Should I upgrade to Windows 10?

There’s been plenty of hype around Windows 10 and rightly so. First things first, if you received a notification advising you can upgrade to Windows 10 seriously consider the following:

  • Have you backed up all critical information on your device so in the event your upgrade fails you can access these files?
  • Are all applications that you use on your device compatible with Windows 10?
  • Do all your peripheral devices (WiFi card, graphics card, monitor etc) have Windows 10 drivers?
  • Do you have a rollback plan (performed an image backup of your machine to external media)?


Here are a few thoughts from my experience on upgrading my laptop to Windows 10:

  • I performed an in place upgrade to Windows 10 Enterprise from Windows 8.1 Enterprise. I downloaded the ISO, mounted it and ran the setup.exe . I left my laptop to grab some lunch, came back after 30 minutes and the upgrade appeared to complete successfully. Awesome.
  • I restart my laptop so I can install any unknown drivers for the laptop and I get the black screen of death similar to what other users were getting in the technical preview. I tried the usual fixes (BIOS, safe mode, system restore) to no avail.
  • Time for a rebuild.
  • Created bootable USB Windows 10 device and installed a fresh copy of Windows 10. I restarted my laptop and reviewed device manager for any unknown drivers.
  • To my surprise, Windows 10 had installed all up to date drivers necessary for my laptop without me having to hunt down anything (impressive) including my Biometric Synaptics Fingerprint scanner.
  • 75% of upgrades at our office failed resulting in staff needing to rebuild their machines from scratch.

Think twice before that upgrade. Stay tuned for what my thoughts are on Windows 10!

Fortigate – adding additional IP’s for PPPoE connections

Here in Australia we receive IP blocks for PPPoE connections. Since the IP is dynamically assigned to us we can’t manually add a “secondary IP” like you would with a static connection.

So what do you need to do?

Configure an IP pool!

  1. Go to Policy & Objects > Objects > IP Pools
  2. Specify whether it’s IPv4 or IPv6 and give a name
  3. Leave the type as Overload (unless you have a requirement to use the other types)
  4. Enter the additional IP’s given to you from your ISP
    Configuring IP Pools in GUI
  5. Now that you’ve configured your IP pool you can allocate inbound services to those additional IP’s. Configure your VIPs, VIP groups, and policies to use these additional IP’s and of course Test!

Enabling multiuser in Reckon Accounts 2015 after an upgrade

Reckon Reckon’s gonna get a reckoning? So it’s end of the financial year here in Aus and that usually means updates to your accounting software (inventory, payroll, invoicing etc). Time to upgrade to Reckon Accounts 2015, piece of cake right? ….


After several painstaking hours trying to figure out why Reckon wouldn’t just “upgrade” and following the release notes to a tooth I was starting to really lose my mind.

Here’s my setup:

  • Reckon data file on file server (Server 2012 R2)
  • Front end client on Remote Desktop server published as a RemoteApp (Server 2012 R2)
  • File accessible from RemoteApp via mapped network drive (leveraging DFS)

I won’t bore you with the details of troubleshooting and I’ll get right to the answer. DFS… Reckon does not like DFS. As you may know Reckon uses a .nd config file that resides in the same directory as your company files and every time I tried opening the file via the mapped DFS drive or from within the software and attempted to enable multi user mode, BOOM, I get a H202 error and the .nd file would change the FilePath to the DFS path e.g. \\domain.local\dfs\reckon\file.qbw where as it needs to be the local path of the file server.

// This is QuickBooks configuration File. It exists while users are connected
// to a company file. Do not delete this file yourself. QuickBooks may not
// operate correctly IF you manually delete this file.
EngineName=QB_SAM _24

To regenerate what the .nd file should be, on your file server open the Reckon Database manager, add the folder of where your company file is and hit scan. The .nd file will update and have the correct location.

So what are the high level steps for getting this bad boy to work:

  • Install file server on file server.
  • Run the database scan (updates .nd file).
  • Install client on workstation/terminal server and any tax table updates.
  • Open file from terminal server using UNC \\fileserver\reckon. Note: Do NOT open using the mapped drive with DFS. This will not work.
  • Upgrade the file to the latest version.
  • Enable multiuser using file > switch to multi user mode.

Fortigate Troubleshooting Cheatsheet

For all you Fortinuts out there I’m hoping this cheat sheet will help you as much as it’s helped me 🙂

CPU Utilisation

diag sys top

Fortigate Top Processes

Diagnose Sessions

diag sys session…
diag sys session filter <see below screenshot for options>


diag sys session filter dport 443 –> displays sessions that have a destination port of 443

diag sys session list –> displays sessions that match the filter

diag sys session clear –> clears sessions that match the filter


Fortigate Session Filter

Network troubleshooting commands

execute ping <ip or hostname>

execute traceroute <ip or hostname>

execute telnet <ip or hostname> <port>


Network troubleshooting

Running a packet trace

diag sniffer packet <interface> <filter> <verbose level logging>



  • Interface:  Network interface to sniff
  • Filter: Flexible logical filters for sniffer (or “none”).
    For example: To print UDP 1812 traffic between forti1 and either forti2 or forti3
    ‘udp and port 1812 and host forti1 and \( forti2 or forti3 \)’
  • Verbose logging:
    1: print header of packets
    2: print header and data from ip of packets
    3: print header and data from ethernet of packets (if available)
    4: print header of packets with interface name
    5: print header and data from ip of packets with interface name
    6: print header and data from ethernet of packets (if available) with intf name


diag sniffer packet any ‘port 5060’ 6

Run a packet trace

Running debug for traffic flow

1) Clear debug results and output to console

diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug flow show console enable
diag debug flow show function-name enable


2) Set a filter and start the debug trace

diag debug flow filter <filter>
diag debug flow trace start <number>



diag debug flow filter port 5060

diag debug flow trace start 1000


3) Force stop the trace and reset the results

diag debug flow trace stop
diag debug reset

Debug flow

Get the system status

Get the system status including Fortigate version, hostname, operation mode, HA status, system time.

get sys status

Get the system performance status

Get the system performance status including CPU, Memory, network utilisation, uptime.

get sys performance status

Enjoy! 🙂

Configure IE 10/11 startup settings (registry)

I had an issue configuring the way Internet Explorer started up at a client site. They use an intranet home page and every time someone closed their current browsing session and reopened internet explorer, the software would hang momentarily then reopen the tabs they recently closed down. The option in IE is under Tools > Internet Options > General as below

IE Startup Options

Easy enough right, definitely. Now for a single user this isn’t such a big deal but as a sys admin running Windows 7, Server 2008 R2 infrastructure environment for several hundred users group policy would be the answer, right? I had a hard time looking around for the adm or admx files and tried leveraging the Internet Explorer Administration Kit to no avail. I didn’t have a Windows Server 2012 server onsite. So what’s the easy answer? Registry 🙂

They details of the entry are as follows

Key Name: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ContinuousBrowsing
DWORD Name: Enabled
Value: 0 – Start with home page, 1 – Start with tabs from the last session

IE Startup Registry

So amend this via GPO (add a user policy registry entry or logon script) and voila!