Home
Commentary
Livecam
News
Reviews
Tech Corner



 

2018 2017 2016 2015 2014 2013

Privacy Suppression - Sep 15
Currently in the midst of upgrading our clients to Windows 10 using SCCM as the method of deployment. One thing we noticed is that after the upgrade is complete the client is let there sitting at a privacy settings splash screen.

As we don't want the end users picking settings at random or calling the Help Desk wondering what they should do we needed to find a way of suppressing the screen.

Windows 10 Privacy Settings

Privacy Splash Screen

Searching online I found numerous suggestions all involving making a change in the registry. Most mentioned the PrivacyConsentStatus key, but in our testing we found that one added key was not enough to suppress the screen.

Registry Settings

Registry Settings

Finally I came across a post that listed all the required keys that need to be added.

Once they were added and saved as a .reg file I was then able to add the additional command in the Task Sequence to import the registry file. Now after the upgrade is complete the user is no longer prompted to set all the required privacy settings.


Microsoft Pulls A Microsoft - Jul 31
A few days ago, as part of our efforts to roll out the latest build (1803) of Windows 10 to the company, I went and downloaded the latest Administrative Templates for Group Policy. After downloaded I extracted and dumped the .admx and .adml files into the Central Store - the same as I've down countless times in the past.

However a few days ago it was discovered that whenever you'd go and try to modify an existing group policy it'd pop up with an error message: "Policy presentation element 'Estonian' in referenced presentation 'SelectOCRLangs' does not exist...".

Er, say what? 

Group Policy Error

Group Policy Error

After doing a bunch of Googling on this error, it turns out that when Microsoft released the latest template files, they forgot to update the SearchOCR.admx file. So the error is basically complaining of a mismatch between it and the language file. Really Microsoft?

A bunch of the 'solutions' involved either deleting the file outright or opening up the .adml file in notepad and adding this additional line:

<string id="Win7Only">Microsoft Windows 7 or later</string>

But as someone else pointed out that to properly fix the issue, you'd have to do that for every language file which frankly would be a pain in the rear end. Eventually I came across a post with the preferred solution.

Find a system running a Windows 10 build later than 1603, go into Control Panel, Programs, Turn Windows features on or off, and if not already turned on, enable 'Windows TIFF IFilter'. Then search for the SearchOCR.admx file on that system and once found, simply copy it into the PolicyDefinitions folder of the central store.

Locating SearchOCR.admx

SearchOCR.admx Location

This will ensure that you have a matching version between the .adml and .admx files. After making the changes I was able to open up any group policy in the editor and there was no more error message.

It boggles my mind that something like this got past the quality control (is there any more quality control at Microsoft?) people. Until the next time Microsoft screws up their own product...


Broken iDRAC Console - Jul 17
Recently we had a server failure and I needed to connect to the remote access card (iDRAC) that was installed on the server. Basically it allows you to connect to a server even when the server is offline due to a power outage, hardware failure etc. It uses a web interface to display all the information and also gives you a tiny thumbnail of what is being displayed on the screen. But to be really useful you need to fire up the console which is a full screen rendering and much more friendlier to work with.

The console is Java based and has always been somewhat of an adventure to get working between MS updates, Java updates, and the various browser updates.

Recently I upgraded Java on my system to the latest version and it appears that version in the interest of security has disabled one of the encryption algorithms - Triple DES? SSLv3??

Whatever the algorithm is, the iDRAC console will not run without it enabled.

iDrac Console

No Console For You!

After futzing with it for awhile trying to get it to work I came across an article while searching Google that while not solving the problem, put me on the right path. It mentioned modifying the java.security file. When I compared that file on a system with the latest Java to a system with the earlier version of Java I noticed and additional entry on the upgraded system.  In the end this is what I had to do to resolve the problem:

  • Go to C:\Program Files (x86)\Java\jre1.8.0_171\lib\security
  • Edit the java.security file
  • Search for jdk.tls.disabledAlgorithms
  • At the end of the string, simply remove this portion: , 3DES_EDE_CBC and save the file
java.security File

Java Security File

After making that change everything was working again and I was able to run the console and proceed with working on the failed server.

Note: You still will need to add the iDRAC URL into the Java Security Exception Site List. And of course get through the plethora of security dialog prompts. Aren't web based applications awesome??


End Of An Era - Apr 28
At the beginning of the month it was announced that Oppo would stop making Blu-ray players. A collective gasp from physical media aficionados the world over was let out. Oppo was one of the few remaining companies left dedicated to creating quality devices.

While I've been perfectly content with my Pioneer player, I knew at some point I'd have to go with someone else - likely when (and hopefully not for many years) my Plasma dies. I had always assumed that I'd get an Oppo to replace it.

Sadly, Blu-ray is now truly a niche product and if you want something other than the commoditized garbage being sold these days your choices are now limited to just a few high end offerings.

So within a day of the news I panic bought their top of the line UDP-205. It likely was the last new player left in Canada and days later it was sold out everywhere. I justified it as I'd now have a spare player and as mentioned if I eventually get a new TV, which would be a 4k model, it would allow me to play 4k titles. It's also their audiophile model, so if my beloved SACD player ever died it would make a good substitute for it as well.

Another feature it has - once you install a modification kit - is the ability to be region free. Blu-rays are coded with 3 different regions. North American is Region A, Europe Region B, Asia is Region C. Normally any disc you buy is going to be the correct region for where you live, but sometimes people will buy discs from other countries because they might have different features, better quality etc.

Or if you're like me, you might not pay attention when buying something off Amazon and get a European disc by mistake. Several months ago I was somewhat annoyed to find that The Last Seduction wouldn't play in my player as it was Region B.

Once I had my new Oppo I ordered a region free kit for it from Bluraychip.dk. Unlike some other kits that involve overwriting the player's firmware, this one is a physical device you install into a 4-pin connector on the player's circuitboard. The downside is you have to rip apart your player - and unlike Oppo's cheaper UPD-203 player, on the 205 you have to remove 3 circuit boards in the process. Not for the faint of heart considering how expensive it is. But I took my time and other than fussing with a couple of ribbon cables which are always fragile I was able to get it installed and get everything put back together without too much effort.

I followed the instructions which consisted of a sequence of key presses on the remote to set the appropriate Region code, popped in my Last Seduction disc and it came up just fine. I cracked a beer, sat back, and watched some mid-90's noir goodness.


WSUS Tweak - Apr 23
Recently I was in the SCCM Console and I noticed that the last Software Updates synchronization attempt had failed.

I checked the Component Status and sure enough WSUS was showing errors. I looked at the messages and there were a bunch listed - 'WSUS Synchronization Failed. WSUS server not configured', 'HTTP Error 503. The service is unavailable.' and so on. I checked and the service was definitely running, so that wasn't the problem. I then went into IIS Manager and noticed that the WsusPool Application Pool was in a stopped state. So I restarted it.

Application Pool

Application Pool Settings

I then tried to initiate another synch and after awhile it again failed and once again the Application Pool was stopped. At this point I went to Google and found numerous posts related to this issue. In almost every article they mentioned going into the Advanced Settings for the pool and bumping up the Private Memory Limit from the default to 4GB or even 8GB and then restarting the pool.

Even setting it at 8GB didn't resolve the issue however. It was at this point I broke out Task Manager and watched the memory usage of the w3wp.exe process after the pool was restarted. Sure enough it just went over 8GB. So I then found an article that said by setting the value to 0 you would allow it to use as much memory as it needed.

After doing that Synchronization was once again working!


Garage Boost - Mar 18
Originally I had a 32" Sony TV in the garage which was the smallest TV you could get that would still output 1080p. It was fine, but the sound it produced was pathetic as are most flat panel televisions.

So I ended up replacing it with a larger 40" Sony KDL-40W700C model and with the larger size the speaker output was increased correspondingly. For the most part I was happy with how it sounded as it was mostly just TV shows I was watching.

Ever since we got the basement home theatre done my beloved Laserdisc player had been sitting neglected in a corner of the media room. There simply wasn't room in the media rack for it. So eventually I decided I would just hook it up to the garage TV whenever I felt the urge to spin up a disc. I bought a composite to HDMI adapter and was able to once again watch my LD's.

But again, the sound was horrible. I had to almost max out the volume to listen to movies at anything approaching what I was used to. After much thought I decided to bite the bullet and buy a soundbar. As I already had a Sonos system I went with their Playbar product which had really good reviews.

There wasn't much to the packaging. Just a quick setup guide, manual, power cord, optical cord and the speaker itself. The included optical cable looked pretty thin so I went with my own optical cable. That was a mistake. After taking the TV off the wall and hooking everything up I was unable to get the TV back on the wall. After much fussing with it I realized it was because the optical cable stuck out to far from the TV. I then looked at the included cable again and saw that it's connector was much shorter (almost like they had planned it that way). Once I swapped it in things went much better. I also had bought the mounting bracket which was a separate product. It came with a template and I measured everything out, affixed it to the wall, made sure it was level, punched my pilot holes, installed the included anchors and screwed it in nice and tight. The speaker easily slid into place and everything was mounted.

Then it was just a matter of setting the audio output on the TV to 'Audio System', firing up the Sonos app, discovering and synching with the Playbar. It then went and presumably upgraded the speaker firmware and had me press a few buttons on the remote to learn the correct codes to use for controlling the volume (you can also manually adjust the volume on the side of the speaker). Last step was to then run the audio calibration which it suggested I do. That consisted of me walking around the garage moving my iPad up and down while it produced various test tones.

I still haven't hooked up my LD player to watch a movie, but I rented a movie on iTunes and played it over my Apple TV and it sounded terrific. I then proceeded to listen to some XM radio until early in the morning.

All in all I'm quite pleased with this purchase. It looks and sounds great!


SCCM Upgrade - Feb 25
Recently I upgraded our SCCM site server from Windows 2012 R2 to Windows Server 2016. This was done as 2016 is needed in order to support Surface driver updates via SCCM. Overall the process was fairly straightforward, however there were a couple glitches of note.

First up was a warning that popped up during the install. It was complaining that the VMWare video driver wasn't compatible. Obviously the site server was running as a VM. Our VMWare environment is ESXi 5.5 and I had previously verified that 2016 was a supported guest OS. I decided to forge ahead despite the warning and 2016 installed fine, however after reboot it was using the generic basic display driver.

I did some quick Googling and didn't find a lot on this issue, but finally I came across a post on a thread that suggested doing the following:

1. In Device Manager, uninstall the Display Adapter

2. Reinstall VMWare Tools (repair)

3. Reboot

Setup Error

Video Driver Issue

After the reboot it was once again using the VMWare driver.

Second issue I noticed was that anyone using the SCCM Console remotely would fail to connect. Running the console locally on the server worked fine. Some more Googling ensued and eventually I stumbled across the solution:

To fix this, on the site server launch wmimgmt.msc console, then bring up the local computer's properties and Security tab. Then browse to root / SMS and root / SMS / site_[site name]. Add the SMS Admins local group back to both of these, and make sure they have Execute Methods, Provider Write, Enable Account, and Remote Enable allowed.

After making those changes I was able to connect once again. Overall I'm pleasantly surprised at how well the upgrade went.