Blog: Networking

The newer machines have a replacement for the traditional BIOS called UEFI. You can run the (GPT) GUID Partition Tables (replacement for MBR- Master Boot Record) independently of UEFI, but they are all a part of the same technology advancement to replace the MBR and BIOS technologies.  UEFI is required only if you have a disk larger than 2T.  UEFI provides a power-on shell similar to the BIOS power on shell but with more options.

An advantage of UEFI is boot times. My boot time on my laptop is consistently under 30 seconds from power on to logon. However, that's with out whole disk encryption setup.

Additional information can be found at : http://en.wikipedia.org/wiki/UEFI

Here are a few tips concerning using SMTP over TLS. 

1. Requires certificate, but it does not have to be a trusted certificate (self-signed is OK).
2. Still uses port 25.
3. Requires EHLO (extended HELO)

I recently had a task to help a user save their BitLocker Recovery key to a flash drive, but the option to save to a flash drive was greyed out.  I tried logging on as the local administrator and several other things, but nothing worked.  Eventually, I used the “manage-bde –status” command to see what kind of protectors were on the drive.  Then, I added my own protector by using the “manage-bde –protectors –add C: -recoverykey z:”, where C: is the BitLocker system drive and Z: is the drive the USB is in.  Don’t forget: the recovery key will be saved to the USB as a hidden file.

We recently installed a new domain controller for a customer, which involved migrating all their files and services. During the migration we needed to fixed the Barracuda Web Filter to authenticate against the new domain controller. The DC Agent was installed on the new server and it was configured as the synchronization server. This also required changing all the exceptions that apply to users and groups to authenticate through the new server. I manually changed the “Applies To” box to the new server name as shown in yellow. [more]

However some users complained that they could no longer access things they could before. I found none of the exceptions were working as listed. By manually editing the “Applies To:” line it did not recognize the change. I had to enter the group or user name exactly as it was listed in active directory and then select “Lookup”. It would then check the name against the DC Agent server and give you an option to “Add” the user or group.

Once I went through each rule and performed these steps the exceptions began working again.

We recently deployed VRF groups on our core switches and there are a few key changes to troubleshooting/configuration.
Ping:
Standard way: ping 192.168.1.1
w/ VRFs: ping vrf NAME 192.168.1.1 (where NAME is the name of the vrf group)

Traceroute
Standard way: traceroute 192.168.1.1
w/ VRFs: traceroute 192.168.1.1 /vrf NAME

If you are trying to make a connection to a destination that resides in a VRF from the core switches you will most likely have to include some sort of VRF tagging.  This even applies to services like RADIUS, NTP, DHCP Relay, and TACACS.

Upon receiving my new Lenovo ThinkPad laptop, I set up fingerprint authorization through the Lenovo software.  After ensuring all my fingerprints were scanned properly, I rebooted the machine.   I tried to the use my fingerprint to login and the light flashed green.  Unfortunately, the machine wouldn’t proceed any farther in the process.

It appears you have to go into Windows 7 itself and enable ‘Domain Login’ under the Windows Biometric section in order to actually allow domain authorization.  Otherwise, the software will just let you access local accounts.

I was building a new Server 2008 machine for a customer a few weeks ago. After installing the OS, I decided to activate the OS. I was told  I would have to activate over the phone because Internet activations do not work from the office. Before I could activate though, I needed to change the product key to the customer’s key. When I typed in the new key, I received an error stating “Invalid product key”. I decided to call Microsoft. They verified the key was correct several times in different departments. I was told it might be a key/media mismatch. So I reinstalled and immediately tried to change the product key again. It again gave me the same error. I was finally told that keys generated after SP2 was released would not be recognized as valid until the system was running SP2. I installed SP2 and the key activated without a problem.

We ran into a problem recently where users on a Windows 2008 R2 terminal server would lose their connection to SMB shares.  Fully-qualified domain names do not get disconnected.

There is a Hotfix from available from Microsoft that fixes this problem:  http://support.microsoft.com/kb/2194664.  The Hotfix is integrated into into Windows 2008 R2 SP1 and the next Windows 7 service pack.

I had to troubleshoot a point to point T1 circuit that was down.  The circuit is joined between two different carriers.  One side of the circuit was Verizon, and the other side was AT&T.  We weren’t sure who to call originally, so both of the carriers were called to troubleshoot the circuit.

While tests were being done, I was able to go onsite and tell right off the smartjack had no lights on it at all.  AT&T local technician was eventually dispatched to move the connection over to a spare smartjack onsite.  After everything was moved, we rebooted the routers at both ends, but the circuit was still dead. [more]

The technician finally decided to try sending a loopback clear signal down the entire line stating that “It appeared that there was still a software loopback somewhere on the line that wasn’t removed after testing.”  After he sent the signal down the line, we rebooted the routers and the circuit came back up.

This is something handy we can ask the onsite technicians to look for in the case where everything looks like it should be working but isn’t.