Blog

We recently deployed VRF groups on our core switches and there are a few key changes to troubleshooting/configuration.
Ping:
Standard way: ping 192.168.1.1
w/ VRFs: ping vrf NAME 192.168.1.1 (where NAME is the name of the vrf group)

Traceroute
Standard way: traceroute 192.168.1.1
w/ VRFs: traceroute 192.168.1.1 /vrf NAME

If you are trying to make a connection to a destination that resides in a VRF from the core switches you will most likely have to include some sort of VRF tagging.  This even applies to services like RADIUS, NTP, DHCP Relay, and TACACS.

Upon receiving my new Lenovo ThinkPad laptop, I set up fingerprint authorization through the Lenovo software.  After ensuring all my fingerprints were scanned properly, I rebooted the machine.   I tried to the use my fingerprint to login and the light flashed green.  Unfortunately, the machine wouldn’t proceed any farther in the process.

It appears you have to go into Windows 7 itself and enable ‘Domain Login’ under the Windows Biometric section in order to actually allow domain authorization.  Otherwise, the software will just let you access local accounts.

I was building a new Server 2008 machine for a customer a few weeks ago. After installing the OS, I decided to activate the OS. I was told  I would have to activate over the phone because Internet activations do not work from the office. Before I could activate though, I needed to change the product key to the customer’s key. When I typed in the new key, I received an error stating “Invalid product key”. I decided to call Microsoft. They verified the key was correct several times in different departments. I was told it might be a key/media mismatch. So I reinstalled and immediately tried to change the product key again. It again gave me the same error. I was finally told that keys generated after SP2 was released would not be recognized as valid until the system was running SP2. I installed SP2 and the key activated without a problem.

We ran into a problem recently where users on a Windows 2008 R2 terminal server would lose their connection to SMB shares.  Fully-qualified domain names do not get disconnected.

There is a Hotfix from available from Microsoft that fixes this problem:  http://support.microsoft.com/kb/2194664.  The Hotfix is integrated into into Windows 2008 R2 SP1 and the next Windows 7 service pack.

I received some scanned PDF documents from a customer who had scanned them at high resolution. When I tried to use Acrobat to OCR the files, I got an error message stating the pages were larger than the 45" maximum. I was able to OCR the files once I printed them to individual PDFs (which put them into 8.5X11 pages).

I had to troubleshoot a point to point T1 circuit that was down.  The circuit is joined between two different carriers.  One side of the circuit was Verizon, and the other side was AT&T.  We weren’t sure who to call originally, so both of the carriers were called to troubleshoot the circuit.

While tests were being done, I was able to go onsite and tell right off the smartjack had no lights on it at all.  AT&T local technician was eventually dispatched to move the connection over to a spare smartjack onsite.  After everything was moved, we rebooted the routers at both ends, but the circuit was still dead. [more]

The technician finally decided to try sending a loopback clear signal down the entire line stating that “It appeared that there was still a software loopback somewhere on the line that wasn’t removed after testing.”  After he sent the signal down the line, we rebooted the routers and the circuit came back up.

This is something handy we can ask the onsite technicians to look for in the case where everything looks like it should be working but isn’t.

I had come across a user that was unable to print to their local printer.  The printer was situated underneath the desk in a dark corner so it wasn’t very visible.  I decided to check the USB cable first to make sure it was connected.  Unplugging it and plugging it back in showed the USB connected message in the system tray.

As I pulled the printer out a little further, I saw that it had a LCD panel that said “Select your language”.  I hit OK to select English, then selected the Country.  After the selections were confirmed, all of the jobs in the print queue started printing.

The user had replaced the toner cartridge recently, so that could have been when the prompt started.  If you're working on a printer problem in the future it's probably worth asking the user if it has an LCD screen and to check that it is not waiting on some kind of response.

Block level vmdk backups have limitations that will GET YOU.  Backup Exec and Veeam both have the ability to backup the vmdk files in a VMware environment and still retain enough information in the backup set to do individual file level restores.  However, both products will ONLY work if you have vmdk disks partitioned using the MBR (Master Boot Record) type tables and NOT the more modern GPT (Guid Partition Table) structure.

This is sort of a follow up to a post about the Firefox addon Certificate Patrol.  The addon Perspectives also helps watch out for certificate related problems.  When you go to a secure web site, Perspectives can (with a click or automatically) check with several “notaries” scattered around the world and tell you whether they are getting the same certificate from that site as you are.  Read http://perspectives-project.org/ for more details.  Here is a link to the Firefox addon: https://addons.mozilla.org/en-US/firefox/addon/perspectives.  There is also an Alpha, very experimental Chrome addon https://chrome.google.com/webstore/detail/lnppfgdnjafeikakadfopejdpglpiahn.

This project is out of Carnegie Mellon University  The notary server is open source, so anyone can run their own servers.  By default, the plugin uses several servers that seem to be run by the Massachusetts Institute of Technology.