “unlicensed product” at the top of the screen. That seemed strange, as I pay for an Office 365 Home subscription, which covers my family’s various copies of Office.

Outlook reports intself as an unlicensed product

So, I took a look at the Office Account settings, and noticed that it wasn’t signed in to Office 365 for some of the connected sources.

Disconnected from Office 365 services

I reconnected to My Office 365 subscription, signing in with my “Work or school account” as that’s what the markwilson.it Office 365 subscription uses, even though the Office 365 Home subscription uses a Personal Account (formerly known as a Microsoft Account):

Which Microsoft account to use?!

After authenticating (and a restart), Outlook was no longer complaining about being unlicenced.

I’m not sure if it’s a complication of having both a Microsoft Account (MSA) and an Organization/Work and School (Azure AD) account with the same email address, but it seems there are various scenarios that can present this issue.

Thankfully this one wasn’t too hard to sort out!

Raspberry Pi FTP server

I’ve been trying to resurrect my SIP-connected Cisco 7940 as part of a review of our home telephony arrangements. In order to do this, I’ve had to configure the TFTP capabilities on my home infrastructure server (i.e .my Raspberry Pi). Previously, I’d served the phone configuration from a Windows TFTP server (long since gone) and the phone had just kept going with the old settings. Now, with configuration changes required, I’ve started to use dnsmasq for TFTP as well as DNS and DHCP (actually, that had always been configured, but without any files on the Pi to serve from TFTP)!

So, how to easily transfer the files? FTP to the rescue. I followed the Pi My Life UP guide to install vsftpd on my Pi, which meant using the following commands:

  1. Update packages and install vsftpd:
    sudo apt-get update
    sudo apt-get install vsftpd
  2. Edit the vsftpd config with sudo nano /etc/vsftpd.conf, making sure it has the following entries:
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    local_umask=022
    chroot_local_user=YES
    user_sub_token=$USER
    local_root=/home/$USER/ftp
  3. Create the folder to use for FTP and set the permissions:
    mkdir /home/pi/ftp
    mkdir /home/pi/ftp/files
    chmod a-w /home/pi/ftp
  4. Restart the FTP service with sudo service vsftpd restart.

After this, I could easily upload the files I needed to the folder that I’m serving TFTP from (/home/pi/ftp/files) – although for some reason the FTP server was listening on port 22 (not 21), and then distribute my new phone configuration…