Category: General

Blogger Paul Mah checks out Connectify, a free application for Windows 7 that allows you to take any Internet connection and share it via Wi-Fi.

—————————————————————————————

Those of us who have ever traveled with laptops will be familiar with this problem: The cost of Wi-Fi or wired Internet access at hotels is typically exorbitant, and gives you only a single user login that doesn’t facilitate any sharing. This is often frustrating, should your room mate also own a laptop, or if traveling in a group.

On top of this, most smartphones these days have Wi-Fi capabilities, which can be used to either access e-mails or download files; Wi-Fi access for these devices can yield tremendous savings in long distance data rates. And we haven’t even mentioned the many gadgets with Wi-Fi only access, such as the iPod Touch, the initial models of the Apple iPad, or dedicated Internet tablets such as the JooJoo.

Carrying a small wireless router will help resolve the issue, of course. However, that is one more device to carry, and who wants to be stuck with lugging around yet another piece of hardware and its associated power adapter? In addition, this solution won’t help share (non-free) Internet connectivity at a cafe.

How does Connectify work?

Enter Connectify to help alleviate the above situations. The free software application “virtualizes” the wireless adapter so that it can be used concurrently to connect to an access point (AP), while also simultaneously serving as an AP. It depends on internal code residing within later versions of Windows however, and hence will only work on Windows 7 and Windows Server 2008 R2 (or later). Windows 7 Starter Edition is also not supported, as it lacks some of the features Connectify utilizes.

Being able to operate in standard AP mode will require that the wireless device is supported; otherwise, only Ad-hoc mode will be available, though its ability to connect to an AP simultaneously is not affected. Pretty much all the newer devices are supported though, so that shouldn’t be an issue. You can check out the full list of supported devices here.

Download, install, go

Setting up Connectify was a pretty straight forward affair — a matter of downloading the installation package here (smaller than 1MB) and installing it. Configuration consists of setting a Wi-Fi name and password. Internet access can be defined via a simple pop-up applet, and ranges from wireless, LAN, or basically any other network on your workstation. In the screenshot, you can see the Connectify applet running in “advanced” mode.

I have tried tethering my BlackBerry smartphone for Internet connectivity, and was able to easily share the Internet access via wireless to my iPod Touch without any hiccup.

Though Connectify 1.0 came out only late last year, a new version, Connectify 1.1, was released a couple of weeks back. Besides various bug fixes, the new version sports enhancements such as wireless cloning, and the ability to save WPS (Wi-Fi Protected Setup) data to a flash drive to quickly configure other clients to use the Connectify AP.

Conclusion

One suggestion when making use of Connectify would be to use the same network name (SSID) for both Connectify and your home router. Assuming the same passphrase and security settings, wireless devices will be able to seamlessly “roam” between Connectify and your home network — even when the machine running Connectify is switched off.

Connectify seems robust, and performed flawlessly when I used it. For me, it is a must-have install for my Windows 7 laptop.

Recently my organization put in a Quantum SuperLoader to help make our data backup process more efficient. It removes the human error factor of needing to change the tapes (or the need to be reminded to change the tapes) every day.

During the installation process for the device, I found that the card I ordered was different than what I (and the documentation) was expecting, but being the determined IT pro that I am, I ordered a different cable to work with both the card and the library and went on about the installation. The process of beginning tape backup jobs was going very well. Our backup application was easily managing to get the jobs off to a good start and some jobs even completed successfully…until they didn’t.

Each night during the backup, one of the jobs would lock the drive and spin its wheels continuously until the server or the library was restarted and the Backup Exec services restarted, usually through the Services console in Windows. This was happening every day with the exception of a few random days when all the jobs completed.

Read the… manual!

I looked through the documentation, searched the Backup Exec support site and looked all over the Internet for some solution that would end the constant restarting of some backup-related hardware and got nowhere fast.

Finally, after looking through the manual again, I decided to call technical support for the library as there seemed to be no feasible solution to the issue.

Support suggested that the card I had was not on the tested list of SAS controllers that Quantum has, which seemed odd to me because Windows supported the configuration, and the library and the drive were visible in Device Manager as well as Backup Exec. I decided to get new drivers and see if that might help.

Downloading drivers is only step one

I got the latest drivers from Symantec for Backup Exec (BE) and still the drive and library showed up in both Device Manager and BE. The problems kept occurring. The drive was producing an error code denoting that the drive was locked.

Deciding that support must know more about this drive-locking issue than I, I reluctantly called again. The engineer who worked with me checked the configuration of the library and found that the library was using sequential mode for backup jobs. Because I was using BE, the library needed to run in random mode and allow BE to control the tape selection and usage. Once this was changed, he again suggested that the card was not supported.

I asked if there was a list of tested cards he could provide so I could look into the issue further. But having made configuration changes to the hardware, I wanted to give it another try. I also thought perhaps that stacking the jobs so the tape didn’t need to be unloaded between them might help, but the error was the same: “Drive locked.”

Paying attention to support is good for what frustrates you

With the frustrating error still occurring, I worked with our reseller and ordered one of the cards from the tested list. The sales representative for Quantum had provided a recommendation as to which card to use based on experiences with other customers, so I took his word for it and ordered that card.

After the installation of the new SAS card and reinstallation of the BE drivers, the backup job problem soon began to diminish. Because I was a bit anxious to see all the jobs finish, I staggered and started them all after the hardware was hooked up. While there were a few missed jobs due to scheduling, there were no locking errors.

The following day when the backup jobs ran according to their schedule, all jobs completed. This has been the case every day since.

Bottom Line

It is great to try to use what you have and make things work, but sometimes you can outsmart yourself. Support is there to lend you a hand and if something as simple as changing a card can prevent a frustration, you might want to put stubbornness aside and do as they suggest.

Have you ever brought on a problem situation by trying to work around or supply your own solution?

 Loading ...

Providing pay as you go mobile broadband seems like a great idea. Service providers must agree, as more plans are becoming available.

———————————————————————————————————–

Switching jobs meant turning in my 3G data modem. I didn’t use it much, but it saved the day on more than one occasion. For now, my iPhone manages to fill in, if Wi-Fi or guest networks aren’t available. Besides, Apple and AT&T are promising that tethering will eventually be allowed. So, I can afford to be patient.

That was until I found tethering my iPhone was going to cost me an additional $55 US per month. That’s on top of the existing $30 US data charge from AT&T. Heck, the pricing isn’t any different from regular 3G data modem plans. Not the kind of expenses I’m willing to pay for the next 24 months.

Broadband2Go

I resigned myself to wait until AT&T allowed tethering. At least that way, I didn’t have to buy another 3G data modem. Then a friend mentioned something about pay as you go mobile broadband plans. That sounded interesting.

I was surprised at the number of available plans. I managed to narrow the choices down to Verizon and Virgin Mobile. Finally deciding on Virgin Mobile’s Broadband2Go due to lower prices. I bought my Broadband2Go data modem for $99 US. Virgin Mobile’s rates are shown below:

Both Verizon and Virgin Mobile use the Ovation MC760 by Novatel Wireless. The EVDO modem has been getting good reviews. I found it to work better than my previous data modem.

Setup

Figure A

Setup is simple. Plug the modem into an USB port and follow the prompts. Once configured, the Broadband2Go client software opens the Web browser, accessing Virgin Mobile’s Web site. There you decide what plan and how to pay for it. Every time after that, the window in Figure A will open automatically when the data card is plugged in.

Speed Tests

Next, I went to DSLReports Web site, putting the Ovation MC760 through its paces. With full bars, download speed was 629 kb/sec and upload speed was 271 kb/sec. It’s not great, but being able to access the Internet anywhere there is cell-phone reception more than makes up for it.

Final thoughts

If you do the math, pay as you go plans are more expensive per MB when compared to contract plans. But, for people with other Internet access options and only the occasional need, services like Broadband2Go are a valuable option.

One practice for isolating systems is to enable a jump box for specific access. In this blog, IT pro Rick Vanover asks if this is still a good practice.
—————————————————————————————
When it comes to protecting a system that is critical, sometimes establishing a security zone needs additional configuration to make it function correctly. Two practices that are commonly used are to establish internal firewalls and stand up a jump box. A jump box is simply a system, usually a single operating system, that is connected to two networks. The first of these networks is the common network and the second is the sensitive security zone.

Jump boxes are usually used for a system tool that needs to connect directly to the devices on the security zone in question. A common example is a Windows system that is on the public network and a storage management network. The storage management network is the only network that has access to the storage area network (SAN) management interface. Frequently, storage systems are managed through tools that get security people uneasy. On the other hand, dual-homing systems is not a good practice either.

When a jump box is used, its hidden benefit is that any tools in place for the SAN system are maintained on that single system. Therefore, when an update to the SAN management software is available, only a single system requires the update. Beyond SAN management systems, this practice is done occasionally in virtualization circles. The VMware vCenter Server Windows system in particular is occasionally used in a jump box configuration.

In today’s world, is a firewall or a jump box the better option ? From an application side, the single system running the SAN management software (or vSphere Client) appeals for a few reasons. Primarily, there would be no systems (presumably laptops) with access to these tools and possibly this security zone that could come up missing. Secondly, the limited update footprint is attractive for any version-critical application.

From the security side, the jump box becomes a target, and in theory, would be easier to compromise than a true firewall. Even if a software firewall was running on the jump box system, I’m sure someone would knock that approach.

What is your stance on jump boxes? Share your comments below.

With virtualization squarely in the mainstream, is there a place still for IP KVM switches in the enterprise? Blogger Paul Mah posed this question to an engineer from ATEN Technology Inc, a maker of KVM and remote connectivity solutions.

—————————————————————————————

KVM (Keyboard Video Mouse switch) switches were especially useful in data centers in the past, where there is a need to control multiple banks of “headless” servers. With the advent of virtualization, and the advancement of lights-out management technologies, is the KVM, or the networked IP KVM still relevant?

To understand how IP KVMs are still useful to the enterprise, I posed the below questions to Aaron Johnson, who is a Field Application Engineer at ATEN Technology over at Foothill Ranch, CA. Below are his responses, as well as my thoughts on the matter.

In a world increasingly moving towards virtual machines, how are IP KVM’s still relevant?

Johnson: As part of the IP KVM offering, a VM solution completes the KVM access offering. This access is usually done as part of the access stage where a centralized management appliance/application, now gives you the power to centrally access both virtual and physical servers from a unified interface. It provides both in-band (RDP, VNC) and out-of-band (iLO/DRAC/RSA, VMware Console Viewer, KVM) management capabilities.

Mah: Beyond access to the keyboard, mouse, and monitor, traditional KVM technology has grown up to embrace the changing needs of the modern data centre. This entails expanding beyond physical access, and involves connecting natively to virtual machines as well as supporting popular remote access protocols such as RDP or VNC.

What are some features to look out for when selecting an IP KVM?

Johnson: Look for enterprise KVM features such as redundancy, physical and virtual server connectivity, IP security, CAC/fingerprint readers both locally and remotely, asset management, and visualization of the entire data center (The last is a wish list item). Also, the use of virtual media both at the OS level (software deployments and updates, OS patches, etc.), and the board level (OS installation or re-imaging of systems/servers).

Mah: I suppose I asked for it here: never ask a specialist or expert about their dream systems. Still, I hope the feature list will be useful to help administrators or managers to get started when shopping for one. Most of the above is self-explanatory, though some might not be familiar with the concept of virtual media. In essence, virtual media allows access to storage devices over supported endpoints.

On an IP KVM that supports virtual media, a system administrator can theoretically install patches to the operating system from a remote location — even if the systems are not connected to the network. (Think in terms of installing emergency updates where systems have to be yanked offline.)

What are some suggestions to mitigate the security risks when using an IP KVM?

Johnson gave a list of suggestions to mitigate the security risks, which I summarize as follows:

• Leverage policy management tools.
• Make use of AES encryption for end-to-end node access.
• Deploy a broad range of remote authentication servers (LDAP, Active Directory, RADIUS and TACACS+ etc) on top of local authentication and authorization.
• Support card access control and fingerprint authentication locally at the KVM, as well as remotely via the use of authentication servers.

Mah: As with any networked systems, an IP KVM can be vulnerable to remote exploitation on top of unauthorized physical access. Due to the critical junction that a KVM switch commandeers, a remote break-in can be particularly devastating. Beyond use of specific technologies such as encryption and biometric verification, the advice from Johnson involves integrating your IP KVM as an integral part of your IT infrastructure.

Conclusion

Johnson summed up the continuing importance of the KVMs when he wrote, “Secure access and control down to the BIOS level is still deeply important.”

Indeed, the advent of virtualization makes it more important than ever to be able to centrally manage servers in the data center. Far from being obsolete, an enterprise KVM can today be leveraged for this role, whether the servers are physical ones or virtual instances. And where the rise of cloud computing is concerned, the number of servers will actually increase, making high density IP KVMs even more important, and relevant.

You need a new router, but your budget is in shambles. On top of that, someone tells you IPv4 addresses are running out. Great, what’s the smart thing to do?

—————————————————————————————

Joe Klein, an IPv6 consultant has been mentoring me for years. Recently, he helped with my article about IPv4 addresses running out. During one of our conversations, he suggested I promote replacing IPv4 networking equipment with IPv4/IPv6 ready equipment as the need arose. That way, costly re-buys will not be required in a year or two. Seems simple enough, so why write about it?

Little did I know. My mistake was thinking that it’s either IPv6-ready or not. It seems there are varying degrees of readiness and interoperability amongst manufacturers, and that’s a problem.

What I’ve learned

You may be familiar with the Wi-Fi Alliance and its ability to get wireless-networking companies to focus on standardization and interoperability. Thankfully, there are groups doing the same thing with IPv6 equipment.

IPv6 Ready Logo Program

The IPv6 Forum has a service called IPv6 Ready Logo. It’s a qualification program that assures devices they test are IPv6 capable. It reminds me of the Wi-Fi Alliance. I say that because once certified, they allow qualified products to display their logo. The IPv6 Forum objectives are to:

• Verify protocol implementation and validate interoperability of IPv6 products.

• Provide access to free self-testing tools.

• Provide IPv6 Ready Logo testing laboratories across the globe dedicated to provide testing assistance or services.

IPv6 experts I talked to, suggest only paying attention to devices given the Phase-2 approval (gold logo). That makes sense, as they are given the full treatment:

“The Phase 2 Logo expands the “core IPv6 protocols” test coverage to approximately 450 tests and adds new extended test categories. The Logo background color is Gold. The Phase 2 Logo has been available since February 16, 2005.”

This link will take you to their approved list. I wasn’t familiar with this organization, which concerned me. So, I asked Joe Klein what he thought:

“It is a good program aimed at the private sector. Actual testing in the U.S. is performed at the University of New Hampshire, a pioneer in IPv6 testing.”

That’s one resource. The Department of Defense (DoD) is committed to IPv6 and will likely be the first federal organization completely converted to IPv6. They also have a process for qualifying IPv6 equipment.

JITC/DISA

The task of certifying IPv6 products was given to the Joint Interoperability Test Command (JITC), part of the Defense Information Systems Agency (DISA). To help standardize IPv6 qualification procedures, the JITC follows what’s called the IPv6 Generic Test Plan. The PDF is 216 pages long, so I thought I’d summarize. First, the devices to be tested:

“The source requirement document, DoD IPv6 Standard Profiles for IPv6 Capable Products, identifies six product classes for IPv6 network devices: Host/Workstation, Network Appliance/Simple Server, Advanced Server, Router, Layer-3 Switch, and Information Assurance Device.”

Next, the procedure for checking compliance with IPv6 RFCs:

“Conformance testing will consist of automated test equipment that provides controlled data inputs to elicit a response from a device under test and evaluate that response in accordance with the requirements in the corresponding IPv6 Request for Comment.”

Finally interoperability between devices is tested by placing the equipment in a network that simulates the DoD network:

“Data traffic will be generated and transmitted across the network to assess the device’s capability to effectively pass IPv6 traffic and perform other IPv6-related functions in a realistic operational environment.”

After JITC qualifies a product, it is added to the Unified Capabilities Approved Products List. Fortunately, JITC makes the list available to the public. I once again asked Joe Klein what he thought about the DoD process, here is what he said:

“The DoD takes the chance of buying the wrong product very seriously. As of June 2010, all new networking products must pass testing. This is a lesson for any business/tech person. Require that the equipment you purchase is tested by one of the above programs, to mitigate the risk of a product that does not support IPv6.”

Sounds like good advice.

Final thoughts

In the process of researching this article, one thing stood out. Saying a device is IPv6-capable can have multiple meanings. So, make sure the device has been certified by an independent source.

Derek Schauland looks at the features of the Barracuda SSL-VPN, a browser-based VPN appliance, in this product spotlight.

—————————————————————————————

Remote access to corporate resources is becoming common place within many organizations. IT staff require access from the road, just in case they are out of the office and receive a help desk call. Road warriors require access to files and documents or maybe even their desktops while traveling to visit a customer. There are many ways to enable this type of access, some secure, some not so secure, but the SSL-VPN appliance from Barracuda Networks makes it very simple to provide browser-based VPN to a number of employees while working with your existing security appliances and firewalls.

Specifications

The Barracuda SSL-VPN comes in several flavors:

The unit plugs into your network either inside the firewall, which requires configuration changes to route SSL traffic to the new device, or in the DMZ where it will forward requests into your environment. In the box you will find a quick-start configuration guide, the SSL-VPN appliance, and a power adapter.

Supported operating systems:

• Windows 7
• Windows Vista
• Windows XP

Hardware requirements:

An Internet connection is required to access the VPN: there are no other hardware requirements on the PC end.

Who’s it for?

The SSL-VPN is ideal for organizations that need to add remote connectivity for their users without worrying about clients being installed and maintained on their PCs or a device being configured to live in their home office.

What problem does it solve?

The SSL-VPN allows access to published Citrix applications, remote desktop sessions, network shares, and even supports a client to allow tunneling to specific machines or devices to happen behind the scenes. There are no applications to install for typical use and for tunneling; a client based on Java can be downloaded after login. The process for the user becomes very straight forward.

Security is also a concern when allowing access to your network from the outside. The SSL-VPN addresses this by integrating with Active Directory or allowing the administrator to create and manage the user database directly on the device. When a user connects to the device, they need to log on and when they disconnect; the session is terminated and does not stay open constantly.

Standout features

Antivirus and malware checking: When a file is copied to the network through the VPN, the file is checked for viruses as it is moved to the network.

Easy configuration: The plug and play nature of the device eases the workload on the IT staff.

Simple to use: Users within an organization simply point their browser to an address or host on the Internet and log in. Items they are able to access appear on  a desktop style list once logged in.

Immediate replacement packages: Barracuda offers a license option for immediate replacement which brings some peace of mind in the event that the device malfunctions or needs to be replaced.

Figure A

At-a-glance information for the administrator

Figure B

User homepage after login

What’s wrong?

Some of the larger models can get a bit pricey, so consider the number of users that will connect to the device before ordering.

Competitive products

• Cisco ASA Firewalls
• Sonicwall SSL-VPN appliances

Bottom line for business

In today’s workforce, employees want to be productive from everywhere they might be, both in the office and out. Traditional VPNs are very useful for organizations but require specific applications on the client PC and/or devices, configured to allow a point-to-point VPN connection. With an SSL-VPN, the client is a Web browser on the PC and a network or VPN logon. The device takes care of the rest, including auditing of sessions and users connecting to the device. This ability to track the usage of the VPN can make justification very simple for IT and management.

This past Tuesday, the organization responsible for managing IPv4’s unallocated address pool announced that addresses are almost gone. What does that mean?

—————————————————————————————-

The Number Resource Organization (NRO) represents the five Regional Internet Registries (RIRs) and is responsible for the unused IPv4 addresses as explained in their charter:

“The NRO exists to protect the unallocated Number Resource pool, to promote and protect the bottom-up policy development process, and to act as a focal point for Internet community input into the RIR system.”

That’s great, but why tell me, you may ask. Well, they feel the IPv4 address space has reached a critical juncture. That is, the number of remaining IPv4 addresses is less than 10 percent. If you are a clock watcher, you can keep track of the estimated days left before they are all gone at the Internet Society Web site.

What’s 10 percent?

The IPv4 addressing scheme consists of a 32-bit address space. According to RIPE that means IPv4 address space is 32-bits (2³²) in size and contains 4,294,967,296 addresses. At the time of this article, my iPhone app showed that 402,291,729 addresses (9.4 percent) remained. According to the app’s count-down meter, all the addresses will be gone in 593 days.

Is it a problem?

I have written extensively (even made some podcasts with Joe Klein) about IPv6. Yet, I never really dwelled on this topic. It appears time to start. Like anything else, there are two sides: those that believe it is a problem and those that don’t. Let’s look at both viewpoints before deciding who’s right.

Will run out

NRO raised the alarm, so they definitely feel it’s a problem. Here is what Axel Pawlik, Chairman of the NRO says:

“With less than 10 percent of the entire IPv4 address range still available for allocation to RIRs, it is vital that the Internet community take considered and determined action to ensure the global adoption of IPv6.

The limited IPv4 addresses will not allow us enough resources to achieve the ambitions we all hold for global Internet access. The deployment of IPv6 is a key infrastructure development that will enable the network to support the billions of people and devices that will connect in the coming years.”

According to my research, most agree with Pawlik. The IPv4 address space is rapidly depleting

Not running out

The people I’ve talked to, who feel we are not running out of addresses, tend to agree with what Steve Gibson talked about in this podcast. His argument is that NAT routing reduces the pressure to move to IPv6 and will continue to do so. So IPv4 addresses will not run out and the timeline for moving to IPv6 is unclear.

Since the podcast was two years ago. I tried (unsuccessfully) contacting Steve Gibson, to see if he still feels the same. Regardless, many businesses and organizations are hoping he is right. Switching everything to IPv6 is expensive and there is a steep learning curve.

Compare to IPv6

The replacement addressing system, IPv6, uses a 128-bit address space. With RIPE’s help again, the IPv6 address space is 128-bits (2¹²⁸) in size, containing 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses. That seems like enough.

Final thoughts

Experts have differing opinions about what to expect when available IPv4 addresses become fewer and fewer. Some feel NAT will become commonplace at ISPs, large and small. Others say this is a wake-up call and IPv6 will gain momentum. Either way, it will be interesting.

My real concern is for the people who this directly affects. You know, the ones that have to make it work. As I mentioned earlier, IPv6 requires some effort to learn. For help in that regard, check out Charles Kozierok’s Web site. It helped me get up to speed.

As we enter into a new year, Blogger Paul Mah highlights some tips that can help you lower your telecommunications costs.

——————————————————————————————————————- Even with the worst of the financial crisis behind us, it is always a good idea to look out for ways to lower the operating costs of your organization. Here, I’m going to examine telecommunications costs and highlight some areas where they possibly can be reduced.

Optimize your communications cost

Admittedly, few companies will foot the mobile bills of their employees in their entirety anymore. Organizations that still practice this however, will be well-served to examine its communications bills for obsolete plans or overcharging. Indeed, a report in Computerworld last November highlighted how one firm saved $33,000 a month simply by renegotiating unfavourable contracts. Another company reportedly hired a former billing agent from Verizon, who promptly uncovered $300,000 worth of overcharging.

The above examples clearly highlight the importance of ensuring that communications costs are examined and optimized from time to time. Obviously, the utilization of sophisticated Unified Communications platforms can allow clearer insights into usage patterns, and also open the doors to alternative solutions such as the use of VoIP.

Where mobile bills are concerned, a more practical method of handling mobile communications bills would be for companies to pay a fixed monthly stipend instead. This has the advantage of giving workers the opportunity to subscribe to mobile plans or devices of their choice, while eliminating “wor” phones that simply get left at home for heavy users. Another advantage here is setting a cap on mobile bills, while also empowering workers to be stewards of their own mobile usage.

Renegotiate any contracts for Internet connectivity

Not surprisingly, Internet providers are content for companies to continue using previously negotiated tariffs and plans. With the cost of Internet connectivity on general decline though, it is downright foolish to continue relying on obsolete arrangements.

Personally, I was able to successfully renegotiate the Internet connectivity costs for a couple of the organizations I worked in. In the cases I encountered, the market rate for Internet connectivity has diminished substantially in the couple of years since the previous contract was signed. Because the contract has already lapsed when I took over, I was able to negotiate for a sharp reduction in Internet connectivity costs, and simultaneously bolstering the bandwidth capacity of the existing pipe.

Some ways to reduce overseas data consumption

Organizations with executives who travel overseas should also examine ways to lower their overseas data consumption, and associated tariffs which are often exorbitant. It should be noted that not all push email technologies are created equal. Unless configured correctly, Windows Mobile (WM) smartphones or the Apple iPhone can consume a fairly large amount of data checking for new mails. (The iPhone utilizes the same push technology as WM when synchronized with an Exchange server.)

In a nutshell, BlackBerry smartphones actually use a more data efficient protocol. Even for BlackBerrys, it makes plenty of sense to have executives tweak their devices to disable HTML e-mails (and their associated images) when travelling.

Conclusion

Lowering one’s telecommunications costs is hardly rocket science. While a detailed analysis in a large corporation might be beyond the abilities of a single administrator; I hope you are able to see from the above tips that even a general appraisal can bring about a tangible reduction in operating costs.

Have you encountered (or rectified) cases of overpaying in the telecommunications bill? I look forward to hearing about your own experiences and tips below.

Derek Schauland had to troubleshoot some BSOD errors resulting from a user who couldn’t save Microsoft Office files to the network. Here’s the registry edit he found to solve the problem.

—————————————————————————————

Recently in my organization, I came across a workstation that would flip a blue screen when trying to save an office document to the network. The usual investigation began for viruses and spyware on the computer, which yielded a few cookies and some pop-ups,but nothing that a thorough scan could not handle.

After sweeping and scanning for anything I could find, I thought this was going to do the trick, but further attempts to save from an office application to a share on the network continued to cause the same blue screen. The message displayed when the stop error occurred was as follows:

No_More_IRP_Stack_Size_Locations

I scoured the Internet and found a good deal of information regarding issues with conflicting antivirus applications, which made think that scanning the system with additional applications could be causing the issue, but after removing the additional scanners continued attempts produced the same error.

Creating files on the network share from Windows Explorer worked without any problems, as did copying or moving files there.

IRP_StackSize modifications

Some further research on the Internet brought me to two solutions, one involving the IRP_StackSize on the local machine and on the server living in the registry at
HKEY_LOCAL_MACHINE\CurrentControlSet\Services\LanManServer\Parameters\IRPStackSize

I found at first that the key did not exist and created a DWORD value with a value of Decimal 15 to start off with. After a restart, the error continued when saving to the DFS share. I changed the value on the workstation several times in increments of 5 and got nowhere fast. Then I discovered that networks using DFS shares had a different stack size setting found here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup\Parameters

The DFSIrpStackSize entry did not exist here either. Once I added the DWORD value for the DFSIrpStackSize and set a maximum value of 10, I restarted the machine and found that I was suddenly able to get office documents saved directly to the DFS share with no error. This Registry entry has a default value of 5, once created. The other acceptable value is 10, but setting it to anything other than 10 restores the default value of 5.

Here are the exact steps that I followed to add this value to the registry and solve the problem:

Note: Modifying the registry is not recommended. In the event you need to modify the registry, be sure to create a backup of the existing registry before changing any data. Editing the registry requires an administrator account

1.       Open the Run box by clicking Start | Run.

2.       Type regedit in the run box and click OK.

3.       Navigate to HKEY_LOCAL_MACHINE and then expand System.

4.       Then navigate to CurrentControlSet | Services | MUP | Parameters.

5.       If theDFS IrpStackSize item does not exist, right click and choose New | DWORD.

6.       Enter the name for the object exactly as shown:
DFSIrpStackSize

7.       Press Enter to store the object within the registry.

8.       Right click the new entry (or the DFSIrpStackSize object if it already exists) and select Modify to change the value of the object.

9.       Change the base type to Decimal and enter a value of 16 as shown in Figure A.

10.   Click OK when you have changed these values and close the registry editor.

11.   Restart the computer for the registry changes to take effect.

Figure A

Modifying the value of DFSIrpStackSize

Because the computer experiencing the issue was already running Windows XP Service Pack 3, the required hotfix was already installed on the system. For computers running Windows XP Service Pack 2, a hotfix is required along with the mentioned registry modifications to correct the issue. More information and instructions on obtaining the hotfix from Microsoft can be found here: http://support.microsoft.com/kb/906866.

Based on information I have seen about possible conflicts between antivirus applications causing similar issues, I will continue to monitor the situation to see if anything else pops up. For me, the discovery of IRP-related keys in the registry provided a fix that did not involve formatting and rebuilding the PC, which was a huge relief.  Hopefully this post helps you correct this issue and avoid this problem in your organization.