Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Friday, December 28, 2012

Failing disks on AMD RAID

[Default userid :: password is admin :: admin]
  produces the following reply:
Unable to connect
Firefox can't establish a connection to the server at localhost:25902 

CEB solution:
1) Start allways the AMD RAIDXpert with the program link at START - All the Programs -AMD
2) Look for security certificates or something like WOT or NoScript!
(sitio de confianza puesto en duda por usar protocolo https: que usa SSL como opción segura del web server de AMD RAID)
Lets start with some explanations. ATI RAIDXpert looks like it is originally the Promise WEBPAM a bit modified. This would make this plugin usable for WEBPAM as well (just modify some strings in the posted code). RAIDXpert/WEBPAM is a web-application running in jetty. For access you have to include a decent browser in your BartPE (IE6 will do, but show errors). I'm using sherpya's Firefox plugin.RAIDXpert uses a service for starting the webapp. There is RAIDXpertservice.exe starting RAIDXpert.exe which accesses jvm.dll and starts jetty with the necessary properties set. Information for this process is collected directly from the service-settings (great trap: all quotes must be set right etc). If something isn't working you can start the webapp in the jetty directory for debugging using

..\_jvm\bin\java -Ddebug=true -jar start.jar amd.xml
The service relies on an ip-stack - XPE will manage this for you, nu2shell with PENETCFG will only start networking with an recognized network adapter. The plugin takes care of this, but you have to change PENETCFG-autorun for this to work. I moved it from autorun0 to autorun5 (this helps bginfo too). To do so you have to rename autorun0penetcfg.cmd to autorun5penetcfg.cmd and make this change in autorun-penetcfg.inf, too.
Localhost is another name for your own computer. You don't even need a network connection.
Apparently, your RAIDXpert server application either isn't running on your computer, or it's running but isn't listening on port 25902. Firewall is blocking this port??
Trying to launch RaidXpert from the shortcut, received HTTP ERROR: 500, org.apache.jsp.index_jsp. That was how I happened to find this blog.
I discovered I already had a browser window open with the RaidXpert html running. I thought maybe that was the problem, but before closing the browser, I bookmarked the URL. However, when I tried again to launch from the shortcut, I still got the same problem. So I tried launching the app from the bookmark, and that works fine.
If you enter the URL directly into browser (http://localhost:25902/amd/login.jsp) it works fine. Or bookmark it.
A patch code was released in order to solve the compatibility problem between some mainboard with the AMD SB850 chipset and Samsung HDD (F3 and F3EG model only).
This patch program works only to
F3     (HD323HJ / HD502HJ / HD503HI / HD103SJ / HD105SI)
F3EG (HD153WI / HD203WI)
my motherboard: sata-raid-array-890gxm-possible
Is this before installing Windows 7 or in Windows 7? Both links are to the 64-bit Windows 7 driver.
If before, use this one:
If in Windows 7:
Technically, you can use the drivers in the first link after Windows is installed too. All you need to do is go into the Device Manager, find the SATA/RAID device, open properties on it, click on "Update Driver," then browse to the folder with the RAID drivers extracted.
AMD Chipset Drivers
AMD Radeon™ Graphics Drivers
Automatically Detect and Install
AMD Radeon™ Desktop Video Card Drivers 
AMD Catalyst™ 12.6 Beta Driver 126 Beta drivers
RAIDXpert Guide
AMD RAIDXpert Easily configure your RAID setup from remote locations to personalize your media for extra performance or enhanced reliability.
The RAIDXpert is a remote RAID configuration tool, for changing the RAID level of the RAID setup connected via SATA 3.0 Gbit/s ports (connected to SB600, excluding extra SATA 3.0 Gbit/s ports through additional SATA chip on some motherboard implementations), including RAID 0, RAID 1, and RAID 0+1.
Die AMD AHCI Driver scheinen schon ins Rentenalter zu kommen.
Der letzte mir offiziell bekannte war der von 2009. Kann mich da aber auch irren. Jedenfalls arbeite ich z.Zt. mit der Version 3.2.1540.75 vom Juni 2010 und von von den Ergebnissen wirklich übberrascht.
Eigentlich ist dieser Treiber für die neueren SB850 Chips gedacht b.z.w im Lieferumfang einiger Systeme enthalten.
T-Rex hat ja schon in einem anderen Beitrag vom Performance Plus dieser Chipsätze durch SATA III unterstützung berichtet und darum beschränke ich mich auf die AMD#S SB750 Reihe. Kurz und knapp folgt nun ein Testergebis mit dem im o.g. im Lieferumfang enthhaltenen Treiber und danach mit dem neuen.
Und hier geht es zu den zweiunddreißig und vierundsechzig Bit Treiberlingen für Windows 7even & Vista:
Und hier für XP 64/32-bit:
Selbst wenn man die SSD als Singledrive am Raid laufen lässt, kann man eienen Performance-Zuwachs feststellen.
Der neue SATA Treiber von AMD unterstützt zwar die TRIM-Funktion,,, jedoch konnte ich persönlich keinen Unterschied nach 2 Wochen SSD Dauerstress feststellen. Ob Trim läuft oder nicht spielt mMn für die SF controlled SSD absolut keine Rolle. 9%89%E0%B8%A7
=======================  7
For your information: the "very latest" Windows 7 WHQL AMD RAID drivers for SB7XX/8XX platforms (release 3.2.1540.75) are located at:$FILE/

Same drivers, but for Windows Server 2003 (and, I suppose for XP, too...):,SB8xx~Windows%AEServer2003

The latest RAIDXpert utility (v3.2.1540.10) for array management is available at:
* *
* AMD AHCI Compatible RAID Driver Diskette *
* *
Contents on the disk
README TXT This readme file
AHCIx86 Microsoft Windows miniport disk label file
AHCIx64 Microsoft Windows miniport disk label file
TXTSETUP OEM Microsoft Windows miniport text mode setup file
x86\AHCIx86 INF Microsoft Windows miniport setup file
x86\AHCIx86 SYS Microsoft Windows miniport driver for x86 compatible platforms
x86\AHCIx86 CAT Microsoft Windows WHQL Certified catalog file
x64\AHCIx64 INF Microsoft Windows miniport setup file
x64\AHCIx64 SYS Microsoft Windows miniport driver for x64 platforms
x64\AHCIx64 CAT Microsoft Windows WHQL Certified catalog file
Software Version
Microsoft Windows miniport driver 3.2.1540.75
Intel at this point is supporting 90% of their hardware on Asus motherboards for Windows 7, x86 or x64.
I never thought it would be this easy installing an operating system

  • Intel

  • Read.Me

  • A different story with AMD.
    The website support center seems to be only supporting older models however Windows 7 from my observation is very limited.
    Asus with AMD chipsets seem to have a vast of newer chipset supported on their website.
    I will not link the AMD support center.
    AMD has updated their support for motherboard chipset's. These packages should include most of the chipset model's. Here's the link:

  • AMD
  • VIA seems to be a little sidetracking but they are supporting Windows 7 for older and newer chipsets.

  • VIA
  • Nvidia is on the same page as Intel.

  • Nvidia

  • Windows SIM
  • ============================
    15-09-2010, 11:01
    AMD ha reso pubblici i drivers Catalyst 8.73 per le piattaforme "GPU/Chipset Embedded" (E4690, E2400, AMD 785E/SB8X0 Chipset e AMD 780E/SB710 Chipset).
    Il file è un unico archivio in formato ZIP.
    All'interno vi si possono trovare anche i drivers specifici per il RAID implementato nel chipset della ns. motherboard (versione serie 3.1). Posso però confermare che anche i più recenti 3.2 per i chipsets SB8XX (sempre contenuti nel suddetto file) funzionano alla perfezione con il SB750.
    Nell'archivio c'è anche un aggiornamento al software di gestione di Promise (RAIDXpert), in versioni separate per i driver RAID 3.1 e 3.2.
    Sul mio sistema il tutto funziona alla perfezione.
    Visto che, come accennato poc'anzi, non ci sono problemi di compatibilità, ho installato i drivers per l'SB8XX ed il corrispettivo RAIDXpert.
    Nel caso qualcuno volesse ulteriori ragguagli sarò lieto di rispondervi pubblicamente (appena avrò un pò di tempo...).
    Ecco i link alla pagina web di AMD:
    Windows 7 (32 e 64 bit) (
    Windows XP (32 e 64 bit) (
    I had installed the Win 7 x64 RAID drivers version 3.2.1540.14 when I installed the O/S. Those drivers apparently fail to install the AMD RAID Console driver. I had also installed RAIDXpert version 2.something
    What WORKS is the following:
    1) Get the file from the AMD website
    Nuovo aggiornamento dei drivers AHCI/RAID per SB7XX/8XX, certificati WHQL.
    La versione è la 3.2.1540.75, per Windows Vista/7, x86 ed x86-64.
    Upgrade your drive controller to that.
    Note: After you reboot, the Op. Sys. should now find the AMD RAID Console device.
    2) Get the SB8xx_RAIDXpert_3.2.1540.15 install.
    "AMD AHCI Compatible RAID Controller":
    [Win7 x64 MSI (SB850 chip) RAID controller drivers]
    NameFile SizeRevision NumberRelease
    AMD Chipset Drivers26.6 MB12.1010/22/2012Download
    This package is for motherboards with 700 series or newer AMD chipsets, and includes:
                           AMD Chipset Drivers
                           AMD AHCI Driver
                           AMD USB 3.0 Driver
    AMD Raid Drivers29.7 MB12.1010/22/2012Download
    Package Includes:
                            AMD SB7xx RAID Drivers
                            AMD SB8xx RAID Drivers
                            AMD SB9xx RAID Drivers
                            AMD A-Series APU Chipset RAID Drivers
                            AMD E-Series APU Chipset RAID Drivers
    AMD RAIDXpert Utility55.3 MB3.3.1540.193/28/2012Download
                  The AMD RAIDXpert utility gives you complete control of your RAID arrays within a simple web browser based application.  This tool allows you to monitor and manage your RAID arrays in the Microsoft Windows environment or via remote login to your system.  For detailed instructions on how to use the AMD RAIDXpert utility, please refer to the associated user's guide.

    3) Uninstall RAIDXpert (this, too, can be a very fun experience... try using command line and /removeonly or /x flags on C:\WINDOWS\Downloaded Installations\{....}\RAIDXpert.msi if all else fails. e.g. "MSIEXEC.exe /x RAIDXpert.msi"
    4) Install the newly-downloaded RAIDXpert.
    Bingo. It works.
    Promise Technology sucks?
    My other machines are all Mac's so I mostly followed the instructions in THIS THREAD. The first two times I tried to back up my iMac to the server with TM it completely crashed it so I reinstalled from scratch. The second time it crashed the RAID, but (I think) it was only SDB that it had listed as failed. I was able to unmount and recover the RAID with mdadm. The third time I left it to back up over night and woke to find two disks (I think sdb and sdc, but not sure) listed as failed. After much tooth gnashing I found the "failed" disks listed as part of md127 and was able to reconstruct the RAID from scratch. 
    This last time I went to bed and disabled sleep on my iMac. TM successfully backed up over night. Now I just came home from the beach to find the raid rebuilding from a failed sdc and a fresh, successful, TM backup as of 30 minutes ago.
    So, I'm trying to figure out why it's "failing" the disks erroneously and how to fix it. 
    It's not a cable issue, because your SMART data would reflect it on this line.
    199 UDMA_CRC_Error_Count    0x003e   200   200   000    Old_age   Always       -       0
    You have zero CRC errors, so that's not the problem. 
    Sorry, here's a bunch of questions to get started:
    1. How do you have your disks hooked up (directly to the motherboard or to a HBA card)? 
    2. Does this only happen with that drive or are drives randomly failing out of the array? 
    3. Have you tried checking dmesg after this happens?
    4. What do you have in /etc/mdadm/mdadm.conf?
    cat /etc/mdadm/mdadm.conf
    That should be enough to get me up to speed
    If you have the same problem of Signature Collision try to go to "Manage Computer" and then "Disk Management", find your drive and then right click to make it go "online". If it wont work then go to a command prompt and type the following in " ", hit return to move through:
    "Disk Part"
    (this brings up a separate window in Win 7)
    "List Disk"
    (This will show you which disks can by physically seen, offline and online)
    "select disk X"
    (Where x is the number of the disk you want to make online)
    "online disk"
    (This should bring you a message saying your disk is now online)
    This takes you back to windows and you should now see your disk through Windows Explorer.
    See if this helps:
    My suggestion would be to go back into Disk Management, right click the smaller box next to the second external drive, and see if you can use the option to turn the drive to 'Online' mode.
    Each volume has its own unique identifier, called a signature. Though very rare, you can run into a situation (which mostly happens after cloning data to another drive) where both drives have the same signature.
    If it will not allow you to switch the drive to 'Online' mode, then take the external drive to another computer, format the volume completely, and then take it back and it should work.
    I have found that the cause of my problem was setting two drives to act as a "Raid Mirror" set up, which caused the drives to get the same signature. When I decided not to use them in a "Raid Mirror" setup they retained the same signature. Temporarily setting them as "Raid Stripe" seemed to resolve the problem (probably because different signatures were assigned to each drive)
    Unless you know the drive is empty: 
    Use the Windows Diskpart command.  Select the Offline Disk.  Enter the command Online Disk.  Diskpart is much more powerful than the Disk Management.  I had this problem and Diskpart brought the drive online with NO issues where Disk Manager continued reporting a Signature Collision.
    Sorry to sound harsh but to format the disk?  I would think removing the disk and doing an Import Foreign Media would probably work allowing you to then place the disk bakc into the original computer.  If you still get Signature Collision...use the above it works fine.
    My Signature collision was cause by Acronis Disk Suite...HORRIBLE software if you have Windows 7....have had noting but problems...seems any disk it touches corrupts the MBR and Signaure area.

    Monday, December 10, 2012

    Stop error 0x00000019

    BAD_POOL_HEADER (Windows Debuggers)

    Windows 7 BlueScreen

    The nvlddmkm.sys, which is the NVIDIA video driver, was named as causing one of the crashes.
    Are you able to use the drivers posted at NVIDIA to update the video driver?
    Also, there appears to be some older software installed that may have some compatibility issues with Windows 7.

    The Bluescreen 0x00000019 (0x00000021, 0x858FB000, etc) bad pool header occurs while i try to install windows updates through the build in update program.
    What i did before that:
    - Started the pre installed windows 7 installation, give it a name, a password etc.
    - divided the 500 GB partition into 2 partitions with the build in program through administration > computer administration (maybe wrong translation, it is a german installation)
    - changed the virtual memory from automatic to 8192 permanent at the second partition and disabled virtual memory on the first partition (did that for all 3 pc's)
    Started the Windows Update routine, it moves approx 3 updates than the blue screen occurs.
    Strange thing was: When i divided the Harddiscs into 2 partitions it took approx 10 seconds for pc 1 + 2, the actual third pc these dividing takes approx 3 minutes to complete.
    Pre installed programms are:
    - driver packet
    - Roxio Creater Starter
    - Live Essentials
    - Microsoft Office 2010

    Network scanners

    SoftPerfect Network Scanner is a free multi-threaded IP, NetBIOS and SNMP scanner with a modern interface and many advanced features. It is intended for both system administrators and general users interested in computer security. The program pings computers, scans for listening TCP/UDP ports and displays which types of resources are shared on the network (including system and hidden).
    In addition, it allows you to mount shared folders as network drives, browse them using Windows Explorer, filter the results list and more. SoftPerfect Network Scanner can also check for a user-defined port and report back if one is open. It can also resolve host names and auto-detect your local and external IP range. It supports remote shutdown and Wake-On-LAN.
    Key features
    • Pings computers and displays those alive.
    • Detects hardware MAC-addresses, even across routers.
    • Detects hidden shared folders and writable ones.
    • Detects your internal and external IP addresses.
    • Scans for listening TCP ports, some UDP and SNMP services.
    • Retrieves currently logged-on users, configured user accounts, uptime, etc.
    • You can mount and explore network resources.
    • Can launch external third party applications.
    • Exports results to HTML, XML, CSV and TXT
    • Supports Wake-On-LAN, remote shutdown and sending network messages.
    • Retrieves potentially any information via WMI.
    • Retrieves information from remote registry, file system and service manager.
    • It is absolutely free, requires no installation, and does not contain any adware/spyware/malware.
    ScreenshotsDownload Network Scanner
    Size: 2.0M

    Network Scanner (AutoScan-Network)
    AutoScan-Network is a network scanner (discovering and managing application). No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network.
    System Requirements :
    •Mac OS X 10.5 or later
    •Microsoft Windows (XP, Vista)
    •Maemo 4
    •Sun OpenSolaris
     • Fast network scanner
     • Automatic network discovery
     • TCP/IP scanner
     • Wake on lan functionality
     • Multi-threaded Scanner
     • Port scanner
     • Low surcharge on the network
     • VNC Client
     • Telnet Client
     • SNMP scanner
     • Simultaneous subnetworks scans without human intervention
     • Realtime detection of any connected equipment
     • Supervision of any equipment (router, server, firewall...)
     • Supervision of any network service (smtp, http, pop, ...)
     • Automatic detection of known operatic system (brand and version), you can also add any unknown equipment to the database
     • The graphical interface can connect one or more scanner agents (local or remote)
     • Scanner agents could be deployed all over the network to scan through any type of equipment (router, NAT, etc)
     • Network Intruders detection (in intruders detection mode, all new equipments blacklisted)
     • Complete network tree can be saved in a XML file.
     • Privileged account is not required

    Friday, December 7, 2012

    WU61R (AWN-USB-54R) = RTL8187B
    Wireless LAN USB 2.0 Network Interface Controller
    General Description
    The Realtek RTL8187B is a low-profile highly integrated cost-effective Wireless LAN USB 2.0 network interface controller that integrates a USB 2.0 PHY, SIE (Serial Interface Engine), 8051 MCU, a Wireless LAN MAC, and a Direct Sequence Spread Spectrum/OFDM baseband processor onto one chip. It provides USB high speed (480Mbps), and full speed (12Mbps), and supports 9 endpoints for transfer pipes. To reduce protocol overhead, the RTL8187B supports Short InterFrame Space (SIFS) burst mode to send packets back-to-back. A protection mechanism prevents collisions among 802.11b nodes. The RTL8187B fully complies with IEEE 802.11a/b/g, WMM, 802.11e, and CCX specifications.
    To reduce protocol overhead, the RTL8187B supports Short InterFrame Space (SIFS) burst mode to send packets back-to-back. A protection mechanism prevents collisions among 802.11b nodes.
    Direct Sequence Spread Spectrum (DSSS), Complementary Code Keying (CCK), and Orthogonal Frequency Division Multiplexing (OFDM) baseband processing are implemented to support all IEEE 802.11a, 802.11b, and 802.11g data rates. Differential phase shift keying modulation schemes, DBPSK and DQPSK with data scrambling capability, are available, along with complementary code keying to provide data rates of 1, 2, 5.5, and 11Mbps, with long or short preamble. A high-speed Fast Fourier Transform (FFT)/Inverse Fast Fourier Transform (IFFT), combined with BPSK, QPSK, 16QAM and 64QAM modulation of the individual sub-carriers, provides data rates of 6, 9, 12, 18, 24, 36, 48 and 54Mbps, with rate-compatible punctured convolutional coding with a coding rate of 1/2, 2/3, and 3/4.
    An enhanced signal detector, an adaptive frequency domain equalizer, and a soft-decision Viterbi decoder are built-in to alleviate severe multipath effects. Efficient IQ-imbalance calibration, DC offset, phase noise, frequency offset, and timing offset compensation reduce radio frequency front-end impairments. Selectable digital transmit and receiver FIR filters are provided to meet the requirements of transmit spectrum masks, and to reject adjacent channel interference, respectively. Both in the transmitter and receiver, programmable scaling in the digital domain trades the quantization noise against the increased probability of clipping. Robust signal detection, symbol boundary detection, and channel estimation perform well at the minimum sensitivity.

    The RTL8187B supports fast receiver Automatic Gain Control (AGC) and antenna diversity functions, and an adaptive transmit power control function to obtain better performance in the analog portions of the transceiver. It also has on-chip digital-to-analog converters and analog-to-digital converters for analog I and Q inputs and outputs, transmit TSSI and receiver RSSI inputs, and transmit and receiver AGC outputs.
    The RTL8187B keeps network maintenance costs low and eliminates usage barriers. The RTL8187B is highly integrated and requires no ‘glue’ logic or external memory.


    UI and Driver auto install package(Support XP/Vista/Vin7)(Beta)1182(Beta)2011/2/2325694k

    UI and Driver auto install package(Support XP/Vista/Win7)11812011/2/816809k


    WiFi -Universal repeater
    I have an tp-link wa801nd repeater/router and an AVM FritzFon box connected to our DSL line.  
    What does work:
    WEP (not WPA) and set the repeater to be a "universal repeater", not just a "repeater".
    What did not work:
    WPA + set the repeater to be a "repeater" and tell the Fritzbox to allow WDS (wireless distribution). My impression was that the repeater would associate for a little while, then unbind, confuse the clients and a few minutes later bind again.
    What would have been OK:
    Tell the tp-link to act as an access point and bridge. Let it have its own SSID and run its own DHCP. Clients could associate to this and the tp-link should pass their packets to the Fritz box.
    Clients could associate, but their packets did not seem to be gatewayed to the fritz box. I did try setting the gateway on the tp-link to its IP address and to that of the fritz box.
    Despite visiting 100 websites, I cannot see the difference between "repeater" and "universal repeater" or at least I cannot find why one would use "repeater".
    A lot of this is poorly documented by the manufacturers. They’re not even consistent in the use of the terminology, and often leave out meaningful details. Perhaps it’s so complicated they just fear that providing this information would only confuse ppl further.
    The difference between Repeater and Universal Repeater is that the former requires WDS (a bridging protocol developed years ago), whereas the latter does not.
    The problem w/ WDS is that it’s NOT a wifi certified protocol, so implementations vary across manufacturers. And that means incompatibilities abound. When you use a Universal Repeater, it uses wifi certfied protocols (B/G/N), so it will connect to virtually anything else supporting these same protocols, regardless of manufacturer (that’s why we call them standards!).
    Unfortunately most manufacturers don’t get into all the minutia. Instead, they take a short cut and basically tell you to try Repeater (WDS) first, and if that doesn’t work, switch to Universal Repeater. What they’re assuming (hoping) by this strategy is that you’re using ONLY their own wireless devices, and therefore there won’t be any compatibility issues wrt WDS. But should that not be the case, should you be using DIFFERENT manufacturer’s devices, then Universal Repeater should work. But behind the scenes, it’s really all about WDS compatibility, and whether you do or don’t have it.
    Now there’s another little catch when it comes to TP-LINK. Most Universal Repeaters require you to specify the SSID, security information, etc., of the AP to which you are bridging. Then you establish another AP (the repeater) and specify its SSID, security information, etc. IOW, it’s entirely possible to have *different* SSIDs, security parameters, etc., on each side of the bridge. Whether that makes sense or is truly necessary is debatable. But most of the time that’s how universal repeater is implemented.
    In the case of TP-LINK, at least based upon skimming their manual, I don’t see any means to supply the SSID, security information, etc., of the remote AP. That leads me to believe that in this particular case, TP-LINK requires its own AP and that of the remote AP to be the SAME (otherwise I don’t know how it would know how to connect to the remote AP, I don’t see any means to provide these details independently, or else I missed it).
    So that’s the basic situation you find yourself in. If you have devices from the same manufacturer, the likelihood that any WDS-based solution will work is very good. If they are different manufacturers, the likelihood of compatibility is extremely remote. So you must turn to the “universal” solutions they offer (if any) because those are based on accepted standards.
    Another “quirk” regarding some universal repeaters is that they sometimes don’t support WPA (not sure why, but I believe it has something to do w/ WPA key rotation), only WEP or WPA2. Frankly, WPA2 is a little better than WPA anyway, so if possible, I would try WPA2 (preferably WPA2/AES, to be precise) and see if that helps.

    Fritz!box 7570!Box+Fon+WLAN+7570+VDSL
    FRITZ!Box AddOn für Mozilla Firefox  Version  01.06.03
    Holen Sie sich den Schnellzugang zu Ihrer FRITZ!Box, der AVM-Webseite und allerlei nützlichen Einstellungen direkt in Ihre Browser-Leiste.
    Download xpi file
    FRITZ!fax für FRITZ!Box  Version  03.07.04
    FRITZ!fax für FRITZ!Box ist ein supportfreies Programm für FRITZ!Boxen mit Telefonie. Es ermöglicht Faxdienste über den Telefonanschluss.
    Weitere Informationen zu diesem Update erhalten Sie hier
    Sie können Ihre FRITZ!Box für VPN-Verbindungen konfigurieren. Dazu benötigen Sie die folgenden Komponenten:
    • die aktuelle Firmware für Ihre FRITZ!Box
    • den VPN-Client FRITZ!Fernzugang
    • den Assistenten "FRITZ!Box Fernzugang einrichten"
    Auf dem VPN Service-Portal finden Sie diese Komponenten zum kostenlosen Download. Desweiteren präsentiert das Portal allerhand nützliche Informationen und Hilfestellungen rund um VPN.

    Oft gefragt

    Wie viele VPN-Verbindungen können in der FRITZ!Box eingerichtet und gleichzeitig hergestellt werden?
    Sie können in der FRITZ!Box bis zu acht VPN-Verbindungen (Virtual Private Network) zu anderen Netzwerken oder Benutzern einrichten. Wie viele dieser VPN-Verbindungen gleichzeitig nutzbar sind, hängt lediglich von der Bandbreite und Auslastung der Internetverbindung ab.
    Beim Einrichten von mehr als acht VPN-Verbindungen kann es zu Anzeigeproblemen in der Benutzeroberfläche und zu Stabilitätsproblemen kommen. AVM supportet nur FRITZ!Box-Geräte, in denen maximal acht VPN-Verbindungen eingerichtet sind.
    1) Connecting the fritz!box (the first time) to your computer:
    page 17 (best just use a network cable/LAN cable like the red one that comes with the box to connect to LAN 1 or ....)
    - do wireless setup later
    2) The setup page of your fritzbox will probably be on or (as I recall in default without any password).
    3) If you need to setup anything in your openSUSE system you will need the openSUSE passwords - but probably you do not need to setup anything at first.
    4) For a wireless access to your fritz!box and so to the internet without a cable you will need the wireless passsword - which is the one on the bottom of the box by default and can be changed by you *in* the fritzbox-settings (see 2).
    For doing this it is best not to use the YaST but the userspace programs networkmanager and the according GNOME/KDE programs that you will find in the panel (in GNOME 3 it looks now a bit like a loudspeaker symbol - ca. an 1/8 of four concentric circles and a point). Maybe you will also need a password for your Keyring (probably you could chose one or it is your user's login keyword...)
    about 4)
    Maybe needed especially if you have anything changed in the network settings in YaST:
    open YaST (root password needed) > Network Devices / Network Settings: Tab: "Global" tab - select=[x] "User Controlled with NetworkManager" to reactivate the NetworkManager and the connected GNOME/KDE program.
    Configuración del Anexo
    Seleccione el tipo de anexo que utiliza su conexión ADSL. La siguiente tabla le ayudará a realizar correctamente la selección. No se garantiza que no haya errores en los datos que se encuentran en la tabla.
    Nota: Si selecciona incorrectamente el tipo de anexo pueden presentarse disturbios en el funcionamiento del servicio de telefonía. En algunos casos no se podrá hacer una sincronización ADSL.
    You tried to visit, which is not loading.
    These addresses are configured on your router, or on your computer. Remove them. Basic instructions. Use these to remove, rather than place, the OpenDNS addresses.
    Or, create an account here to control your own filtering.
    Otherwise, your ISP or whomever controls your network (if it is not yours) is responsible.
    ABE of  NOscript !!!

    Fritz!Box 7390 working as a VDSL modem have finally had a chance to try getting my AVM Fritz!Box 7390 working as a VDSL Modem instead of the Openreach modem. It had been working fine as a router, but obviously I wanted to use the built-in modem as well, due to the pretty impressive statistics the box offers.
    In short, I was successful! As reported previously, the modem synchronizes fine by default, but the PPPoE connection fails to establish - as willuk2010 helpfully found out, this is generally due to third-party modems not being set to the correct VLAN ID, which is 101 on Openreach. I can also confirm that this seem to be the same VLAN ID across the board, as I am on Aquiss - I was concerned that my VLAN ID might be different, but that does not seem to be the case (unline e.g. in Germany where Vodafone seems to be on a different VLAN than Telekom).
    Here are the instructions:
    a) Export your Fritz!Box configuration, just in case.
    b) Download FBEditor 0.5.2 from - you might have to register. This can be used to edit the configuration files. Theoretically, you can enable telnet access on the Fritz!Box by dialing #96*7* on an attached DECT phone, and then edit the configuration file directly using vi, but FBEditor is probably safer in case you mess up your stanzas.
    c) When first opened, FBEditor will ask you for the IP address to your and the web password. Once entered and connected, you can use the menu option "Datei" -> "Konfiguration einlesen" or just press CTRL-E to read in the configuration.
    d) Find and change the following:
    ar7cfg {
    tcom_targetarch = yes;
    vdsl_resalearch = yes;

    dslifaces {
    pppoevlanauto = yes;
    pppoevlanauto_startwithvlan = yes;

    dslglobalconfig {
    default_tcom_vlan = 101;
    e) Use "Datei" -> "Konfiguration zur�ckspielen". This uploads the modified configuration to the Fritz!Box, which will then restart.
    If you have been using the Openreach modem, it is probably best to remove it from LAN Port one and change the configuration back so that the Fritz!Box tries to use the internal modem. Make sure you connect the Y cable to the NTE instead of having the Openreach modem connected.
    Once rebooted, the Fritz!Box will synchronize again, and the PPPoE connection should be established automatically.
    My stats (do I see potential for 15 MBit/s upstream in there?)
    Send Receive
    DSLAM-Data rate Max. kBit/s 40000 9984
    DSLAM-Data rate Min. kBit/s 128 128
    Capacity kBit/s 41136 16325
    Current Data rate kBit/s 39984 9984
    Latency 0 ms 0 ms
    Carrier swap (Bitswap) on on
    Impulse protection 0.0 0.0
    SNR dB 7 16
    Atennuation dB 7 -
    Carriers A43 A43
    Profile 17a

    Thursday, December 6, 2012

    How to secure Java

    amid growing Java security vulnerabilities 
    It's no secret that attackers have moved "up the stack" in recent years. With enterprise networks and platforms now much more difficult to exploit, attackers now favor the low-hanging fruit of application-layer attacks. And there's been no shortage of juicy targets.
    Oracle has added to Java's technical debt, which will result in an ever greater number of vulnerabilities.
    While Flash and Adobe Reader have been popular client-side targets, one could argue that attackers' favorite application-layer target has been Java and specifically the Java Runtime Environment (JRE). Oracle, starting with Sun, has advanced the development of the Java ecosystem in several areas, including the programming language, server-side environment and the widespread client-side JRE, but attackers continue to expose serious security vulnerabilities in the JRE. Most of these vulnerabilities are limited to the more common platforms, such as MacOS and Windows, but since Java is used in a wide variety of platforms for the client software, the impact of vulnerabilities may not be well understood.
    In this tip, we'll discuss the latest spate of Java security vulnerabilities and offer some measures to better secure Java in the enterprise environment.
    One step forward, one step backAs of late, it seems that just as Oracle releases a patch for the most recently exposed Java vulnerability, attackers find a new one to exploit. Another serious vulnerability was identified September 2012; it allows an attacker to exploit a core security feature of the Java JRE, Type Safety, to escape the Java sandbox. An attacker can completely compromise the security of a system by exploiting this vulnerability.
    Worse yet, Java security patches may be giving attackers more exploit opportunities: It is believed that the JRE vulnerability that was reported August 2012 may have been introduced by a previous patch. The bug in the AWT subcomponent of Java could also allow for code execution on the local system, which would bypass the sandbox and result in a system being compromised. When Oracle's software update process exposes new security vulnerabilities, the strength of Java's software development lifecycle comes into question. Not all bugs can be prevented, but it seems clear a stronger security development lifecycle is needed to help prevent the introduction of new Java bugs.
    The reality is that the Java security problem isn't going away. Vulnerabilities will continue to be found, exploited and patched by Oracle with varying speed and efficiency. In all fairness, the software vendor faces a difficult task as it seeks to advance Java's development while trying to keep it secure. Unfortunately, on top of what was inherited from Sun Microsystems, Oracle has added to Java's technical debt, which will result in an ever greater number of vulnerabilities.
    Larry Ellison once touted that Oracle's products are "unbreakable", but this attitude toward security has not extended to the JRE. Oracle's approach to security is generally considered to be less mature than those of rival software makers Microsoftand Adobe, which affects how companies use the JRE. As Microsoft and Adobe started to change their respective security cultures, improvements were realized in the security of their applications despite similarly significant technical debt for legacy products and applications. Oracle does have a long history of selling software to customers with strict security requirements, such as the CIA, but there seems to be an increasingly striking disconnect within Oracle that has yet to foster a strong security development for Java and the JRE. To prevent the JRE from posing too great a threat to enterprises, this must change.
    Methods to secure JavaMany believe that the state of Java security is so dire that it must be disabled on all enterprise client-side applications. Though there are viable alternatives for software such as Adobe Reader, no real alternatives currently exist for the Java Runtime Environment. The reality is that many enterprise applications rely on Java; for many organizations, disabling Java simply isn't an option.
    From the editors: Time to disable Java?
    In the wake of recent exploits, experts recommend disabling the programming language, but that can be tricky in the enterprise. In this Information Security magazine column, learn why disabling Java may be the answer.
    With that said, all of the standard advice for securing any client software applies to the JRE too, including not installing (or uninstalling) the JRE if it isn't necessary, keeping the JRE up to date, removing old versions, and implementing patch management and endpoint security controls on the client side. But consider additional controls specifically for Java. For example, an enterprise could run the JRE and necessary software in its own virtual machine, run the JRE with reduced permissions (which should already be a default policy regardless) and allow whitelisted Java applets to run in the JRE with Noscript or similar software. The Enhanced Mitigation Experience Toolkit can be used to more securely configure the JRE on Windows systems.
    Enterprises could also compile Java code into native executables to avoid issues with the JRE, but this action would negate the "write once, run anywhere" benefit of using Java. Given that most Java applets are run on either PCs or Macs, this might be a reasonable measure for some organizations, but it wouldn't work for all platforms that run Java. If it could be compiled, this would help reduce the number of systems in an enterprise that needs a JRE installed just for one application. All of these methods require significant effort, but could reduce the risk to an acceptable level for most enterprises.
    Conclusion The Java ecosystem pioneered many new features that made developing software for multiple platforms easier. The Java Runtime Environment was the result of that need for easier cross-platform development. Sadly, the reputation of the Java ecosystem has taken a significant hit due to the significant number of security vulnerabilities exposed in the JRE and Oracle's software development lifecycle. While organizations should think long and hard about committing to Java, fortunately, there are ways for enterprises to limit the risk posed to their endpoints by the JRE if it is a business necessity; if it is not absolutely necessary, however, it should not be installed.

    Wednesday, December 5, 2012

    If you encounter any problems during installation, please check the
    logfile that is created in /tmp on Linux or Mac OS X or %TEMP% on
    Windows. The file will be called install-postgresql.log. The logfile
    may contain the superuser password you specified during the
    installation, which should be replaced before sharing the log with
     If you are unable to resolve the problem having reviewed the logfile,
    please search the EnterpriseDB forums as well as your favourite search
    engine for a solution.
    If you still cannot resolve the issue, please post details of the
    problem, along with system details and any appropriate parts of the
    installation logfile to the installer forum.
    Script output:
    Error de entrada: No existe ningún motor de secuencia de comandos para la extensión de archivo ".vbs".
    Input Error: No script command engine for ".vbs" file extension exists. (Yes, I got a spanish localized windows)

    Script stderr:
    Program ended with an error exit code

    Unknown error while running cscript //NoLogo "C:\Documents and Settings\Name\Configuración local\Temp\prerun_checks.vbs"

    Running from cmd 'cscript //NoLogo "C:\Doc...\prerun_checks.vbs"' returns 'The scripting host appears to be functional.'

    ... Checks the program configured to open vbs files ... (Notepad ++)
    ... Changes to default ... (Microsoft (R) Windows Based Script Host)
    ... Installer works ... (shoots computer (after making appropriate db backups))

    All right, no more problems on my end. Thank you for your swift response and pointing me to the right direction.

    Download  Install log
    cebaehren's case:
    Acceso a Windows scripting host deshabilitado en este equipo
    Usar XP antispy para habilitarlo!

    Windows 2003 Server 2 NIC (multihomed)
    I have two network cards in my Windows 2003 RS2 (Small Business) and two routers, I plan to have it set up so that we have a fall-back if the internet on the primary router were to drop out or loose connectivity to the internet, so that we will not loose connectivity or outside requests for applications running on our server.
    At the moment my configuration is this:-
    Network card 1:
    Network Card 2:
    What is the best way to achieve this? At the moment the workstations default gateway all go directly to the router, is it better to direct them via the server so they can benefit from a multi-homed connection?
    You would need to purchase a high-end router and configure it to use an alternate path if the first path failed - First path ISP #1, second past ISP #2. With that, you wouldn't need the 2nd NIC in the server.
    If you plug them both in, the server will take a path to use as a connection to everything. If the server has to switch NICs to get inbound traffic, it'll have to drop a connection to everything attached to it.
    Thus, you'll want to pick up a network device to do the routing for you. You could go with something like Network Load Balancing, which you might be able to use with Windows Server.. it'll install on the server itself. Though, in my position, we have our ISP load balance for us so we don't have to configure it.
    But you're looking at a high end router.. Cisco comes to mind.. I can't think of the other brand that might be easier to use.
    You may be able to find a dual WAN Linksys Router which may resolve your problem as well. 
    I was working on the same thing just recently, and figured out how to do it in windows server 2003. And it's working just fine.
    Make sure you either have or can install Routing & Remote Access (should be in Administrative Tools)
    If you need to install it, just do so with basic NAT/Firewall checked (one of the options required to install RRAS - Routing and Remote Access Service), but we're not going to use NAT.
    Remove your gateways from your adapters (by going to your NIC->TCP/IP Properties->Advanced->Gateways->Remove (hopefully you can get my drift))
    In the RRAS snap-in, right click on Static Routes and add a new route.
    (I'm going to assume that your LAN connections are named "Network Card 1" and "Network Card 2" respectively for ease of typing)
    Set this up:
    Interface: Network Card 1
    Network mask:
    Metric: 1
    Click ok, and right-click "Static routes" and add another new route:
    Set this up:
    Interface: Network Card 2
    Network mask:
    Metric: 1
    Click "OK" and then right-click on "static routes" and click "show ip table"
    make a note/screenshot of it as it is now
    Go back to your network adapter properties, go to the "Network Card 1" properties
    Go to TCP/IP Properties->Advanced->Gateways->"Add"
    Automatic Metric: UNCHECKED
    Metric: 20
    Close out of that
    go to the "Network Card 2" properties
    Go to TCP/IP Properties->Advanced->Gateways->"Add"
    Automatic Metric: UNCHECKED
    Metric: 20
    Now get a new list of the routes in your IP routing table by going into the RRAS snap-in, right click on "static routes" and click "show ip routing table"
    You should have at the top, something like this (the first 4 lines are the critical ones, if these aren't right, re-try the order in which you setup the static routes & add the gateways)
    Destination Network Mask Gateway Interface Metric Protocol Network Card 1 1 Static (non...) Network Card 2 1 Static (non...) Network Card 1 20 Network Mgmt Network Card 2 20 Network Mgmt
    Be sure to make your destination NAT on your routers MATCH from router to IP resepectively, or the whole thing won't work, ie:
    router: needs to forward traffic to
    router: needs to forward traffic to
    Essentially what you're doing is bonding a gateway to a NIC. This may work for you, it has definately worked for me when I needed to setup a web server that would respond on 2 different public IP's.
    Hi, look up for ClearOS. it is easy to learn and install. use it as your "ROUTER" in multi wan mode, so if one drop, it will still use the other one. and you wont have 2 gateways. only one, the ClearOs server's IP.
    it works like this:
    2 routers go into the server, and then one cable goes out from the sever, to the network. so you will need 3 lan ports.