Unexpected Downtime

Because I was trying to install a new graphics card on my server… It BSODed at some point and damaged system files.

I’m running Server 2012 R2 Essentials, so it’s a domain controller. Somehow the file system got corrupted and prevented LSASS from loading. This is a key part of Windows and “bad things happen” if it can’t load right or is terminated.

Specifically, I was getting a “2e2″ BSOD from the system. I was able to get into the “Directory Services Recovery Mode” option. This is basically a safe mode for Active Directory.

Due to a couple of issues, I suspected a disk error. I was right. Ran a chkdsk on the system and it started booting just fine!!


Just wanted to post this for anyone else that ran into this weird BSOD.

Posted in Announcements

An Exercise in Frustration: Fine Tuning the Web Filter in Sophos UTM

Everything up til know regarding the Web Filter has been a cake walk by comparison. I’m not saying it’s been easy, but fine tuning the web filter, adding exceptions and the like is going to be the hardest part of this by far.

I’m going to cover some of the basic services that you’ll need here, and maybe a bit of how to troubleshoot to identify future issue. But this part will cover the part that has caused me the most frustration and the most time.

Unfortunately, not every website, platform or app supports the Web Filter, even when you have the CA Certificate installed. In fact, some programs store the CA Certificate store outside of the OS, making it problematic.

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , ,

An Exercise in Frustration: Setting up Web Filter Certificates in Sophos UTM

By now, you may be tired of looking at the web filter stuff. However, we’ve only just gotten started.

Right now, the filtering may be enabled, but chances are that you are seeing certificate errors for every HTTPS website your visiting. To fix that, we need to use a Signing CA Certificate. This will be used to re-encrypt the HTTPS traffic. But not only does that need to be installed into Sophos, but you must also install it into each and EVERY client that will be accessing the internet behind the router.

Well, for the most part.

Since a lot of people looking at this guide will be from the Home Server communities, chances are that you’ll have a server that is also a Certificate Authority (CA).

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , ,

An exercise in frustration: Setting up Web Filtering on Sophos UTM

Overall, Sophos is a great platform. And part of what adds to that greatness is the web filtering options. By default, it gives a bunch of options that can be filtered out by default. However, most of these are suited for a business setting, but it definitely works well of the home environment. In fact, it features an inline download scanner virus scanner.

However, because of it’s complexity, and that some programs may not like what it is doing, it is one feature that may require the most amount of tweaking to get everything working just right.

First thing first here: If you’re not willing to spend hours reading logs and testing out rules just to get everything working just right, and not willing to listen to your wife or significant other to bitch because they can’t access Facebook/YouTube/Hulu or whatever iOS/Android game of the week for a few hours…..

Then set the HTTPS service to “URL Filtering” and not “Decrypt and scan”, or just turn off the Web Filter feature altogether. Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

Installing Sophos UTM

Well, I apparently missed doing this. And there are some important steps here, because the installation for Sophos UTM isn’t as turn key as it could be.  There are some specific things you have to do before it’s up and running 95%.

So lets cover that.

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Port Forwarding with Sophos

Previously, I’ve covered a lot about Sophos and why I love it. The last post was about the firewall, and how to let services through to the outside world. Being able to access these services is a pretty important aspect, and is why I covered that first.

However, this time, I’m going to be covering Port Forwarding, also known as NAT (Network Address Translation). This is just as important, especially for us “home server” guys, as this is how you configure the router to allow you to access internal resources (such as a website) from external sources (aka, the outside world, and how you’re reading this).

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , ,

Learning to use Sophos’ Firewall

Previously I talked about, well how awesome the firewall and intrusion countermeasures in Sophos are. And I didn’t get to how to actually configure them because of the shear amount of content I covered.

This time, we’re going to walk through how to add services to the firewall, and how to lock down or allow traffic through Sophos (your firewall). This includes how to enable Sophos to do the normal “Consumer Router firewall” stuff, as some people are “too lazy*” to set this up properly.

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , , , ,

Sophos and a Draconian Firewall

As I said previously, I am going to talk more about Sophos and my adventures with it.

The first part that I need to address is Sophos’ firewall. It’s beyond awesome. But the phrase “draconian” is an absolutely accurate description. During the initial setup wizard, Sophos ask you what services you want to allow by default. The default services it configures Remote Access (RDP, VNC, etc), Instant Messaging, VoIP, Email and Web Surfing. You can select any combination of these services

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , ,

Adventures with Sophos

Due to some issues lately, I’ve taken the excuse to upgrade the hardware on my network.

Specifically, my pfSense box now refuses to boot (CF Card isn’t taking any new flashes apparently), and my Linksys router is on the way out. By on the way out, I mean that turning on QoS causes the system to overheat and lock up. Frequently and quickly.

This is left me in need new hardware, as I host a number of services off of my network. This blog included. That means that I need something that works, and works well. I’d been using pfSense, but it had left me wanting. It worked pretty well, but it wasn’t pretty and it wasn’t remotely simple to configure things. Especially more advanced features.

Since I was going to be upgrading the hardware and re-installing anyways, I took the opportunity to check out some of the available router/UTM solutions out there. The list is kind of small, unfortunately.

m0n0wall: A great simple router OS. However, it’s heavily Linux oriented and I don’t have the time or inclination to learn an OS just to provide a firewall and NAT and maybe more.
pfSense: This is what I had been using, but experiencing some weird issues with. May have been hardware related. However, the OS and options just felt lacking or like they took too much time and effort to get working right. Not turn key even remotely.
Untangle: A great solution, with a lot of options. Very turn key. However, pretty much everything but NAT and a basic firewall requires a subscription. And not exactly a cheap one. Great for a SOHO maybe, but not for me. And the UI still looks very dated.
Smoothwall Express: Spent about five minutes with this. It’s a glorified DD-WRT install. Or at least that is how it felt. Very plain and basic. Both in the UI and functionality. And no expansion to speak of. Avoid. At all costs.

Then I got to Sophos. It has a “Home” version mostly due to it’s roots as “Astaro”. But don’t let that fool you. It’ very light weight, incredible powerful, and looks incredibly polished. The WebUI is just phenomenal. It looks like something out of this decade.  However, as with most things with a lot of power, it’s very complicated to setup and use. Very. Because there isn’t a lot of great documentation or even a “real” getting started guide to speak of, for somebody that’s not a networking professional, setting this up initially may be tricky.

However, after spending half an hour or so just hammering at it, I managed to figure out how to setup Sophos, enable port forwarding and a few other things. A bit over 24 hours on Sophos, and I have to say that I’m not just impressed, but ecstatic about the software. It’s everything a tinkerer could hope for.


As I figure out how to use Sophos, I plan on releasing a series of blog posts on how to setup and configure it to work with my network, the way that I want.

First up? Talking about about Sophos’ awesome firewall.

Posted in Networking Tagged with: , , , , , , , ,

When it Rains

So, recently, I’ve been having issues with my server.  It occasionally randomly reboots, and then fails to boot back up until I’ve powered it off for a few minutes. This isn’t good in any sense of the word. Something very wrong is happening here, and it needs to be addressed.

The up side is that when it fails to boot back up, it does have a boot code, and that indicates the issue. Specifically, it appears to be a System Timer issue, or possibly a RAM issue. As the issue is new, I seriously doubt its RAM, and I’ve already ran a full 3 pass memory test. So I’m pretty confident that it’s this “System Timer” issue, which means the board is trash and needs to be tossed/RMAed.

Now, how serious is a “System Timer” issue? Well, it basically keeps all the component in sync and talking to each other at the correct rate. So if it’s malfunctioning, that means you will get all sorts of errors. Especially reboots. And it the issue only gets worse.

Or as a friend put it “hertz” not “seconds” clock.

Now, ASRock doesn’t believe me about the issue, and wants me to reflash the bios, and do some testing. But, as this page is being delivered from said server… I’d rather not. Especially, as I need it running for work. And for those of you that use Subsonic on it.


So basically, it means it’s time for a hardware upgraded. I’ve been itching to do so for a while, but it seems like now is the time.

Posted in Announcements, Rants