I recently purchased a ratgdo device to replace MyQ's kit for a local non-cloud dependent solution. ratgdo offers homekit, mqtt, and Control4, Nice/Elan, or Crestron integration. For this tutorial, I'm going to cover ratgdo and MQTT integration.
If you run Home Assistant as-is or are using their hardware, you can easily setup an MQTT broker by navigating to Add-Ons and installing the MQTT Broker, however in the past I have written articles on Home Assistant and Z-Wave JS as separate containers, so I wanted to follow the same concept by running the MQTT broker as a container as well.
Across the board, the consensus seems to be that most people are running Mosquitto as an MQTT broker, so here is how you can get that setup as a container.
Download the docker image for Mosquitto
docker pull eclipse-mosquitto
2. Create directories for Mosquitto's config and data files. If desired, you can create one for logs as well, but I'm ok not persisting that.
3. Create a configuration file for mosquitto. This file will configure what ports MQTT data should be listed on as well as its corresponding port for receiving data via WebSocket. In addition, we will define where data should be stored, and require authentication to be able to connect. For now, leave the password file, which contains the username/password combo for who can authenticate.
vi /home/docker/mosquitto/config/mosquitto.conf
Press i to enter insert mode and paste the following:
6. Use the mosquitto_passwd utility to generate an encrypted username and password. An ask for the password will prompt once you run the command. Type exit to return back to your local terminal.
One thing that is a bummer is Exchange online does not support setting an autoreply / out of office message for a distribution list. Usually if you want such functionality, you'd convert the distribution list to a shared mailbox and configure the autoreply or use a 3rd party utility, or potentially come up with some complex transform rule.
Solution
One workaround you can apply is to enable out of office / autoreply messages from recipients in the distribution list. By default, Exchange Online will suppress autoreply messages when going to a distribution list, but you can quickly configure the behavior to allow the messages per distribution list.
Steps
Install Exchange Online PowerShell module
Open PowerShell as an administrator and execute the following command: Install-Module exchangeonlinemanagement
Configure the distribution list to allow the out of office / autoreply messages to be returned to the sender / originator. Set-DistributionGroup -identity [email protected] -SendOofMessageToOriginatorEnabled $true
Result
Now when someone emails the distribution list, they will receive an out of office / autoreply if configured by an individual member. Note, if multiple members have the autoreply configured, the sender/originator will receive multiple replies.
You can generate large files for testing on both Linux and Windows machines without having to leverage a 3rd party utility.
Windows
In Windows, you can use the fsutil utility to create a new file with a defined number of bytes. In this case, the following command will generate a 1 GB file. The contents of the file will consist of spaces.
In Linux, you can use the dd utility. In this case, this command will create a 1 GB file filled with 0s. The bs parameter is the block size and count is the number of blocks to create.
Fighting spam can be tricky. In addition to SPF records, DKIM is nearly mandatory to help prevent sent emails from being classified as spam. Beginning February of 2024, both Google and Yahoo will require DMARC, which require either SPF or DKIM; and in some cases for a high volume of emails (5,000+), both.
In this tutorial, we will look at signed outbound messages with DKIM via use of the open source project OpenDKIM. If you followed my previous tutorial on Postfix + Dovecot + Mysql/MaraiDB, you may have multiple domain names, so this guide will assume you will want to configure separate DKIM keys for each domain name you are hosting.
Step 1: Install OpenDKIM
First, update packages for your distribution.
sudo apt-get update && sudo apt-get upgrade
Install OpenDKIM and OpenDKIM tools. OpenDKIM-tools has a utility to generate the keys we will use.
sudo apt-get install opendkim opendkim-tools
Step 2: Created trusted hosts configuration file for OpenDKIM
First, create a file that OpenDKIM will use that defines the trusted hosts that can send messages.
sudo mkdir /etc/opendkim
sudo vi /etc/opendkim/TrustedHosts
Add the IP addresses and fqdn of the server sending messages by typing i to change into insert mode in vi.
127.0.0.1
localhost
192.168.1.2
mail.mydomain.com
Type :wq to commit the changes in vi.
Step 3: Modify OpenDKIM configuration file
Modify the opendkim.conf configuration file
sudo vi /etc/opendkim.conf
Search for #Canonicalization simple and uncomment the line by removing the # symbol.
Search for #Mode and remove the # symbol to uncomment the line. Ensure the line is configured with s for signing outbound emails or sv for verifying dkim keys on sent and received emails.
If you have subdomains, search for #SubDomains and remove the # and change to yes. For example:
SubDomains yes
Search for Socket local:/var/run/opendkim/opendkim.sock and comment the line by adding a # in front of the line.
Search for #Socket inet:8891t@localhost and uncomment the line. If the line does not exist in your document, then add the following at the end of your document.
Socket inet:8891@localhost
Next, add the following lines to reference our DKIM configurations for each domain:
Run the following command to create a new folder and change directory to it for where we will generate our key used to sign the outgoing emails.
sudo mkdir -p /etc/opendkim/keys/mydomain.com
cd /etc/opendkim/keys/mydomain.com
Execute the following command to generate the key:
sudo opendkim-genkey -r -d mydomain.com
Delegate access to the opendkim user and group to access the key (note, if you modified the user in your opendkim.conf file, you will want to use that instead)
sudo chown opendkim:opendkim default.private
Step 7: Reference the key via OpenDKIM KeyTable
Modify the Keytable with vi
sudo vi /etc/opendkim/KeyTable
Add the following line to the file to define your selector. In this example, we will call the selector default, but if your domain requires multiple DKIM keys, ensure you make this unique. You can modify the file by pressing i to enter insert mode in vi:
Create a new TXT record within your nameservers and specify the value between the quotes (don't include the quotes). I.e.:
v=DKIM1; h=sha256; k=rsa; s=email; p=ABCDEFG.....
Note: I choose to update DNS last as once you update DNS, any servers that would receive mail before you apply the previous configuration may discard your emails. Then again, you didn't have DKIM before, so you were probably going to junk mail anyways ;^)
This is going to be a quick tutorial, but here's a quick way to generate a root certificate, server certificate, and bundle them together via pfx file. This can be useful to validate scenarios where a certificate chain is required. For this tutorial, we'll be using the openssl utility, which can be freely downloaded here: Win32/Win64 OpenSSL Installer for Windows - Shining Light Productions (slproweb.com)
Generate the Root Certificate
Execute the following command to generate a key for the root certificate:
Execute the following command to generate a certificate signing request. Note: During this step, you will be prompted to specify several certificate attributes; for the common name, you can specify the name you'd like as the issuer (i.e. MyCorp)
Execute the following to generate the public certificate. During this step, you'll specify the validity of the root certificate (you may want this to be longer than 365 days as the root).
Execute the following command to generate a certificate signing request. Note: During this step, you will be prompted to specify several certificate attributes; for the common name, specify the FQDN to your server. You do not need to start the value of the common name with CN=
Execute the following command to generate the public certificate for the server certificate. During this step, you'll specify the validity of the server certificate. Generally speaking, the validity of this certificate would be much shorter than your root.
Optionally, you can verify the issuer or expiry dates of the server certificate is correct via the following command:
openssl x509 -in server-cert.crt -text -noout
Generate PFX from Root and Server certificate
Execute the following command to generate a PFX file containing the public and private keys of the server certificate as well as public key of the root certificate. Note, you will be prompted for a password for the PFX file, which can increase security when needing to move these sensitive files around.
One of the side projects I have is rebroadcasting local ATC (Air Traffic Control) audio from my local airport to LiveATC.net. I previously had an RTL-SDR dongle connected to a RaspberryPi 1 Model B, which then rebroadcasted to LiveATC via IceCast. While I've had success the past few years broadcasting, overhead plans were really the only thing that was clear; being distant from the airport, receiving broadcasts from the tower were a slim to none at best.
In doing a bit of research I settled on purchasing a SDRplay RSPduo and Raspberry Pi 4, which seems to help with noise. Pairing the SDRplay with the newest version of RTLSDR-Airplay, I was able to achieve much clearer audio/hear things I couldn't before. While I'm using the SDRplay RSPduo, this guide can be used for their other devices such as the Rsp1a and RSPdx as well (likely others as this guide ages). Here's a reflection on how I got things setup.
Update Raspbian packages
First, update your Linux packages to latest version. I'm running the latest version of Raspbian / Debian.
sudo apt-get update && sudo apt-get upgrade
Disable WiFi/Bluetooth
This is optional, but I figured I'd disable the radios on the RaspberryPi to further mitigate as much possible noise as possible. First, you can disable both radios by editing /boot/config.txt via the vi text editor (this can actually be configured by placing this file on your SD-Card you attach to your Raspberry Pi during first-time boot). Official details on the boot overlays can be found here.
sudo vi /boot/config.txt
Once in vi, press i to insert the following lines:
dtoverlay=disable-bt
dtoverlay=disable-wifi
Press the escape key and then type :wq to write the changes to the file and exit vi.
Lastly, execute the following command to disable the UART bluetooth service.
sudo systemctl disable hciuart
Download & Install RSP Control Library + Driver
First, you will want to grab the latest SDRplay Drivers and Libraries. You can do this by navigating to SDRplay's website and selecting RSPduo and ARM Raspberry Pi OS for the download. Then click the API button. Now this is kinda difficult if you are SSHed into the Pi, so I'd find the latest version from their website and then use the following commands below to remotely download the software (substituting in the version number to grab the latest download) and install it and reboot after install (rebooting after installation is strongly recommended).
Execute the following commands:
# Navigate to home directory
cd ~
# Download latest API Library + Driver
wget https://www.sdrplay.com/software/SDRplay_RSP_API-ARM32-3.07.2.run
# Provide execution rights to install the software
chmod 755 ./SDRplay_RSP_API-ARM32-3.07.2.run
# Run the installer
./SDRplay_RSP_API-ARM32-3.07.2.run
# Reboot the machine
sudo reboot now
Build and install SoapySDR from source
In this section, we need to install SoapySDR which is a vendor and platform neutral SDR support library. Essentially this means that instead of needing a bunch of developers to write integrations into all the different SDRs, other software can leverage these interfaces to skip worrying about device compatibility and focus on what the application needs to do. As we'll see later, RTLSDR-Airband does exactly this to provide support for tons of different SDRs. Kudos to the PothosWare team for enabling developers all over the world to build all sorts of SDR projects!
So, to get this installed, we need to clone the source code from their GitHub repo and compile the project. Official documentation on this process can be found on their wiki, but I'm going to try and simplify everything here.
Since Raspberry Pi doesn't come with Git, I am going to use wget and unzip to do this, but if you don't mind installing Git, that'd be the easier way to "clone" down the latest source code from GitHub (make sure you replace versions where appropriate, at time of writing this, 0.8.0 is the latest version).
# Install dependencies needed to build this project
sudo apt-get install cmake g++ libpython-dev python-numpy swig
# Make sure we are back in our home directory
cd ~
# Grab latest tarball from GitHub
wget -O soapy-sdr-0.8.0.tar.gz https://github.com/pothosware/SoapySDR/archive/soapy-sdr-0.8.0.tar.gz
# Extract the tarball (this is like unzipping a .zip on Windows)
tar xvfz soapy-sdr-0.8.0.tar.gz
# Change directories into the new SoapSDR folder
cd SoapySDR
# Make a new folder called build
mkdir build
# Change directories into the build folder
cd build
# Execute cmake build automation
cmake ..
# Make installer (-j4 parameter increases build threads to make compilation quicker)
make -j4
# Make the installer copy files to right locations
sudo make install
sudo ldconfig #needed on debian systems
# Navigate back to home directory
cd ~
# Delete the SoapySDR folder since we are done with it
rm -R SoapySDR
At this point, you should be able to execute the SoapySDRUtil command and see the version you installed.
SoapySDRUtil --info
You should get something like this:
Build and install SoapySDR Play module from source
Now that we have SoapySDR installed, we need to install the module to allow it to control the SDRplay device. Similiar to SoapySDR install, we'll pull down the latest files from the SoapySDR Play Module GitHub repo, build the installer, execute it, and verify that all went well. Official instructions can be found on their wiki as well.
# Make sure we are back in our home directory
cd ~
# Grab latest tarball from GitHub
wget -O SoapySDRPlay.zip https://github.com/pothosware/SoapySDRPlay3/archive/refs/heads/master.zip
# Unzip the archive
unzip SoapySDRPlay.zip
# Change directories into the new SoapSDR folder
cd SoapySDRPlay3-master
# Make a new folder called build
mkdir build
# Change directories into the build folder
cd build
# Execute cmake build automation
cmake ..
# Make installer
make
# Make the installer copy files to right locations
sudo make install
sudo ldconfig #needed on debian systems
# Navigate back to home directory
cd ~
# Delete the SoapySDR folder since we are done with it
rm -R SoapySDRPlay3-master
Plug in SDRplay RSPduo device and verify we see it
If you haven't already, go ahead and plug in your SDRplay RSPduo. Next, let's verify we see it using the SopaySDRUtil command.
SoapySDRUtil --probe="driver=sdrplay"
You should see something like this and you should see your device and hardware version (note the hardware hardware= value as you may need that later). In addition, one thing that is neat about the RSPduo is there are multiple tuners/antennas. You will be able to see these values in the probe output. Once you enable RTLSDR-Airplay, you'll notice active antennas are removed from the list of available devices.
RTLSDR-Airband is an open source project that allows you to receive analog radio voice channels and produce audio streams which can be routed to various outputs, such as online streaming via Icecast server, PulseAudio server, Audio file, or Raw I/Q file. In our case, we are going to stream to an Icecast server in this example.
Similar to our previous section in SoapySDR, we need to download the latest source code, build and install RTLSDR, and then modify the configuration file. Official documentation can be found on the RTLSDR-Airplay GitHub Wiki.
# Install RTLSDR-Airplay dependencies
sudo apt-get install build-essential libmp3lame-dev libshout3-dev libconfig++-dev libfftw3-dev
# Navigate back to our home directory
cd ~
# Download the latest source from GitHub
wget -O RTLSDR-Airband-3.2.1.tar.gz https://github.com/szpajder/RTLSDR-Airband/archive/v3.2.1.tar.gz
# Extract the tarball
tar xvfz RTLSDR-Airband-3.2.1.tar.gz
# Change directory into the RTLSDR-Airband folder
cd RTLSDR-Airband-3.2.1
# Make the installer; this is specify to armv7 (32-bit Raspberry PI) with SoapySDR support.
# This removes RTLSDR support to avoid another dependency install (WITH_RTLSDR=0)
make PLATFORM=armv7-generic WITH_RTLSDR=0 WITH_SOAPYSDR=1
# Install the program
sudo make install
Configure RTLSDR-Airband
For my particular setup, I want to stream to an external icecast server. To do that, I recommend creating a backup of the default configuration file (as a backup).
# Rename the original config file as a backup
sudo mv /usr/local/etc/rtl_airband.conf /usr/local/etc/rtl_airband.conf.bak
Next, we can create a new configuration file with the proper configuration. Execute the following command to open vi.
sudo vi /usr/local/etc/rtl_airband.conf
Press i to go into insert mode and paste the following (replacing the values applicable to your environment; you may want to change the name of the stream, authentication parameters, and gain"). Also, note that we are using the first Antenna and specifying the hardware version of RSPduo from the previous step where we probed the SDRplay device (if you have a different SDRplay device, substitute that value accordingly).
From their wiki: you will see simple text waterfalls, one per each configured channel. This is an example for three devices running in multichannel mode. The meaning of the fields is as follows:
The number at the top of each waterfall is the channel frequency. When running in scan mode, this will be the first one from the list of frequencies to scan.
The number before the forward slash is the current signal level
The number after the forward slash is the current noise level estimate.
If there is an asterisk * after the second number, it means the squelch is currently open.
If there is a > or < character after the second number, it means AFC has been configured and is currently correcting the frequency in the respective direction.
Execute the following command to start running in foreground mode:
# Test in foreground mode
/usr/local/bin/rtl_airband -f
Press Cntrl+C to break out of the stream once you are satisfied with your testing.
Enable RTLSDR-Airband to autostart
To enable RTLSDR-Airband to automatically start up each time your Raspberry Pi is rebooted, you can execute the following commands from within the RTLSDR-Airband directory.
TLDR: I wanted to control the light on Big Ass Fans' Haiku fan via physical wall switch, so this tutorial is going to go over how to pair a smart switch with Home Assistant software to provide a traditional light switch experience. Skip down to Setting up the wall switch to start if you want to skip my ramblings.
Here's a YouTube video if you don't like to read:
Longer story
In the background of many commercial buildings, silently lurking and judging us from above, lies what looks like possibly a recycled helicopter blade. Don't be fooled, these blades are no helicopter blade, they are years of engineered excellence in the makings. The company prides themselves on solid engineering and building a solid product for their customers. They are called Big Ass Fans.
For quite some time I've been eyeing their Haiku fan, which is their residential ceiling fan. Their fans look incredibly modern, operate almost completely silent, have a "SenseMe" feature that figures out when people are in the room to automatically do stuff, and they have an API that you can integrate into locally on the fan via WiFi (lose internet, no problem, you can still control your fan!). One of my biggest "beefs" with today's companies is they try to make things really proprietary and crappy, so seeing the company that takes pride in their product and allowing others to integrate into it remotely without internet is super "cool" 😉
You spin me right round
The fan itself is smart... too smart
One thing that's really interesting, is when you hook up the fan, to me, it's designed more like their commercial units where it needs to be constantly powered on; from there you remotely control the fan either by remote or their smart phone application. Both the remote and even the mobile app, work incredibly well and are extremely responsive, but the only tricky thing about the fan is in a residential setting, many folks have light/fan combos in their bedrooms, offices, and living rooms and if a guest walks into the room and flips the light switch, they are flipping power to the whole fan/light.
So....?
In many commercial settings, fans you typically set once and let em' rip, but with the residential play, you have grandparents, guests, friends, etc. that may come over. Since the remote is there, they go, how do I turn the lights on to this room? Unfortunately, there isn't a good answer here other than to put a plate on the wall and force your guests to check out the remote.
I personally find the remote a hassle since I have a small little corridor into one room, so when it's darker in the evenings, you grab the remote on the wall, walk through this dark area, and then aim the remote somewhere at the ceiling to turn it on (this is if you don't forget the remote in the room from before).
So...?
I am a "big fan" of having a smart home, but I want it to be super intuitive to the end user. I design everything to be used as if my grandparent is over and they have no idea what the heck is going on. In this case, I leveraged an open source project called Home Assistant and a Leviton Z-Wave switch to do the magic of controlling the fan like any other fan you'd buy at a big box store. More specifically, I really just needed to control the light on the fan, so this tutorial is going to go over how to control the light from the fan via the switch.
Setting up the wall switch
The first thing you'll need is a smart switch. It can be WiFi, Z-Wave, ZigBee, etc; it doesn't matter specifically what brand (odds are, it'll be compatible (here's the official list)), but you'll need a switch that allows you to control it via the computer or your phone. I used a dimmer switch specifically as the light on the Haiku allows several different levels of brightness.
Once you have the switch, what you'll want to do is wire up the fan so it constantly has power and also give power the switch. This does two things: 1) it allows the fan to be powered on regardless if your guest turns the light switch on/off 2) it allows the light switch to stay powered on so you use that to talk to your fan. Here's an example of how I wired my Leviton Z-Wave switch.
Here you can see I don't have anything connected to the red pin, or load. Typically, you'd have this connect back to the fans lights to turn them on/off, but the Haiku fan isn't wired like that.
On this side, you can see we only have the negative wire connected. It's hard to see, but in the box, I have all my neutral and negative wires capped together, which offers power to the fan 100% of the time, regardless of what this switch is doing.
Once you have the switch wired up and ready to go, it should literally do nothing when you turn it on/off, but your fan should stay on all the time.
Setting up Home Assistant Automation
This guide won't go into installing / setting up Home Assistant, rather more so around the automation scripts needed to get this all working. If you are interested in learning more about Home Assistant, you can check out their website here and I have a blog post on how to deploy Home Assistant on a Raspberry Pi here.
To get this working, you will need a couple of things:
Add your smart switch to Home Assistant
Install HACS
Install Haiku SenseMe Integration
Add two automation scripts
One to control light on/off events
One to control light brightness events
Add your smart switch
I won't go into details here too much since every switch will have a separate way to install (Z-Wave vs WiFi vs Zigbee for example), but here is a nice YouTube video on how to get things going (https://youtu.be/FtWFSuMdiSQ?t=353).
HACS
If you have used Home Assistant, it comes with many different native integrations out of the box. Unfortunately, many integrations are developed so quickly the HA (Home Assistant) team doesn't have time to vet them all, so they end up being maintained by the community. HACS helps install these integrations, so I'd recommend installing this.
Step-by-Step documentation on installation can be found here: Prerequisites | HACS
Haiku Integration
A few much smarter folks wrote up an integration for the Haiku fan called SenseME, which we need to install. Once HACS is installed, you can search for the integration via HACS and install the integration. Copied from their integration, here is how to install the integration:
Go to Configuration -> Integrations.
Click on the + ADD INTEGRATION button in the bottom right corner.
Search for and select the SenseME integration.
If any devices are discovered you will see the dialog below. Select a discovered device and click Submit and you are done. If you would prefer to add a device by IP address select that option, click Submit, and you will be presented with the dialog in step 5.
If no devices were discovered or you selected the IP Address option the dialog below is presented. Here you can type in an IP address of undiscoverable devices.
Repeat these steps for each device you wish to add.
Once configuration is completed, you should see an entity for your fan listed that looks something like this.
On/Off Automation
This automation will first control On/Off behavior from your light switch.
Go to Configuration -> Automations.
Click on the + ADD Automation button in the bottom right corner.
Click the START WITH AN EMPTY AUTOMATION button
Click on the three dots in the top right corner and click Edit in YAML
5. Paste the following code; make sure you edit the names of each of your light switch entities (one for your fan light and one for the light switch on the wall): light.your_light (the light for your wall) and light.fan_light (the light on the Haiku fan).
alias: Turn On/Off Haiku Fan/Wall Switch
description: ''
trigger:
- platform: state
entity_id: light.your_light, light.fan_light
from: 'off'
to: 'on'
- platform: state
from: 'on'
to: 'off'
entity_id: light.your_light, light.fan_light
condition: []
action:
- service: light.turn_{{ trigger.to_state.state }}
data:
entity_id: |-
{% if trigger.entity_id == 'light.your_light' %}
light.fan_light
{% elif trigger.entity_id == 'light.fan_light' %}
light.your_light
{% endif %}
mode: single
6. Click the SAVE button
Brightness Automation
This automation will first control On/Off behavior from your light switch.
Go to Configuration -> Automations.
Click on the + ADD Automation button in the bottom right corner.
Click the START WITH AN EMPTY AUTOMATION button
Click on the three dots in the top right corner and click Edit in YAML
Paste the following code; make sure you edit the names of each of your light switch entities (one for your fan light and one for the light switch on the wall): light.your_light (the light for your wall) and light.fan_light (the light on the Haiku fan).
At this point, whether you use your remote or the light switch, your lights should be in sync! Use the remote or the wall switch to the turn on/off the lights. Try using the switch to dim and it should adjust the brightness of the light (note: there may be a tiny delay after you make changes to the dimmer value as there's a 2second delay in the automation, which prevents the lights from going wonky).
Conclusion
Through the use of Home Assistant + any smart switch, we can easily control the Haiku fan with physical nobs and dials. While this tutorial only covers controlling the fan's light via a switch, the same principals can be used to add a second switch to control the fan speed.
For those that like physical knobs and dials to control your devices, hope this was helpful!
This tutorial will review how to create a bootable USB drive to flash the fimrware/bios on your Lenovo device.
Before we begin, Lenovo offers three different downloads for Firmware today:
Windows installer/flash utility (.exe)
CD ISO version (.iso) to burn to a disk
USB Flash Package (.zip)
While the USB Flash Package (.zip) is exactly what we are looking for, by default if you just drag the files onto your USB drive, it won't boot to the flash utility. In this case, the instructions below will show you have to make the drive bootable and then launch the USB Flash Package.
Make a bootable drive
First, you will want to download a copy of the Rufus utility. This utility is an open source utility for Windows only, but will allow you to make a bootable USB drive. You can obtain a copy of the utility here. Rufus' website can officially be found here: https://rufus.ie/
Once installed, open the application. Select your USB device you wish to flash (note this will erase all data on your device) and set the Boot selection to FreeDOS. Once your Device and Boot selection has been set, go ahead and click Start to flash the device.
You will be prompted to confirm you are OK with erasing the device. Go ahead and click OK if you are sure you have selected the correct device in the prior step.
Once completed, you should see a green bar that says READY. This is kinda misleading, wish it would say completed, but your device should be flashed at this point.
Download the right firmware from Lenovo
As mentioned earlier, Lenovo offers 3 different types of downloads on their website. You will want a copy of the zipped installer as shown in the screenshot below.
Once downloaded, navigate to where you downloaded the zipped file, right click, and select Extract All... If you don't see Extract All... then try downloading a copy of 7-Zip, which is a fantastic free archiver solution that can open all types of compressed files (zip, 7zip, tar.gz, etc)
In this picture, we show right clicking the zipped folder and clicking Extract All... on the file.In this picture, we are selecting the folder to where the extracted files should go.
Copy the extracted files to your bootable USB drive
Once you have extracted the files from the zipped folder from Lenovo, you will want to copy and paste the files from the extracted directory to the bootable USB drive. To show visually, I opened two file explorer windows, one in the directory of the extracted firmware and the other on the bootable USB drive. I simply dragged and dropped the files from the firmware directory to the bootable USB drive.
When you try to copy the files from the firmware directory to the bootable USB drive, you will be prompted to replace AUTOEXEC.BAT. Make sure to Replace the file in the destination as this will execute the command to launch the flash2 utility, which actually writes the firmware to the device.
Plug in the drive and set the device to boot to it
At this point, you should have a bootable USB device that you can now plugin to your Lenovo device. You can unplug it from your client machine and plug it in to your Lenovo device. Make sure you set your Lenovo device to boot from the USB drive (this can usually be set by pressing the F1 or F2 keys during the post screen).
What to expect
Upon boot, you should be greeted by the Lenovo flash utility, which will ask if you want to update your device. Please note, that in my experience, once I select yes the device needed to reboot several times and may boot into the BIOS. The utility will tell you when everything is completed, so make sure you don't power down your device or unplug your USB drive after the first or second reboot, make sure you wait things out. As with updating any firmware, make sure you don't do this in a storm or on a device with low battery as you ensuring little chance of disruption as possible is absolutely critical.
Summary
At this point, you should have a bootable USB drive created by Rufus and FreeDOS that can be paired with Lenovo's firmware to go around and flash your devices. Hope this helps!
After installing System Center Data Protection Manager from scratch or after performing an upgrade from DPM 2012 R2, when you attempt to schedule a report to be mailed, you receive the following popup error or notice that when you generate a report you just receive a white page in your browser that continues to load indefinitely:
Reporting Services Server cannot connect to the DPM database. To repair the configuration, follow steps for repairing DPM from DPM Setup Help. ID: 3001 More Information Just an endless loading page presented in your browser.
Unfortunately, following the repair steps suggested in the More Information link does not resolve the problem.
Resolution for SQL Server 2016 and later
On the DPM server, open Computer Management, expand Local Users and Groups, click Groups, and create a new local group with the following information (replace items in red with the actual server name/hostname of your machine):
Group name: DPMDBReaders$DPMSERVERNAME
Description: This group is internally used by Microsoft System Center 2016 Data Protection Manager.
On the DPM server, open Computer Management, expand Local Users and Groups, click Users, and create a new local user with the following information (replace items in redwith the actual server name/hostname of your machine):
User name: DPMR$DPMSERVERNAME
Full name: DPMR$DPMSERVERNAME
Description: This account is used for SQL reporting to generate reports for DPM 2016.
Enter a strong password
Check Password never expires
Select your recently created DPMR$DPMSERVERNAME account and click on the Membership of tab
Add the DPMDBReaders$DPMSERVERNAME group we created in step 1
Click OK
Start Microsoft SQL Server Management Studio and connect to the SQL instance used by DPM.
Expand Security, right-click on the Logins, select New login
Click on the Search... button and add the local group DPMDBReaders$DPMSERVERNAME
Set the Default database to YourDPMDatabase
Click on the User Mapping section, check the checkbox for YourDPMDatabase, and check the checkbox for the db_datareader role.
Click OK
In Microsoft SQL Server Management Studio, expand Databases, expand YourDPMDatabase, expand Security, expand Users, and right click Properties on the DPMDBReaders$DPMSERVERNAME group you granted access to in step 4.
Click on Securables
Click the Search... button
Select Specific objects... and click OK
Click the Object Types... button
Check Stored precedures and click OK
Click the Browse... button
Check [dbo].[prc_MOM_Heartbeat_Get] and [dbo].[prc_MOM_ProductionServerGet] and click OK
Click OK on the Select objects dialog box
Place a checkbox in the Grant column for the Execute row.
Make sure you do this step for both [dbo].[prc_MOM_Heartbeat_Get] and [dbo].[prc_MOM_ProductionServerGet], checking the box once will only update one of the storage procedures.
Click OK
Exit Microsoft SQL Server Management Studio.
Open Reporting Services Configuration Manager and connect to the SqlServer and Instance hosting the DPM reports (as you go through this, replace the items in Redwith your applicable values).
Click on the Web Portal URL menu item and click on the listed URL for DPM.
Click on the DPMReports_GUID folder to open the DPM reports page.
Click on the DPMReporterDataSource Data Source to open its properties.
Under Credentials, use the following configuration:
Select the Using the following credentials radio button
Type of credentials: Windows user name and password
User name: DPMR$DPMSERVERNAME
Password: EnterYourPasswordToTheAccount
Ensure Log in using these credentials, but then try to impersonate the user viewing the report is unchecked
Click the Test connection button
Ensure it says Connected successfully
Click Apply
Close out of your web browser
Back in the Reporting Services Configuration Manager window, complete the following steps
Select the Service Account menu item
Ensure Use built-in account is set to Network Service
Check the Use built-in account radio button
Set the account to Network Service
Click Apply
You will be prompted to save an encryption key. Save the key to location of your choosing, and type a password to be used to encrypt the file. Click OK
You will then be prompted to specify an account with administrator privileges. Click OK to use your current account.
Reboot the DPM Server
At this point, you should now be able to schedule e-mail reports without experiencing the original error and your reports should load properly!
DPM 2016 is primarily geared towards using mail servers that require authentication (rightfully so, that's a best security practice). However, many IT organizations have local mail relay servers with anonymous authentication that are used for several IT services in the organization. Unfortunately, DPM 2016 gets a bit wonky using unauthenticated mail servers and will likely give you a generic error that says:
Error ID: 2013 Details: The user name or password is incorrect
And if you ignore the error and head over to the notifications tab to configure a notification, you will be presented with another generic error:
An authentication error occured when trying to connect to the SMTP serve. (ID: 518)
You typed an incorrect user name, password, or SMTP server name. Type the correct user name or password to enable e-mail delivery of reports and alert notifications.
And if you are trying to configure scheduled emails you may receive an error about reporting services:
DPM Setup is unable to update the report server configuration to configure e-mail settings. (ID: 3040).
One thing I may do before getting too far ahead though is validate you can send an email from the DPM server. This can easily be done via PowerShell by executing the following command:
Send-MailMessage -SMTPServer localhost -To [email protected] -From [email protected] -Subject "Test Email from DPM Server" -Body "Howdy! This is a test from the DPM Sever. If you see this, mail relay is working!"
When executing the PowerShell command, it won't return anything, but you should hopefully see a message in your mailbox. If you do, you've at least ruled out network/mail issues.
Once you've ruled out connectivity/the mail server, we will complete the following steps below to configure DPM.
Configure E-mail for SQL Server Reporting Services
Create a Local User Account
Remove any artifacts left in the registry
Update the SMTP settings in DPM.
Configuration
Configure SQL Server Reporting Services
Open Reporting Services Configuration Manager
Sign into your DPM instance
Select E-mail Settings and leverage the following configuration
Open Computer Management, expand Local Users and Groups, select Users, and Create a new local user on the machine
Create the user (I used anonemail as the account name, but anything can be specified)
Remove all group membership
This account doesn't need to be a part of any group, including the Users group
This account should not be a part of administrators (I've seen other blog posts mention you must use administrator, that is 100% not necessary and can be considered a security risk)
Ensure the account is enabled
A disabled account will not work
Cleanup the registry
Open registry editor (regedit.msc)
Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Data Protection Manager\Notification
Delete the following keys (if they exist):
SmtpUserName
SmtpPassword
Reboot the DPM Server
Technically, you could restart two services: SQL Server Reporting Services instance for DPM and the DPM service, but a reboot never hurts 😉
Configure DPM to use SMTP relay
Close out of the DPM and reopen
Select Reporting, waiting for the screen to finish loading, and then select Action, Options
