Attach Stiebel Eltron LWZ 504 using USBtin and CAN bus

This is about how to setup the OpenHab Raspberry to get information from a Stiebel Eltron LWZ 504 without buying much to expensive Gateways. To reach that target we will use the CAN bus, that is available at the LWZ 504. We will not use the serial- or USB-Port that is in front of the heating.

This tutorial may also work for other Stiebel Eltron Heatings that have a CAN bus.

Required Hardware

You will need a USB device, that is able to connect to the CAN bus. I use USBtin to connect.
You can get it on Amazon* or directly at the manufacturer. If you have prime, at time of writing Amazon is cheaper (incl. shipping costs), but if you don’t have it, the direct order is cheaper.

You will have to connect or solder a cable to the three PINs of the USBtin and connect the other side to the LWZ 504. I am using a standard Ethernet cable to connect.

USBtin with soldered connection cables

Connection to the CAN Bus interface at the heating


beside of updating and upgrading Raspbian and it’s application it is also required to update the kernel and the firmware of the Raspberry. Todo so, execute:

sudo apt-get update
sudo apt-get upgrade
sudo rpi-update
sudo reboot

After the reboot, be sure, that the USBtin is not connected to the Raspberry right now.
Execute the following commands to load required kernel modules.

sudo modprobe can
sudo modprobe can-raw
sudo modprobe slcan

Now plug in your USBtin and execute

tail /var/log/kern.log

you should see logs, that a USB device, the USBtin, was connected and in the last line you see the logical interface name.

That will be the interface, you can use to communicate with the CAN Bus using USBtin.

Now we configure the interface. Clone the CAN utils Github repository and compile it:

cd ~
sudo apt-get install -y git
git clone
cd can-utils

Now we attach and configure the interface. In case your interface was not ttyACM0, you have to replace the interface name with your value.
Note: the -s1 in the first statement means 20.000 bit as bitrate which seems to be the bitrate Stiebel Eltron uses. -b 11 determinates to use 11 bit based encoding.

sudo ./slcan_attach -f -s1 -b 11 -o /dev/ttyACM0
sudo ./slcand ttyACM0 slcan0
sudo ifconfig slcan0 up

Let’s check the configuration:


./candump slcan0

In case your CAN bus has any active devices right now, you should see CAN bus message in the output. In case of Stiebel Eltron heatings, there should be at least one package each minute that is transmitting the current time of the heating.

Finally we want that the slcan0 port is created on each reboot. Create a scriptfile:

nano /home/pi/

Paste the following content:

#! /bin/sh
sudo /home/pi/can-utils/slcan_attach -f -s1 -b 11 -o /dev/ttyACM0
sudo /home/pi/can-utils/slcand ttyACM0 slcan0
sudo ifconfig slcan0 up
exit 0

Save with Ctrl+O and quit with Ctrl+X.

Now we want to execute that file on each reboot. To do that we add the path the the file int the file /etc/rc.local:

sudo mv /home/pi/ /etc/init.d

Finally mark the file as executable and set the startup settings:

cd /etc/init.d
sudo chmod 755
sudo update-rc.d defaults

On each reboot the file will be executed and connects the canbus to the Raspberry.

Install can2mqtt

To read the USBtin and send information to OpenHab we will use can2mqtt. OpenHab will be able to handle the MQTT messages.

We will download the can2mqtt library to a new folder. Create the folder:

sudo mkdir /etc/can2mqtt

change to that folder:

cd /etc/can2mqtt

Go to and get the download link of the latest release. i.e.

Execute the following commands to download and extract that file:

sudo wget
sudo unzip ./

Now we need to download and install .Net Core 2.2 or later to execute the can2mqtt application. The following part may change because Microsoft changes the .Net Core website very often. First we need to get the downloadlink. Goto and copy the link address shown (see arrow below). (i.e.

sudo apt-get -y update
wget -q -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo add-apt-repository universe
sudo apt-get install apt-transport-https
sudo dpkg --purge packages-microsoft-prod && sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install dotnet-runtime-2.2

Remark: the last command will change for newer versions. Replace the 2.2 with the version you have.

Check .Net Core installation:

dotnet --info

You should see something similar to this:

Configure OpenHab MQTT Broker to receive MQTT messages

This is really easy. Open the PaperUI in OpenHAB and navigate to “Addons” and select the “Misc” tab. Install the “Embedded MQTT Broker” addon. Done.

Register canlogserver as service

Execute this to create a new service definition file using the nano editor:

sudo nano /etc/systemd/system/canlogserver.service

Paste the following to your file:


ExecStart=/home/pi/can-utils/canlogserver slcan0


Execute this to reload the systemctl daemon-configs:

sudo systemctl daemon-reload

execute this to start the service and check the status:

sudo systemctl start canlogserver.service
sudo systemctl status canlogserver.service
sudo systemctl enable canlogserver.service

the result should look like this:

Register and configure can2mqtt as service

Execute this to create a new service definition file using the nano editor:

sudo nano /etc/systemd/system/can2mqtt.service

Paste the following to your file and replace the IPs in that ExecStart line. If everything is running on your device, it should be the local IP. Be aware, that the loopback-address ( does not work!


ExecStart=/usr/local/bin/dotnet /etc/can2mqtt/can2mqtt_core.dll --Daemon:CanServer="" --Daemon:MqttServer="" --Daemon:MqttClientId="Can2Mqtt" --Daemon:MqttTopic="Heating" --Daemon:MqttTranslator="StiebelEltron" --Daemon:CanlogserverPath="/home/pi/can-utils/canlogserver" --Daemon:CanlogserverSocket="slcan0" --Daemon:NoUnits="true"


Execute this to reload the systemctl daemon-configs:

sudo systemctl daemon-reload

execute this to start the service and check the status:

sudo systemctl start can2mqtt.service
sudo systemctl status can2mqtt.service
sudo systemctl enable can2mqtt.service

the result should look like this:

Setup Heating thing in OpenHab

comming soon…

Configure CAN requests

To actively request the latest values of the heating and not just waiting for it to send, we can execute the application cansend via Exec Binding. To do so, we need to install the Exec Binding via Paper UI at “Addons” and the “Bindings” tab. Search for “Exec” and install the binding.

After that in the Paper UI navigate to “Configuration” => “Things” and click the blue + to add a new thing manually.

In the list of bindings, select the Exec Binding, followed by selecting “Command” from the next list.

Now we can configure what we need. Enter a good name, in this case for trigger the sending of the outside temperature. Enter the command “/home/pi/can-utils/cansend slcan0 6A2#3100FA000C0000” to make the binding executing the cansend application we installed before with the parameters required to read the outside temperature. Also set the interval to a setting that makes sense. i.e. 10 Minutes (=600 seconds) is very frequent for that value.

Click the blue bubble with the check to save our new thing, that just executes the command every 10 minutes. You will see, that the temperature property we configured for our heating thing before will have a value now!

Remark: If it don’t work, it may be possible, that you have to replace the “6A2” with “680” in each command. This seems to be related to the heating model you have. For Stiebel Eltron LWZ 504 the 6A2 is correct.

To configure the same for other settings, just replace the last part of the command for the following properties:

Outside temperature /home/pi/can-utils/cansend slcan0 6A2#3100FA000C0000
Operational Status /home/pi/can-utils/cansend slcan0 6A2#3100FA01760000
Summer mode? /home/pi/can-utils/cansend slcan0 6A2#3100FA033B0000
Program setting /home/pi/can-utils/cansend slcan0 6A2#3100FA01120000
Return flow temperature /home/pi/can-utils/cansend slcan0 6A2#3100FA00160000
Boiler temperature (to be) /home/pi/can-utils/cansend slcan0 6A2#3100FA00030000
Boiler temperature (current) /home/pi/can-utils/cansend slcan0 6A2#3100FA000E0000
Power usage heating kWh (sum) /home/pi/can-utils/cansend slcan0 6A2#3100FA09200000
Power usage heating MWh (sum) /home/pi/can-utils/cansend slcan0 6A2#3100FA09210000
Power usage heating /home/pi/can-utils/cansend slcan0 6A2#3100FA02CC0000
Power usage heating kWh (today) /home/pi/can-utils/cansend slcan0 6A2#3100FA091F0000
Power usage heating Wh (today) /home/pi/can-utils/cansend slcan0 6A2#3100FA091E0000
Power usage Boiler /home/pi/can-utils/cansend slcan0 6A2#3100FA02CE0000
Power usage warm water kWh (sum) /home/pi/can-utils/cansend slcan0 6A2#3100FA091C0000
Power usage warm water MWh (sum) /home/pi/can-utils/cansend slcan0 6A2#3100FA091D0000
Power usage warm water kWh (today) /home/pi/can-utils/cansend slcan0 6A2#3100FA091B0000
Power usage warm water Wh (today) /home/pi/can-utils/cansend slcan0 6A2#3100FA091A0000
Excavator temperature /home/pi/can-utils/cansend slcan0 6A2#3100FA00140000
Volume flow /home/pi/can-utils/cansend slcan0 6A2#3100FA01DA0000
Flow temperature /home/pi/can-utils/cansend slcan0 6A2#3100FA000F0000
Heat recovery heating kWh (sum) /home/pi/can-utils/cansend slcan0 6A2#3100FA03B10000
Heat recovery heating kWh (today) /home/pi/can-utils/cansend slcan0 6A2#3100FA03B00000
Heat recovery heating MWh (sum) /home/pi/can-utils/cansend slcan0 6A2#3100FA03B60000
Heat recovery heating Wh (today) /home/pi/can-utils/cansend slcan0 6A2#3100FA03AF0000
Room temperature /home/pi/can-utils/cansend slcan0 6A2#3100FA00110000

Bonus: Set the room temperature of the heating

Comming soon…

The heating has a value to read or write the room temperature. By default, if you don’t have an additional console somewhere in the living room, there is the value of 19°C that is used by the heating to calculate the heating level. Using any source that is attached to OpenHab, we can set this value.

In the following example, I use the temperature value my KNX switch in the living room that reports to OpenHab. I am using this value to set the room temperature in the heating using a rule, that is triggered everytime the KNX switch temperature changes. You can use any temperature source you like (i.e. ZigBee devices, weather stations, …).

Right now I am stuck. I have setup everything and writing the value to the heating but it is overwritten after some minutes with 19°C. I haven’t figured out why this is happening and how to change this behaviour. I will report as soon as I have a solution.

Good to know…

I had the problem, that the CAN BUS Id 6A1 is my contol unit (the display) at the heating. This was configured to be terminal ID 4. As long this was the case I had the problem, that this control unit wasn’t working. Doesn’t matter if I use 6A2 or 6A1 for communicating with the Bus. After I changed the terminal ID to 3, the CAN BUS Id of the control Unit also changed to 6A0. After that, everything was working.


USBtin setup:
Elster definitions:
More IDs:



Setup RaspberryPi Zero

This article is about building your own infrared bridge based on a Raspberry Pi Zero. Of cause it will not be so comfortable to configure like a Logitech Harmony Hub, but it will be much cheaper – down to 12€.



  • Raspberry Pi Zero WH (Amazon* Link, Buyzero Link)
  • Micro SD Card (min. 4GB) (check the Bundles at Buyzero if you need one)
  • Power Supply with Micro-USB-Plug, recommended 2,5A or more (check the Bundles at Buyzero if you need one)
  • Optional: Case for Rapsberry Pi Zero WH (check the Bundles at Buyzero if you need one)
  • Maybe Optional: USB SD-Card-Reader (if you don’t have a Card Reader in your device) (Amazon* Link)
  • Optional, not required for this how-to: MicroUSB to USB Adapter (to connect a keyboard to the Raspberry Pi Zero) (Amazon* Link)
  • Optional, not required for this how-to: MiniHDMI to HDMI Adapter (to connect a screen to the Raspberry Pi Zero) (Amazon* Link)


Setup the Raspberry Pi Zero

If you have a Mini-HDMI to HDMI-Adapter and a Micro-USB to USB-Adapter, you can connect directly to the Zero. But you do not need this for this tutorial! The following steps can be used to install the Raspberry Pi Zero without any adapters. The basic setup will be done on your Windows machine.

Step 1: Download the image for the Raspberry Pi Zero. Download the Lite-Version of the latest OS (at time of writing, it is “Stretch”):


Step 2: Flash the SD card

Save the file on your local PC somewhere where you will find the file. When the download is done, you have to extract the image the from downloaded zip-file. To do so, right click the file and select “Extract all..” and click “Extract” at the bottom of the window.


After this is done, a window will open with the “2018-06-27-raspbian-stretch-lite.img”-File. Maybe the file is named slightly different in your download. If you have this, the img-file is ready to be copied to the SD Card.

Now copy the downloaded image to the SD Card. Plug in your card reader with your SD Card in the SD Slot or in case of a build-in card reader, just plug in the SD Card. You also need a software to copy the image. I recommend “Win32 Disk Imager”. That one is free and easy to use. You can download it here:
After the download, please install and start the software. You will see this window:


In the first field, select the img file you just extracted and select the SD Card-Reader drive at the right (1). If you have no USB Stick or external HDD connected to your system, the SD-Card Reader should be the only drive that is available (2). After you entered this options, click the “Write”-Button (3).

Finally you will get a success message and the write process is done.


Step 3: Configure the Raspberry
Windows will now find a new drive called “boot“. Usually it has the drive letter, that was used during the image writing (arrow with point 2 above). To be able to access the Raspberry after the setup via SSH, we will create a file called “ssh“. Important: Lower case and no file extension. To create such a file, change to the “View“-Tab of the file explorer (1) and check “File name extensions” (2). Perform a right click in an empty area of the explorer (3) and select “New” (4) => “Text Document” (5).

A new file will be shown in the explorer. Name it “ssh” without any extensions. Windows will ask you if you are sure to do so: Yes we are. We do not need to write any content to the file. It is just important that the file is present. When the Raspberry starts, it will automatically start the SSH services. This allows us to connect to the Raspberries console.

To be able to connect to the Raspberry, it also need a Wifi connection. To configure this, we will need Notepad++ (Download here). Windows Notepad or Wordpad will not work because we have to take care about the Unix line feed format. This is different between Windows and Linux/Unix.
Create a new file called “wpa_supplicant.conf” next to the ssh-file the same way we did before. Right click the file and select “Edit with Notepad++“.

Paste the following text into the editor. Replace the country-, ssid- and psk-values with yours. (i.e. country=US, ssid=”myWifi”, psk=”myTopSecretWifiPassword”).

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev


Next take a look at the lower right of the editors window. Doubleclick the “Windows (CR LF)“-Text in the Statusbar and select “Unix (LF)“.

Save the file and close the editor.


Step 4: Start and continue to configure the Raspberry
Remove the SD Card from the card reader and plug it into the Raspberry. After about a minute you should find your Raspberry in your network (if you are using DHCP). The easiest way to figure out the IP is to ping the name “raspberrypi” using IPv4 protocol. To do so press the Windows-Key and “R” and enter “cmd“.

Press OK. Enter “ping raspberrypi -4” into the console and press enter (1). It will ping the raspberry four times and shows the IP-Address (2). In the screenshot it is Note the IP-Address for future use.

Now we can connect to the Raspberry via SSH. We will need Putty for this (Download here). After starting Putty, enter the IP of your Raspberry (1). To save the settings for future connections, enter a name in the “Saved Sessions” field (2) and click save (3). The name will appear in the list below.

Now doubleclick on the saved session to connect. The username (“Login”) is “pi” and the default password is “raspberry“. You will see the following after login:

You already see the hint, that you should change the default password. We will do it now. Type the following command into the console and press enter:


Now enter the current password (“raspberry”) and enter your new secret password twice. Remember: if you type a password in any Linux system, it is not shown. You will see no stars or any other character. It is like you didn’t type anything. If this was successful it will look like this and you password was changed:

Now we will change the default hostname to a unique one. You should do this because any other new RaspberryPi in your network will have the same name and this will cause problems in the network communication. To change the hostname, execute the following commands:

sudo hostname -b <your unique hostname>
sudo nano /etc/hosts

Now you are in a texteditor of Linux. Go to the line that starts with ““, followed by “raspberrypi“. Replace the “raspberrypi” with your new hostname. And press Ctrl+O followed by return-key to write the changes. Now press Ctrl+X to exit the editor. At the end the file should look like this, where “rp-irbridge1” is the new hostname in my case:

Now execute the command

sudo nano /etc/hostname

and replace “raspberrypi” again with your new hostname. After you changed the name, press Ctrl+O, return, Ctrl+X to save the changes and quit the editor.

Reboot the Raspberry with the following command to apply the changes:

sudo reboot

After about a minute the Raspberry should be back online and you can connect via Putty using your saved session. After you logged in with the user “pi” and your new password, you will see that new lines are now starting with “pi@<your hostname>:“. The part after the @ is the new hostname of your Raspberry. Also the hint for the password is gone.

Now the final step to setup the Raspberry: Updates. Login and execute the following commands:

sudo apt-get update
sudo apt-get -y dist-upgrade

The first command will take a moment. The second one will take ten moments.

Finally, in case you are not from/in Great Britain, you like to change the timezone of your Raspberry Pi. Execute the following command to start the configuration dialog:

sudo raspi-config

Select option 4 “Localisation Options”

Select option I2 “Change Timezone”

Now select the Region where you are and the capital city of your country. For me it is Europe => Berlin.

Select “Finish” to quit the raspi-config dialog. You will see in the console, that the change was done.

After that the Raspberry is setup and up to date.

Product links marked with * are affiliate links. That means I get some percent of the money you will spend when you are using this links. I’m not trying to influence you. In most cases there are also links for other sellers for the products where I don’t get money for. I am not trying to influence you to spend more money than you need. If you are using this links, you don’t have to pay anything extra. It is the same price as if you enter the shop on your own. Please also keep in mind: This website is completely ad free. Thank you for your support.



Setup the Raspberry Pi 3B+

Setup the Raspberry Pi 3B+

At the first step you need a RaspberryPi. I recommend to get the latest version that is a Raspberry Pi 3B+ at the moment. If you already have a Raspberry Pi that is an older version that should not be a problem. If you don’t have a RaspberryPi, get one. For example here:

Raspberry Pi 3B+ naked:

Amazon* Raspberry 1373331 Pi 3 Modell B+ Mainboard, 1GB
BuyZero Raspberry pi 3 model b+ (“pi 3b plus”)
Reichelt RASPBERRY PI 3B+ :: Raspberry Pi 3 B+, 4x 1,4 GHz, 1 GB RAM, WLAN, BT

or as a bundle

Amazon* Raspberry Pi 3 Model B+ Bundle “S” (weiß)
BuyZero Raspberry pi 3 model b+ (“pi 3b plus”) RPi3 B+ – Bundle 16GB, weiß

You will also need a card reader for the SD-Card in case your PC or Laptop doesn’t have one. I am using this cheap one that is connected via USB. Attention, the shipping takes a while!
LogiLink Cardreader USB 2.0 Stick via Amazon*

If you have your Raspberry ready to use, we need the latest image of Raspbian. That is the operating system the Raspberry Pi Foundation made and optimized for the Raspberry Pi.
To get the operatingsystem, open a browser and browse to At the navigation bar at the top, you have “Download”. Click on that link.


On that page at the top you have the option to download “NOOBS” or “Raspbian”. Click on “Raspbian”.


On the next page you have the option to download “Raspbian Stretch with Desktop” or “Raspbian Stretch Lite”. Select “Download ZIP” next to the “Raspbian Stretch with Desktop” to download the image of Raspbian.


Save the file on your local PC somewhere where you will find the file. When the download is done, you have to extract the image the downloaded zip-file. To do so, right click the file and select “Extract all..” and click “Extract” at the bottom of the window.


After this is done, a window will open with the “2018-06-27-raspbian-stretch.img”-File. Maybe the file is named slightly different in your download. If you have this, the img-file is ready to be copied to the SD Card.

The next step is to format copy the downloaded image to the SD Card. Plug in your card reader with your SD Card in the SD Slot. You also need a Software to copy the image. I recommend “Win32 Disk Imager”. That one is free and easy to use. You can download it here:
After the download, please install and start the software. You will see this window:


In the first field, select the img file you just extracted and select the SD Card-Reader drive at the right (1). If you have no USB Stick or external HDD connected to your system, the SD-Card Reader should be the only drive that is available (2). After you entered this options, click the “Write”-Button (3).

Finally you will get a success message and the write process is done. You can now remove the SD-Card and/or SD-Card reader from your system and attach the Micro SD Card to the Raspberry Pi.

In the next steps we will start the initial configuration of the Raspberry Pi that is running with Raspbian Stretch. So attach all wires except power (minimum: screen, keyboard and mouse) and be sure the SD Card is well mounted to the Raspberry.

When you plug in the power, you will see a Raspberry Pi Startup screen. After about 1-2 minutes, you will see the desktop and a configuration wizard. In the wizard click “Next” to start the configuration.


In the first dialog you have to set the Country, Language and Timezone.


In the second dialog you have to specify your password, that will be used for the user “pi” you are using to login to the Raspberry.


In the third dialog you have to select the WiFi Network you like to connect to. You can skip this if you are using a wired network connection or you have to select you Wifi and enter the passphrase for the connection.
In the fourth dialog the Raspberry will search for updates. This requires a properly configured network connection with internet access. Click the “Next” button to start searching for updates. The search will take a while depending on the number of available updates. Finally you should see a message, that the “System is up to date”.

On the last dialog page the Raspberry likes to reboot. Click the reboot-button to reboot the Raspberry.
After the reboot you will get a message that Raspbian was updated.

Now we continue with the configuration because the hostname and some services are still missing.
Click the Raspberry Icon at the top left corner and select “Preferences” => “Raspberry Pi Configuration”.


On the first “System” tab enter your custom hostname for the Raspberry. You can also leave this default but if you have more than one, you should change this to another name.


On the second tab “Interfaces” you should enable “SSH” and “VNC”. SSH is used to connect to the Raspberry via console. VNC is used to connect to the desktop you see right now. Also check if you need to configure to localisation using the “Localization” tab. The default settings (like Timezone) are always for Great Britain and you may want to change it. After you confirm the dialog, you need to restart the Raspberry to apply the new hostname.


To connect remotely to the Raspberry we need the IP. On the Raspberry click the black so called “Terminal” icon (like the Command Line on Windows).


In the Terminal window type the command “ifconfig” (without the quotes) and press enter. You will see the following output:

We need to search for the IP the Raspberry has. If you are using the wifi connection like in the screenshot, you will find the IP address in the “wlan0”-section just after the “inet” in the line that starts with “inet”. If you are using a wired connection, you will see this information in the section “eth0” at the top.
Note this IP address for future use.

To connect to the Raspberry via console using SSH, we need a SSH client. The most popular client is Putty. You can download it here:
Click on “here” in the “Download PuTTY”-Area.

After this, download the MSI installer in the “Package files” section that fits to your system. After the download run the setup and install Putty.

To start the connection to the Raspberry using Putty, start Putty and enter the IP address of the Raspberry into the field “Host Name” and click on the “Open”-button.


On your first connection, you will be asked if you trust the footprint of the system you are connecting to. Simply click on “yes”.


After that the console will show “login as:”. Enter “pi” and press enter, because “pi” is the default username for the Raspberry. The next line will ask for the password. Enter your password. Don’t wonder if nothing happens when you hit a key. In Linux (so also in Raspbian) passwords are almost never shown in any kind. Just type your password blind and press enter.

Welcome to the SSH session. You can do the almost same things you can do in the local “Terminal” program using this connection. We will need this later over and over again.

From now on you don’t need the HDMI-, Mouse- and Keyboard-Cable anymore connected to your Raspberry Pi. Everything we will do from now on will be via a SSH connection using Putty.

Optional: Disable Wifi and Bluetooth

In case you just want to use the Ethernet connection and you do not need or want to use Wifi and/or Bluetooth, configure the following settings:


sudo nano /boot/config.txt

This in the lower part of the file, you may see a line that starts with dtoverlay= or #dtoverlay=. Below that line add this line to disable Wifi:


to disable Bluetooth, add this line:


Press Ctrl+O to write the changes and Ctrl+X to exit the file.
To apply this setting, you need to restart the Raspberry:

sudo reboot

Optional: Configure static IP

To configure a static IP instead of a DHCP address, follow the following steps. Open the config-file for network configuration:

sudo nano /etc/dhcpcd.conf

Go to the section, that starts with “# Example static IP configuration:”. Remove the hash characters at the beginning (except the ip6-line).
In the line starting with “static ip_address” configure the new IP-Address and the subnetmask. For example If you subnet is add /24 to the end. This is usually the case in home configurations.
In the line starting with “static routers” add your Gateway (i.e. the IP of your router).
In the line starting with “static domain_name_servers” add your DNS Servers. This is usually also your router but as a fallback it may be helpful to add another public DNS Server like

Save the file with Ctrl+O and exit the file with Ctrl+X.

To apply this setting, you need to restart the Raspberry:

sudo reboot




Product links marked with * are affiliate links. That means I get some percent of the money you will spend when you are using this links. I’m not trying to influence you. In most cases there are also other sellers for the products where I don’t get money for. I am not trying to influence you to spend more money than you need. If you are using this links, you don’t have to pay anything extra. It is the same price as if you enter the shop on your own.

Automatically block RDP attacks using Windows Firewall and PowerShell

By accident I discovered, that in one of my eventlogs (“Applications and Services Logs\Microsoft\Windows\RemoteDesktopServices-RdpCoreTS\Operational”) several Entries with ID 140 are present. This events are logging attempts of users to login to my server via RDP but using wrong credentials. Obviously there should not be any attempt or maybe just one or two by myself. But in my case there are hundreds.

First I checked if my local and my domain administrator account are both disabled. This was the case so most of the login attempts will now also fail because the user is disabled. I assume most of them are trying to use this user. The user isn’t locked because of the attempts because there is enough time between the retries.

The text of the login attempt in the eventlog is “A connection from the client computer with an IP address of failed because the user name or password is not correct.”.

So I created a PowerShell script that is reading this messages, filtering the IP out of it and add it to the Windows Firewall Blacklist.
One prerequirement is, that there is already a firewall rule with at least 2 blocked IP addresses. I was just too lazy to solve this in my script. To create this rule, start the Windows Firewall Settings and create a new rule at “Inbound Rules”.

Select “Custom” auswählen. Leave “All programs” (just click “Next“). Leave any Protocol Type and Port (just “Next“). In the Scope section at “Which remote IP addresses does this rule apply to” select “These IP addresses” and add two dummy addresses. i.e. and We need at least two addresses for the script. Click “next“.

Select “Block the connection“.

At “Profile” check all profiles. At the last page enter a good name for your rule. We will need the name in our script. Now your rule configuration is done.


Now the script. This is the code that works with the already stated prerequirements. Copy the text to a file with the ending .ps1.

### Variables ###
# The name of the firewall rule in Windows Firewall
$firewallRuleName = "Block RDP Attackers"

# IPs that will not be blacklisted. i.e. your home IP if you are using Dyndns or any other static IP
$whiteList = @(
   [System.Net.Dns]::GetHostAddresses("").IPAddressToString, #Example for DNS entry
   "" #Example for IP

### Script ###
Write-Host "Running at $(Get-Date)"
$regExIp = "\d\d?\d?.\d\d?\d?.\d\d?\d?.\d\d?\d?"
$regExIp6 = "((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?"

# Get the current Eventlogs with the 140 event
$currentAttackers = @(Get-Winevent Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational | Where-Object {$_.Id -eq 140} | Select Message -ExpandProperty Message)

# If there is no response, there are no attacks
if ($currentAttackers -eq $null) {
   Write-Host "No current attackers"

# Get each attackermessage and filter the IP from it using the regex above
for ($i = 0; $i -lt $currentAttackers.Count; $i++) {
   if ($currentAttackers[$i] -match $regExIp -or $currentAttackers[$i] -match $regExIp6){
      $currentAttackers[$i] = $Matches[0]

# Get the already known attackers from the firewall rule
$knownAttackers = (Get-NetFirewallRule -DisplayName $firewallRuleName | Get-NetFirewallAddressFilter).RemoteAddress
if ($knownAttackers -eq $null){
   $knownAttackers = @()
$knownAttackers = $knownAttackers | Sort-Object -Unique

# Check each logged attacker and check if it is already known
foreach($newAttacker in $currentAttackers) {
   if ($knownAttackers.Contains($newAttacker)) { #If it is known, don't do anything
   elseif ($whiteList -contains $newAttacker) { #If it is whitelisted, don't do anything
      Write-Host "$newAttacker is dynamically whitelisted"
   else{ #otherwise it is a new attacker and add it to the blacklist
      $knownAttackers += $newAttacker
      Write-Host "Added $newAttacker"

# remove dublicates (should not be there, but anyway...)
$knownAttackers = $knownAttackers | Sort-Object -Unique
Write-Host "$($knownAttackers.Count) IPs on blacklist"

# Setting Firwall rules with all known and all new attackers
Set-NetFirewallRule -DisplayName $firewallRuleName -RemoteAddress $knownAttackers
Write-Host ""

Latest changes: (23.01.2021) IPv6 added and fixed an issue when only one Event exists. Thanks to Joachim

If you have a different name than “Block RDP Attackers” for the firewall rule, you have to change the line “$firewallRuleName = “Block RDP Attackers”” to your rule name.

Run the script “as administrator”. It will scan your eventlog and get all IPs that are mentioned in the events with the ID 140 in the corresponding log. This IPs will be added to the rule we created before and will block this IPs in the future.

I have a scheduled task for this script to run it frequently. In a timespan of just some hours already about 600 IP addresses are on my blocklist. If you configure the scheduled task, be sure that the checkbox “run with highest privileges” is checked.

Install VMware Remote Console (VMRC) silently

After I struggled some hours with doing this, I finally figured out the following command to install VMRC silently without a reboot and with setting the automatic software update procedures to disabled. Use this command:


To uninstall use this command (the GUID may be different on other VMRC versions):

MsiExec.exe /X{09E3AC7C-395C-47C6-9F66-4B9FB8325341} /qn /norestart


Update Certificate of VMware vCenter

I just had to update the certificate on my VMware lab environments vCenter and searched for a good manual about this. I didn’t find one complete one so I decide to post one here.

Here we go:

  1. Login to SSH on the vCenter Server (you need to activate SSH if it is disabled)
  2. Type shell into the console.
  3. Create a directory where we will store everything: mkdir /tmp/cert
  4. Execute chsh -s /bin/bash root to make it possible to connect via WinSCP later on
  5. Start the Certificate Manager: /usr/lib/vmware-vmca/bin/certificate-manager 
  6. Select the first option (“Replace Machine SSL certificate with custom certificate”)
  7. Enter the local administrator (i.e. administrator@vsphere.local)
  8. Select the first option (“1. Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate”)
  9. Type the path to the folder we created in step 3 (/tmp/cert)
  10. State the parameters of the Certificate. For the options “Name” and “Hostname” you need to state the FQDN of the server
  11. The CSR to create the certificate by your CA is stored in the output directory
  12. Download the CSR via WinSCP and create a certificate based on this. The certificate needs to be in Base64 format and you will need the public root certificate of your CA.
  13. Upload the Certificate and the root certificate to the /tmp/cert-Folder
  14. Continue the dialog (option 1) of if you had some time between, you can start allover again and select option 2 after starting the certificate manager instead of option 1.
  15. Now you have to state the paths to the Certificate, the Key and the root certificate of your CA
  16. When this is done, the wizard will install the certificate. This takes a while and will reconfigure and restart almost all services.

Tested on vCenter 6.5 and vCenter 6.7


Welcome to the website of Kristian Reukauff. This site is about my public projects, apps and programming stuff as well as some topics about Smart Home.

Retro meets Modern: Settlers 3 and HyperV

Some days ago I remembered one old game I liked to play: Settlers 3 (“Siedler 3” in German). Like it is on old games, they are not running without any problems on modern operating systems. So I decided to buy the of Settlers 3 and it works. The next step was to try to run a multiplayer session with a friend of mine. The problem we had was, that we didn’t see the sessions of our games in the lobby. After some researching on the internet we didn’t find any hints about our issue. So we started to dig.
When we started Settlers 3 the first time, DirectPlay was installed. It is a kind of old network “Framework”. So maybe we have problems with network.
We figured out, that the problem is because of the multiple network adapters of my computer. Physically there is just one but I have Hyper-V running on my PC for development purposes and Hyper-V installs several additional pseudo adapters. After uninstall Hyper-V (just for testing), it works. So we are now sure it is because of the network adapters. I don’t want to uninstall or disable Hyper-V everytime I want to play Settlers. Hyper-V is for virtualization – why not running Settlers 3 in a virtual Machine?
I installed a Windows 10 VM, installed all Updates and Settlers 3 (GoG-Edition). I started the game for the first time and it crashed. I restarted the VM. When Windows was starting there was a dialog to “connect” to the VM. In my Microsoft Trainings I learned, that this is the connection dialog for the enhanced session – a kind of RDP connection. I also know that if you are connected via RDP, the graphic card is just an emulated one for the session. So I didn’t click the “connect” button and stay in the default session instead of changing to the enhanced session. I additionally disabled all windows firewalls before starting Settlers 3 again. And voila: it started. Also the Multiplayer session was running without any problems. Ingame I recommend to press F3 to change the resolution to the largest possible.

So in summary what to do if you want to play Settlers 3 on an Hyper-V enabled machine:
1. Install a new VM on Windows XP or higher
2. Connect to that VM WITHOUT enhanced session (you can also disable this in the VM settings)
3. Disable all firewalls in the VM
4. Install Settlers 3 GoG Edition and also DirectPlay on the first start in the VM
5. Happy gaming!

Visual Studio Emulator and Android 7 or higher

This post is about how to debug Android with using Hyper-V to debug Android 7 or higher machines in Visual Studio. This is a scenario because it is not possible to use the Intel HAXM virtualization driver in parallel with Hyper-V but this driver is required to run a performant Android emulated machine using the official Android emulator.

So here is how to debug Android version that are not available in the “Visual Studio Emulator for Android” set of machines.
First you need to download Android by using the Android x86 project as a source:
Download the Android version of your favor.

While downloading, you can create a new Hyper-VM. The important step is, that you disable Secure Boot in the “Security” section. You can use a Gen2 machine (tested with Android 7.1). You also have to select an External Network adapter that has access to the internet. Otherwise you will have problems to configure the virtual Android later on.

When your download is done, you can mount the ISO to the virtual DVD-driver of your VM and start the VM. Follow the dialog to setup the VM until you are at the desktop of your Android VM.
Remark: the usage of the cursor is pretty strange. You can only move it when you click the mouse button. But this also results in a swipe gesture. I haven’t found another way of moving the cursor without clicking. Using the latest Release 7.1 R2 fixes this issue.

When you are at the desktop of the Android VM, you can open the main Menu and open the “Termial Emulator” to get a command prompt. Enter “ifconfig” to show the IP of your VM. Switch to Visual Studio. I expect you have the “Visual Studio Emulator for Android” installed, so you have the control buttons in the toolbar. Click the button, that opens the Android Adb command prompt.



Type the following command in this prompt:

adb connect <ip of VM>

(i.e. “adb connect”)

You should see the message “connected to <ip>:5555”
You can verify the connect by executing “adb devices” and you should see your VM in this list.
Additionally you should have an entry called “Microsoft Corporation Virtual Machine (…)” in your “Start Debugging” combobox that lists all your devices available for debugging.



Now you can start debugging almost every version of Android that is available. Have fun with it!

Hint: If your VM goes to sleep, hold any of the arrow keys for a while (let’s say 30 sec) and connect it again via Adb Command Prompt.

Solving Problems with RDS License Manager

Lately I had a RDS Terminalserver that was a Stand-Alone server. So all services were installed on this one Server (Windows Server 2012 R2).

I had a RDS User CAL for 10 User CALs. They were installed. After a crash of the server because the connection to the Shared Storage for the VM was lost, the users were not able to login to the server anymore. In the Remotedesktop License Manager the CAL was available with a Total of 10 CALS but with 0 available and 0 in use. In general it should be available + in user = total.

I reinstalled the RDS License Manger Feature without any changes. I searched the Web and finally found the solution here:

The solution is:
1. Disable the License Server in the License Manager (Right Click the Server => Advanced => Deactivate Server)
2. Uninstall the License Server Feature. Your server have to restart to finish this action.
3. Rename the Folder C:\Windows\System32\lserver to lserver.old (or something else). This resets the License server incl. the currently available CALs. That way you will be able to reinstall them.
4. Install the License Server Feature (no restart required)
5. Activate the Server in the License Server Manager (Right Click the Server => Activate Server)
6. Install and activate the CALs

The result will be a total amount of 10 CALs where 10 are available and 0 are in use (until the first users will connect).