Notes

Trouble with Aruba Instant On's Network Protection

I posted this some time ago on my Mastodon page, but forgot to post it here.

I tried to access devices on a different subnet connected to an Aruba Instant On switch. It didn't work. It was a different IP subnet, but the same VLAN.

As it turned out, there is a feature named "Network Protection". It seemed to filter out everything from other subnets. After disabling it, everything was fine.

Published on 2023-12-27, 16:50 +0000

Mounting WebDAV folder in Windows 10: Folder not valid

Recently, I moved a shared folder from one Synology NAS to another. Accessing the folder using Windows 10 and WebDAV resulted in the following error:

The folder you entered does not appear to be valid. Please choose another.

(In german: Der eingegebene Ordner ist ungültig. Wählen Sie einen anderen Ordner.)

It worked on Windows 11, so it seemed to be a problem with Windows 10.

As it turned out, both NAS systems used the Modern TLS profile. But one NAS had DSM 6 and the other one DSM 7. In DSM 7 the Modern profile only supports TLS 1.3 (see here) whereas in DSM 6, the Modern profile allows TLS 1.2. But in Windows 10, TLS 1.3 is disabled per default.

Because TLS 1.2 is still secure and the affected Windows 10 computers were not ours, we switched to the Intermediate TLS profile. Now the Windows 10 computers were able to access the shared folder using WebDAV.

Published on 2023-12-03, 13:52 +0000

Order terminal at McDonald's: Windows crashed

Came across this food order terminal at McDonald's in Rüdesheim:

Blurred departure board

Nothing special, just a Windows 10 (or maybe 8) with a Blue screen of death.

Published on 2023-05-20, 12:11 +0000

Finding a reverse proxy for Exchange

We didn't want to expose our MS Exchange servers directly to the internet, so we decided to use a reverse proxy.

We wanted to use free software. I always wanted to do something with nginx, so I gave it a try. The configuration was mostly based on this article. At first it seemed to work fine, the Connectivity Analyzer showed good results (except for RPC, but this is OK, because it is deprecated).
But after a while, we faced some strange problems: From time to time, clicking on OWA's menu items did nothing. Connecting to Exchange using MAPI over HTTP worked in the beginning, but after a while, it ceased to work.
But it worked fine for ActiveSync and that was the most important thing.

Because of the small shortcomings of the nginx reverse proxy, I wanted to give Apache a try. I created a configuration based on this german tutorial, but it didn't work. I never figured out the reason, but somehow, requests passed to the Exchange were denied by the Exchange. So I abandoned the idea of using Apache very quickly.

Despite its small shortcomings, the nginx reverse proxy worked fine for nearly two years. But in 2023 it was suddenly broken. I had to reboot it every few hours to make it work again.

So I tried HAProxy on a virtual machine with OPNsense. I have to admit that I'm impressed. It just works :) Everything is fine for the Connectivity Analyzer, even MAPI over HTTP works (although it is a little bit slow).
I used a german tutorial for creating the basic config and made some enhancements like using ACLs and monitors.

When my config is mature enough, I will publish it here.

So, I think HAProxy is the best way to go for our Exchange servers. No offense to nginx and Apache, I guess they work fine for most environments. I don't know what is wrong in ours.

Published on 2023-04-12, 18:36 +0000

Upgrading PCDENotes to Django 4.2

Django 4.2 has been released.

I wanted to upgrade PCDENotes to this new version. In my development environment (using the builtin server), everything was fine.
But after installing the new version on the production server, the application crashed with HTTP error 500. After turning debug mode on, I noticed that Django 4.2 required MariaDB 10.4, but on the production server, there was only MariaDB 10.3. After upgrading to MariaDB 10.4, the application came up.
Additionally, I noticed that the admin interface was broken. After a ./manage.py collectstatic, it worked properly again (I did this once while installing it on the production server - but never again).

Published on 2023-04-07, 13:34 +0000