Changing network location on Windows 8 and 2012
Saturday, August 31. 2013
Is it just me, or has somebody at Microsoft really dropped the ball on network location setting? When a Windows computer detects a new network, which it has not be attached into earlier, it pops you the question and asks about how to profile the security in that particular case. If everything goes ok, there is no need to change anything. However, when you install your computer, you don't get to answer that. Also, there is commonly known that people make mistakes. What if you simply fumbled the question and clicked wrong.
In Windows 7 the setting is simple:
You go there, click the value and select a better one. In Windows 8, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2 that is not the case. The setting cannot be changed. Period. Wtf?
There is a way to change the setting. I found this article with Google: How do I set my wireless network to be private instead of public? The "Easiest" and "Most direct" are crap, IMHO. The part with Local Security Policy seems to work:
That seems to be working from Windows 7 onwards. Whose bright idea it was to make the change that difficult?
Windows IPv6 connection starting to "rot" over time [Solved!]
Tuesday, August 27. 2013
I've been using IPv6 on my own LAN for years. Most of the things I use on daily basis have IPv6 and it seems to work. For example a Sony television or iPhone 4S does not use IPv6, but iPad does.
On my router there is a Router Advertisement Damon to do stateless auto-configuration. On Windows 7 and 8 they have really weird things running out-of-the-box, but I'm in a habit of running (as admin):
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
netsh interface teredo set state disabled
That way I'm using fixed IPv6-addresses and disable the unnecessary Teredo-tunnel.
I don't exactly know why or how, but on one of my computers (running Windows 7), the IPv6-sockects started to not work properly. The symptoms include lot of reconnections and for example in SSH-client, the connection would simply drop. I did everything I knew, but nothing helped. A failing SSH-connection would look like this on the wire:
After 31 seconds of connection, there is a sporadic retransmission. That is not dangrous and it happens sometimes. My Windows 7 would respond with a duplicate ACK into it, waits 3 seconds and goes ballistic. It simply starts re-transmitting the already transmitted data with 1, 3 and 5 second intervals before determining that the connection has died. WTF?! The connection is not bad! It works on all other computers. The issue can be easily repeated and it works the same way every time. Windows thinks it needs to start a burst of re-transmissions and disconnects when they seem to fail.
During one of the Google-session for the fix, I found netsh interface ipv6 reset command. I tried it:
PS C:\Windows\system32> .\netsh.exe interface ipv6 reset
Reseting Global, OK!
Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.
Did the Windows restart, ran the above commands to disable privacy, randomization and teredo-tunnel. Everything started to work! Whooo-hoo! Now my SSH-connections don't drop anymore. How cool is that!
The fix is very microsoft-ish. Some counter ticked into illegal value and in their mind the correct fix is to reset everything to the post-installation state. On *nix-world network-stack -code would be of much better quality and the entire issue would never happen!