Facebook Account Takeover Hack, but Meta Does the Most Damage

On February 24th, 2022, the same day that Russia invaded the Ukraine, my Facebook account was the target of a successful Account Takeover attack. In the 30 minutes it took for me to respond to the attack and get the account locked, the hacker/s exploited Facebook’s own tools to successfully lock me out of my account. As of the time of writing this post, 4 days remain before Meta permanently deletes my Facebook account, an account that I have built over the course of more than a decade. It will be a loss that I will not soon forget – or forgive. But it’s the lack of any accessible human intervention or assistance from Meta/Facebook that is doing the most damage.

How did they do it?

Simply put, the attacker/s exploited Facebook’s “forgot password” feature. When someone forgets their password (usually because they’re not using a password manager), they can request that a password reset link be sent to their email address. For some of us, there is more than one email address associated with the account. In my case, I had added an email address to my account to verify ownership of a domain so that I could regain control of a client’s Facebook business page.

It was using this email address that the attacker/s were able to exploit the forgot password feature and gain access to the account, and they did it by taking the expired domain name and registering it themselves so they could receive the email to reset the password.

Timing was also key here, as I had, coincidentally, relaxed my FB account security in order to help try to address harassments my significant other was experiencing on FB (another issue that Facebook was not addressing).

Once in the account, they deleted the other email addresses, and began engaging in whatever nefarious activity they chose to pursue, including running advertisements using my Facebook Advertising account.

Now, since I don’t allow people to discover me using my email addresses, I am left to wonder – what kind of OSINT activity was used to gather the email addresses that were on my account in the first place? My best guess – Cambridge Analytica.

30 minute response time

From the first email requesting the password be changed to the moment when I was able to get Facebook to lock the account as having been hacked, only 30 minutes took place. But in that 30 minutes, a lot of damage was done.

Since I do know people from the Ukraine, and since this all happened during the first day of Russia’s invasion of the Ukraine, I have to believe that Russian hackers are the most likely source of the attack; though, it would be next to impossible to prove this without some kind of cooperation from Facebook/Meta – and there seems to be little or no interest on Meta’s part to help in any way.

Of course, it is a little more sophisticated. Emails from Facebook during the Account Takeover show that an iPhone was used to change the password via an IP address belonging to Comcast/Xfinity in Portland, Oregon.

My response

Within the first 30 minutes of the attack, I reported the attack to Facebook, and they responded that the account had been locked pending verification. I then had to proceed through a reset password using previous passwords, but, since the email address I actually use had been removed, I had to take the added step of providing a copy of my ID. It took about 2 days for Facebook to verify the account and change the primary email address back to what it should have been.

But, when I logged in, I was greeted with a message that my account had been suspended due to posts or comments that didn’t follow Facebook’s Community Standards. My only option was to request a review – which I did.

Meanwhile, I also reached out to GoDaddy, the domain registrar that had been used to register the domain and use it for the hack, and notified them of the activity. They asked for evidence to support my claim, which I sent them, and they responded swiftly, revoking the domain name registration for whoever had just registered it within just 48 hours.

I also notified Xfinity/Comcast, who confirmed that one of their IP addresses had been used in the attack and they opened a case – I haven’t heard back.

Then, a few days later, on March 1st I received another notice from security@facebookmail.com that my account may have been accessed and I was required to change the password, which I did. Upon logging in, the message remained that the account has been disabled and a “Review requested.”

I have also tried submitting evidence of the hack via a Facebook help page, but the submission was rejected. If I login, as suggested by the error message and return to https://www.facebook.com/help/103873106370583/ and click the link to “use this form to request a review” it just takes me to the page that says the account is suspended and that a review has been requested. It is at this point that words reminiscent of the immortal George Carlin come to mind – What Review?!!!!

On March 6th I received a message from PayPal that my payment to Facebook Ads had been successfully processed – only, I hadn’t authorized any advertisements. So, I started a dispute through PayPal – but that required waiting months for a response from Facebook. That left me with only one option – I contacted my bank. When they learned of the attack, they took swift action – disputing the charge with PayPal, who did then (based on this information from the bank) refund the money. The bank then shut down the account and I had to open a new one.

I also filed with both the FBI and the FTC, detailing the attack, and sent emails to every Facebook/Meta support resource I can find, including paypal.ads3@fb.com, disabled@fb.com, support@fb.com and via Twitter. In response I have heard … nothing.

It is worth noting that there is no evidence that Facebook/Meta is doing anything. Logging into the FB account says that a review has been requested, logging out says that time is running out to request a review. So, is anything happening at all? Probably not. Even tagging Meta’s head of security policy does nothing to draw attention to this problem.

Oh let the bots come rolling in

In case you’re wondering what happens when you reach out on Twitter for support, let me tell you – the bots. Oh, my, the bots. “Did your account get hacked? Try this hacker security something or rather and they’ll get your hack back.”

Now, even if there are legitimate companies out there who could, potentially, help someone regain access to their account – it shouldn’t be necessary. And the absence of any meaningful response from Facebook/Meta to Account Takeovers like this means that even more unscrupulous players swoop in, like botfly laden mosquitoes, ready to pounce on people who have already been the victim of an attack.

The prevalence of these predators is entirely Facebook/Meta’s fault. They could fix this, by simply making sure that victims get live, human responses instead of relying on incomplete and/or broken AI.

What will be lost

So much will be lost if Facebook does nothing to help with this (and I have no reason to believe they will). Along with communication I have had with people via messenger, and all the contacts that I have made over the course of a decade, which includes personal, business and political connections, there are also the pages of friends and family who have died. Anything I had been tagged in over the years, the long history of that FB account, so many events that I helped run over the years, all will be lost to the etherverse. So, too, will my business FB page (which has also been disabled as a result of this attack), group memberships, including groups I managed (like an Autism Dads and Men’s group). Fortunately, it looks like my Oculus purchases might be safe, since Meta backed off on that requirement, but I was concerned about that, too. Some of this loss won’t be tragic, others, will be harder to handle. I already miss my Grandmother. Losing access to the FB messages we sent back and forth will definitely be something hard to forgive.

The Data Protection Agency

I’m not the only person to complain about the lack of any kind of access to a real human at Facebook to deal with these problems. And, while I have been reluctant to join the oversight party, having looked at Facebook’s terms of service and the limited amount of responsibility that they choose to take for themselves, I have to say that this experience has pushed me to support the movement for a Data Protection Agency in the U.S. Among the other proposed elements of this legislation, it would require companies like Facebook to disclose hacks and breaches, and would prevent accounts from being deleted during the course of an investigation. As the hour grows closer for my account to be deleted, not by the hackers, but by Facebook for failing to address the actions of the hackers, I definitely see the appeal of such legislation.

Google Cloud SSH Permission Denied Public Key

Debian LogoI recently ran into an issue with a Debian VM instance that had been upgraded from Stretch to Buster. Prior to the upgrade, the ssh via gcloud os login worked just fine. After the upgrade, however, every attempt resulted in a permission denied error.

Now, there are a lot of posts and threads about this particular error. In this case, however, none of them provided the necessary answers to solve this particular scenario. Worse, yet, the backup user account was (suddenly?) no longer or otherwise not in the sudoers group – which added a minor complexity to the troubleshooting.

Post upgrade problem appears :

gcloud beta compute ssh –zone “<zone name>” “<vm name>” –tunnel-through-iap –project “<project name>”

<username>@compute.: Permission denied (publickey).
ERROR: (gcloud.beta.compute.ssh) [/usr/bin/ssh] exited with return code [255].

Troubleshooting – unique elements only

  1. Login to Cloud Platform
  2. Create a Snapshot of the VM
  3. edit the VM Instance
  4. Enable connecting to serial ports and save
  5. connect to the serial port (I found it useful to do this from a terminal window on a separate screen)
  6. gcloud compute –project=<projectname> connect-to-serial-port <vmname> –zone=<zonename>
  7. Reset the vm
  8. Look for the following from the console as the VM reboots : localhost systemd[1]: Reloaded OpenBSD Secure Shell server. [ 12.027817] google_guest_agent[378]: ERROR oslogin.go:147 Error updating NSS cache: exec: “google_oslogin_nss_cache“: executable file not found in $PATH. localhost google_guest_agent[378]: ERROR oslogin.go:147 Error updating NSS cache: exec: “google_oslogin_nss_cache”: executable file not found in $PATH.
    (note – if you still have sudo access via the serial console, you can obviously skip this next step since it’s just adding an existing user to the sudoers group)
  9. Edit the VM Metadata
  10. key : startup-script
    value : #!/bin/bash usermod -aG sudo
  11. Reset the VM
  12. Login using the indicated username and verify sudo
  13. remove the startup-script from metadata
  14. sudo systemctl list-unit-files | grep google | grep enabled
  15. Verify the following : google-disk-expand.service enabled
    google-guest-agent.service enabled
    google-osconfig-agent.service enabled
    google-shutdown-scripts.service enabled
    google-startup-scripts.service enabled
    google-oslogin-cache.timer enabled
    Note, especially, if google-oslogin-cache.timer is missing.
  16. sudo apt-get update
  17. sudo apt-get install
  18. curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add –
  19. DIST=$(cat /etc/os-release | grep “VERSION=” | sed “s/\”\|(\|)\|VERSION=//g” | awk ‘{print tolower($NF)}’) sudo tee /etc/apt/sources.list.d/google-cloud.list << EOM deb http://packages.cloud.google.com/apt google-compute-engine-${DIST}-stable main deb http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-${DIST} main EOM
  20. sudo apt update
  21. sudo apt install -y google-cloud-packages-archive-keyring sudo apt install -y google-compute-engine google-osconfig-agent
  22. sudo reboot
  23. check from your local machine to see if the problem is solved.
  24. gcloud beta compute ssh –zone “<zone name>” “<vm name>” –tunnel-through-iap –project “<project name>”
  25. if not, then : sudo apt update sudo apt install google-compute-engine google-compute-engine-oslogin google-guest-agent google-osconfig-agent
  26. Check again from your local machine to see if the gcloud compute ssh connection works.
  27. If it’s all working, remember to clean up any unneeded snapshots
  28. Edit the VM instance, disable “connecting to serial ports” and save

Wrap up and Links

Hopefully that helped solve your problem. If not, here are a few links that may guide you towards a successful resolution :


Suspicions arise during search for Email to PDF solution

The problem presented

First, a little background on the problem itself. The task to convert a large number of emails to PDF as part of a legal discovery.  Converting individual emails to PDF is not a big deal – open, print to PDF. That’s pretty much a standard feature on most desktop operating systems today. The problem arises when there are dozens, or even hundreds of emails that need to be converted. In this case, something more robust than this one by one solution is required. Okay, surely there are some products out there that are available.

What do the forums have to say?

This seemed like the kind of problem that a little search engine work and visits to the standard places, Spiceworks and Stackexchange, for example, should be able to provide a ready solution for. And, indeed, there were some fairly consistent answers, which were corroborated by some individual sites. In addition to the Adobe products, three that came up were Mail Converter Tools, Aryson PST File Converter,  and SysTools MSG to PDF Converter.

  • https://www.the-next-tech.com/top-10/how-to-batch-convert-outlook-email-message-to-pdf-format/
  • https://community.spiceworks.com/how_to/170844-how-to-convert-pst-to-pdf-with-attachments
  • https://community.spiceworks.com/how_to/169561-how-to-convert-eml-file-to-pdf-file-using-free-professional-method
  • https://softwarerecs.stackexchange.com/questions/49107/export-emails-and-attachments-to-pdf
  • https://sysc.org/export-multiple-outlook-emails-to-pdf/


Checking the details

Aryson Technologies

Let’s start with Aryson Technologies PST Converter. The specs page seems to suggest the product offers a lot of features, far more than what the project calls for. Sounds great – right up until the FAQ’s. Here’s where I first start getting uncomfortable. To begin with, Q1 reads “Kindly follow the instructions when using Windows 10.” Kindly? Let’s read on :

  1. Go to Windows Defender
  2. Click on ‘Settings’.
  3. And turn of ‘real-time protection’.

Hold on. Wait. What?!! Let’s dissect this. First, it wants people to turn off security software?! Well, actually, it wants to turn ‘of’ the software – a simple misspelling, true, but, re-reading, the page there are a number of of unusual word choices and phrasing. There’s also no spacing between “Electronic” and “Yes, or “Version” and “V20.0.”

Aryson Technologies Page Language and Spelling plus Disable Windows Defender raises doubts

While the spelling alone shouldn’t be a show stopper, the request to turn off security software does set off alarm bells.  Still, I keep scrolling. I get to the footer, and I see more misspellings and odd phrasings, like “At Service Since” instead of “In Service Since” or “In Business Since” and the word “Useful” in “Useful Links” is misspelled, too. But, the answer is here, too : There are two addresses shown : one at 2880 Zanker Road, Suite 203, San Jose, CA – 95134, USA, the other in Uttar Pradesh India.

Aryson Technologies US Addresses Operates out of a coworking space

Now, software from another country isn’t entirely a show stopper, even if the security software FAQ has me concerned, so I press onto the Buy Now,  option. There are two payment methods : PayPal, and share*it.

Trustpilot, btw, gives shareit a score of 1.8 out of 5 – aka “Poor.” https://www.trustpilot.com/review/shareit.com

Too many problems are showing up for my comfort level, especially for the

Which reminds me – how did I get here again? Oh, the posts on Spiceworks – one authored by Adom from Aryson Technologies, and the other a comment on another thread by the same person. Hmmm.

Mail Converter Tools

Next on this list, based on comments on the same Spiceworks thread by Aryson was a link to Mail Converter Tools. The price looks decent, specs look good enough, but I want to scroll quickly. Wait – that section “You Might Be Interested in These Products Too” looks awfully familiar. Yep. It’s almost identical, including many of the product offerings, to the one from Aryson.

Aryson Technologies You might be interested in these products too

Mail Converter Tools You might be interested in these products too

Let’s check contact us.  Well, well. Remember that 2880 Zanker Road address we found for Aryson – here it is again. Okay. Alarm bells for both products are going off, now. Let’s dig further :

2880 Zanker Road : Listed on Regus.com as a coworking space.

Okay, now, I appreciate the value of these kinds of office spaces, especially for those who don’t want to, or cannot, advertise their home addresses. But we are talking about purchasing products that are being advertised as purchased by the likes of IBM. This isn’t sitting well with me.

And how about that domain – sysinfotools. That shows it as being in Noida, U.P. India. We’re definitely talking the same company, now.  Granted, the company offers Affiliate and Reseller programs, but my confidence in any of their products is now gone.

SysTools MSG to PDF Converter

Okay. I realize I’m already jaded at this point, but we just went from Sysinfotools to SysTools. I’m already not optimistic, here. Right off the bat, their post about How to Save Outlook Email as PDF shows that they are operating out of India – note the email address at bharatnewstv.in .

SysTools Manual Steps Shows India Email Address

Okay, let’s jump to the Contact us : PO Box 36 in Springville, Utah.

Sysc Contact Us in Utah

How did we  get here? It was a post on a site called sysc.org , and where does their Contact Us show they are located – yep. You guessed it – Utah.

In Summation

None of this speaks to the validity or functionality of these products. They could be legitimate, fully functional products. However, in order for me to choose, or recommend a product, I need to feel that I can trust that product, and the company behind it. I need to know that I can get support, and that I’m not creating risk through the risk of these products. My look at these products so far, however, does not leave me feeling that I can trust these products. Maybe you have more experience with the specific products than I do and can vouch for them. If so, that’s great. But I encourage everyone to do your research before purchasing products like these – and question everything.

If you’re looking for a quick and easy solution right now, I suggest you try Adobe Acrobat Professional

Hot Swap Raid 10 Drive with no Reboot on Dell Poweredge R530 with PERC H730P

Dell’s documentation on the R530 and the PERC H730P leaves a lot to be desired, especially when it comes to the contradictory nature of the information on hand. This Dell community post from 2019 shows just how confusing it can be as a result. In it, the OP laments that they are “Still in disbelief, with how much money I paid for this Gen-12 server, that I have to reboot to take a hot-swap drive offline in preparation for replacement!” Whether that was true of the idrac firmware installable at the time is unclear, but that’s not the only area of confusion as this belief carries on in this community post from 2021, in which a DellEMC employee states “If it is iDRAC8 then you can do it from iDRAC but need a system reboot. You can also do it from PERC configuration utility during boot.” And, just to add in injury to insult, this Dell EMC PowerEdge RAID Controller 9 User’s Guide H330, H730, and H830 article only defines Hot Swapping and tells you it is only possible if the controller supports it and the drives match.

This spec sheet for the R530 from Dell lists a variety of different RAID controller options available for the R530, but says nothing about whether any of the controllers support hot swap.  This continues on this Dell spec sheet for the H730P which still mentions nothing about hot swap, mentioning only hot spare. In several places online I found mention of the R530 supporting Hot Plug, rathe than Hot Swap (though it does point readers to the owners manual).

Is there any hope?

The Dell PowerEdge R530 owners manual is the first place we really see any hope that the server does, in fact, support hot swap, both in the “Front Panel Features” and in the “Installing a hot-swap hard drive” sections.  Okay. That’s great. Now what? Dell lays out one option in this article titled “PowerEdge HDD: How to physically replace an HDD (Hot Swap procedure).” Finally!

By this point, it would be easy to rush into the replacement process. But there are pre-requisites that could be easily missed in a rush, and one option to ensure those are completed are laid out in this article titled “Dell PowerEdge: How to switch offline a hard disk using OpenManage Server Administrator

Can this be done Using racadm?

Yes, and no.

On a Windows Server, using Admin permissions, you can run the following :

  • racadm storage get pdisks
    • The results will look something like this :
      • Disk.Bay.0:Enclosure.Internal-0-1:RAID.Integrated.1-1
    • Copy and paste the entire line for the drive that is in imminent failure.
  • racadm raid forceoffline:Disk.Bay.#.Enclosure.Internal.#-#:RAID.Integrated.#-#
    • Remember, everything after forceoffline: will be copied and pasted from the appropriate line from the get pdisks command.
  • If all goes well, the results will include something along the lines of :
    • STOR094 : The storage configuration operation is successfully completed and the change is in pending state.
      • Those last few words are important : change is in pending state. Now, read further on :
      • To apply the configuration operation immediately, create a configuration job using the –realtime option.
  • racadm jobqueue create RAID.Integrated.#-# -s TIME_NOW –realtime
    • Note that the #-# portion is simply the text from :RAID in the racadm storage get pdisks line.
    • If the operation is successful, it will read as follows :
      • RAC1024: Successfully scheduled a job.
        Verify the job status using “racadm jobqueue view -i JID_XXXX” command.
        Commit JID = JID_#########
    • racadm jobqueue view -i JID_#########
    • Continue re-running this command until the Percent Complete=[100]

Technically, the job is done and you can use several different options to view the state of the disks and confirm that the disk is offline. Once replaced, the array should detect it is in a degraded state and begin rebuilding with the new drive. But, how do you know? This is where racadm fails us. As far as I know, there is no way to query the state of the rebuild with racadm. But you can do it with omreport :

  • omreport storage pdisk controler=#
    • Look for the State, and the Progress to confirm that it is rebuilding, and then you can monitor the % complete.

And that’s it! A successful hot swap of a hard drive in a RAID array with no reboot on a Dell PowerEdge R530 with a PERC H730P.

Quickbooks Printing error and the Windows Print Spooler

When opening QuickBooks you might receive an error about a missing component that affects PDFs. After acknowledging the error, you find you can’t set up printers or print anything at all, in fact. The error reads as follows :
QuickBooks detected that a component required to create PDF files is missing. This may cause issues with printing transactions, emailing forms or saving anything as a PDF file inside of QuickBooks desktop.
There are a multitude of sites that talk about deleting or renaming (a better option) the QBPrint.qbp file in C:\ProgramData\Intuit\QuickBooks #### replace the #### symbols with the year version of your QuickBooks. This has approach consequences, however, like the fact that you may have to set up all your printers again and even re-edit some forms. Worse yet – it may or may not even solve the problem.
There is, however, another possible solution that is much less invasive – the Windows Print Spooler.
To find it, click your start button and type “services” or use your Windows Key+R to bring up the run window and type services.msc into the open line and click ok (or hit enter). This will bring up the list of services. If the Name column isn’t sorted alphabetically, click on it to sort it then find print spooler. If it’s not already running, right click and choose start. If it’s disabled, then right click and choose properties, set the startup type to either Manual or automatic, then click start and Okay. The service will start. Now return to QuickBooks, exit and re-open. If all is well, QuickBooks will open without any errors and you will once again be able to print.
If the Spooler is already running, try right clicking on it and choosing restart, then quit QuickBooks and re-open it and see if the error goes away.


The ZyXEL VPN100 is the company’s lowest tier of VPN/SD-WAN appliance that is Rack Mountable. Other options are the VPN50 (not rack mountable), VPN300 and VPN1000 (both rack mountable).

The VPN100 includes 4x Gigabit LAN, 2x WAN, 1x SFP port, 1x DB9 console port and 2x USB 3.0 ports.

Similar to other ZyWALL products, the device can also provide AP Management services, with a default of 8 managed AP’s before additional licenses are required. Up to 72 wireless access points can be managed with the VPN100, though the recommended maximum access points per group is 60. In addition, the device supports up to 10 SP350E ticket printers for those wanting to use the hospitality gateway features, such as smaller coffee shops or hotels.

Also in alignment with other ZyWALL products, there are two basic versions of the device : the base hardware version, and the UTM bundled version. The UTM bundles include options for AntiVirus, AntiSPAM, Content Filtering and Intrusion Detection and Protection and GeoFencing. The UTM features can also be purchased separately in the event that, for example, you aren’t hosting your own email server behind the firewall.

One of the key features of the ZyXEL ZyWALL products is their support of IKEv2 for both site-to-site VPNs and for road warrior or client-server vpn connections. IKEv2 configurations can be created in a variety of configurations, with PSKs, certificates, EAP and combinations thereof supported.

Full specs can be found on the ZyXEL website at https://www.zyxel.com/us/en/products_services/VPN-Firewall-ZyWALL-VPN100/specifications


DIY : ZyXEL ZyWALL VPN100 on Amazon

Hire ECLAT Tech : Call 503-629-9214 for project pricing including equipment.

Powershell – Add-VpnConnection errors in Windows 10 Version 1909

This document is straight up for sysadmins and PowerShell junkies (and Microsoft, assuming anyone from stumbles across this). Beginning somewhere around Windows 10, Version 1909 (18363.1256), an error appeared making long standing PowerShell scripts suddenly begin to fail.

The Commmand

Add-VpnConnection -Name ($ikename=Read-Host "VPN Name") -ServerAddress ($fqdnval=Read-Host "fqdn") -TunnelType Ikev2 -EncryptionLevel Maximum -AuthenticationMethod EAP -RememberCredential -SplitTunneling $true -PassThru

The Errors

If this command is run without elevated privileges, it will fail with the following error :

Add-VpnConnection : VPN connection test ikev2 cannot be added to the global user connections. : Access is denied.
At line:1 char:1
+ Add-VpnConnection -Name $ikename -ServerAddress $fqdnval -TunnelType ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (test ikev2:root/Microsoft/...S_VpnConnection) [Add-VpnConnection], CimException
+ FullyQualifiedErrorId : WIN32 5,Add-VpnConnection

It would be easy enough to assume, then, that this should simply be run with elevated privileges. And, indeed, the connection is created successfully. However if you return to a non-elevated PowerShell window and run the following :

Get-VPNConnection -Name $ikename

The connection will be appear to be missing, and generates the following error :

Get-VpnConnection : VPN connection test ikev2 was not found. : The system could not find the phone book entry for this
At line:1 char:1
+ Get-VpnConnection -Name "test ikev2"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (asprv ikev2 36:root/Microsoft/...S_VpnConnection) [Get-VpnConnection], CimException
+ FullyQualifiedErrorId : VPN 623,Get-VpnConnection

It just doesn’t appear. To get it to appear, you must use the following :

Get-VPNConnection -Name $ikename -AllUserConnection

Which produces a result similar to the following :

Name : test ikev2
ServerAddress : host.eclat.tech
AllUserConnection : True
Guid : {F3FCC298-89EB-46C5-8D14-BFBD03FC1879}
TunnelType : Ikev2
AuthenticationMethod : {Eap}
EncryptionLevel : Custom
L2tpIPsecAuth :
UseWinlogonCredential : False
EapConfigXmlStream : #document
ConnectionStatus : Disconnected
RememberCredential : True
SplitTunneling : True
DnsSuffix :
IdleDisconnectSeconds : 0

The important part to note here is this line :

AllUserConnection : True

You can also see this in Control Panel\Network and Internet\Network Connections

Control Panel > Network and Internet > Network Connections Showing VPN Owner as System

Control Panel > Network and Internet > Network Connections Showing VPN Owner as System

Note the Owner column lists “System” instead of computername\username or domainname\username.

Digging Deeper

Turns out, now, despite the lack of a flag to set the connection as an All User Connection, when the command above is run, it stores the connection in :
If you open that document with a text editor, you will see only the entries that have been created as though they had been configured for AllUserConnection $true. But, why?

The bug

Turns out, the bug comes from the following flag :
-SplitTunneling $false
Note that there is nothing inherent to Split Tunneling that should suggest the VPN should automatically be changed from a “Current User” or “Me Only” to an “All Users.” Frankly, this is a security risk, too.

The Workaround

Okay, so, here’s the workaround – separate out the -SplitTunneling from the rest of the command, and add that in a second command. Note that it no longer matters if you add the connection from an elevated PowerShell prompt or not.
Add-VpnConnection -Name ($ikename=Read-Host "VPN Name") -ServerAddress ($fqdnval=Read-Host "fqdn") -TunnelType Ikev2 -EncryptionLevel Maximum -AuthenticationMethod EAP -RememberCredential -PassThru
Get-VPNConnection -Name $ikename | Set-VPNConnection -SplitTunneling $true

Now, you will see the correct owner listed in Network Connections, and the Get-VPNConnection command will display the connection without issue. However, there is still a problem.

More Bugs?

Remember that connection that appears with the owner as “System?” You want that gone, right? This is supposed to be the command to remove it :

Remove-VPNConnection $ikename -Force

But that produces the following error – whether in an elevated PowerShell window or not :

Remove-VpnConnection : VPN connection test ikev2 was not found. : The system could not find the phone book entry for this
At line:1 char:1
+ Remove-VpnConnection -Name "test ikev2 " -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (test ikev2:root/Microsoft/...S_VpnConnection) [Remove-VpnConnection], CimExceptio
+ FullyQualifiedErrorId : VPN 623,Remove-VpnConnection

Not found? That can’t be right. You check rasphone.pbk – and it’s there. It shows up in Network Connections. WT[H,F]?
Remember, this is happening in an elevated PowerShell prompt. Still, you try this :

Remove-VPNConnection $ikename -AllUserConnection -Force

And it finally works. Now, that seems rather buggy, doesn’t it?!!! Fortunately, this one is rather consistent. Even in an elevated prompt, the Get-VpnConnection STILL won’t show all user connections without that -AllUserConnection flag. It’s a little irritating, especially since you can’t see ALL the vpn connections in a single list, but it can be useful if you are trying to find connections that are not supposed to be one way or the other.

Of course, by now you probably just want to rename that final successful entry, right? Yeah, good luck with that. Best just to delete and re-create or rename it through the GUI and move on.
Good luck!

Basic Steps for Using your own Router with Comcast Internet Service

I must preface this by saying that networking is hard, so no-one should feel badly about their abilities if you find this process challenging.

While adding a router into a network, even a home network, might seem like an easy thing, there are many details that often get overlooked. It is these gaps that result in internet speed issues, connectivity problems, and even getting hacked. The nature of networking, wireless, and security is also evolving and changing quickly, making it altogether more difficult.

If you are unfamiliar with IP addresses, the difference between public and private IP addresses (more generally, WAN vs LAN), DHCP, the difference between http and https , and/or firewalls, then I highly recommend you hire someone to help you with this part of the project. And, before you ask – no, Comcast will not help you with this, except to disable the wireless on their device and put it into bridged mode. Everything on your router is up to you, or whomever you hire.

If you still want to try this on your own, then, by all means, feel free to follow the basic steps that follow. Do keep in mind that this post is a basic overview, so you must be able to interpret some of these steps in a manner that is consistent with the particular equipment you are using.

Basic Connectivity

Generally, the basic setup is that your Comcast coax cable gets screwed into the F-Type connector on the DOCSIS modem. Unless you’re forced to rent this, the far cheaper, and more secure, option is to buy your own (new) modem.

If there’s only one Ethernet port on the modem you purchased, then that will be your connection between the modem and the WAN port on your router. If not, be sure that you are patching between the WAN port on yoru router and one of the LAN ports on the modem.

Now, you’ll use either wireless or (preferably) an ethernet cable to connect your computer (or tablet or phone) to one of the LAN ports on your router.  Don’t connect the router to the modem until you have changed the defaults on your router.

Last, but not least, is location. If this router is going to provide the wireless for your apartment or home, then you must be sure that it is located somewhere that ensures a good strong signal everywhere you plan to use it. Otherwise, you may need to consider adding in another wireless access point. Remember that the Ethernet cable that connects your router to the modem can be up to 100 meters long, so you have lots of flexibility in the placement of the router relative to the location of the modem.


This is where all the magic happens.

  1. Plug in and power on the router.
  2. Connect to the router from your phone or tablet, either via wireless or (preferably) via an Ethernet cable.
  3. Find the default IP address of the router, either from documentation, or by looking at the IP information on your device.
  4. Using a browser, login to your router and immediately change the default username and/or password (sometimes you can only change the password).
  5. If you know how to do so, feel free to change the IP address ranges of the LAN, or just leave them as they are.
  6. Change the Wireless SSID and Passwords for both the 2.4 and 5GHz Frequencies.
  7. If there are guest wireless networks enabled by default, either change them, or disable them to meet your needs.
  8. Check to see what IP address the WAN Port of your router obtained. If it’s in one of the private IP address ranges (like 10.1.10.x or 192.168.100.x), then you’ll need to log into the modem and make changes.
  9. Now you can connect your router’s WAN port to the LAN port on the DOCSIS modem.
  10. Login to the modem via the Gateway IP address obtained by the WAN Port on your router, or using the default IP address for your model, which should be in the documentation, or even a label on the modem.
  11. Immediately change the default username and/or password (sometimes you can only change the password).
  12. If there’s any wireless on the modem, turn it off – all of it. Find both the 2.4GHz and 5GHz frequencies and disable both of them. If this is a Comcast owned/leased modem, call them and ask them to turn all wireless off, because you will only be able to disable the LAN side wireless, but not the wireless they provide, for free, to everyone (called Xfinity) via the internet connection you are paying for.
  13. Now, disable DHCP on the LAN.
  14. Finally, set the modem into Fully Bridged mode (this is a made up term by Comcast – everyone else calls it bridged mode, but Comcast modems have both a “Bridged” mode, which really isn’t bridged, and “Fully Bridged” which really is bridged.
  15. Save and apply the changes as necessary.
  16. Check your router. You may need to renew the DHCP lease on the WAN interface.
  17. Confirm that it is receiving a public IP address. If it’s not, you’ll need to double check the router and make sure that it’s in bridged mode and start troubleshooting.
  18. Change the WAN DNS servers to something that’s not on Comcast servers – there are lots of reasons for this, just, seriously, do it. The easiest two to remember are Google’s free public DNS servers, and
  19. Confirm that you have full internet connectivity and check for and install firmware updates for your router.
  20. If you feel it necessary, add in a static route to allow you to manage the modem, but make sure you can also add a security policy on the router’s firewall that restricts that access, especially since the Comcast modems do NOT protect you against hacking that’s initiated from inside your network (including malware/virus infections, phishing, neighbors or guests (wanted or otherwise) connecting on wireless, fake technical support, and so on).
  21. Last but not least, never reset the Comcast modem to factory defaults – no matter what the Comcast tech support says, as this will wipe out the changes you’ve already made. At most, you might need to reboot the modem and/or router (better routers will almost never have to be rebooted, except when their firmware is being upgraded).


Good Luck!

In a nutshell, the steps above will allow get you up and running. Keep in mind that there are a lot of DOCSIS modems out there, and a LOT of routers out there. Each of them is different, so you’ll need to interpret the steps above to conform to your specific equipment and software.

Also, the steps above will NOT work with the Comcast static IP addresses. That’s a whole different bag of tricks. If you have Static IP addresses from Comcast you really should be hiring an IT professional who is well versed in networks and has Information Security expertise to help you.

And yes, ECLAT Tech is available to help with any and all of these needs.

Create a Google Account using your own Business or Personal Email Address

Google has a wide variety of applications available for people to use. Most are free, and most have additional paid options. To use these applications, each user needs a login ID and a password. That is simple enough, but it’s too easy to rush through the process, accept the defaults, and miss critical details – like the fact that you don’t have to create an @gmail.com address to use a Google Account. In fact, if you already have an email account, especially for your business, it is better that you DON’T create a separate Gmail account.

The easiest scenario to present in explaining this is as follows :

  1. Someone you know shares a Google resource with you. Perhaps that’s access to a Google Analytics account, a large (or sensitive) file attachment, a spreadsheet or document, a whole folder on Drive, or any of the other myriad products.
  2. Having received the invitation to access the file, you click the link and it prompts you to login.
  3. One of two things happens. Either,
    1. Since you don’t, yet, have an account, you step through the process of creating one. But, in your haste, you miss something and create a new @gmail.com email address.
    2. You login using your personal Google account, instead of creating one for your work.
  4. The person you know then receives an email response to the invitation that comes not from your email address, but from either the @gmail.com address you just created, or your personal @gmail.com account.
    1. Should that person trust the request they just received?
    2. Are you going to actively monitor this new account, and the email notifications that are sent to it?
    3. What will you miss if you aren’t checking this?
    4. Do you want your employer looking into your use of a personal account for business use?
    5. Do you want your personal email and drive account to be reviewed by other people in the event of a lawsuit against the company you work for?
      1. Do you, as an employer, want employees to take such a risk, when a free, and much more manageable alternative exists?
    6. As an employer, do you want an employee who leaves to take their access to data from business partners and clients with them, or would you rather have an opportunity to maintain control of that access?
    7. What other new, and unforeseen, security risks have just been opened up?

This is a very normal sequence of events (and a very short list of the risks). Fortunately, you can get things back under control, and significantly improve your account security, by following the steps below. Note that these steps are best for someone who has a brand new account they haven’t really used the account for more than one or two files. Following the steps below also has a side benefit of securing the use of a Google account using the email address @ your business domain against possible use by an unknown third party. And, let’s not forget – you can start this process, for free. Even if you never choose to expand beyond the free products, you still get a raft of the benefits.

Step by Step

Step 1

Nothing exciting here. Just click the “create account” link.
The Google Sign in Page

Step 2

If you are using this for work, either because you work for someone else, or own a business, Click “To manage my business.”

Google Account Creation Choose yourself or To manage my business

Step 3

This is THE single most IMPORTANT step in the entire process. Be sure to click the link that says “Use my current Email Instead.” I’ve added a blinking yellow arrow here to make it as obvious as possible. It is this step that allows you to take full control of the account, simplifying and improving the security of your account all at the same time.
Google Account Creation - Click Use my current email address Instead where Arrow is Blinking

Step 4

This is it! It’s the moment when you enter your existing email address. It doesn’t matter if it’s your very own @abc.xyz that you use at work every day, or (if this is for personal use), your @aol.com, @hotmail.com, @yahoo.com, @whateverotherdomain. The fact is, entering this, here, gives you one fewer email addresses, and simplifies and secures everything else moving forward.

Google Account Creation enter YOUR email address

Step 5 – Keep the Verification Code Page Open

This is a bit of a two part step. When you see the screen below, keep the screen open and check your email for a confirmation code. Then enter that code into this screen. Checking your email might be easier to do on another device, while you keep this open.

Google Account Creation Code Verification Page

Step 5 – Check your Email

You’ll need the code from your email to enter into the code screen. Remember to check your spam/junk folder, just in case it was routed there – not all email providers play nice, here.

Google Account Creation - the verification Email and Code

Step 6

Even if you intend to use multi-factor authentication, it isn’t entirely necessary to enter your phone number here, unless you really want to. The birthday is to verify that you are at least the minimum age to use the Google products. it’s just a quick computer check, not a background check, so, feel free to use the correct year, and then, say, December 31st – just be sure to note this “birthday” into your Password management vault in case you need it later. As for Gender, once again – Google doesn’t need to know. Their advertisers might, but, feel free to say “Rather not say.” The choice is there for your privacy – I recommend you take advantage of it.

Google Account Welcome - Gender and Age

Step 7

Privacy and Terms is a long, interactive document, that gives you the choice to opt into, or out of, various services, right from the beginning. Please do take the time to review the various toggle buttons to choose the privacy settings that are right for you, and your intended use of the Google products.

Google Account Privacy and Terms

Google Account Privacy and Terms

Step 8

Once you’ve completed the opt in/out process in Privacy and Terms, I do recommend checking the box to receive periodic reminders about Privacy settings. Things do change, over time, and it does help to have a prompt to review them periodically and make adjustments. Otherwise, click “I agree,” and that’s it! You’re done, and you now have control over your Google Account in much improved ways that will benefit you, and your business/privacy, for years to come.

Google Account Creation Privacy and Terms


It might seem like eight steps is a lot to complete just to create an account. But, given the confusion that I’ve seen result from NOT following these steps over the years, they really are 8 steps towards simplifying your life immensely. And, really, what else can you do to simplify your life in just 8 steps? Well, you could sign up for a password manager, but, then, that’s another post.

Bonne chance!

A Brief Apple iPhone and iPad Exchange Settings How to

Periodic problems synchronizing data between iPhones and iPads and Exchange servers, especially calendars make it necessary to stop synchronizing the calendar, which forces the calendar on the phone to be deleted, and then renew synchronization, which forces a refresh of all the data from the server. Note that this will cause any local changes made to your calendar from your device to be lost, so make note those changes or manually create them through Outlook Web Access first.

On your device, open Settings.

Scroll to and open Accounts & Passwords.

Settings iOS on Apple iPhone and iPad

Select your Exchange Account.

Accounts and Passwords Settings iOS on Apple iPhone and iPad

Move the green slider on Calendars to the left. It will change color.

Account specific Settings iOS on Apple iPhone and iPad

You should be prompted to delete or retain the local copy of your calendar – choose delete.

Close out of settings, open your calendar and confirm that the Exchange calendar is, indeed, gone.

Repeat the above steps, this time moving the calendar slider from left to right, which will make it green again. Your calendar should begin synchronizing normally once again.

Any number of circumstances can create this issue, and many are well documented. If this doesn’t work for you, you’ll need to reach out to your IT Administrator for further guidance.