Blog: Networking

Recently we had a team change the inside interface of one of our ASA’s to be a trunked port so we could support multiple VLANs.  To do that, we needed to move the “nameif Inside” command and IP address from the physical interface (Eth0/1) to a new subinterface (Eth0/1.4094).  In doing so I came across a few gotchas: [more]

Problem 1:

When you remove the nameif command from an interface, all associated configuration is removed from the running-config. 

Solution:

There isn’t an easy way to migrate the nameif command from one physical interface to a new one.  Once you make the change you have to reenter any configuration that included the interfaces nameif name.  The alternative is to create a new startup-configuration with the changes and reboot to that startup file.

Problem 2:

After moving the nameif command to a new sub-interface I couldn’t SSH to the device via that interface.

Solution:

Basically, the SSH daemon needs to be restarted.  I was remotely making these changes via SSH so my only option was to reboot the ASA. 

Do you ever get tired of changing your proxy settings inside Firefox to match the settings of the location you are at that day? If you answered yes, then “Use system proxy settings” is for you. When this option is selected, Firefox will set the proxy settings automatically. This has been very useful when moving from our office to a customer site to my house, where each uses different proxy settings. To set your proxy settings to “Use system proxy settings” in Firefox follow the instructions below. [more]

1) Open Firefox

2) Tools > Options > Advanced > Network > Settings > Use system proxy settings

We recently ran into a problem where a job in Backup Exec was failing when backing up the vmdk using Virtual Consolidated Backup (VCB).  Backup Exec was reporting the following error message: and reportint the following error message:  "The Virtual Machine resource is not responding."  After some trouble shooting and research we discovered an unallocated disk may cause Backup Exec to fail with that error when another allocated disk is beng backed up.  This turned out to be the problem in our case as we had an unallocated disk. [more]

Here is some more informatino about the issue from Symantec: http://www.symantec.com/business/support/index?page=content&id=TECH174797

Under 64-bit Windows 7, I noticed the latest version of Acrobat Pro X (V10.1.2) becomes unresponsive for about 4-5 minutes after opening a PDF file.  Then everything is fine.  I found references to this problem being related to protected mode being used when opening PDF documents.  In the program's preferences, there's an Enhanced Security section.  When I disabled enhanced security, PDF documents started opening quickly.

Then I went back and turned enhanced security back on and added folder paths to the Privileged Locations you can specify as part of enhanced security and was able to open files from these locations without the delays.  Testing is not conclusive since I have been unable to make it go from fast to slow predictably.  However, turning off enhanced security was conclusive.

I was working on a few terminal servers that were extremely low on free disk space on a drive which also contained user profiles.  I came across a helpful tool called ICSweep from Ctrl-Alt-Del IT Consultancy and is freeware.  You can download it and other tools from http://www.ctrl-alt-del.com.au/CAD_TSUtils.htm.

“ICSweep is a command-line utility to clear the Temporary Internet Files Cache and/or the TEMP files folder of ALL user profiles that are NOT in use when this command is executed.  This utility was written for the purpose of allowing a SINGLE command to identify and clear Temporary Internet Files Cache and/ or TEMP files of ALL user profiles currently NOT in use.” [more]

Windows Compatible - 2000\XP\2003\Vista\2008\7
Citrix Compatible - Metaframe\Presentation Server\XenApp

Simply extract the zip file then run ICSweep from a command prompt with one of the following command line switches:

  /ALL   -   Delete both Temporary Internet Files and Temp files
  /TIF   -   Delete Temporary Internet Files only (Default)
  /TMP   -   Delete Temp files only
  /SIZE  -   Report the size of both Temporary Internet Files
                and Temp files in each profile NOT in use. This
                switch will also report the total size of
                both Temporary Internet Files and Temp files NOT
                in use. It DOES NOT DELETE any files.

Again, note that this is best done when all users are off of the server.  On one of the servers I ran this utility on, it cleaned up 6 GB of space alone.

One of our information security auditors recently had the motherboard on his laptop replaced to fix the "shutdown on its own" issue he'd been having for a while.  When he got the laptop back, his BIOS level fingerprint logins (to unlock the hard drive and BitLocker key) were no longer working.  Also, the x64 VMware machine he uses for audits would no longer boot.  The VM issue was pretty clear.  The CPU virtualization setting in the BIOS was disabled and needed to be turned back on.  The fingerprint issues, however, took a little more digging to figure out.  Eventually we realized the TPM on the new motherboard was not activated.  Once we activated and initialized the TPM, then turned BitLocker off and back on (without decryption), all the pre-boot login information unlocked by the fingerprint started working again.

One of our customers is using Microsoft System Center Configuration Manager (SCCM) to manage software on their network. SCCM requires a client to be installed on each computer. They wanted to use a VB script that checks common errors that cause the SCCM client to stop working and will install the client if it is not installed. I modified a script that was downloaded from the Internet that seemed to meet their needs. The customer has VB scripts set to edit instead of open, so I had to call the VB script from a batch file using cscript. [more]

The script ran fine when testing it from my login by calling it from a command prompt using cscript and then the file path. The batch files calls the VB script, which then does several tests and calls the SCCM install exe if necessary. After setting up group policy to run the script as a startup script, the script would start to run and then fail in the middle of the SCCM client install. During testing, we inserted a “pause” at the end of the batch file and found that the SCCM client installed properly.

What was happening was the SCCM install would immediately quit when the parent batch file ended. There are two ways to fix this problem. The first is to add “ping 127.0.0.1 –n 600” so the batch script will stay open for 10 minutes, which is enough time for the install to complete. Occasionally, this method causes the computer to wait until the batch file completes before it will load the user’s desktop. The second option is to run the batch file as a scheduled task. The scheduled task will be set by another batch files run through group policy. The scheduled task option seems to be the most reliable path at this point because no side effects are seen with this method.

I recently ran into a situation wehre Windows 2003 SBS was refusing remote desktop connections completely because two people were logged in remotely. I had logged in to a customer’s Windows 2003 SBS to help troubleshoot various connectivity.  I needed to have the customer also be able to RDP to the server, but when they tried to connect to the server it said that it could not be reached.  This server was not running terminal services on it, which means that the server is limited to having two remote connections at a time.
 
Normally, on a regular Windows 2003 Server (not SBS), it will go ahead and allow the remote desktop connection to be established, but it will display an error message at login stating that the maximum number of sessions on the server has been reached.  In this case, it refused connections entirely for remote desktop, but the server could be pinged. What I didn’t realize initially was that there was another person logged into the server besides me.  When I logged off, then the customer could immediately contact the server again.
 

1.  From the command prompt on the source DHCP server run the following command:

        netsh dhcp server export c:\dhcp.dat all

2.  Copy the “dhcp.dat” file to the new, or destination, DHCP server and run the following command:

        netsh dhcp server import c:\dhcp.dat all

While running the export command, the DHCP service will be temporarily stopped and won’t respond to DHCP requests.  Also, the import will fail if there are any existing DHCP scopes that overlap with the original DHCP servers configuration.