Windows Update Error 89B (or 2203)

I spent hours trying to figure out what happened to start causing this error on Windows Server 2012R2. Google results are slim, but some referenced an invalid password (wtf?). I reset SoftwareDistribution, changed OUs (for Group Policy), removed and re-added to the domain, nothing.

In the end, I checked the TEMP and TMP Windows system variables – they were pointing to an invalid folder location. I created that folder and immediately tried to install updates again – 100% success! THANK GOD!

On a side note, why can’t Windows just say INVALID FOLDER?! ūüôā

FilmOn (.com/.tv) – First Impressions

I recently stumbled across a Roku app called FOTV. Installing it and opening it up, it listed LIVE UK TV. I gave it a shot and BBC, ITV streamed pretty nicely, all beit not very good quality (low resolution) – but hey, for free what can you expect? Other live UK channels, Channel 4, Channel 5, ITV1+1, etc worked but buffered every 30 seconds. That and a big FilmOn.tv logo in the corner of every stream.

Checking out their website (filmon.tv or filmon.com) I saw they offer a “Premium” service, which included a few other channels (none of which interested me) and claimed HQI (480p instead of 240p). They want $15/mo or $150/yr…

So, I bit the bullet and signed up for a month using PayPal¬†expecting that the HQI would look better and the buffering would be almost none (and hoping their giant logo would also be gone). What do you get? Buffering is still the same and the HQI doesn’t look any different than the free stream, definitely not worth the $15/mo.

Will I renew? Nope. Visually, the 240p and the HQI streams are the same and buffering is a problem regardless if you’re using the free streams or the premium.

My 2 cents.

Setup a Windows VM as a VPN Gateway w/ICS and OpenVPN

This post has been a long time coming…

Since my ASUS router severely underperformed when used for OpenVPN, here’s how to configure a Windows VM (Server 2012 R2, in this case), with Internet Connection Sharing, as an OpenVPN gateway for your local network clients:

  1. Configure your VM per your usual specs (i.e. latest updates, disk sizes, etc.) with a single NIC (we only need 1 NIC for this).
  2. As of my writing this, OpenVPN 2.3.9 is the latest Рusing I601 for Windows Server 2012 R2:
    openvpn_installer
  3. Leave all options for the install as default except for adding OpenSSL Utilities (I’m not quite sure you actually need this, but it’s in my notes from a year ago):

    Updated: The OpenSSL Utilities is not required for a gateway since all certs come from your VPN service provider; you can safely leave OpenSSL Utilites unchecked:
    openvpn_openssl-utils
  4. Install the TAP NIC:
    openvpn_tap-nic
  5. Shouldn’t have any problems:
    openvpn_install-complete
  6. I suspect most VPN providers have CA (certificate) files you grab as part of your access details —¬†ca.crt, crl.pem — for PIA. Copy those and the appropriate .ovpn file (Germany.ovpn, in my example) to the config folder in your OpenVPN install folder: C:\Program Files\OpenVPN\config in my case:
    openvpn_copy-cfg
  7. You will also need an authorization plaintext file for OpenVPN to auto-connect (contains only 2 lines, username and password). Copy that file to the OpenVPN config folder along with the files from step 6.
  8. Open properties of the TAP NIC and (I would suggest) disable DNS registration and IPv6.¬†If you’re connected through RDP, now would be a good time to reconnect to the console session as the next steps are going to temporarliy disconnect your network connection.
  9. Now you want to share the TAP NIC so clients can use it as a gateway when it’s connected to your VPN provider:
    tap_nic-sharingCheck¬†Allow other network users to connect through this computer’s Internet connection and un-check¬†Allow other network users to control or disable the shared Internet connection.
  10. Windows will prompt you that it’s going to change your LAN NIC’s IP to 192.168.137.1 – we’ll reset the IP back to our proper subnet after, so click Yes for now:share_nic-warning
  11. Now edit the TCP/IP settings for your LAN NIC back to its regular IP/gateway (an IP on your local subnet so your clients can reach it):
    nic_new-settings
  12. Now it’s time to configure OpenVPN to automatically connect when the VM starts. Remember your auth.txt and the provider .ovpn file from steps 6 and 7? Edit the .ovpn file and add a couple lines:
    ovpn_auth
    You’re basically telling OpenVPN where to find your username and password when it uses this profile.
  13. Last step, configure the OpenVPN Service startup type to Automatic (so it automatically connects after a reboot):
    openvpn_service-auto
  14. Now, reboot and verify the OpenVPN Service is running (check the Germany.log file in the OpenVPN\log folder, in my case):
    log
  15. Last step, adjust the TCP/IP settings of a client(s) to use that VM’s LAN IP as it’s gateway and check the public IP:
    public_ip
    Perfect! Public IP matches the logged IP.

Now you can modify clients to use this VM’s LAN IP as their network gateway and they will all appear to be from whatever location your VPN server is in!

That, and performance will kill anything the ASUS (or any other consumer-level router) could ever give.

Enjoy!

Tomato Firmware on an ASUS RT-AC56U Router

I recently purchased an ASUS RT-AC56U router with the intention of flashing the firmware from the stock ASUS firmware to Tomato by Shibby РI want the OpenVPN client functionality to use with my VPN provider. This router would replace my LinkSys E3000 which could barely connect me to the Internet, let alone VPN.

The whole process seemed simple enough, but of everything I found online, none was 100% complete. So, here you go:

  1. Some say to flash DD-WRT first, others say to go right to Tomato through the default ASUS interface. You do not need to flash DD-WRT first.
  2. Download whichever RT-AC56U-ARM firmware you need; for me, I did not need USB or any of the other fluff, so I avoided the All-In-One (AIO) firmware, and grabbed the latest (v123 at that time) of the VPN version:¬†tomato-RT-AC56U-ARM–123-VPN-64K.trx
  3. Put the router into recovery mode: power-off with the button, holding the reset button, power back on and wait a few seconds. The power LED should start to blink. It’s now in recovery mode.
  4. In recovery mode, the router seems to use default to an IP of 192.168.1.1 – make sure whatever computer you’re using for this process is on that subnet. Open a web browser and open http://192.168.1.1 and you should see a pretty basic webpage. Locate the TRX file and click Upload. Now wait. Give it about 5 minutes.
  5. After about 5 minutes, power off the router using the power switch. Others say that once Tomato is flashed, power-off, hold the WiFi button and power back on. That is incorrect Рyou have to hold the WPS button until the power LED starts to pulsate, not the WiFi button. Holding the WiFi button will simply put you back in recovery mode and you will continue to repeat the process indefinitely. Hold the WPS button for 10-15 seconds and you will be 100% good to go. Now you can login to Tomato (admin/admin) and wipe the NVRAM.
  6. Login, go to Administration -> Configuartion -> Restore Default Configuration -> Erase All Data in NVRAM (thorough). Sit back and wait for a few minutes and you’re all done!
  7. Enjoy Tomato and OpenVPN (or whatever you want it for).