Most computers connect to the Internet through a NAT device (usually a router). PPTP natively doesn’t work with NAT. Since most VPN connections start from behind a router this is a very common problem. PPTP passthrough addresses this by allowing VPN connections to traverse a NAT with ease. NAT (or more specifically PAT) can’t function without the use of ports. It is important you understand how NAT functions and it’s reliance on ports. If unsure I would advise reading up on network address translation first.
Most of you reading this will no doubt already have some idea of how file permissions are handled when moving or copying files to and from NTFS drives. The following behaviour is expected:
- When copying a file from one NTFS volume to a folder on another volume the file inherits the permissions of the destination folder.
- When copying a file from one folder to new a folder on the same NTFS volume the file inherits the permissions of the destination folder.
- When moving a file from one NTFS volume to a folder on another volume the file inherits the permissions of the destination folder.
- When moving a file from one folder to new a folder on the same NTFS volume the file retains the permissions. Read More →
So, how does a router work? Well, before we get into that you should know the basics of what the IP address is, subnet mask and default gateway before continuing. If you don’t have a read of networking basics first. Read More →
This only applies to you if UAC is enabled and users are a member of the local administrators groups.
I was doing some work recently for a client when I noticed that a login script was failing to map network drives if deployed through group policy. The strange thing is that if I ran the script manually it worked. Also, at other sites this same login script works perfectly fine whether it’s run by itself or deployed through group policy. The only difference I could find was that users were local admins at the site where the script fails. When users are local administrators UAC comes into play. Read More →
Recently I was doing a bit of promotional work for my blog by participating in some IT related forums. I was going through the post as you do when an interesting question came up. The poster was reading up on about DNS Zones, what their purpose is and how they work. He was having trouble understanding the following paragraph in a study book he was reading:
A DNS zone contains all the domain names the domain with the same domain name contains,
except for domain names in delegated subdomains. For example, the top-level
domain ca (for Canada) has subdomains called ab.ca, on.ca, and qc.ca, for the provinces
Alberta, Ontario, and Quebec. Authority for the ab.ca, on.ca, and qc.ca
domains may be delegated to nameservers in each province. The domain ca contains
all the data in ca plus all the data in ab.ca, on.ca, and qc.ca. However, the zone ca
contains only the data in ca (see Figure 2-10), which is probably mostly pointers to
the delegated subdomains. ab.ca, on.ca, and qc.ca are separate zones from the ca
Can you understand that?? No wonder he was having trouble, Read More →
There are different reason why you may get an access denied error 0x80070005. This particular one and the following fix is only applicable when the following is met:
- Your operating system is Windows Server 2008/Vista. If it is Windows 7 or 2008 Server R2 then this fix does not apply.
- You have no other problems at all with shadow copies/previous versions. It works perfectly fine accessing previous versions of all other folders except just one (or a few) folders.
- UAC (User access control) is enabled. More info about UAC can be found here.
- You are logged in as an Administrator who should be able to access these folders/shadow copies.
The error is caused because of a bug in Windows Explorer and how it handles UAC. It is exactly the same reason as to why you get an access denied message when trying to access certain folders you should have access to. In these scenarios you have given the administrators group full control of the folder, you are a member of this group but you still get an access denied message. See the following UAC access denied for the cause and fix. It talks about Explorer having problems accessing certain folders. As shadow copies/previous versions are launched through Explorer it applies to this also.
NOTE: In the article some of the fixes say to modify the permissions on the folders. This is not possible with shadow copies as the folders are stored in a snapshot. Instead you will only be able to apply the fixes that modify UAC behaviour (solutions 3 and 4).
You receive a Windows 7 access denied error when accessing a folder through Windows Explorer even though you have set the permissions correctly. You are an administrator and the administrators groups have full control over the folder but you can’t access it without Windows re-writing the permissions.
The cause of this is because of a new feature in Windows 7 called User Access Control (UAC). It is the combination of UAC and a bug in Windows Explorer that causes the access denied error.
The easiest solution is to simply disable UAC. If this is not possible (for security reasons) then read on for alternatives. Read More →
When making audio calls using SIP the phone rings but when it is answered there is only one way audio or no way audio.
What Cause One Way Audio
The cause of one way audio is a combination of NAT and STUN (which we’ll come onto later). Let’s talk about NAT first.
NAT by default blocks ALL incoming connections from the Internet. This is well known and isn’t normally a problem; if you want a server accessible through the Internet you just port forward the relevent ports to it. The issue here is that SIP uses a large range of ports and it will choose one at random for each SIP call. We can’t just open our network up to a massive range of ports, it is bad security practice. More to the point how does it even work if you are not port forwarding any ports? All inbound traffic should be blocked by the NAT because there is no port forwarding going on. So how does it work? It works by using a technique known as UDP Hole punching. Read More →
Main Characterises of TCP
- TCP is reliable – This means it guarantees the delivery packets uncorrupted. This is all done by controlling the session with flow control, error detection, congestion control and re-transmission of lost packets.
- TCP is a connection orientated protocol – This means a connection or socket must first be established before data can flow. Data travels both ways.
- TCP is ordered – TCP uses sequence numbers to ensure that packets are re-constructed in the correct order.
- TCP is slower than UDP – Because TCP does all the above there is additional overhead needed and processing time which makes TCP slower than UDP.
Main Characteristics of UDP
- UDP is unreliable – UDP does not guarantee delivery of packets. There is no error detection, flow control or re-transmission of lost packets. It just sends them and doesn’t care whether they arrive or not.
- UDP is a connection-less protocol – Data is just sent and no socket needs to be established first. Data can flow one way (as in a radio broadcast) or both ways (a 2 way phone call). It also allows you to traverse some NAT devices without using port forwarding using a technique called UDP hole punching.
- UDP is not ordered – UDP does not use sequence numbers therefore it cannot guarantee that they will reconstructed in the right order.
- UDP is fast – Because UDP doesn’t have the additional overhead as TCP it is a faster protocol ideal for streaming.
When to Use TCP or UDP and Why
So now knowing the main differences between TCP and UDP you may have already worked out yourself that sometimes it is better to use UDP over TCP. TCP should be used when no packet loss is a requirement and the data must be correct free from errors. This is obviously useful when viewing web pages, Emails and most forms of networking communication we are used to. But what about video and music streaming? What about Live TV, Radio and VoIP?
Does it really matter if when you are on a VoIP call that part of that sentence you heard was lost? Do you need the VoIP system to re-transmit that one word that was lost or can you work out what it probably was? Or better still ask the person to repeat himself…If it was resent then it wouldn’t even make sense anyway. Imagine this phrase “Hi Adam my name is DARYL”. What if the packets that made up the word Adam was lost so they only heard “Hi [crackle or pause] my name is DARYL”. If the lost packets were then resent you would hear the missing word at the end and it would sound like “Hi [crackle or pause] my name is DARYL Adam”. See….there is no need to confirm packet delivery in this case therefore UDP is perfect for VoIP. The same applies for live TV or a radio broadcast. Do you really care if you missed one word in that entire song you were listening to? Would you rather listen to the rest of the song sounding as it should or be interrupted at certain intervals playing those lost words? No, it would be frustrating… With these types of data streams it doesn’t really matter if a packet or two is lost or even corrupted. By using UDP it makes the data streams faster because the overhead is less than TCP.