Medion MD85264 Fingerprint reader driver

I recently got my hands (or fingers) on a Medion MD85264 fingerprint reader, which is an old device. Other product numbers on the device:

  • MSN: 50022080
  • EAN: 23086302

I had some trouble to get this working on Windows 10 or 11. There where no drivers to be found on the Medion site, and google only led to shady driver sites. Then I found out it uses a Authentec AES2501 chip. Drivers for this device are available via the windows update catalog, just search for AES2501B and it should return one result. Download the .cab, extract it and update the driver via device manager. Works pretty good with Windows Hello ūüôā

Posted in Uncategorized | 1 Comment

IPTV and Unifi Dream Machine (pro) or Gateway

A while ago i had to install a Unifi Dream Machine Pro on a XS4ALL FTTH line. IPTV had to keep working in conjunction with the UDM. After some trying and reading i came to the conlusion it is not possible to make the UDM handle IPTV. You can only use WAN2 as a failover, and a IGMP proxy is not available. So i tried to find a solution without using a double NAT situation.

XS4ALL delivers a FritzBox 7490 as a router, and with this router it is possible to keep using IPTV, and still have your public IP at your UDM. Below i will explain how to do this

How to connect it all

So the idea is to use the PPPoE passthrough option available on the FritzBox device. I have connected it together like this:

FritzBox configuration

So for this step, i am assuming you have only one local subnet. The fritzbox LAN side has to be in the same subnet as the Settop box(es). Both the UDM and FritzBox have on the inside. First you need to change the IP of the Fritzbox so it doesn’t conflict with the UDM (the both have .1 at this point). At the same time we can disable the DHCP server on the Fritzbox because we want the UDM to handle that.

  1. Navigate to Home Network -> Network -> Network Settings Tab
  2. Under Advanced Settings click IPv4 Settings
  3. Change the IP to a free IP in your subnet, for example You can also disable the DHCP server on this page. Click OK to apply the settings.

The second change we have to make is enable PPPoE passthrough, and prevent the FritzBox from making a PPPoE session to your provider.

  1. Navigate to Internet -> Account Information
  2. Clear the PPPoE information, or change it to something that doesnt work.
  3. Expand Change connection settings
  4. Clear idle connection after 30 seconds
  5. Enable Connected network devices allowed to establish their own internet connections

UDM configuration

On the UDM we also have to make some modifications. The changes have to be made to the DCHP server (where your Settop box resides) and some static routes.

  1. Navigate to Settings -> Services
  2. Click on the tab DHCP and DHCP Options. Add 2 DHCP options:
    1. Code: 28, Type: IP Address
    2. Code: 60, Type: Text
  1. Then navigate to Networks and edit your network where your Settop box is. Configure the Custom DHCP Options you just added.
    1. 60: IPTV_RG
    2. 28: <- This is the broadcast address of your local LAN

Last step is to add some static routes. I am pretty sure the destination subnets in these routes are XS4ALL specific. The destination IP is the IP address of the Fritzbox. Where did i find these subnets then? Well i have IPTV running with a pfSense firewall on a XS4ALL line. I found 1 subnet in the routing table, and the other in a online blogpost which describes how to configure XS4ALL IPTV on a pfsense box.

Canal Digital

I also have deployed this solution on a Onvi internet connection in conjunction with Canal Digital. For Canal Digital the static routes are not necessary!

Posted in Uncategorized | Leave a comment

New version of AD/Federated password tool

I have uploaded a new version of the password tool. There are 2 features added:

  1. Support for a SSL connection to your domain controller. Since some time it is mandatory to use SSL for password related operations
  2. Support for a SSL connection to the SMTP server. As requested in the comments. I’am using the .net SmptClient with its limitations. (I believe one of them is self signed certificates on 465)

You can find the options to enable/disable SSL on the setup page. Let me know if you would like to know how to enable SSL on your Domain Controller.

Posted in Uncategorized | 1 Comment

Youless and OpenHAB + Grafana

A while ago i started using OpenHAB in my home. For this i bought a raspberry pi, Aeotec z-wave stick, 3 power meters and a fibaro switch and roller shutter.I had a little trouble getting started and understanding how it works, but with the help of a friend i managed to make a start.

One nice thing in OpenHAB are panels you can create with HABPanel. My ultimate goal is to have tablet lying around in the living room to control and see the status of things/items in my house. One thing i wanted to see was the power consumption of my house and split PV output. Currently i use a youless to measure this. The youless is connected to enelogic which has some nice dashboards but not so easy to add to OpenHAB. Fortunately youless has also a interface to collect data in json format. This was easy to implement in OpenHAB. So i made this HABPanel:

I thought it would be nice to share how i did it. Although it is fairly simple to do it, finding out how took me quite some time. First you need to install the following add-ons: HTTP binding and JSONPath Transformation. Once you have those installed you need to create an item. You can do this by creating an .item file in /etc/openhab2/items. For example youless.item. Below you can find mine (i have a youless LS110 and LS120, LS110 is for measuring a car charing station):

//----- Energy
Number Youless_NetUsage "Netto verbruik" { http="<[http:///a?f=j:5000:JSONPATH($.pwr)]" }
Number Youless_PV "ZP Opbrengst" { http="<[http:///a?f=j:5000:JSONPATH($.ps0)]" }
Number Youless_Gross "Bruto verbruik"

Number Youless_CarCharcher "Laadpaal verbruik" { http="<[http:///a?f=j:5000:JSONPATH($.pwr)]" }

And actually thats it. When you add a widget you can find the Youless items. As you can see there is a Youless_Gross, this is a virtual item. The Youless only supplies net use and PV output. Not what you are actually using. So i am using a rule to calculate this item. The rule i am using:

rule "Update youless gross usage"
   Item Youless_NetUsage changed or
   Item Youless_PV changed
   var gross_value = (Youless_NetUsage.state as Number) + (Youless_PV.state as Number)
   logInfo("info","Updated Youless gross")

Nice addition is that i can graph this data in Grafana. I also have the InfluxDB persistence plugin installed.

Posted in Uncategorized | Tagged , , , | 2 Comments

Webbased Active Directory / Federated user password and recovery tool (IISADMPWD replacement)

A while ago i wrote a simple tool which allows users to reset their expired password as a replacement for IISADMPWD. The tool was created because at the time Office 365 did not have the ability to let federated users change their password. I have noticed that i was not the only one who had to deal with this problem, the tool was downloaded a number of times and i got some positive feedback. The tool was still very limited, if a user forgot his password, he still had to contact someone from IT to reset his password. Because remembering a password is one of the hardest things to do, resetting passwords for users took up to much of our time. This is why i build the Webbased Active Directory / Federated user password and recovery tool which allows users to recover their account through a reset link sent to an alternative e-mail address. On this page you can find how to install, customize and download the tool. You can see it as a self-service portal for users.

For the first version of the IISADMPWD replacement tool i have made the source code available for download.

Posted in .net, IIS, Office 365, Windows | Tagged , , , , , , , , , , | 2 Comments

Mail Performance Monitor and AWStats Totals

Recently i have added 2 solutions to my software and scripts section:

  • The first tool is Mail Performance Monitor which ¬†allows you to measure how long it takes to get a mail delivered from one mail account to another. More info here.
  • The second tool is a tool to display monthly awstats totals of multiple sites on one page. More info here.


Posted in .net, General, IIS, Windows | Tagged , , , , , | Leave a comment

Server 2012: The remote session was disconnected because there are no remote desktop license severs available to provide a license

If you ever get the error message in the title when connecting to a RDS session host while your licenses are OK, try the following:

  • Open Regedit on the host(s)
  • Navigate to¬†HKLM\System\CurrentControlSet\Control\Terminal Server\RCM
  • Take ownership of the GracePeriod key
  • Delete it
  • Reboot server

Found on:

Posted in Windows | Tagged , , , , | Leave a comment

Ugoos MK809IV

A while ago i bought an Android TV stick to use as a mediaplayer from iBood. I bought it trough their daily offer. Nice addition was the USB Fast Ethernet adapter (WiFi sucks). Specs of the stick:

  • Quad Core RK3188 Cortex-A9 1.4GHZ
  • 2GB DDR3 Ram
  • MALI 400 MP GPU
  • WIFI & Bluetooth
  • MicroSD slot

android-stick (1) android-stick (2) android-stick (3) android-stick (4) android-stick (5)

First run
When i first tried the stick i was disappointed. The stick came with an android 4.4 kitkat rom but it was really slow. Starting an app took forever and the interface was really sluggish. CPU-Z told me the CPU was a quad core 1.0GHZ cpu??. So i went to and downloaded their Android 4.2 ROM(4.4 was nowhere to be seen, why did it have 4.4 out of the box?). This was a HUGE improvement. Interface was fluent and apps started fast enough. But still i was not satisfied. Video playback in apps (xbmc 13 beta1 & beta2 and mx player pro) was shocky. Also the NAND was divided in 2GB app space and 5.x GB internal SD (why?).

Fixing problems
So i went out to look for a custom ROM, only to find out that none of the ROMs worked. I bricked my stick several times and had to use the short-pin-7&8-trick to re-flash the original firmware. I think this Android stick is some exotic variant of the original MK809IV. Every tool, rom or download that i tried wouldn’t work. In my search i learned that the shocky playback was caused by a v-sync bug in the kernel. But even flashing a patched kernel did not work. After a while i found a download RK3xxx firmware tools¬†which is a very nice tool to extract, modify and build rokchip firmware’s. This also allows you to add or remove APK’s from the rom AND increase the app space on the NAND by using a paramater file. This could fix most of my problems but not the v-sync bug.

V-Sync bug and OC!
So using the firmware tools described earlier, i was be able to extact the firmware obtained from ugoos. The tool extracts various parts from the firmware:

  • boot.img
  • kernel.img
  • misc.img
  • recovery.img
  • system.img

The tool will also let you extract and build system.img to modify android (Remove bloatware, add binaries, etc). I tried to replace the kernel.img by a patched one found online only to find out it didn’t work. After a long search i found some perl scripts. The creator of the script claimed that the script could patch any RK3188 kernel and also build OC kernels. So i let them patch my kernel and it worked! After that i build a new ROM with the new kernel (and other parameter file) and this fixed the v-sync bug. After applying the v-sync patch it is possible to create OC kernels, ¬†CPU can be OC-ed up to 1.9GHZ, GPU up to 800MHZ and memory up to 800MHZ. The script creates a kernel for each possible combination.

Increase App space
To increase App space you can extract the firmware using the firmware tools and replace a parameter file to change the layout of the NAND flash. I downloaded these parameter files somewhere but i have no idea where. Therefore i will add them to this post but kudo’s to the guy who created them. After extracting the firmware you can find the parameter file in temp/Android. Simply replace the parameter file by any of the attached parameter files and rebuild+flash the image. Parameter2GB would create 2GB of App space, Parameter6GB would leave you with 6GB of App space (and about 700MB of internal SD space). You can find the parameter files here.

Unbrick your Stick
As i mentioned earlier, i bricked my stick a few times. If you did a bad flash and your stick won’t boot and windows shows unrecognized device when you connect it, you can recover by shorting pin 7 & 8 of the flash chip while powering it on. This enable’s some hardware flash mode which allows you to flash the original rom to the device. I used the tip of a small knife to short the pins, see the picture below:

Root & Bluetooth
2 things about the stick are still a ‘problem’. The first problem is that i couldn’t get root on the device, i modified the ROM by superuser.apk and the su binary, but superuser keeps telling me that the su binary is missing. The other thing is poor bluetooth performance. I connected a BT keyboard and especially when WiFi was doing a lot of traffic it was impossible to use the keyboard or mouse. I ended up buying a mini RF Keyboard/Touchpad which uses it’s own dongle.

Update 1
I’ve managed to get root on the device. I tried this for a while on a Windows 8.1 machine but i couldn’t get the ADB driver to work. On Windows 7 i got the drivers to work using the AdbDriverInstaller.exe file. After that i used TPSparkyRoot.bat (google it) to root the device.

I have uploaded and added the patched ROM for download as requested. The ROM has stock clocks, v-sync patch applied and some bloatware removed. App space is 6GB and 700MB internal SD card storage. I’ve also uploaded a zip file (see below) with all the possible patched OC and stock kernels (generated by the Perl scripts) so you can flash only the kernel using the RK3xxx firmware tools . If you are interested where the Android 4.4 (Beta) ROM came from: i found it here. I’ve read in a thread on iBood that the developers of the ROM expect to release an Android 4.4 final ROM somewhere next week.

If you want to link to the download, please link to this page and not the direct file. Thanks!

Other Resources

Posted in Android | Tagged , , , , , , , , , | 19 Comments

Compress/Zip IIS Logs using Powershell

In my short search for a script which can compress IIS log files i couldn’t find any solution (written in powershell). So i made my one myself. The script compresses all .log files located in the sub directories of $LogDir and files newer than 5 days are skipped. The script uses the zip functionality present in windows so no external programs are needed. The script was tested on Windows 2008 Server R2.

$LogDir = "D:\Logs"
function Zip-Logs
    foreach($Dir in Get-ChildItem $LogDir | ?{ $_.PSIsContainer } )
        foreach ($file in Get-ChildItem -Filter *.log $Dir.FullName)
            $TimeSpan = New-TimeSpan ($file.LastWriteTime) (Get-Date)
            $filename = $file.FullName + ".zip"
            if ($TimeSpan.TotalDays -gt 5)
                #Create Zip
                New-Zip -zipfilename $filename
                #Add file
                $file | Add-Zip -zipfilename $filename
                #Delete the uncompressed file
function Add-Zip
	if(-not (test-path($zipfilename)))
		set-content $zipfilename ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
		(dir $zipfilename).IsReadOnly = $false	
	$shellApplication = new-object -com shell.application
	$zipPackage = $shellApplication.NameSpace($zipfilename)
	foreach($file in $input) 
        #This waits for the zip operation to finish
        while($zipPackage.Items().Item($file.Name) -Eq $null)
            start-sleep -m 10
function New-Zip
	set-content $zipfilename ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
	(dir $zipfilename).IsReadOnly = $false
Posted in IIS, Powershell, Windows | Tagged , , , , , | Leave a comment

Autodiscover to external Exchange Server

Recently i had to migrate office mail from an on-premise Exchange (2010) server to Office 365. After the “switch over” (and changing DNS settings for mail and auto-discover to the Microsoft servers) i noticed that Outlook (2007) on the on-site PC’s which are member of the local domain, still auto-discovered to the on-premise exchange server. After some digging around i found out that outlook retrieves this information from Active Directory and you can change this via Active Directory Sites and Services.

  • Once opened, navigate to Services -> Microsoft Exchange -> -> Administrative Groups -> -> Servers -> -> Protocols -> Autodiscover.
  • Right click on your server and choose properties.
  • Go to the Tab Attribute Editor
  • Look for the setting serviceBindingInformation and change it to your needs.
  • OK to apply

After this change, Outlook auto-discovered to the correct server.
SCP AD autodiscover aanpassen

Note: If you don’t see Services, click View -> Show Services Node

Posted in Exchange 2010, Office 365, Windows | 1 Comment