Category

Uncategorized

CreateSRSMedia.ps1 – invalid version

I’ve been messing around trying to get my HP Slice built with the latest Teams Room System (SRS client) which is billed as an “easy way” to create the requisite recovery/build media for an SRSv2 Environment.

However, it is EXTREMELY picky around the Windows version you build with. This was with the 1909 build from Microsoft, but because there was a patch, the version was different.

Your Windows installation media is version 10.0.18362.592. Your SRSv2 kit requires version 10.0.18362.418.

However, if you’re just doing some testing, you can force overriding the check from within the script relatively quickly.

!! THIS IS NOT RECOMMENDED FOR PRODUCTION SYSTEMS !!

Open the Powershell script in your favourite editor and find the line

if ($img.Version -ne $KitOsRequired)

and change -ne (not equals) to

if ($img.Version -eq $KitOsRequired)

Which will cause it to fail in the positive and allow you to continue setup.

Finally, a pfSense VPN Guide that works!

I’ve been tinkering with IPSec on pfSense for a while, but struggled to find a solution which worked for a range of devices reliably. Happily, I have found a guide which I’ve tested on Windows, Android and iOS.

So thanks to Kliment Andreev for writing this guide. https://blog.andreev.it/?p=3617

The only thing I did have to do (and this may be related to my specific config) but I did have to manually add the IPSec rules to the WAN interface.

pfSense WAN Interface rules for IPSec

Here you can see that I have three rules, one which is the ESP traffic, then two UDP rules, where the destination source port is NAT-T and ISAKMP respectively. Note, NAT-T and ISAKMP are ready created protocols so you don’t have to manually define the port rules.

FFMPEG HEVC_NVMPI RTMP HLS

Works to produce a (slightly unstable) HLS stream from an incoming stream, using the NVMPI accelerated encoder.

ffmpeg -hide_banner -re -i http://10.10.10.157:5004/auto/v107 -bufsize 16092k -analyzeduration 20000 -probesize 16092 -sn -dn -ignore_unknown -force_key_frames:v “expr:gte(t,n_forced*2)” -map_metadata “-1” -map_chapters “-1” -c:a copy -c:v hevc_nvmpi -num_capture_buffers 8 -x265-params “keyint=50:min-keyint=50:no-open-gop=1:scenecut=0” -level 4.0 -profile:v baseline -preset slow -rc vbr -movflags faststart+frag_keyframe -tag:v hvc1 -f hls -hls_time 2 -hls_list_size 6 -hls_flags delete_segments+append_list+split_by_time -hls_playlist_type event -g 50 /var/www/html/hls/videostream.m3u8

Seems to work fine until there is a network glitch.

Mimecast to Office 365 – Split Routing of Email Domains

We’re currently going through a migration from our existing legacy email provider to using Mimecast as our SPAM filter. We have some services which we can’t interrupt without planning, so need to deploy Mimecast to Office 365 for our ‘user’ domain without disrupting our ‘alerting’ domain. We also need to validate Mimecast configs and setup before impacting on users, so we also have a test domain to verify configuration.

We therefore wanted to add the email filtering staged in the following order over a number of days:
1) Test
2) User
3) Alerting

However, the Mimecast documentation isn’t great for describing split routing of email based upon the senders domain, and essentially assumes that you want to send all email out through Mimecast from the off.

This great article from Antonio Vargas really helped us out in understanding why the rule wasn’t intercepting messages from the domains to send out.

In the Conditions select “Apply this rule if..” > The recipient is located > Outside of the Organization

Once that was applied to our rule, we were immediately able to verify that the test domain was able to then route email through Mimecast from Office 365.

WD My Passport Pro – RClone Backup to Cloud (AWS S3)

I’ve setup my WDMPP to perform a regular cloud sync of my pictures into an Amazon S3 data store so that when it is on an internet connection, it will sit and run in the background and upload the pictures.

Note, I’m only backing up photos rather than video as I intend to run this on a 4G mifi hotspot and don’t want 4k video uploads to trash my data allowance.  I’ll run the risk of losing these in the event of a failure whilst mobile, but its something I can live with.

First all, you need to have rclone installed on your WDMPP which involves using the SSH terminal.  I’ll create a separate article at some point, but there is plenty of information about how to do this on the internet.

Create two files within the root of the harddrive

rclonescript.sh is the command which executes the backup script

rclone copy /media/sdb1/ AmazonS3:wdmpp.backup/ -v --log-file /media/sdb1/logs/rclone.log --copy-links --ignore-case --filter-from /media/sdb1/filestocopy.txt

Command Meaning
rclone copy Use the copy command in rclone
/media/sdb1/ Source root path to look for data
AmazonS3:wdmpp.backup/ Destination root path to send data. In this instance, I’m using AWS S3, but the same principle should work for other cloud services
-v Verbose mode
log-file /media/sdb1/logs/rclone.log rclone logs to this path (note, you’ll need to mkdir the logs directory)
–copy-links Follow Symlinks for copying – seems to be required
–ignore-case Because WDMPP backs up from a variety of devices, don’t be case sensitive when applying filters
filter-from /media/sdb1/filestocopy.txt This is the filtering definition rclone uses to identify the files to copy.

You will need to chmod +x this file to make it executable
chmod +x /media/sdb1/rclonescript.sh

/media/sdb1/filestocopy.txt is the filtering rules.

- /logs/
- /.USB/
- /.wdmc/
- /.wdcache/
- /.DS_Store/
- *.txt
+ *.jpg
+ *.png
+ *.heic
+ *.bmp
+ *.raw
- *

Include (-) / Exclude (+) File or Path Description
/logs/ Exclude the logs path where rclone writes its own log to
/.USB/ Exclude the system .USB path
/.wdmc/ Exclude the system .wdmc path
/.wdcache/ Exclude the system .wdcache path
/.DS_Store/ Exclude the system .wdcache path
*.txt Exclude any text files that exist (some of my camera devices create text logs which I’m not interested in copying).
+ *.jpg Copy any jpeg files with the extension jpg
+ *.png Copy any Portable Network Graphics files with the extension png
+ *.heic Copy any  High Efficiency Image File Format files with the extension heic (these come from my phone)
+ *.bmp Copy any bitmapped files with the extension bmp (Not expecting any of these, but heh)
+ *.raw Copy any RAW camera files (my camera uses the .raw extension
* Exclude anything else

You can obviously change your filters as you need to, for example including video files or whatever else you write to the disk. I had to put the excludes before the includes as I found otherwise it wouldn’t necessarily behave as expected.  This seems to work well for me.

Once you’ve tested that it works,  it can be added to cron
First, create the cron path

mkdir /var/spool/cron

Then create the crontab

crontab -e


8 * * * * /media/sdb1/rclonescript.sh >/dev/null 2>&1

In this crontab, it runs the script every 8th minute of each hour. If you’re not sure how to create a cron job, https://crontab-generator.org/ is a great website for building cron lines.

Skype for Business – Audio Conferencing Behaviour

If you have Skype for Business telephony services, including audio conferencing hosted by Microsoft (365), it is worth sharing the current workflow experience, which doesn’t seem to be well documented.

 

From a host, or moderator perspective, you dial into the meeting using your assigned phone number, shown on your Skype for Business invite.

  1. The Skype Meeting Attendant answers the phone, and asks you to enter the conference id, following by the # key.
  2. You enter the meeting number (again, shown on the invite).
  3. You’re prompted to press * if you are the leader – you’d press *
  4. You enter the pin assigned to your account
  5. You’re dropped into the meeting, and your name or number is announced if enabled.

From an end user perspective, the process is pretty much the same, except that if the leader has already joined, they’re not prompted to enter the pin number.

Unlike other ACPs, the control of the service appears to be pretty non-existent, and I think this is by design.  After all, control of the meeting can be done from the mobile app if you’re not near a desktop.
You’re not able to start a meeting recording, as this service is performed by the Skype client, recording into your local computer folder, so if this is required then that is your only option.

I think MS Teams may take a different approach, but I’ve not got my hands on telephony/audio in that product yet.