Office 2016 for Mac, and local storage of email

Office 2016 for the Mac – as you may or may not know by the time you read this – is currently available, via an Office365 subscription. See

With Office 2011 for Mac, your Outlook files were stored within your Documents folder, in the folder “Office 2011 Identities” inside of the “Microsoft User Data” (~/Documents/Microsoft User Data/Office 2011 Identities).

This has changed as of Office 2016. Local storage for Outlook 2016 is to be found within the (user’s) Library folder, in the “Group Containers” folder:
~/Username/Library/Group Containers/XXXXXXXXXX.Office/Outlook/Outlook\ 15\ Profiles/Main\ Profile/Data

(where “XXXXXXXXX” is a 10-digit alpha-numeric string).

pf & logging in 10.8 and 10.9

The pf firewall (see ) is an excellent tool and there are many reasons I prefer it to ipfw (which was the native/built-in option supplied in versions of Mac OS X prior to 10.7 . Not to be confused with the Application Firewall (see

The problem with pf in OS X is that logging is problematic – pretty much broken.
In an effort to remedy this situation, I went searching and found Charles Edge’s post here to be particularly helpful:

and just as much, the following post that he refers to:

The Emerging Threats ETOpen ruleset is a great discovery.

Now then: In order to achieve reliable logging for pf, I suggest using launchd with a LaunchDaemon plist as shown:

pflog plist






The script that is called (by the above plist) is simply:
/sbin/ifconfig pflog0 create
/usr/sbin/tcpdump -lnettti pflog0 | /usr/bin/logger -t pf -p

The flags/options chosen for tcpump are the ones I found to result in the most useful information being logged, for my needs. Read the manpage and adjust as desired.

Also note that adding a firewall entry for pf via pfctl, doesn’t appear to work. I suggest creating your own tables, configuring /etc/pf.conf appropriately (to refer to your custom tables, please DO leave any and all existing entries untouched) and then manually editing your custom table(s) (with due caution !), then using
sudo pfctl -f /etc/pf.conf

to invoke your changes.

0x00000002 error when attempting to add a provisioned printer for a PC bound to the domain

An example scenario is that  only one or two PCs can’t add a server-provisioned  – be it via GPO/Group Policy Preferences or some scripted method – and on the client, the “Connect to Printer” dialog says, “no driver found.”

When you try to manually add the shared printer, the error message contains the code “0x00000002″

Odds are good that your server is a 64-bit OS, and so is the printer driver you used.
Locate and download the 32-bit version of the driver for your 32-bit version of Windows 7, and use that when adding the printer.

VPN Setup with Zyxel USG devices – Zyxel router and client VPN configuration

This is going to be a very bare-bones post. My goal is to get right to the required details without much elaboration.

Please keep in mind that setting up a working VPN configuration is typically a process, and every vendor names and handles things differently. These settings may not be the most secure options for a VPN setup but they will work. Start with a working configuration first ! And then if you wish, alter only one parameter at a time, making sure they match at both ends (Zyxel USG router/firewall and VPN client). Do your research and understand what you are changing and why.

To begin, you will need a working network setup behind a Zyxel USG router/firewall with VPN functionality, and either – for Windows client workstations, the Zyxel VPN client software – or IPSecuritas for Mac OS (note that I won’t cover the config of IPSecuritas specifically here but it should be very easy to translate).
If you do use IPSecuritas please make sure to make a donation to the
developer !

The Zyxel client VPN software can be purchased online from Amazon or  Provantage,

One vital thing to keep in mind is that if your IP schema (LAN IP address type and range) at home – or any cafe or office you visit –
matches that of your main office that you want to connect to , the VPN connection will not work.
This is VPN 101 material: Your remote IP address schema must not match that of the network you wish to make a VPN connection to.

Zyxel USG configuration:
Connect to your Zyxel as usual ( https://ip.ofyour.zyxel )
Navigate to:
Configuration, Object, Address

Create an address for your local subnet, name it: LAN1_SUBNET
Interface: lan1

Create Address Object
Name: RemoteDynamicClient
Address Type: HOST
IP Address:

Now navigate to VPN, IPSec VPN:
VPN Gateway, choose Add
Click “Show Advanced Settings”

Enable (checkbox),
VPN Gateway Name: Dynamic_Tunnel
My Address, Interface: wan1

Peer Gateway Address:
Dynamic Address

Pre-Shared key. You need to make this LONG and complex.
Record it securely.

Phase 1 Settings:
SA Lifetime 86400
Negotiation Mode: Main
Encryption: 3DES, Authentication SHA1
Key Group: DH1

Enable (checkbox) Nat Traversal & Dead Peer Detection
Note that Extended Authentication does work but move on to that only after you have the rest working.
Click OK.

Go to the “VPN Connection” tab to the left.
If it isn’t, enable “Use Policy Route to control dynamic IPSec rules”
Click Add.
Click Show Advanced Settings.
Enable (checkbox)
Connection Name: Dynamic
VPN Gateway: Site-to-site with Dynamic Peer
VPN Gateway (select): Dynamic_Tunnel (you just set this up in the steps above)

Local Policy: LAN1_SUBNET
*Remote Policy: RemoteDynamicClient

Phase 2 Setting:
SA Lifetime: 86400
Active Protocol: Esp
Encapsulation: Tunnel
Encryption 3DES, Authentication SHA1

Leave the rest untouched.

Create new rule at the top
From any to Zywall
Source Any Destination Any
Service L2TP-VPN
If you want to debug your VPN enable logging, but otherwise there’s no need.

Add rule:
IPSec_VPN to any (Excluding Zywall)
source any, destination any, allow

With a USG 20 (but not a 100),
under Routing
Add Policy Route:
Incoming L2TP_VPN source any Destination Lan1__Subnet
source any, next-hop auto, SNAT outgoing interface

Zyxel VPN Client configuration:
Install the Zyxel VPN client, a reboot will be required.
You might like to customize your taskbar to always show the Zyxel VPN icon.

Right-click where it says “VPN Configuration” on the left and choose Wizard.
Choose “A router or a VPN gateway”
Enter the external static IP of your Zyxel in question, or FQDN if appropriately configured.
Enter the PSK (pre-shared key) you set up previously and safely recorded :-)
Enter the IP private (internal) address of the remote network. This should match the IP schema for your main office that you are connecting to.
NB: Don’t try to choose a specific IP, just enter 0 for the final octet/number, ie:

Click Finish.
Now click on the listed “Gateway” on the left.
In the Authentication tab under IKE, change the settings to match those you set up under “Phase 1″ on your Zyxel:
Click Apply at the upper-left.

Now click on “Tunnel” at the left (listed just underneath Gateway).
Under Addresses, correct the Subnet maks for your Remote LAN address setup.
Under ESP, don’t change anything but confirm they match  your Phase 2 settings on your Zyxel – they will by default.
PFS: Change to DH1

Optionally, click on the Advanced tab, and under Alternate servers,
enter the IP address of your (primary) internal DNS Server at the main office you’ll be connectin to via VPN.

Click Apply at the upper-left.

Right-click the Zyxel VPN icon and choose connect.
It works ! Or, it should based on the supplied info.

Windows XP, are you still using it ?

As you should know, Microsoft will no longer be supporting Windows XP as of this month (April 2014), in that the last patch they provide will be April 8th. *

There are a great number of reasons not to ignore this issue, whether XP is still in use in at home or in a business environment. Please see

“(Computers still running Windows XP) will be vulnerable to hackers once XP stops receiving security updates, with Microsoft warning earlier this year that hackers could use patches issued for Windows 7 or Windows 8 to scout for XP exploits.”

If you don’t already have a migration plan in place and well underway, you absolutely should ! (Picture a billboard-sized flashing neon sign and sirens for appropriate emphasis).

Here are some great tips if you are forced to eke out a few more days from your XP systems:

Note the last item, “Get on with your personal or organisational efforts to get rid of XP.”

Please contact us at the Core Solution Group if you need help with planning and migrating away from Windows XP, including backup of your data, computer hardware upgrades or replacement, and analysis of any software you rely on – be it versions & compatibility with Windows 7 or 8, or alternatives to outdated programs that won’t run on a newer version of Windows.

*For a not-insignificant cost, some organizations may opt for Microsoft’s Custom Support, which costs $200 per year per PC, and covers only patches ranked as “critical.”

OS X Mavericks is free, yes. But please look before you leap !

First and foremost, ensure that your Mac is compatible. You’ll want to have enough RAM (not just the minimum 2 GB, far better to go with more if you can), and ideally (we recomend) at least a 7200 RPM hard drive, better still – ideally – an SSD drive for the best responsiveness.

The listed requirements are as follows (see ):
OS X v10.6.8 or later, 2GB of memory , 8GB of available space
You’ll need an Apple ID if you don’t already have one (and you probably do if you’re using iTunes), see

The compatible hardware/model list is:
iMac (Mid 2007 or newer)
MacBook (Late 2008 Aluminum, or Early 2009 or newer)
MacBook Pro (Mid/Late 2007 or newer)
Xserve (Early 2009)”

Please – whatever you do – make sure you have a known-good, full backup (via Time Machine or your other backup method of choice) before you do anything.

It’s a good idea to read a little more about it, and Macworld has a great writeup here:

iOS 7 – what you need to know

If you have an Apple iOS device that didn’t come with iOS 7, and you’re considering the update, there are some things you should keep in mind before taking the leap:

It is not possible to undo this update.

Ensure that iOS 7 is permitted for use at work if you do use it in that capacity at all. If your workplace IT has’t tested and approved it for use, and you really do need it for work purposes – even if it’s “just email” – then I recommend you don’t take the risk because you’ll be on your own if  you find out after the fact that there’s a problem.

Keep in mind that iOS 6 has obtained FIPS 140-2 validation, iOS 7 has not – not yet, and it could take some time.
If this is a requirement for you, stop now and wait.

If you do go ahead: Backup your device via iTunes first.
I also recommend that you do a full power-cycle of the device prior to applying the update. Hold down the power button until a message and the slider for doing a full shutdown appears. Wait a few seconds and then use the power button to turn it back on.

There are a great many changes and some new features in iOS 7, I recommend having a read at

I’m using iOS 7 without issue and so far enjoying it very much !

— David

Java in the web-browser: Disable Java if you haven’t yet

Please see

The moral of the story is: Disable Java for your browser, you probably (really) don’t need it.
For your computer at work – of course – please check with your admin(s) before attempting any changes.

If you’re running Mac OS X 10.7 or newer and keep up to date, disabling Java in your browser was probably taken care of for  you.
Additionally, you can ensure Java is disabled in Safari, by navigating (while in Safari) to the Preferences menu,  Security tab.
In Chrome, type: chrome:plugins and check that Java is disabled.

In Firefox go to Tools > Addons > Plugins

If you’re running Windows, please be sure to follow these instructions:

How to install WordPress on Mountain Lion server, and migrate your WordPress setup from your old OS X Server install

Geting WordPress working on your Mountain Lion Server, or “This one goes to eleven”  😉

The first thing I’d like to make clear is that I’m not trying to tell you every last detail you’ll need to know. The scope of the instructions I do provide covers the key parts of the process, circumscribed by:
1) A working install of WordPress (and associated MySQL database) on an existing OS X Server,
2) An existing working install of 10.8 server and (working) website hosted on it.

If you have some background with OS X Server, and a modicum of experience (and comfort) working via the Terminal (“the command-line”), this isn’t particularly difficult at all. Rather, the process requires a number of very specific, correctly executed steps. It’s actually quite straightforward if you proceed with patience and precision, and in an orderly fashion.

You should have have already successfully installed WordPress on an existing instance of Mac OS X (client or Server) and configured your MySQL database appropriately for your WordPress install.
As such, you do need to already be at least somewhat comfortable working in the command-line (via the Terminal).

And now you want to hear about someone else’s success (mine) getting a WordPress site running on Mac OS X 10.8 server.
In my case, I was migrating from 10.6.8 server.

There are eleven main steps in this process. Why didn’t I make it ten ? Actually, it worked out that way as I was writing this post. I’ll take the opportunity to reference the much-loved and (and oft-quoted by me) line from the filme This is Spinal Tap, “These go to eleven“:

1. Backup of the WordPress files
2. Exporting your existing MySQL database for WordPress
3. Transfer the above files from your old server to your new one
4. Decompress and migrate the WordPress backup to the appropriate location on your new server
5. Install MySQL on your 10.8 server
6. Set up a new (empty) WordPress database in MySQL and restore your prior database backup (sql dump)
7. Download and install the latest stable version of WordPress
8. Configure your webserver & restore your WordPress config and content to the new WordPress install within your (web)site directory
9. Additional MySQL items
10. In, under Websites, click to “Enable PHP web applications”
11. Test and ensure that everything is working.

Postscript: Additional miscellany
Success !

Step One:
On your existing server, backup your WordPress installation. This is typically
going to be within your (web)site directory, in 10.6 Server this is
where <yoursite> is the name of the folder where your existing website files are housed.

cd /Library/WebServer/Documents/yoursite
sudo tar -czvf ~/WP_Content_backup_$(date +%Y%m%d).tar.gz <yourWordpressDirectory>

for example:
cd  /Library/WebServer/Documents/yoursite
sudo tar -czvf ~/WP_Content_backup_$(date +%Y%m%d).tar.gz wordpress

The above will put the backup (eg, WP_Content_backup_20121208.tar.gz) in your home directory,
which will be the home directory of the user you logged in as, via the Terminal.

Step Two:
Export your existing MySQL database for WordPress.
mysqldump --user=root --password=<pass-here> your_Wordpress_databasename | gzip -c > ~/WP_DB_backup_$(date +%Y%m%d).sql.gz
So the case of my example, the resulting filename would be WP_DB_backup_20121208.sql.gz

Step Three:
Next you’ll want to migrate both of those backup items to your new server.
I used ssh to work with either server, and scp to copy the files.
You can read up on that if you need to, but as an example,
once you’ve connected to the Mountain Lion server via ssh, run the following:

scp username@oldhost:WP_Content_backup_20121208.tar.gz .
scp username@oldhost:WP_DB_backup_20121208.sql.gz .

“oldhost” could be the old server’s IP address or hostname.

Leave the WordPress DB backup for now.

Step Four
Decompress the wordpress content from your former server:

sudo tar -xzvf WP_Content_backup_20121208.tar.gz

Leave the resulting “wordpress” directory where it is for now.

Step 5
Install MySQL from

Download MySQL from

It should be the fourth listing there, “Mac OS X ver. 10.6 (x86, 64-bit), DMG Archive”
I do recommend that you also download the signature and verify your download with gpg.
That’s another topic entirely, but see

Always secure your mysql installation, which you can do with the command below,
which will also ask you to create a (MySQL) root password.
Make sure you record this securely, and please don’t confuse the MySQL root user with your/the
system “root” user.

cd /usr/local/mysql

Step 6
Set up the MySQL DB for your WordPress installation:

Create an empty database for your WordPress database (db):

/usr/local/mysql/bin/mysql -u root -p

(Presuming that your database name is wordpress.db – when you’re at the mysql prompt):
grant all on wordpress_db.* to your_wordpress_username@localhost identified by 'password for your wordpress user here';

Do note that your wordpress username and password will need to be the same as they were originally,
in order to line up with your wordpress config (see the next item).

Restore your backed up WordPress MySQL database via:
mysql -u username root -p -h localhost DATA-BASE-NAME < WP_DB_backup_<DATE>.sql
mysql -u username root -p -h localhost DATA-BASE-NAME < WP_DB_backup_20121208.sql

Step 7
Download and install the current version of WordPress:

Download from
and see

Step 8
Configure your webserver & restore your WordPress config and content-directory within your (web)site directory:

After installing WordPress, restore wp-config.php from your decompressed directory of your old WordPress install, or edit the stock config at
to match your database name and db username and password that you set up above. See
Then restore your former WordPress content to the new WordPress installation:

cd ~
mv wordpress/wp-content /Library/Server/Web/Data/Sites/yoursitename/wordpress/

Step 9
Additional MySQL setup steps:

Ensure that your mysql socket config lines up with what PHP is expecting.
Namely, /var/mysql/mysql.sock

From the MySQL install, copy my-dedium.cnf to /etc:
cp <path to MySQL files>/support-files/my-medium.cnf /etc/my.cnf

If you’re not sure where the support-files are (or don’t seem to have them), you can download the tar.gz version of MySQL from

Look for the first item listed there, “Mac OS X ver. 10.6 (x86, 64-bit), Compressed TAR Archive”

Edit /etc/my.cnf to change the socket location (I strongly suggest you use vim or even nano and not a GUI editor):

Look for
socket          = /tmp/mysql.sock

and change it to:

socket          = /var/mysql/mysql.sock

Change the permissions for the directory in question:

sudo chown -R _mysql /var/mysql

Restart MySQL:

sudo SystemStarter restart MySQL

Ensure that you can connect to MySQL as your wordpress database user:
/usr/local/mysql/bin/mysql -u <wordpress_db_user> -p

This is the user you configured originally for your MySQL wordpress database and when prompted give the associated password
password for that user.
You should be presented with the mysql prompt:

rather than any error message(s).

Exit mysql with:
(and press return).

Step 10
Enabling PHP –
Simple enough: In, under Websites, click to “Enable PHP web applications”

Step 11
Test that everything is working.

That’s it !  :-)

Postscript – Additional miscellany:
If something isn’t working, check your logs. This is easy enough to do via the utility.
The most common cause of problems will be missing a step above, or incorrect permissions.
Both are easy to correct. Don’t panic, and get this working on a non-critical server first to ensure you’re
able to get it working.

If you run into an issue where your wordpress site appears to load but nothing actually appears,
verify the permissions for the wordpress directory in question,
and remove any extraneous ACLs if there are any.

I also recommend that you install some WordPress extensions to help protect your WordPress installation & server. Look into Login LockDown, Secure WordPress, and WordPress Firewall.

Internet Explorer Zero-Day: Don’t use IE as your browser

There’s a really VERY serious exploit for Internet Explorer. IE versions 7 to 9 in Windows XP through Win 7 are vulnerable. If you haven’t updated in a while, you really need to. Please have/make a backup, and update.

and for more info.

The only time you should really use IE is for Windows Update(s).