Sharedband: DSL bonding but not for business

I originally chose the Sharedband solution back in 2009 as we required more upstream bandwidth to support our multiple remote sites and initially it did what it said on the tin. However back then the product was in its infancy and there were issues with stability. To their credit, Sharedband relocated their aggregation servers to a better data centre and the product benefitted with reduction in outages.

Unfortunately in the last few months I have lost faith in the product and due to the greater availability of Ethernet services over technology like FTTC, I have made the decision to switch.

The first issue we had was packet loss and it took a large amount of persuasion and troubleshooting on my part to convince Sharedband that their service was at fault (yes I’m the customer here!). The Sharedband service sits on two FTTC connections and one ADSL2 and after pinging Google DNS and the Sharedband NOC via both Sharedband and direct connections and seeing the difference, it was accepted that something had to be done.
According to Sharedband the fix was to migrate to a new temporary aggregation server where the packet loss issue had been fixed. I asked why the fix couldn’t be applied to the aggregation server we wee using but Sharedband wouldn’t commit to when that would happen. To my knowledge it still hasn’t.

As part of the move we had to change public IP addresses, not too much trouble but still there is downtime waiting for public DNS propagation to occur. This change would have had to happen again if/when Sharedband fix the issue on the old aggregation server and move us back! Compensation for this inconvenience; credit for one months service!

Further outages last month (emergency maintenance on a weekday afternoon which disconnected the service) and then today (15/11/2014)(service stopped for 90 minutes) have done nothing to persuade me to stay with this company. The biggest frustration when an outage occurs is information and accessibility to support and today Sharedband have not covered themselves in glory. Phone lines, emails and tweets unanswered on a Saturday morning, maybe I expect too much for £20 per aggregated line per month. However the combined cost of the DSL lines and the Sharedband service is £220 per month and Ethernet over FTTC is now as low as £150 per month.

I would also suggest, from my experience in the past 12 months, that a single FTTC connection is more stable than the Sharedband service.

Setup enterprise wireless in Windows Server 2008 R2: Part2 NPS

Once the GPO’s are configured to provide client computers with settings required to obtain a certificate from the domain the next step is authenticating users using Network Policy Server via RADIUS.

First add a RAIDUS client which is my SonicPoint IP address.  I manually entered the Shared Secret.

Next add a Connection Request Policy:

Type of network access server: Unspecified

Conditions: NAS Port Type; Wireless – IEEE 802.11 (middle section) and Wireless – Other (bottom section)

 

Next add a Network Policy:

Grant Access

Type of network access server: Unspecified

Conditions: NAS Port Type; Wireless – IEEE 802.11 (middle section) and Wireless – Other (bottom section)

Conditions: Windows Groups; <Specify Windows Security Group for laptops to access wireless>

Constraints: Authentication Methods: EAP Types: PEAP and EAP-MSCHAP v2

Click PEAP and Edit.  Select domain certificate.

 

Test this setup in the firewall user authentication tool to check username and passwords are validated correctly.  Configure NPS accounting to troubleshoot issues with authentication.

 

 

Setup enterprise wireless in Windows Server 2008 R2: Part1 GPO

I needed to add enterprise wireless to my domain using a Sonicwall system (NSA firewall and SonicPoint wireless).  The setup for those devices will not be covered here.

After looking at various authentication methods, I decided to use certificates to authenticate the computers but not the users.  Once the computer is authenticated with the domain it will received GPO configuration including Software Installation policies.

The first step (after installing and configuring Certification Authority on domain) is to create a GPO to configure auto-enrollment settings on the PCs.  See these GPO settings (all under Computer Configuration):

[Policies > Windows Settings > Security Settings > Public Key Policies > Certificate Services Client – Auto-Enrollment]

Set Configuration Model: Enabled and check the two options regarding certificate updates/renewals.

[Policies > Windows Settings > Security Settings > Public Key Policies > Automatic Certificate Request Settings]

Add a new certificate request for Computer.

These settings may already be present in the Default Domain policy so they might not need to be specified in a new GPO.

 

Next create the wireless network settings in a new GPO.  This will be targeted at the specific group of computers that require wireless access.

[Policies > Windows Settings > Security Settings > Wireless Network (IEEE 802.11) Policies]

Add a new policy and enter a Policy Name.  Under Connect to available networks in the order of profiles listed below, click Add > Infrastructure.

Enter a Profile Name and add at least one SSID.  On the Security tab specify the details to connect to the Access Point.  I’m using WPA2-Enterprise and AES.  Authentication Method is PEAP and Mode is Computer Authentication.

Click Ok twice to add policy.

 

I then linked the GPO to my Laptops OU (which contains the computer objects for the laptops) and created a Security Group to control which laptops can access the wireless network.  Add this Security Group to the Security Filtering of the GPO.

 

Basic commands

enable – switch to configuration mode (password required)

sh run – show running config

copy run start – copy running config to startup config

conf t – enter configuration mode

Control + Z – exit configuration mode

 

Force GPO deployed software to be re-installed

Had a problem with multiple Windows 7 clients not upgrading to Java 7 Update 60 correctly which left the Java app in an unusable state.  Easy enough to uninstall and re-install the software manually but for numerous clients it’s a bit of a pain.

Instead, delete the key which relates to Java in

HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt

and reboot to prompt a re-install of the software via Group Policy.

 

Configure a users Out of Office/Auto Reply from PowerShell

Without having to login to their account/mailbox, use Exchange commandlets to get/set their Out of Office.

To view current Out of Office settings:

Get-MailboxAutoReplyConfiguration -Identity DOMAIN\Username

Link to Technet: http://technet.microsoft.com/en-GB/library/dd638081(v=exchg.141).aspx

 

To set properties for a users Out of Office:

Set-MailboxAutoReplyConfiguration -Identity DOMAIN\Username -AutoReplyState enabled -InternalMessage "I am on holiday until 01/08/14.  Please call Joe on Ext 123 in my absence" -ExternalMessage "I am on holiday until 01/08/14.  Please call the sales department on 0800 xxxxxx in my absence"

Link to Technet: http://technet.microsoft.com/en-us/library/dd638217(v=exchg.141).aspx

 

Re-run the Get-MailboxAutoReplyConfiguration command to check the changes have been made correctly.