Blog: Networking

When setting up a Cisco Express 500, the instructions strongly recommend that you use the Smartport feature for each of the ports. I enabled the port that was an uplink port as a “Switch Port” as recommended. However, I could not get any traffic to pass through to the uplinked switch. There were NO errors or any indication on the Catalyst Express that anything was wrong. I finally saw this small blurb in the setup manual: [more]

The Smartport role Switch automatically enables 802.1Q trunking on the port. If a remote switch does not support 802.1Q trunking or the trunking is manually turned off, the spanning tree state of the port on the remote switch goes to blocking for type inconsistency. If the remote switch is the root bridge, the switch port does not go to blocking mode. In this case, the switch port trunk status is ON at both ends of the switches, but there is not any communication between the switches through these ports. There are no diagnostic messages displayed on the Catalyst Express 500 device.

I removed the Smartport feature on this port and traffic immediately started flowing.

We have been having trouble with a SCSI card that was attached to a tape drive that was installed on a CommVault Media Agent server. The card was brand new and the drivers were Windows 2k3 certified. We started having issues with this server during the CommVault install. The server would just spontaneously reboot leaving the CommVault backups in disarray. Troubleshooting led us to update the firmware on the card, the tape library firmware & driver, and the tape drive firmware & driver. This fixed the problem for a few days and it would happen again. It would only happen when doing an auxiliary copy from disk to tape. After some deep-dive troubleshooting on the SCSI I/O bus, we were able to get some logs during the time immediately before one of the spontaneous reboots/failures. From the logs we were able to find that the card actually had some type of problem that caused extended I/O latencies during periods of high traffic (aux copies). We ordered an Adaptec card and installed it. Now, not only are copies to tape 2x faster, it hasn’t crashed . . . yet.

A penetration testing company has found that many companies running BlackBerry Enterprise Server (BES) could be inadvertently opening a door to attackers.

The complete story can be found at http://www.pcworld.com/article/id,143291/article.html

I was researching a way to do major router changes remotely.  I found that if I tftp’ed a new configuration directly to NVRAM and replaced the startup-config file, then reloaded the router, all changes would go into effect.  While testing this process locally, I found out that when the router was reloaded with the new configuration file, the SSH encryption keys got erased and had to be regenerated.  So if this process is used, make sure telnet is enabled on the VTY lines so that you can get back into the router!

With VMware Server (and most likely Workstation), you can connect a USB device to the VM.  I was using a USB flash drive to transfer a file because I didn’t want the VM on the network.  However the USB drive can’t be mounted to the host and VM at the same time.  If you connect the drive to the VM (using the VM->Removable Devices menu), it appears to the guest VM from disappears from the host.  After you disconnect from the VM it’s available again to the host system.  In hindsight this makes sense but it wasn’t immediately obvious to me when I was trying to copy the file.

We recently experienced a very strange issue with Exchange 2007 CCR. We had the MNS cluster w/file share witness running and the CCR mailbox servers were all replicating nicely. However, at very random intervals, replication would just stop happening from the primary to the secondary node. During these times, I could not RDP to the server, but I could ping it and log on locally so it wasn’t frozen in the literal sense. File share FROM the machine worked, but file share TO the machine didn’t. Rebooting the passive node would fix the issue. After about 4 days of troubleshooting (2 of those with Microsoft), I think the mystery may be solved. It goes something like this… [more]

In Windows Server 2003 SP2, Microsoft introduced a new set of features collectively known as “Scalable Networking Pack”. This package of features includes a TCP Chimney Offload (TOE) feature, a Receive-side Scaling feature, and a NetDMA feature. Basically, this allows network card driver developers to implement offload features on the NICs so that the a certain portion of the network stack can be offloaded to the NIC card processor. It is a great idea, but unfortunately, the driver manufacturers haven’t implemented the technology correctly. Partly because the feature set is buggy and partly because the NIC drivers are not thoroughly tested. One of the worst instances of this situation is with Broadcom NICs (yes both HP and Dell use Broadcom chipsets). Generally, what happens is that the server starts exhibiting very strange RCP-related issues. RDP may not work, management via WMI may be broken, event log viewing will be VERY slow, etc. In my case, Exchange 2007 replication stopped working. So, if you notice these types of behaviors or experience any type of issue where RCP just doesn’t seem to be working correctly, set the following registry keys to 0.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableTCPChimney
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableRSS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableTCPA

Then reboot the server. This basically turns off any offloading features at the OS level.

A word of caution when upgrading the hard drive on a ThinkPad T43, R52, X41, or X41 Tablet.  These systems contain an IDE to Serial ATA bridge that allows IDE hard drives to be used with the Serial ATA controller.  This configuration can cause programs to function incorrectly and/or slowly when using a hard drive/firmware version that is not approved by Lenovo.  An unapproved hard drive/firmware version will generate a POST Error 2010 at system startup. [more]

The Lenovo website on this issue: http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-60169

List of approved hard drives/firmware versions: http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-62282#harddrives

In addition, some Hitachi hard drives purchased on the retail market come pre-installed with a firmware version that generates the Error 2010, but also appears to be up-to-date to Lenovo’s firmware update utility.  Specifically, I ran into this issue with the Hitachi TravelStar HTS7210xxG9AT00.   In order to load a firmware version that will not generate the error, you must update the firmware manually.  Instructions can be found here:  http://forum.thinkpads.com/viewtopic.php?t=20858

Another good reference site for this issue: http://www.thinkwiki.org/wiki/Problem_with_non-ThinkPad_hard_disks

LanTricks has a free IP subnet calculator that is easier to use than many others. Specifically, the address field is one field that is friendly for cut/paste. The subnet mask field can be expressed in bits or as octets. [more]You can download it today at lantricks.com/lancalculator/. 

Here are a couple Symantec Mail Security for Exchange tips concerning scanning.  [more]

• Be careful when selecting the “…force rescan before allowing access to information store” option. This forces a rescan of the entire information store every time virus definitions are updated. Depending on how big the information store is, this could take days to complete. And since Symantec usually releases updates at noon, this kicks off on the Exchange server right in the middle of the day.

• If you are going to schedule scans of the information store, but sure to monitor the start and completion times so you can make sure you are not causing performance issues. The logs will report the start of the scan and the end with the following logs.

Notice here it took over a week for the scan to finish. This is an extreme case with a large information store, but even a medium size store could take a couple days to finish.