CyberStreams Blog

When I’m out visiting a network for the first time, the one thing I check before anything else is how DNS is implemented. I am amazed how often I find the configuration subpar. A proper DNS setup is vital to keep the network operating smoothly. Improper setups can cause traffic slowdown, authenication issues, and produce a plethora of strange errors. So I want to do a quick rundown of a standard way to set it up, and some ideas for dealing with unexpected issues.
(more…)

The scenario: one of my clients has a Server 2008 box with Exchange 2007 SP1. Random domains where not being sent to with error “451 4.4.0 DNS query failed” coming up in the Exchange Queue Viewer. Taz and myself troubleshot this over several days, looking at DNS Configuration, Exchange Configuration, and Sonicwall Configuration with no luck resolving the issue. So I made the call into Microsoft Tech Support, where over the course of two more days and 3 or 4 calls in which we went through the majority of the troubleshooting Taz and I had already done we finally found the issue was with Auto-tuning.

“Auto-tuning is a feature that was introduced with Windows Vista and Windows Server 2008 in order to optimize TCP throughput. The problem is that some network devices do not support these features (most Cisco Firewall devices, Sonicwall Firewall, Check Point Firewall, some NG R55 routers, some Netgear routers), which can make things slower (Rui Silva).”

The link below will walk you through how to disable auto-tuning.
http://support.microsoft.com/kb/951291

This client has a Sonicwall Firewall and Microsoft was pointing at that possibly being the cause due to the output of the telnet sessions into the “problem domain” email servers. But, As stated above the issue was completely resolved once the Auto-tuning feature was disabled on the NIC. This leads me to the common issue I find with companies that make product features that are not supported by a significant amount appliance manufacturers. In the IT industry we see this regularly and we use work arounds or in this case turn off features. But, should we really have to? I suppose we can see it as job security but, isn’t good technology suppose to make it easier to manage, our business proccesses, networks, lives, etc? This will be the question as long as there are varied technlogies and companies. We as IT professionals just have to keep up the fight to make it work and make it better.

In the small business world I work in, easy-to-use remote connectivity is a must. One common device we use is the Sonicwall SSL-VPN. It has a web interface that users logon to with their Active Directory authenication. From there, they can install the VPN client themselves. Since the webpage is SSL encrypted, users will get that ‘Certificate Error’ page first if you don’t have a proper certificate setup. This page tends to confuse and/or annoy most users I ask.
(more…)

I was recently given a project that involved testing out the Application Firewall feature on the Sonicwall firewall. We’ve been talking about promoting this feature to clients as a way to manage their employees’ internet browsing habits. The idea is to slow down the traffic to the problem website instead of outright blocking it. If the website is blocked and the user sees a denial message, they are far more likely to look for a way around the block. If the website is just slow, there is a greater chance that they will just give up and try again later, or maybe think the problem is on the other end.
(more…)

Blackberry and I have had a long and contentious relationship.  While it took some getting used to, I will admit that they have a nice, fast UI, and an impressive array of features.  My problems have always come from troubleshooting problems and dealing with their support.  This is of particular annoyance because they always seem to break in some way or another.
(more…)