Teamviewer trouble, screen cannot be captured, fast user switching error message

Setting up Teamviewer for unattended access on Windows Server 2012 R2 but having trouble getting it work without first logging on to the server in some other way?

If you get the error “The screen cannot be captured at the moment. This is probably due to fast user switching or a disconnected/minimized Remote Desktop session.”, like in this picture:

chances are that you use a “User ID” instead of a “Server ID” when you connect with TeamViewer to the server. I’ve written on Superuser about this teamviewer problem. It took me some (unnecessary) time to figure out, so I hope this tip saves you some of your time.

boycott systemd

(link collection)

SystemD – it keeps getting worse

systemd is just wrong

Stop the madness before it is too late!

If you are a desktop linux user, especially if you like Gnome, there’s a big change (risk) that you are using systemd. Fine. No problem. Good for you.

If you however want to be in control of your server, enjoy flexibility and simple-to-grasp concepts, pretty much the essence of unix for the last 40+ years, you have probably come across an init or rc script that you can read and understand, as well as figure out how to replace it with something else. Perhaps when switching from sendmail to postfix.

Computers still get faster and faster, especially in parallel processing power, and operating systems, especially with a graphic desktop environment, get more and more complex. Thus it makes sense to utilise the increased processing power by doing more things  at the same time, thereby reducing start times.

Another aspect of the increased complexity in todays computer systems are that, partly thanks to the open source software movement, these complex systems are built much according to the unix philosophy: modularly. You take generic pieces of software that does something (and doing it well), and stick them together. This way you get much functionality, built on stable components, which is much better than in the closed-source version, where everybody reinvents the wheel, only with less quality.

How can I say that? Mostly because of very simple mathematical proof:

  • software takes time to write
  • time exists only 24h each day
  • the human brain can only focus on 1 thing at a time
  • bugs can be found in software
  • software is written by humans with brains

Because there are bugs in software, the less software (smaller codebase) there is, the fewer number of bugs it can contain. Smaller, less complex software pieces are more stable than big monoliths. Making changes in a big monolith is more difficult than changing the internals of a small tool/module with a clearly defined interface. The small module can be replaced/rewritten and exchanged with something that implements the same interface, without affecting the functionality of the complex system using it.

What is systemd?

A very bad idea in many ways, that looks appealing in some other ways.

Why is it bad?

Because it replaces /sbin/init, (PID EINS! as the author titles the pages on his nullpointer blog). PID 1, /sbin/init is the most important program in a unix system. It is responsible only for reaping zombies, being the parent process of daemons, and initially starting the system (hence the name “init”). This is the only special process in a unix system, and it is in fact so special that if this process dies, the entire system (the kernel) dies.

What do we know about bugs and code size/complexity? How would we want our most important process? Small and bug-free? Big and bloated? I’d like to say it’s your pick, choose what you like, but with systemd it’s not that simple, because it infects the major linux distributions, gaining momentum and requiring everybody that writes system-oriented open system software to adapt to systemd. After a while it will be too much trouble to maintain compatibility with traditional/portable solutions that have functioned very well for 40+ years now. Things that work on Solaris, BSD, Linux, OS-X that change to systemd, will be Linux-only, because systemd is linux-only, and will never be ported to other kernels.

Remember when Gnome was a desktop environment that you could run on Solaris and BSD? Well, no more. Gnome will have dependencies on systemd, meaning that because systemd always will be linux-only, so will Gnome.I’m late to the party, screaming about this now, many years too late, but it is IMPORTANT. Someone is wrong on the internet. Many before me have been upset about systemd and the many ways in which systemd is bad. There are lists detailing the top 5 systemd troubles, other good summaries on why systemd is bad for you. Some funnier than others, but I very much recommend reading all the linked pages from this post. Most of them are much more insightful and debating than what I can show in this short blog post.


[Solved] pfSense 2.1 nanobsd boot from USB automatically

I just configured pfSense 2.1 on a m-itx board that I will use as my main firewall at home.

I’m replacing my Cisco ASA with pfSense, because I only have a ASA license for 10 simultaneous hosts on the inside talking to the outside, which cause some strange errors from time to time.

The first time I came across this license limit, I was really puzzled and started reconfiguring DNS to try to resolve the problem. Glad I eventually looked at the firewall syslog…

Anyway. pfSense is really great, and configuration is a breeze. I made a bootable USB flash drive, and configured it in a few seconds. My problem was that after each reboot, it didn’t find the USB drive unless I chose boot menu option 3.

What I went looking for was a way to make the USB boot option 3 the default.

It turned out that the only thing that option does is introduce a delay in the boot sequence, so that the kernel/modules have time to probe the USB buses.

The solution was easy:

  • enter the Shell (choice 8 after pfSense has booted)
  • remount the root filesystem rw to be able to:
  • add /boot/loader.conf/local containing:


windows “tail -F” is called “SMS trace”

“SMS trace”/”trace32.exe” or “tracer.exe” for the command-line version of “tail -f” to continually monitor a growing log file can be found in the Microsoft Systems Management Server toolkit, nowadays called System Center Configuration Manager Toolkit (SCCM 2012).

Yay! I think I prefer cygwin + tail -f 🙂

Windows assign user privileges SeTcbPrivilege, SeCreateTokenPrivilege, SeAssignPrimaryTokenPrivilege to cyg_server user for sshd

To set up sshd on cygwin:

  1. install cygwin including the openssh package
  2. create local (or domain?) user “cyg_server” and make it member of the “Administrators” group
  3. gpedit.msc
  • Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
  • right click “Act as part of the operating system” -> Properties -> Add User or Group
  • right click “Create a token object” -> Properties -> Add User or Group
  • right click “Replace a process level token” -> Properties -> Add User or Group

Perform a “gpupdate” to sync the policy changes in the domain.

  1. start a bash (cygwin terminal) with Administrative privileges
  2. mkpasswd -l -d YOUR_DOMAIN > /etc/passwd #(skip -d YOUR_DOMAIN if not using a domain)
  3. mkgroup -l -d YOUR_DOMAIN > /etc/group #(skip -d YOUR_DOMAIN if not using a domain)
  4. ssh-host-config -y
  5. “cygrunsrv -S sshd” or “net start sshd”

Done! 🙂


X11 connection rejected because of wrong authentication – X11 forwarding suddenly fails

After ages of flawless X11 forwarding over SSH, today I started getting authentication errors and couldn’t even get a remote xterm to display locally over my ssh tunnel.


I tried ssh -Y, ssh -X and changes in sshd_conf on the remote server and ssh_conf locally, even though I knew that nothing had changed except a few patches to unrelated software on the local machine. Of course that didn’t help.

I ran xauth on the remote server, no indication of any errors.

It turned out that the remote /home filesystem was out of space, and this prevented the ssh X11 forwarding from working properly. I write this as a note-to-self, as it could happen again…

Outlook hangs with new account with missing credentials

Yesterday, at work, I was adding a group mailbox that I believed that I had access to, to my outlook 2010 client. For some reason only Microsoft knows about, this forces a restart of the outlook client.

It turned out that I didn’t have the permissions required to this shared mailbox, and when I started outlook it kept asking for username and password for that mailbox.

When I clicked “cancel”, outlook stopped responding for a long time, so navigating to the menu where I could remove the account again took an eternity.

The quick way to remove the account from outlook is, surprisingly, to use the control panel. There is a “Mail” function there. It takes you to the same mail account management dialog as from whithin outlook, only difference being that because outlook is closed, it doesn’t try to open the mailboxes, so I could remove the shared mailbox until I got the permission for it today.