Intel AC-7260 and UniFi

An Intel AC-7260 (on my Latitude 7440) was stuck at 54Mbps when connecting to my Ubiquiti AP AC-Lite. It’s been a great AP to me and all my other devices connect right up, so the issue must be with the laptop or wifi adapter. I found that the laptop wouldn’t connect at all if I set WPA2 to use AES only which is recommended because TKIP is deprecated.

I don’t like reduced performance.

When transferring large files I’d only get 3.5MBps. Ohfercryinoutloud, a cheap flash drive does better than that!

After messing with settings and drivers for a while, I finally found what was needed to get the AC-7260 to connect to WPA2 with AES/CCMP.

Using the latest Intel drivers (v19.70)

  1. Right Click / Status on the wifi adapter while connected to the SSID.
  2. Click Wireless Properties.
  3. Go to the Security tab and change the Encryption Type to AES.
  4. Set AP to use WPA2 with AES/CCMP.

    Forcing it to use AES for this SSID.

Next, just make sure you’re on a A band for best performance by either using the Connection tab next to the Security tab or by using the Preferred Band setting in the Advanced tab of the driver.

You can see the changes made a difference.

WSUS: Reset Server Node While Browsing Computers

I’ve run into another very annoying WSUS bug and this one deals with Computer Model information being corrupted when being entered into the SUS DB.

Crashing groups highlighted in red.

Twice I’ve encountered a bug where the WSUS console would crash every time I tried to browse the All Computers or Unassigned Computers groups, but it wouldn’t crash when I browse another sub-group.

I found a very useful blog post that showed how to fix it but I’m unable to find it now; however, I was able to remember the steps I took.

  1. Using SSMS, export the table tbComputerTargetDetail to a csv. (Select * query, then save the results as csv.)
  2. Sort the various columns to find the one with the box (like an unknown character). This is the corrupt entry. For me, its always been the ComputerModel field.

    A similar example.
  3. Note the TargetID #.
  4. You can use the TargetID number in the tbComputerTarget table to find out the hostname of the offending machine for a permanent fix.*
    SELECT FullDomainName
    FROM [SUSDB].[dbo].[tbComputerTarget]
    WHERE TargetID = '<targetid#>'
  5. Blank out this field.
    UPDATE [SUSDB].[dbo].[tbComputerTargetDetail]
    SET ComputerModel=''
    FROM [SUSDB].[dbo].[tbComputerTargetDetail]
    WHERE TargetID='<targetid#>'

WSUS will be working again.

*To fix this issue on my client machines, I’ve only needed to update the offending machine’s BIOS.

WSUS Doesn’t Download Updates

While rebuilding WSUS (once again) I discovered another snag. When first configuring WSUS I put in “D:” for the drive to store the updates because the wizard didn’t like “D:\”. Unfortunately, both are wrong. From what I read in various posts, the wizard used to default to the largest drive with free space and append \WSUS for a directory. If you just specify “D:”, the updates try to download to D:WsusContent and not D:\WsusContent. (The eventlog shows this.)

A comment on this blog post helped fix it without a reinstall:

wsusutil movecontent D:\WsusContent D:\WsusContent\movelog2.log -skipcopy

After a reboot (and waiting, as WSUS isn’t very speedy) , the updates started downloading.

For future installs: don’t specify the just the root of a drive, specify a subdirectory like “D:\WSUS”.

PS: here’s what the log file says:

2017-04-07T21:04:23 Successfully stopped WsusService.
2017-04-07T21:04:23 Beginning content file location change to D:\WsusContent
2017-04-07T21:04:23 Did not copy files due to -skipcopy flag.
2017-04-07T21:04:23 Successfully changed WUS configuration.
2017-04-07T21:04:24 Successfully changed IIS virtual directory path.
2017-04-07T21:04:24 Successfully removed existing local content network shares.
2017-04-07T21:04:24 Successfully created local content network shares.
2017-04-07T21:04:24 Successfully changed registry value for content store directory.
2017-04-07T21:04:24 Successfully changed content file location.
2017-04-07T21:04:25 Successfully started WsusService.
2017-04-07T21:04:25 Content integrity check and repair...
2017-04-07T21:04:25 Initiated content integrity check and repair. DNS based ad-blocking is a fun little project. I set it up as a VM and set my DHCP server to use it as the DNS server and whammo! insta-adblocking.


  • Easy to install and setup. (Walk through the wizard to install, then update your DHCP server to use pi-hole as your DNS server.)
  • Fast and small. (Well, it was designed to run on a Raspberry Pi.)
  • Nice GUI and reports.
  • Effective.
  • Fun little weekend project.


  • There is nothing bad, but I wish it would run under Alpine Linux. The Ubuntu server I spun up is terribly large.

RESULTS: doesn’t block everything that uBlock does, but it does catch an extra 3% more ads than without uBlock (according to the sites I visit), and it will help all the tablets and phones on your network that don’t have uBlock.


Rebuilding WSUS gotchas

I had to rebuild my SUS server because the old one was still on Win2008 (x86) and I couldn’t get any of the Win10 Anniversary Edition updates.

After rebuilding the server, everything is going great. The service is installed, the updates are downloading, and I see that there are updates for the SUS server pending. So I apply them and reboot.

And the updates breaks SUS and the SUS Console giving me a constant “Reset Server Node” error.

I found this post with details to fix it. KB3159706 needs some post install steps done to unbreak SUS. (Why can’t these post install steps can’t be done automatically or with a warning?)

Summary of the fix:

  1. Open an elevated Command Prompt window and run: “C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing
  2. Install HTTP Activation under .NET Framework 4.5 Features
  3. Restart the WSUS service.

Also, don’t forget to add the port (:8530) to the GPO:


(I haven’t configured SSL yet. It is recommended, and it does change the port to 8531.)

Weird interface name

I didn’t know that systemd was going to screw with the ethernet interface names in 16.04, so it was quite a surprise when I fired up a new install of Ubuntu 16.04.2 LTS and found enp0s3 instead of my trusty old eth0.

This page has a great write up on why the change was made.

And this page has a great write up on how to change it back.

I prefer the second link.

LDMS 2016.3

Ivanti Landesk Management Suite 2016.3 is probably the most buggy it’s ever been. Ivanti Landesk has taken the crown when it comes to shipping a product so full of bugs that it’s hardly usable.

Here is a list of what I’ve encountered so far. Note that I haven’t dove deep into any of the features yet. I’m just trying to get AV and inventory stabilized.

  1. Kaspersky/Jabber/Win10 issue is back!
  2. Corrupt antivirus definitions on new agent installs.
  3. Security menu doesn’t work, so I can’t fix corrupt av definitions.
  4. Console extender renames items sometimes. Have to restart console.
  5. Console extender no drag n’drop. (bug or missing feature?)
  6. Legacy RC 2016.3 can’t remote control an older agent (2016.0).
  7. No software deployment run on older agents (2016.0).
  8. Can’t provisioning into VMWare Workstation. (I’ve tried editing the .vmx)
  9. LDAV.exe crashes when trying /updatefrominternet. (bummer, that’s the fix for #2)
  10. Uninstalling a partially installed agent fails and b0rks future agent installs. (I had to rebuild a server over this.)
  11. Coworker can’t install console until we install 9.6 console, upgrade to SP2 then upgrade to 2016.
  12. Restarting servers because of “Legacy API shutdown”. (Even though the agent is set to never reboot a server.)
  13. (UPDATE) Previous PXE agent service (2016.0) disappears off the PXE server w/o installing the new agent.
  14. (UPDATE) 2016.3 installer doesn’t detect x64 properly and tries to install Remote Console on Win7 SP1 x86. (These kinds of bugs really annoy me, because this is just sloppy workmanship.)

The first three are the most important. If I could get those fixed, the rest could me annoyances.

UPDATE 2017-03-10: Service Update 3 fixed #2 and #3.