Michael Brandonisio

Hello,

There may come a time when your DNS server is the authoritative DNS for a client or customer that has secured an IP block from a 3rd party, perhaps for T1 or DSL service. They want to use one of the IP addresses for an email server located in their office and have asked you to setup rDNS or Reverse DNS for the IP address specified. Since the IP address did not come from your ISP you cannot ask them to setup the rDNS for you. You must accept IP delegation and configure your DNS server to give an authoritative response.

Here are 3 links that helped me figure this out:
http://www.dnsstuff.com
http://www.faqs.org/rfcs/rfc2317.html
http://www.fdcservers.net/vbulletin/archive/index.php/t-578.html

I’m going to illustrate this using 10.x.x.x IP address ranges. This setup is for Bind DNS servers. You will be creating a zone for x.x.x.x.in-addr.arpa on your DNS server.

The scenario is that the client secured a new T1 line and wanted to use IP 10.0.142.162 for an email server in their office.

On your DNS server, open a terminal window. Then edited /etc/named.conf and added this to the end:

zone “160/28.142.0.10.in-addr.arpa” {
type master;
file “/var/named/142.0.10.in-addr.arpa.db”;
};

I have to admit that I do not fully understand why some delegations may be looking for zone 160/28.142.0.10.in-addr.arpa and others 142.0.10.in-addr.arpa. Both can contain the IP 10.0.142.162. It may have something to do with this delegation being a /28 giving the client 16 IP addresses with 14 usable starting from 10.0.142.160.

Save your changes then create a new zone DB named /var/named/142.0.10.in-addr.arpa.db

You can do this like this:

touch /var/named/142.0.10.in-addr.arpa.db

Then open /var/named/142.0.10.in-addr.arpa.db and add:

; Zone file for 160/28.142.0.10.in-addr.arpa
$TTL 14400
@      86400    IN      SOA     ns1.yournameserver.net. support.example.com. (
2008092801      ; serial, todays date+todays
14400           ; refresh, seconds
7200            ; retry, seconds
1209600         ; expire, seconds
86400 )         ; minimum, seconds
160/28.142.0.10.in-addr.arpa.         IN      84600   NS      ns1.yournameserver.net.
160/28.142.0.10.in-addr.arpa.         IN      84600   NS      ns2.yournameserver.net.

162.142.0.102.in-addr.arpa.           IN      14400   CNAME   162.160/28.142.0.102.in-addr.arpa.
162.160/28.142.0.10.in-addr.arpa.     IN      14400   PTR     mail.example.com.

Save and restart Bind. You can test your results here:
http://www.dnsstuff.com

Sincerely,
Mike

In November of 2007 I came to the conclusion that I needed a smart phone. I’m currently working on a Mac Mini and wanted to not only get email on my cell phone but also wanted to have my calendar, address book and task list. At the time when I asked the sales person in the Verizon store, I was told that they had 3 phones that were Mac compatible the BlackBerry Pearl 8130, BlackBerry 8830 and Palm Treo 755p. I previously owned a Palm tungsten E. It was nice but I opted for the BlackBerry Pearl 8130.

I was a little skeptical about just how compatible the phone would be with my Mac since it took some digging by the sales person to figure out that BlackBerry was Mac compatible. With that said I bought the BlackBerry Pearl 8130. It did not come with any software in the box I had to download it from the www.BlackBerry.com website. I downloaded PocketMac v4.0.20b. After installing it I was able to sync with iCal, Address Book and Mail. It supported other applications too, but those were the applications I was using.

Ireally like BlackBerry Pearl 8130. Some of the things I liked were the compact size and the way it guessed what I was typing. The keyboard was not a full QWERTY but a version with no more than 2 letters per button so typing was fairly easy and the BlackBerry Pearl 8130 seemed to learn from what you entered and got really good at guessing what you were going to type. The Map tool is pretty cool too. You can search for places and get directions. To be clear though it was not turn by turn GPS, though you could use Verizon’s VZ Navigator for that. I also liked the fact that the phone was smart enough to know when it saw a phone number in an email or when browsing the web. If you clicked on a phone number it would ask if you wanted to dial it. Very cool. It made www.yellowpages.com a very useful site on my phone.

I did run into 3 big issues that resulted in the return of my BlackBerry Pearl 8130.

The first issue was attempting to fix the calendar on the phone. Somehow the calendar on my BlackBerry Pearl 8130 was in triplicate. The Mac was fine. No one could figure out why it was in triplicate. What is worse no one from Verizon or BlackBerry could fix it. I was told by a BlackBerry tech if only I had a Windows computer they could correct the issue in minutes. I did not have a Windows computer. All I had was a Mac OS computer. Over a 2 day period I spoke with 2 BlackBerry technicians. After throwing many darts, the second tech I spoke with decided that a security erase was the only way to fix it. Then I would have to push the data from my computer down to the device. So I did.

That was in my first 30 days of owning the phone. I had to decide if I should keep it or return it to the store. I really liked the phone. When the sync was working it worked. The support for fixing issues was lacking but there was a solution. I kept the phone.

The second issue comes up in my 8th week of owning my BlackBerry Pearl 8130. I bought a new wireless keyboard and mouse from logitech, the Cordless wave. After installing the control console software on my Mac the PocketMac sync stopped working. It took 2.5 hours on the phone with support to trouble shoot this issue. Support had no idea what the issue was. Lucky me I was able to boot my Mac to a disk that did not have the keyboard control console installed on it. I tested PocketMac and it worked again. It looks like PocketMac is using the keyboard controller to make calls to helper applications to perform the sync of various items like calendar, address book and email.

All I can ask is, “Why would a programmer rely on something like the keyboard controller to communicate with other applications?” It makes no sense. I should be able to install a 3rd party keyboard and mouse without having it break my sync tool. I would not expect this kind of home grown programming from a commercial application like PocketMac. Ultimately I returned the logitech Cordless wave keyboard and mouse and bought a wired Mac keyboard and a Kensington wireless mouse. This combination of hardware worked fine.

Again I considered returning the BlackBerry Pearl 8130 but decided that the devil I knew was better than one I would have to get to know. Besides that the only other option from Verizon was a Palm Treo 755p. It just did not appeal to me. Once again I kept the phone knowing that there would always be this issue with 3rd party keyboards.

Since the first two issues could not sway me to return this phone a third issue came up to test my patients. I wanted to update the firmware on my phone. The updater would not run on my Mac OS computer. It required a Windows computer. This was my breaking point. After an hour on the phone with Verizon support I was told I can take my phone to any corporate store and they could update the firmware for me. So I did. I drove to the Verizon store near me. At first I was told no they could not update smart phones. They could only handsets. Then after another hour at the store they reluctantly offered to try something they have never done before. They would use one of their windows computers to run the firmware update for me. Then came the clincher, this operation would reset the phone to factory setting erasing my settings and possible some data. I knew I had my calendar and my address book on my Mac but I did not have my bookmarks and I was sure that I would loose something that was not backed up since PocketMac was only a sync tool it did not backup the entire phone and it’s settings. It only synced data. I did not allow them to update the firmware on the phone.

At this point it was painfully clear that this was not a Mac OS compatible smart phone. Yes it could sync but it was not fully compatible with the maintenance tools needed to own and operate the phone as a Mac user. Sure a firmware update works flawlessly on a windows computer, according a a Verizon support technician, even restoring all the correct settings, but not on a Mac. The following day I called customer service. They were very understanding allowing me to port my phone number to another provider and giving me a full refund.

I now have my eye on the 8GB iPhone. I’m thinking this should be compatible with my Mac OS computer … Right?

Additional Note:
The PocketMac installation does not install PocketMac for multiple users on a Mac that share the computer with separate logins. When PocketMac installs it places files that are meant for general use, like plugins, in the users library folder instead of the computers library folder. This means that PocketMac must be installed for each user with a login on the computer that will need to sync their phone. Now this gets even better. You cannot install PocketMac unless you are an admin user. So you need change all the user accounts to have admin privileges, install PocketMac, then change them back to simple users. This is completely stupid.

Sincerely,
Mike

Hello,

If you are running a web site resource usage and performance can play a big part in your site visitors experience, namely their experience in how long it takes your web site’s pages to load. There are modules called GZip and mod_deflate for Apache web servers that will compress the data requested by a web browser using Zip compression to create a compress stream that is decompressed at the browsers end. This is server wide and effects all web services on the server. The result is less data sent from the server to the browser. This has two huge affects one, it can reduce bandwidth usage by as much as 75% and two, decrease page load times by a factor of 4. Here is some data on this BLOG:

URL: http://mbrando.com

File Size Comparison (in bytes):
Original size: 61964 bytes
Compressed size: 19077 bytes
Savings: 42887 bytes
Percentage saved by
compression: 70.0%
Transfer speed
improvement: 3.2 X

Dial-up Modem 56.0 Kbps - 8.645s vs. 2.661s
DSL/Cable Modem 256.0 Kbps - 1.891s vs. 0.582s

( Above data by: port80software.com )

Here are some links with additional information

GZip works with Apache 1.3x and Apache 2.x.
GZip Site Home
Compressing Web Output Using mod_gzip for Apache 1.3.x and 2.0.x

Apache 2.x comes with a module called mod_deflate.
Apahce 2.x documentation
Compressing Web Content with mod_gzip and mod_deflate

Sincerely,
Mike

Hello,

I run a few cPanel servers and run Munin as my resource monitor. At the time I wrote this the version included with cPanel was munin 1.24. Ever since I have installed the plugin from cPanel it would monitor MySQL upon first install and then stop if the server was reboot. Uninstalling and reinstalling would once again get Munin to monitor MySQL but having to uninstall and reinstall just for a reboot, just did not seem like something that you should have to do. After many months of on and off testing this is the fix I have come up with.

1. Create a MySQL user with a password that is NOT granted privilege to any DB. Simply create the user.
2. Create a file called /etc/munin/plugin-conf.d/munin-node
3. In the file /etc/munin/plugin-conf.d/munin-node put this:
   [mysql*]
   user root
   group wheel
   env.mysqladmin /usr/bin/mysqladmin
   env.mysqlopts -u [MySQL_usr] -p[MySQL_usrpassword]
4. Then Save. Where [MySQL_usr] is a valid MySQL user and [MySQL_usrpassword] is it’s password. Note that there is NO space between -p and the password. This is critical.

Now what about 30 minutes to an hour to allow the munin-node to gather enough info to have something to graph. Then go view your Munin graphs. All of your MySQL graphs should have something in them.

Sincerely,
Mike

Hello,

I’m sure the internet has changed quite a bit since you first unveiled your web site to the world. The technologies used to build web sites and internet presentations have also changed too. You may be thinking that the time is right to redesign your web site. A new look/ feel and fresh content will go far to better reflect your business services today. Make sure you have someone who understands search engine optimization involved with your project. This is very important for a web site redesign.

In the past it was possible to simply write code to display your pages properly in the few browsers available. Today if your web site enjoys any traffic that comes from the search engines, you want to keep it. This means that your REDESIGNED web site cannot have broken links that come from the search engines or dump all of your old site links to the home page. Doing so will impact your search engine ranking. This cause your rank to drop. For some business this could have a serious financial impact.

You need to redirect all of your old page to the new pages that have similar content. Often a web site is transitioned from a static HTML web site to a dynamically scripted web site like those coded with ASP, PHP, .net, Cold Fusion, Java to name a few server side scripting languages. Your old web site may have had links that looked like this:

http://www.example.com/folder/products.htm

or something similar. Your new site may simply have restructured how the pages are stored by changing the folder names or your web site is now dynamic. Either way you want your old web page links to be redirected to the new web page links. If you are running apache server you can use an htaccess file in the root of your public folder to preform the redirect of OLD to NEW. This is just one way to make use of htaccess files. Feel free to use your favorite search engine to find other htaccess tutorials for password protected folders or event URL rewriting.

How to use htaccess files with apache server for URL redirect

Create a plain text file named: .htaccess

in the root of your public folder. In this file you will use the following structure to create a redirect that tells the search engines that a permanent change to the old link has been made, meaning the old link is being redirected permanently. The format is action, error code, OLD URL, NEW URL. Each redirect is on its own line like this:

Redirect 301 /your_file_name.html http://www.example.com/index.php?a=12&b=39
Redirect 301 /file_name.htm http://www.example.com/index.php?a=657&b=354&c=234

If your OLD URL happened to have a space, %20, in the file name or folder name put the entire URL in double quotes like this:

Redirect 301 “/folder name/file name.htm” http://www.example.com/content/view/215/27/

This will allow the directive to be performed properly. With out double quote around the URL with a space it can cause an internal error 500 on the server. Often this error is associated with htaccess files the have invalid syntax.

Note:

1. 301 is the error code for a permanent redirect
2. The OLD URL starts with a forward slash
3. The NEW URL is a fully qualified URL
4. The new URL can also be on a different domain too.

That is all there is to it. Save your htaccess file and test it by access an old URL. It should redirect your browser without incident. Using the 301 error tells the search engines to update their index with the new URL.

Sincerely,
Mike

Hello,

I recently upgraded my servers to the cpanel 11 when I received a notice from cpanel that stated, “Unable to automaticlly update the mailer config…”. So I manually performed the upgrade only to discover that email was being handled very differently after the upgrade. No email that was marked as SPAM was was being delivered. Instead it was being dropped. This meant that there would be no way to check for a false positive email marked as SPAM. Normally spammy email has it’s subject rewritten to prefixed with, “[spam]“. This allowed the user to then use a filter in their email client to filter email with “[spam]” in the subject to a folder for later review. This would keep the inbox clean.

I did some research and found that this was a common issue with the new cPanel 11. After many hours of thinking that I may have to downgrade the server to cPanel 10, I found my answer in WHM. When you log into WHM as root there is a section called, “Service Configuration”. In this section you will find, “Exim Configuration Editor”.

In the “Exim Configuration Editor” page in the, “Mail” section just above the the buttons marked, “Visualized ACLs and Save” is an option to use the old old transport, “Use the old transport based spamassassin system instead of the new acl style one. (not recommended, slow)”. When I first saw this and it said it was not recommended I looked for an alternative. I could not find one. I need my email spammy or not to be delivered to each users inbox for their review.

Check this option, “Use the old transport based spamassassin system instead of the new acl style one. (not recommended, slow)” and click the save button. If you were previously using subject rewrites SPAM Assassin will again rewrite your subjects. You can also make use tof the X-Spam-Flag header for filtering this is a YES or NO value.

At least by doing this you can continue to make use of the NEW cPanel 11 features while monitoring the cPanel forums to see of the Exim ACL’s have been fixed to allow subject rewrites and delivery of email marked as SPAM.

Sincerely,
Mike

Hello,

This is a re-write with a few additions of a solution that I found on 2 BLOG’s and in the cPanel Forum. My sources are: johnhesch.com, yamzy.net and forums.cpanel.net.

I was having some issues with a few clients and their email. A client would call me and say, “A vendor says that they cannot send email to me. What’s going on?”

I’d chime back, “Did they give you any more information? If you can ask them to fax you the bounce message or email it to my comcast account I will look into it.”

Eventually I’d receive the error the message. It would read something like:

Error 451: Deferred sender callout cannot be verified.
or
Error 550: Verify sender callout failed.

If you look in your exim Logs /var/log/exim_mainlog you might find something like:

could not complete sender verify callout

Exim by default, will check the senders email address and send a callback to the sending server to check and see if the users email address actually exists. In this case the senders email server was not verifying the email address actually exists and so the email was being rejected. In some cases the sending server does not wait long enough for the check to complete. Most of the time this is an issue with the sending servers configuration. It is not RFC compliant. It is not always possible to contact the senders server admin to alert them of their server issue. You may want to just make a concession on your end.

In cPanel or more specifically “WHM -> Service Configuration -> Exim Configuration Editor” there are 2 setting that help keep SPAM down “Verify the existence of email senders.” and “Use callouts to verify the existence of email senders.” These Exim directives tell Exim to perform the checks. I tried to turn them off for about 4 months. My server mail queue was loaded with over 3000 emails. The queue ages 7 days then deletes but still something was wrong. Then I got on an RBL list and that was the straw that started the search for a solution. I enabled both “Verify the existence of email senders.” and “Use callouts to verify the existence of email senders.” while I looked for a solution. In 7 days my queue dropped to just 40 emails. Now I still had a clients that needed to communicate with their vendors.

After Googling I found my solution on johnhesch.com. I nearly lost it. When I finally confirmed that what was posted there was worth trying the link was broken. I contacted John via email to ask about it and he sent me back the info I needed. I later found what looks like a copy of John’s posting here yamzy.net.

So it turns out what I needed was a white list. Now Starts the “How To” Create a file that will be the actual white list. In this example it is /etc/exim_whitelist_senders - the addresses need to be listed one entry per line, either the email address or use the wildcard to do an entire domain. The Following supports cPanel 10.

1. SSH into your server and as root or using SUDO or SU run this command:
   touch /etc/exim_whitelist_senders
2. In WHM, got to “WHM -> Service Configuration -> Exim Configuration Editor.”
   In the top most edit box add (if there is anything else in the text box add this bellow it):
   addresslist whitelist_senders = wildlsearch;/etc/exim_whitelist_senders
3. Still in WHM. scroll down to where there are three text boxes together. This is the begin ACL section. In the middle box scroll down until you find:
   #sender verifications are required for all messages that are not sent to lists
   require verify = sender/callout
   accept domains = +local_domains
   endpassIn

   cPanel 11 look for:
   [% ACL_RBL_BLOCK %]
   require verify = sender/callout=60s

4. and change it to:
   #sender verifications are required for all messages that are not sent to lists
   deny
   !verify = sender/callout=30s,defer_ok,maxwait=60s
   !senders = +whitelist_senders
   accept domains = +local_domains
   endpass
5. Save and exit. Now try to send and receive email to make sure everything is still working. If all is ok add the address in question to the white list and see if it works.
6. Put the sender addresses in the file /etc/exim_whitelist_senders, one per line, e.g. someone@domain1.tld
   *@domain2.tld

If you do not want an RFC compliant email server make this change too. When I made this change it broke my setup. Verifying the header can cause valid email to fail this check since some valid email does not come from users but is created by the automated systems, like a server. I WOULD NOT MAKE THIS CHANGE. It took me 5 day to figure out this was the part that broke the above setup.

1. Still in the middle box scroll down to the end and change:
   #!!# ACL that is used after the DATA command
   check_message:
   # Enabling this will make the server non-rfc compliant
   #require verify = header_sender
   accept
2. and change it to:
   #!!# ACL that is used after the DATA command
   check_message:
   deny
   !verify = header_sender
   !senders = +whitelist_senders
   accept

It did not really break it but for some reason beyond me it was not working with this section active. Disabling it made my white list work like a charm.

Sincerely,
Mike

Hello,

No surprise here, Norton Personal Firewall blocks NetBIOS. The assumption by Norton Personal Firewall is that it is the only line of protection for your computer and the only you do not have a windows network. However, in an office environment any personal firewall can create a problem if the network is not planned properly and rollout policies noted. Often it is not enough to simple install a piece of software these days, especially a firewall. Once in stalled the default configure should be checked to verify compatibility with the installed environment.

For example, a client contacted me about having a new laptop added to the office network. They need drives mapped and the computer should be added to the domain. Their network is a domain controller with Active Directory. I was thinking it should take no more than an hour or so to get these tasks completed. It turned out to be more of a learning experience. To add, this was my first exposure to Windows Vista. It took me some time hunting around to find the tools I needed to get my work done. Once I found them, I ran into a road block. I could not get the laptop to join the domain. I threw a few darts left and right. They missed. I see that it is a NetBIOS issue. I could not reach the server by typing ‘\\server’. I could reach it by ‘\\192.168.0.10′. However NetBIOS is required for the domain controller to be found via it’s name space. I first thought a Firewall must be blocking NetBIOS but the Windows Firewall was off and I did not notice that this laptop had Norton Personal Firewall installed on it as well. It was a pre-installed 30-day trial. When I finally discovered Norton Personal Firewall was on, it all came together. Only when I turned off the Norton Personal Firewall was I able to use NetBIOS names and join the domain. This was not the fix but a confirmation that Norton Personal Firewall was blocking NetBIOS.

The 2 challenges that I was faced with was pre-installed trial software and a new operating system. I should have taking a few minutes to review what the laptop had installed on it from the manufacturer before starting my work.

My Personal opinion:
You can take a few routes. If the network is a new network and does not have a domain controller running on it, use all IP based URI’s (Universal Resource Identifier). This way you will not have to deal with NetBIOS issues, ever.

If you have an existing network and it does not have a domain controller running on it, update all your existing URI’s to IP based URI’s. It may take some time but this will set you up for the next item.

By running a personal firewall on all your workstations, even if your shared internet connection is protected via a router/ Firewall, will prevent worms and viruses from running rampant on your local network. This will add another level of protect for your workstations from those worms and viruses that are brought into the network on portable media like flash drives, CD-ROMs and good old fashion floppies disks. You may even go as far as blocking SMTP port 25 and configuring your email server to operate on an alternate port of 26 for outgoing mail. This will prevent viruses from emailing themselves from your network.

If you are in a network environment that makes use of NetBIOS names in URI’s extensively or has a Domain Controller running on the network, either unblock NetBIOS from your personal firewall or turn it off. Turning it off should only be done as a last resort since you will be more vulnerable without the firewall operating. Unblocking these port is less risky: 137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service; 139-TCP-NetBIOS Session Service.

According to the Norton user guide, you need to organize your local computers, printer servers and servers into network zones. Place the local computers, printer servers and servers into your Norton Trusted zone. Do not place computers that connect over the internet in your trusted zone unless they are also running properly installed firewall software and can be trusted, really trusted. If a trusted computer is compromised your computer can be at risk.

Microsoft Personal Firewall also blocks NetBIOS. Here is a link to Microsoft Personal Firewall. It has more detailed information on how to unblock these ports.

This is not a definitive explanation of firewall rules or usage. You must consider your own risk comfort level before performing any of these tasks. Use at your own risk.

Sincerely,
Mike

Hello,

I have two computers in my life a Mac Mini and a Windows XP Pro computer. I do about 99% of my work on my mac. However there is the occasion when I need to use a windows only program like Web Position. I also use my windows computer to review web sites that I have created. I check them with windows browsers like Internet Explorer or Fire Fox to make make sure things render correctly. For many years I had a monitor, keyboard and mouse for each computer. It took up a lot of desk top space. Then Windows XP Pro came along.

Windows XP Pro has a built-in technology called Remote Desktop Protocol, RDP. If anyone remembers a product called Timbuktu, It is very similar to that. It allows you to access your Windows XP Pro computer remotely over a low bandwidth connection like dial up or any network connection for that matter. With the RDP client you can work on your computer as if you were sitting in front of it with the actual monitor, keyboard and mouse.

When I realized that I can do this over my home network, I was able to remove the Window’s XP Pro monitor, keyboard and mouse, freeing up a huge amount of desk space. What was even more shocking is that Microsoft has a RDP client for Mac. So all of you Mac users can make use of Windows computer as needed.

Here is what I did:

NOTE: These instructions worked for me. There may security considerations or other issues that I have not addressed here. Use these instructions at your own risk.

Preparing My Mac:

1. To prepare my Mac I went to Microsoft’s Mac Downloads and downloaded ‘Remote Desktop Connection Client 1.0.3 for Mac OS X‘. I then installed it on my Mac.
2. I upgraded my mouse to a 2 button wheel mouse. Windows uses RIGHT-CLICK for context menus.

To prepare my PC it was a little more work but worth it.

1. First set a password for any account that will be allowed remote access to your computer. To do this go the Start menu -> Control Panel and click. If you see the words ‘Pick a Category’ in the control panel, look in the left column for a link named ’switch to classic view’. Once clicked you will see a bunch of icons. Double click the ‘user accounts’ icon. From there follow the prompts to add a password to any account that will be allowed remote access. Close the account window when done.
2. Next confirm that your Windows computer is actual XP Pro. XP Home does not support this feature. If your control panel window is not open, go the Start menu -> Control Panel. If you see the words ‘Pick a Category’, look in the left column for a link named ’switch to classic view’. Once clicked you will see a bunch of icons. Double click the ’system’ icon. The window that pops up should read ‘Microsoft Windows XP Professional’. Keep this window open.
3. Turn on the ‘Remote Desk Top’ Protocol. To do this look at the tabs in the ’system’ window. Click the ‘Remote tab. The second item down is ‘Remote Desk Top’. Put a check next to the text that reads ‘Allow users to connect remotely to this computer.’
4. Select user to be allowed remote access. Click the button to ’select remote users’. The ‘Administrator’ should be allowed by default. To select more users click ‘Add’ -> then ‘Advanced’ -> then ‘Find Now’. You will see a list of all of the users on your computer. You can make multiple selections using the ‘Shift’ or ‘Control’ keys. Click ‘okay’ -> then ‘Okay’ -> then ‘Okay’ -> then ‘Okay’ a fourth time. Your Windows computer is now set to accept RDP connections and allow the selected users access the computer remotely.
5. Now we need to know the IP address of your windows computer. Go the control panel window. It should still be in ‘classic view’. Double click the icon named ‘network connections’. Double click the ‘local area connection’. Then click the tab named ’support’. The second item should read ‘IP Address’. Write down this IP Address. It should look something like 192.168.0.100 or 10.10.10.50.
6. Now armed with the IP Address return to your Mac. Launch the RDP client you previously installed. Enter the IP Address you wrote down from your windows computer in the computer field. Then click Connect. You should get a black window with a floating login prompt. If you use the number pad remember to click your ‘num lock’ key or the number pad will not work. Otherwise use the horizontal number across the top of the keyboard. Enter a user and Password. Then click ‘okay’. If the user is allowed remote connections and your typed your password correctly you should be logged in.

Now some of you may have noticed the word ‘Options’ below ‘computer’ in the Mac RDP client. Click on Options’ to set pre-login options. I’ll leave these to another day. Also if it is not obvious, your Mac and Windows computer need to be networked in someway. It could be wired Ethernet or wireless, but they do need to be networked. They can even be in different time zones. They may be connected via the internet. For this to work you might employ a VPN (virtual private network) or at the very least open the proper ports on your router and firewall to allow the connect to pass through. The default RDP port is 3389.

Now lets shut down your windows computer via your Mac so you can remove the monitor, keyboard and mouse. Right-click on the men bar. Select ‘task manager. look at the pull down menu options. Click Shutdown options -> Shutdown. During the shut down process your Mac will be disconnect. Once off, remove the extra hardware from your Windows computer. Store it. Do not get rid of it. Boot you Windows computer and test one more time. I changed the function of my power button on my windows computer so it goes to sleep instead of turning off. Happy Computing.

Sincerely,
Mike

Hello,

Here I am today, attempting to recover my Windows XP Pro computer from an error after rebooting it, “winlogon.exe Application Error” Something about cannot write to some memory location. I did some searching via Google, No luck. I’m trying a system repair. Cross your fingers. If I can recover my accountig files, I’ll move them to my Mac Mini.

I Hope this fixes it.

[edited: 2 hours later]

Sort of fixed it. It is fixed enough to boot, login and recover and data I need. However the system is less than perfect. I cannot RDP to the XP box from my Mac Mini anymore and I keep getting errors about not being able to start ICS or other services. I’ve tried to run windows update but it just hangs.

At this point I’m thinking that I’ll get what I can moved to an external drive and start from scratch.

[edited: 8 hours later]

Windows Update finally responded. After spending much time running downloading updates and reinstalling IE. It seems to be working properly without error. What a head ache. I do most of my work on my Mac Mini and use this Windows box for validating web site designs and accounting. I’m vasilating between moving my accounting to my Mac using MYOB and just leaving the Windows box ass-is. I really did not want to spend so much time on this, but I need to get my tax papers prepared and it has all my accounting on it.
Sincerely,
Mike