Situation:
Primary email set to parent company
Old company email still showing for skype.
Not all users, only old users.
Attribute msRTCSIP-PrimaryUserAddress was controlling the SIP, even though SIP was added to ProxyAddress.
After updating this, I ended up removing and adding the Skype license for the user. Prior to that I was getting DNS errors with KB2655790 and errors saying the account didn't exist.
Friday, August 17, 2018
Thursday, August 16, 2018
Syncing file servers to Office365 for free with DFS
Office 365 is here, and OneDrive has been around for a while. I use it for personal use, so I can write wherever I am and everything is backed up in the cloud.
I got to thinking, wouldn't it be great to attach this to my existing corporate files?
Originally I was thinking about creating a user and sharing that users 1tb OneDrive space with my individual offices.
Each account would need to be licensed ($$) and nothing ever came from that.
Then there were Office 365 Groups, and I considered moving everything to the group OneDrive and synching everyone. This relies heavily on bandwidth.
But then OneDrive worked the way it was supposed to, and synced only the files and folders you wanted, not all files.
On to moving the file server to the cloud.
I have DFS running.
I know how syncing folders from OneDrive work.
I know you can sync a group's OneDrive if you're a member.
Step one:
I created a service account with an E3 license and added it to a Group.
I created a new server (reason will become apparent shortly).
New Service account is added as a Backup Operator (reason will become apparent shortly).
With the Service account, log into OneDrive online and access the Groups one drive.
Sync the Group OneDrive.
(Note: I had to access the classic view to both view the Group option and to sync the one drive.)
This will kick off the install of OneDrive. (Or install from Mircrosoft https://onedrive.live.com/about/en-us/download/ )
Now, during the install, there's a brief moment where you can change the location of the sync folder. I'm not going to tell you how to do your job, but I created a folder on the C drive and all my groups will sync there.
Once the sync is done and the folder is created we're almost there.
Next step: DFS.
This is why we created a new server.
Go into the DFS management and add the server as a new member to whatever sync group you want to push to the cloud.
Add the synced OneDrive folder you just created as the target for DFS replication. DFS will put files in the one drive folder, one drive will put them in the cloud. Digital relay race.
Now, this will only run while the service account is logged in, fail, right?
Wrong.
OneDrive can be run as a service.
And I'll tell you how, but first, you'll need to be signed up to my exclusive club where you send me money and I receive it.
Just kidding.
To run OneDrive as a service, you can purchase and install this:
https://www.coretechnologies.com/products/AlwaysUp/Apps/RunOneDriveAsAService.html
OR
You can setup a scheduled task.
Which is free.
And free is better.
The last post here got me on my way
https://social.technet.microsoft.com/Forums/en-US/045eecb5-9574-48cf-a87d-7497745fa5d8/running-onedrive-for-business-as-a-windows-service?forum=saas
Create a new task and call it something cool like OneDrive as a Service.
Set it to run whether the user is logged in or not, and I have mine set to run with Highest privileges. This might not be necessary, but after messing with it a while this ended up getting checked.
Trigger Tab, select at Startup, because that's when you want it to run.
Action Tab, now this is where I think I had the most problems.
Select Start a program and browse to the service accounts\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Leave both optional fields empty. Something I read said to start in the app data folder, another had /backup as an argument, neither did what I needed.
Or maybe I wasn't patient enough.
Once you reboot, the service will run as the service account.
You can test this by logging in as the service account, you'll get an error about the OneDrive folder not being found and asking you if you want to try again or setup OneDrive.
DO NEITHER.
There is an additional OneDrive process running (from the task) that you can end and Try Again. OneDrive will connect fine.
Logging is as the service account will be useful for checking sync issues.
Some notes:
Patience is needed when setting up OneDrive as a service. After the reboot, it may take a long time to start showing up changes in OneDrive, especially if its trying to sync a large amount of files. But once it's connected, it works like normal. And once everything is synced and no changes are going on, the OneDrive as a service reconnects pretty quick after a reboot.
Let me know if this helps you.
I got to thinking, wouldn't it be great to attach this to my existing corporate files?
Originally I was thinking about creating a user and sharing that users 1tb OneDrive space with my individual offices.
Each account would need to be licensed ($$) and nothing ever came from that.
Then there were Office 365 Groups, and I considered moving everything to the group OneDrive and synching everyone. This relies heavily on bandwidth.
But then OneDrive worked the way it was supposed to, and synced only the files and folders you wanted, not all files.
On to moving the file server to the cloud.
I have DFS running.
I know how syncing folders from OneDrive work.
I know you can sync a group's OneDrive if you're a member.
Step one:
I created a service account with an E3 license and added it to a Group.
I created a new server (reason will become apparent shortly).
New Service account is added as a Backup Operator (reason will become apparent shortly).
With the Service account, log into OneDrive online and access the Groups one drive.
Sync the Group OneDrive.
(Note: I had to access the classic view to both view the Group option and to sync the one drive.)
This will kick off the install of OneDrive. (Or install from Mircrosoft https://onedrive.live.com/about/en-us/download/ )
Now, during the install, there's a brief moment where you can change the location of the sync folder. I'm not going to tell you how to do your job, but I created a folder on the C drive and all my groups will sync there.
Once the sync is done and the folder is created we're almost there.
Next step: DFS.
This is why we created a new server.
Go into the DFS management and add the server as a new member to whatever sync group you want to push to the cloud.
Add the synced OneDrive folder you just created as the target for DFS replication. DFS will put files in the one drive folder, one drive will put them in the cloud. Digital relay race.
Now, this will only run while the service account is logged in, fail, right?
Wrong.
OneDrive can be run as a service.
And I'll tell you how, but first, you'll need to be signed up to my exclusive club where you send me money and I receive it.
Just kidding.
To run OneDrive as a service, you can purchase and install this:
https://www.coretechnologies.com/products/AlwaysUp/Apps/RunOneDriveAsAService.html
OR
You can setup a scheduled task.
Which is free.
And free is better.
The last post here got me on my way
https://social.technet.microsoft.com/Forums/en-US/045eecb5-9574-48cf-a87d-7497745fa5d8/running-onedrive-for-business-as-a-windows-service?forum=saas
Create a new task and call it something cool like OneDrive as a Service.
Set it to run whether the user is logged in or not, and I have mine set to run with Highest privileges. This might not be necessary, but after messing with it a while this ended up getting checked.
Trigger Tab, select at Startup, because that's when you want it to run.
Action Tab, now this is where I think I had the most problems.
Select Start a program and browse to the service accounts\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Leave both optional fields empty. Something I read said to start in the app data folder, another had /backup as an argument, neither did what I needed.
Or maybe I wasn't patient enough.
Once you reboot, the service will run as the service account.
You can test this by logging in as the service account, you'll get an error about the OneDrive folder not being found and asking you if you want to try again or setup OneDrive.
DO NEITHER.
There is an additional OneDrive process running (from the task) that you can end and Try Again. OneDrive will connect fine.
Logging is as the service account will be useful for checking sync issues.
Some notes:
Patience is needed when setting up OneDrive as a service. After the reboot, it may take a long time to start showing up changes in OneDrive, especially if its trying to sync a large amount of files. But once it's connected, it works like normal. And once everything is synced and no changes are going on, the OneDrive as a service reconnects pretty quick after a reboot.
Let me know if this helps you.
Thursday, August 9, 2018
Outlook web app hijack
We've all seen the email (probably).
"Your document is ready, click below"
This takes you to an official looking Microsoft login page.
Many people instinctively put in their office 365 account username (email) and password.
Login fails obviously, because it's not a real page.
They call IT and ask for a password reset or complain about all the passwords they have to remember, how they're sick of having to login all the time, etc.
Anyway, now that page has their credentials.
In my org., the hijacker would log into the webmail as the user and start sending out emails.
Some emails were trying to get personal/financial info, others were spreading the login fake page.
Annoying, a password reset, initiated by me, the administrator, fixed it. If you have a system that emails them a password reset link, this could completely lock them out from getting their email for a period of time while the hijacker has complete control. Not fun.
Some other things that the hijacker was doing. On one user, they adjusted the reply address to never show up in the hijacked accounts email. They added a letter to the name, that email doesn't exist, and the sender gets a bounce back. They did this so the hijacked account wouldn't know about their account spreading this 'virus', even though its not a virus at all, just social engineering.
Later, it was found that a rule was being created, forwarding certain emails to the RSS folder, because who uses that folder? This would allow the hijacker the ability to monitor an inbox and communicate with people that could potentially give out financial or personal information.
Pretty sneaky.
Some fixes:
Limit who can access OWA.
Those that can, make them 2FA.
I haven't looked into it too much, but O365 may be able to block access by region. If they don't have that option, it would definitely help in these situations. The IP access the email was outside the US.
"Your document is ready, click below"
This takes you to an official looking Microsoft login page.
Many people instinctively put in their office 365 account username (email) and password.
Login fails obviously, because it's not a real page.
They call IT and ask for a password reset or complain about all the passwords they have to remember, how they're sick of having to login all the time, etc.
Anyway, now that page has their credentials.
In my org., the hijacker would log into the webmail as the user and start sending out emails.
Some emails were trying to get personal/financial info, others were spreading the login fake page.
Annoying, a password reset, initiated by me, the administrator, fixed it. If you have a system that emails them a password reset link, this could completely lock them out from getting their email for a period of time while the hijacker has complete control. Not fun.
Some other things that the hijacker was doing. On one user, they adjusted the reply address to never show up in the hijacked accounts email. They added a letter to the name, that email doesn't exist, and the sender gets a bounce back. They did this so the hijacked account wouldn't know about their account spreading this 'virus', even though its not a virus at all, just social engineering.
Later, it was found that a rule was being created, forwarding certain emails to the RSS folder, because who uses that folder? This would allow the hijacker the ability to monitor an inbox and communicate with people that could potentially give out financial or personal information.
Pretty sneaky.
Some fixes:
Limit who can access OWA.
Those that can, make them 2FA.
I haven't looked into it too much, but O365 may be able to block access by region. If they don't have that option, it would definitely help in these situations. The IP access the email was outside the US.
Friday, July 13, 2018
Plex not showing all tv episodes
I am using makemkv to rip the DVD.
Makemkv combined 2 part episodes into one MKV
I named the MKV:
show - sxxexx-exx - title
This created the 2 episodes in Plex and used the same file.
I only found this out going to IMDB and looking at the season episode list. Thanks IMDB!
Makemkv combined 2 part episodes into one MKV
I named the MKV:
show - sxxexx-exx - title
This created the 2 episodes in Plex and used the same file.
I only found this out going to IMDB and looking at the season episode list. Thanks IMDB!
Friday, June 15, 2018
Restored AD account is not showing in Global Address List (GAL)
Environment:
Local AD syncing with Office 365 via Azure Sync.
Situation:
User has been moved to a non syncing OU.
Cloud account was disabled, then restored as InCloud and converted to shared mailbox so it could be viewed by management.
User returns to work.
AD account moved to synching OU, reattached to Cloud account and converted back from shared to a user mailbox.
Attributes in local AD have not changed.
"Show in Global Address List" is set to No.
Edit throws an error that the account is synching and any changes have to be made locally.
Specifically:
The action 'Set-Mailbox', 'HiddenFromAddressListsEnabled', can't be performed on the object because the object is being synchronized from your on-premises organization.
Hop on over to the DC, this attribute doesn't exist. We were previously an in house Exchange Server environment.
The attribute in my case is msExchHideFromAddressLists
This attribute was already set to FALSE, but because the account was disabled and re-enabled, the attribute wasn't changing the view status in the GAL.
I changed it to <not set>, waited for sync and it updated.
This attribute was also preventing user display in distribution lists. This was driving me crazy because I could see they were part of the DL groups, but weren't showing up when I expanded the list in Outlook. Once they were showing in the GAL, they showed in the DL groups.
Local AD syncing with Office 365 via Azure Sync.
Situation:
User has been moved to a non syncing OU.
Cloud account was disabled, then restored as InCloud and converted to shared mailbox so it could be viewed by management.
User returns to work.
AD account moved to synching OU, reattached to Cloud account and converted back from shared to a user mailbox.
Attributes in local AD have not changed.
"Show in Global Address List" is set to No.
Edit throws an error that the account is synching and any changes have to be made locally.
Specifically:
The action 'Set-Mailbox', 'HiddenFromAddressListsEnabled', can't be performed on the object because the object is being synchronized from your on-premises organization.
Hop on over to the DC, this attribute doesn't exist. We were previously an in house Exchange Server environment.
The attribute in my case is msExchHideFromAddressLists
This attribute was already set to FALSE, but because the account was disabled and re-enabled, the attribute wasn't changing the view status in the GAL.
I changed it to <not set>, waited for sync and it updated.
This attribute was also preventing user display in distribution lists. This was driving me crazy because I could see they were part of the DL groups, but weren't showing up when I expanded the list in Outlook. Once they were showing in the GAL, they showed in the DL groups.
Thursday, June 14, 2018
Controlling PSTs through Regedit
All credit goes to the Microsoft article. Just posting here in case the post disappears.
https://support.microsoft.com/en-us/help/3058474/how-to-use-outlook-policy-to-control-pst-use-and-creation-in-the-offic
https://support.microsoft.com/en-us/help/3058474/how-to-use-outlook-policy-to-control-pst-use-and-creation-in-the-offic
To prevent users from adding new data or content to an existing .pst file, add the PSTDisableGrow registry entry, and then set the value to 1. To do this, follow these steps:
- Open Registry Editor.
- Locate, and then click the following registry subkey:HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\<x>.0\Outlook\PSTNote The <x>.0 placeholder represents the version of Outlook: for example, 15.0 is Outlook 2013, 14.0 is Outlook 2010, and 12.0 is Outlook 2007.
- On the Edit menu, point to New, and then click DWORD Value.
- Type PSTDisableGrow, and then press Enter.
- Right-click the PSTDisableGrow registry entry that you created, and then click Modify.
- In the Value data box, type 1, and then click OK.
| Value | Description |
|---|---|
| 0 | User can add new items to an existing .pst file. This is the default value. |
| 1 | Use cannot add new content or data to an existing .pst file |
To prevent users from connecting a .pst file to Outlook, add the DisablePST registry entry, and then set the value to 1. To do this, follow these steps:
- Open Registry Editor.
- Locate, and then click the following registry subkey:HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\<x>.0\OutlookNote The <x>.0 placeholder represents the version of Outlook: for example, 15.0 is Outlook 2013, 14.0 is Outlook 2010, and 12.0 is Outlook 2007.
- On the Edit menu, point to New, and then click DWORD Value.
- Type DisablePST, and then press Enter.
- Right-click the DisablePST registry entry that you created, and then click Modify.
- In the Value data box, type 1, and then click OK.
| Value | Description |
|---|---|
| 0 | Users can add .pst files. This is the default value. |
| 1 | Users cannot add .pst files. However, in scenarios where a .pst file was connected to Outlook before this registry value was added, the existing .pst file will still be connected. No new.pst files can be added. |
| 2 | Users can only add exclusive sharing .pst files, such as SharePoint .pst files. |
Wednesday, April 25, 2018
Office 365 online calendar not showing event, showing plus one (+1)
I had a weird one today.
A user created a shared calendar to add recurring appointments.
The appointments displayed for one month, but not the next. On the next month it showed a +1 instead of the event.
It turns out this was because of the screen size/zoom settings.
Zoomed out one click of the mouse wheel (ctrl+mouse wheel) and the even displayed.
A user created a shared calendar to add recurring appointments.
The appointments displayed for one month, but not the next. On the next month it showed a +1 instead of the event.
It turns out this was because of the screen size/zoom settings.
Zoomed out one click of the mouse wheel (ctrl+mouse wheel) and the even displayed.
Monday, April 16, 2018
Disable Windows 10 logon pin
This was conducted on a domain joined computer.
Settings>Accounts>Sign in options
Click "Forgot Pin"
Enter domain password
Click Cancel on the new pin screen.
Simply going to Change pin and cancelling does not clear the pin, you have to 'forgot pin' to clear it.
Hope someone finds this useful.
Settings>Accounts>Sign in options
Click "Forgot Pin"
Enter domain password
Click Cancel on the new pin screen.
Simply going to Change pin and cancelling does not clear the pin, you have to 'forgot pin' to clear it.
Hope someone finds this useful.
Thursday, March 8, 2018
Radius on Meraki
What I did:
Created a certificate:
https://www.youtube.com/watch?v=ls9CW6jl6Q0
mmc.exe
File>Add Remove Snap in
Certificates
Local computer
Expand Certificates
Personal
Right click Certificates
All tasks, Request New Certificate
Next Next
Select Domain Controller
Add Network Policy and Access services
Server 2012:
Server Manager
Add Roles and Features
Role based
Network Policy and Access Services
Next
Select Network Policy Server and Host Credential Authorization Protocol
Next next next next until its done.
Register NPS with AD:
Open NPS
Right click NPS(local)
Register server in Active Directory
Add RADIUS Client:
Open NPS
Right Click RADIUS Clients>New
Add Friendly name and IP of Meraki WiFi
Create Secret
Ok
Create NPS Policy
https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise
Open the Network Policy Server console.
Select NPS(Local), so you see the Getting Started pane.
Select RADIUS server for 802.1X Wireless or Wired Connections in the Standard Configuration drop down.
Click Configure 802.1X to begin the Configure 802.1x Wizard.
When the Select 802.1X Connections Type window appears select the radio button Secure Wireless Connections and type a Name: for your policy or use the default. Click Next.
Verify the APs you added as RADIUS clients on the Specify 802.1X switches window. Click Next.
For Configure an Authentication Method select Microsoft: Protected EAP (PEAP).
Click Configure to review the Edit Protected EAP Properties. The server certificate should be in the Certificate issued drop down. Make sure Enable Fast Reconnect is checked and EAP type is Secure password (EAP-MSCHAPv2). Click OK. Click Next.
When the Specify User Groups window appears click Add.
Type or find the Domain Users group. This group should be located in the same domain as your RADIUS server.
When the group is added click OK. Click Next.
Click Next on Configure a Virtual LAN (VLAN) window.
When then Completing New IEEE 802.1X Secure Wired and Wireless Connections and RADIUS clients appears click Finish.
Change the Policy Process Order
Navigate to Policies>Connection Request Policies. Right click the wireless policy and Move Up so it is process first.
Navigate to Policies>Network Policies. Right click the wireless policy and Move Up so it is process first.
Disable Auto Remediation
Navigate to Policies>Network Policies. Right click the wireless policy and select Properties.
On the Setting tab for the policy uncheck the box Enable auto-remediation of client computers and click OK.
(This is located under NAP Enforcement.)
On to the Meraki
Hover over Wireless, select SSIDs
Create or Select an existing SSID and Edit Settings
Association Requirements:
WPA2-Enterprise with my Radius Server
Splash Page:
(I left this as None for corporate users)
RADIUS Servers:
Add IP of server, port 1812, add secret and test.
Addressing and traffic
I left these in Bridge mode: Make clients part of LAN.
I have one site with multiple Meraki APs, I will test Layer 3 roaming there.
Later on I might find out this is riddled with security holes, but for now it works for users to use AD creds and access network resources while on WiFi.
Created a certificate:
https://www.youtube.com/watch?v=ls9CW6jl6Q0
mmc.exe
File>Add Remove Snap in
Certificates
Local computer
Expand Certificates
Personal
Right click Certificates
All tasks, Request New Certificate
Next Next
Select Domain Controller
Add Network Policy and Access services
Server 2012:
Server Manager
Add Roles and Features
Role based
Network Policy and Access Services
Next
Select Network Policy Server and Host Credential Authorization Protocol
Next next next next until its done.
Register NPS with AD:
Open NPS
Right click NPS(local)
Register server in Active Directory
Add RADIUS Client:
Open NPS
Right Click RADIUS Clients>New
Add Friendly name and IP of Meraki WiFi
Create Secret
Ok
Create NPS Policy
https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise
Select NPS(Local), so you see the Getting Started pane.
Select RADIUS server for 802.1X Wireless or Wired Connections in the Standard Configuration drop down.
Click Configure 802.1X to begin the Configure 802.1x Wizard.
When the Select 802.1X Connections Type window appears select the radio button Secure Wireless Connections and type a Name: for your policy or use the default. Click Next.
Verify the APs you added as RADIUS clients on the Specify 802.1X switches window. Click Next.
For Configure an Authentication Method select Microsoft: Protected EAP (PEAP).
Click Configure to review the Edit Protected EAP Properties. The server certificate should be in the Certificate issued drop down. Make sure Enable Fast Reconnect is checked and EAP type is Secure password (EAP-MSCHAPv2). Click OK. Click Next.
When the Specify User Groups window appears click Add.
Type or find the Domain Users group. This group should be located in the same domain as your RADIUS server.
When the group is added click OK. Click Next.
Click Next on Configure a Virtual LAN (VLAN) window.
When then Completing New IEEE 802.1X Secure Wired and Wireless Connections and RADIUS clients appears click Finish.
Change the Policy Process Order
Navigate to Policies>Connection Request Policies. Right click the wireless policy and Move Up so it is process first.
Navigate to Policies>Network Policies. Right click the wireless policy and Move Up so it is process first.
Disable Auto Remediation
Navigate to Policies>Network Policies. Right click the wireless policy and select Properties.
On the Setting tab for the policy uncheck the box Enable auto-remediation of client computers and click OK.
(This is located under NAP Enforcement.)
On to the Meraki
Hover over Wireless, select SSIDs
Create or Select an existing SSID and Edit Settings
Association Requirements:
WPA2-Enterprise with my Radius Server
Splash Page:
(I left this as None for corporate users)
RADIUS Servers:
Add IP of server, port 1812, add secret and test.
Addressing and traffic
I left these in Bridge mode: Make clients part of LAN.
I have one site with multiple Meraki APs, I will test Layer 3 roaming there.
Later on I might find out this is riddled with security holes, but for now it works for users to use AD creds and access network resources while on WiFi.
Monday, February 12, 2018
Outlook emails disappearing, not in deleted items
I've had this complaint a couple times.
Email 'magically disappears'
It's not in deleted, not in the recoverable items on the server.
Turns out, if you hit backspace in newer versions of outlook (2016 for sure) backspace will put the email into the archive folder.
Email 'magically disappears'
It's not in deleted, not in the recoverable items on the server.
Turns out, if you hit backspace in newer versions of outlook (2016 for sure) backspace will put the email into the archive folder.
Saturday, February 10, 2018
Media server with Ubuntu, Plex and and Intel NUC
What I used:
Intel NUC kit, NUC7i5BNH
Corsair 4GB DDR4 2133mhz unbuffered CL15 SoDIMM
Seagate 2tb 7mm HDD
Mac Computer
4GB flash drive
Ubuntu 16.04.3 64 bit
http://releases.ubuntu.com
Etcher
Ubuntu has a cool tutorial on making the USB flash bootable:
https://tutorials.ubuntu.com/tutorial/tutorial-create-a-usb-stick-on-macos#0
I'll copy the important bits in case the link dies
But I'm pretty sure this is all I ended up having to do to get handbrake working. I'll probably wipe the drive again and test this to see if this is all I had to do. I'm sure eventually this will crash and I'll have to redo it all again.
I kept getting the problem where the Encoding button was greyed out, I found out that when selecting the DVD drive, it was selecting the AUDIO_TS folder, selecting the VIDEO_TS folder got the encoding button to work.
It took about a half hour to rip a 2 hour animated DVD at the Super HQ 1080p setting.
Hooooly crap there is a lot of settings in handbrake.
This guys post helped me a lot.
https://mattgadient.com/2013/06/12/a-best-settings-guide-for-handbrake-0-9-9/
Update:
I'm using the following settings on handbrake:
I started with the 1080p Fast as a baseline.
I bumped RF to 12 and put it on Very Fast.
(I ripped a movie at Very Fast and the one just above placebo (slowest setting) and the file size was about the same, it just took a little longer.)
profile is Main and its set to 4.0.
(the default Apple TV setting its high and 4.2 so I ripped a movie at both settings and there wasn't a noticeable difference in quality or file size.)
I left Audio default, just checking the box for DTS-HD passthrough. No idea what this does. I have a sound bar/sub setup and the sound is very good on the default setting (based on the 1080p fast profile).
At least on par with Netflix or playing the disk through an Xbox.
File sizes are around 3-4gb and they finish in about an hour.
Quality on my 70in tv is good, even better on a 42 or my iPhone. Which you have to have Plex Premium for if you want to play more than a minute at a time. I like the program so I'll probably just buy their forever license, still have some reading to do on how that works.
(update:5/12/18 I bought the license, no regrets.)
So far so good. I've watched movies while its ripping dvds and it does fine, so I'm not too concerned with its performance doing multiple streams.
There was on time I think it got a little warm, causing it to shut down. I set RF to its lowest setting and let handbrake run for a while. The NUC went flashing orange, but started right back up when I hit power and it continued ripping. It was pretty weird. This resulted in a 14gb file that wouldn't play through Plex, giving me a shaka3015 error. I spent a whole two minutes researching what the error meant before giving up.
It would play through Ubuntu's media player though, so the file was fine.
I ripped the movie again with my 'pretty good' settings and it played fine through Plex.
Update:5/12/18
BluRay...
I could read some BluRays, but not others.
This thread fixed it for me:
https://askubuntu.com/questions/565516/can-linux-play-blu-rays
I already had MakeMKV installed so straight to:
Step 2: Uninstall the open-source libaacs
(/usr/lib might not be the correct directory for you – do a search for "libmmbd.so")
Note, I couldn't find libmmbd.so through the search, I didn't do a CLI search, maybe I would have found it that way.
I added them to the /usr/lib like it says and I was able to read BluRay.
That got it so I could read the files, then I had to do this:
https://www.makemkv.com/forum2/viewtopic.php?f=8&t=14821
Go http://vlc-bluray.whoknowsmy.name/ and download KEYDB.cfg. Put it under ~/.MakeMKV.
This location can be viewed and changed in the preferences of MakeMKV.
Mine was home/(computername)/.MakeMKV
Make sure you can view hidden folders.
Update:
I'm doing everything with Makemkv now, the quality is basically lossless. The files are huge, but data is cheap. I'm running a seagate (I think) 8tb external drive. I haven't had any streaming latency, even with blueray.
Intel NUC kit, NUC7i5BNH
Corsair 4GB DDR4 2133mhz unbuffered CL15 SoDIMM
Seagate 2tb 7mm HDD
Mac Computer
4GB flash drive
Ubuntu 16.04.3 64 bit
http://releases.ubuntu.com
Etcher
Ubuntu has a cool tutorial on making the USB flash bootable:
https://tutorials.ubuntu.com/tutorial/tutorial-create-a-usb-stick-on-macos#0
I'll copy the important bits in case the link dies
- Launch Disk Utility from Applications>Utilities or Spotlight search
- Insert your USB stick and observe the new device added to Disk Utility
- Select the USB stick device and select
Erasefrom the tool bar (or right-click menu) - Set the format to
MS-DOS (FAT)and the scheme toGUID Partition Map - Check you've chosen the correct device and click
Erase
Install Etcher from here: https://etcher.io
Select the ISO of Ubuntu in Etcher and tell it to load it to the USB. SOOO much easier than this used to be.
Boot the NUC and let it run. This took quite a while for me.
install Plex from Plex.tv
Install the newest handbrake like this:
http://www.ubuntoid.com/install-handbrake-ubuntu-16-04-16-10/
http://www.ubuntoid.com/install-handbrake-ubuntu-16-04-16-10/
sudo add-apt-repository ppa:stebbins/handbrake-releases
sudo apt-get update
sudo apt-get install handbrake-gtk handbrake-cli
Then
I had to do those last two (I think) to get dvds to play at all. I'm new to this whole thing...sudo apt-get update && sudo apt-get upgradesudo apt-get install ubuntu-restricted-extrassudo apt-get install libdvdcss2sudo apt-get install libudf-dev But I'm pretty sure this is all I ended up having to do to get handbrake working. I'll probably wipe the drive again and test this to see if this is all I had to do. I'm sure eventually this will crash and I'll have to redo it all again.
I kept getting the problem where the Encoding button was greyed out, I found out that when selecting the DVD drive, it was selecting the AUDIO_TS folder, selecting the VIDEO_TS folder got the encoding button to work.
It took about a half hour to rip a 2 hour animated DVD at the Super HQ 1080p setting.
Hooooly crap there is a lot of settings in handbrake.
This guys post helped me a lot.
https://mattgadient.com/2013/06/12/a-best-settings-guide-for-handbrake-0-9-9/
Update:
I'm using the following settings on handbrake:
I started with the 1080p Fast as a baseline.
I bumped RF to 12 and put it on Very Fast.
(I ripped a movie at Very Fast and the one just above placebo (slowest setting) and the file size was about the same, it just took a little longer.)
profile is Main and its set to 4.0.
(the default Apple TV setting its high and 4.2 so I ripped a movie at both settings and there wasn't a noticeable difference in quality or file size.)
I left Audio default, just checking the box for DTS-HD passthrough. No idea what this does. I have a sound bar/sub setup and the sound is very good on the default setting (based on the 1080p fast profile).
At least on par with Netflix or playing the disk through an Xbox.
File sizes are around 3-4gb and they finish in about an hour.
Quality on my 70in tv is good, even better on a 42 or my iPhone. Which you have to have Plex Premium for if you want to play more than a minute at a time. I like the program so I'll probably just buy their forever license, still have some reading to do on how that works.
(update:5/12/18 I bought the license, no regrets.)
So far so good. I've watched movies while its ripping dvds and it does fine, so I'm not too concerned with its performance doing multiple streams.
There was on time I think it got a little warm, causing it to shut down. I set RF to its lowest setting and let handbrake run for a while. The NUC went flashing orange, but started right back up when I hit power and it continued ripping. It was pretty weird. This resulted in a 14gb file that wouldn't play through Plex, giving me a shaka3015 error. I spent a whole two minutes researching what the error meant before giving up.
It would play through Ubuntu's media player though, so the file was fine.
I ripped the movie again with my 'pretty good' settings and it played fine through Plex.
Update:5/12/18
BluRay...
I could read some BluRays, but not others.
This thread fixed it for me:
https://askubuntu.com/questions/565516/can-linux-play-blu-rays
I already had MakeMKV installed so straight to:
Step 2: Uninstall the open-source libaacs
sudo apt-get remove libaacs0
(/usr/lib might not be the correct directory for you – do a search for "libmmbd.so")
cd /usr/lib
sudo ln -s libmmbd.so.0 libaacs.so.0
sudo ln -s libmmbd.so.0 libbdplus.so.0
Note, I couldn't find libmmbd.so through the search, I didn't do a CLI search, maybe I would have found it that way.
I added them to the /usr/lib like it says and I was able to read BluRay.
That got it so I could read the files, then I had to do this:
https://www.makemkv.com/forum2/viewtopic.php?f=8&t=14821
Go http://vlc-bluray.whoknowsmy.name/ and download KEYDB.cfg. Put it under ~/.MakeMKV.
This location can be viewed and changed in the preferences of MakeMKV.
Mine was home/(computername)/.MakeMKV
Make sure you can view hidden folders.
Update:
I'm doing everything with Makemkv now, the quality is basically lossless. The files are huge, but data is cheap. I'm running a seagate (I think) 8tb external drive. I haven't had any streaming latency, even with blueray.
Subscribe to:
Posts (Atom)
-
Situation: Vizio sound bar works. But all of a sudden, no sound. The movie is playing fine, but no sound. On the sound bar itself, two ind...
-
I have a customer that would like 3 monitors, for whatever reason. The Dell 9020 is capable of this, and this is how I got it to work. No ...