Great ESX command

Ran into a command new to ESX 4. console-setup from the command line will bring you into a menu based interface for configuring your service consoles. Turns out to be very helpful if you lock your self out by mistake.

SnapDrive 6.2 & Windows 2008 R2 Issue

I'm running Windows 2008 R2 in an ESX virtual machine with Exchange 2010 loaded at one of my sites. I recently ran into an issue where SnapDrive was unable to mount a LUN during the SME snapshot process, specifically when trying to verify the snapshot that was just taken.

------------------------- SnapDrive Operation Start ---------------------------------
Disk connect operation on server - XXXX failed for reason
VDS volume object for the LUN s/n 'P3d/koYntsDA' has not been found
--------------------- The complete operation list is shown as

The fix for this is to patch SnapDrive with SnapDrive 6.2P1.

Which fixes this bug among others:

397462 |Windows 2008R2 120s Volume Arrival Timeout when connecting to LUN Clone on the same host

NDMP NetApp backup issue

So apparently Backup Exec 2010 won't backup a NetApp Filer via NDMP if the root password that you are using has spaces in it.

"unable to authenticate with the ndmp server, or with the remote computer that ..."


Blah!

NCDA

I had to take a break from the CCIE studying for awhile to get some certifications for work.

I just added NCDA to the list!

SMVI Snapshot fails on RDM LUNS

I did a recent NetApp deployment where SMVI was installed. Snapshot's would work for every virtual machine except for the ones that were using RDM luns. There are several NetApp and VMware articles and KB's out there that states this is the way to go now for mounting Exchange, SQL, etc to virtual guests. After some troubleshooting I was able to determine that I was unable to take a snapshot just using VMware. After uninstalling the VMware tools and reinstalling without the VSS driver component it started working.

SnapManager for Exchange fails to create disk

I had a recent SnapManager for Exchange installation. The Exchange server was a virtual guest on an ESX 4 host. The Exchange stores and logs were each on their own luns, each lun on it's own volume. The luns were connected via ISCSI to the esx host and added to the exchange guest as RDM's.


When trying to take a Snapshot it would fail and give me the following errors:

Failed to connect to LUN in a FlexClone. Failure in connecting to the LUN.

Error code : Failed to create disk in virtual machine, Failed to Map virtual disk: A general system error occurred: Failed to create disk: Error creating disk.

SnapManager backup finished with the following result:

*****BACKUP DETAIL SUMMARY*****
Backup group set #1:
Backup SG/DB [First Storage Group] Error: Failed to verify physical integrity of the databases.
Backup SG/DB [Second Storage Group] Error: Failed to verify physical integrity of the databases.

The issue ended up being an initiator group that had been added but not mapped to any luns. When SnapDrive would attempt to mount up the flexclone's for the SnapShot, it would for some reason try to use create the mapping to the flexclone's using this initiator group and fail. Once I deleted the initiator group, rescanned and refreshed the hosts iscsi storage adapter and restarted the Snapmanager for Exchange and Snapdrive services it began working again.

NetApp dedupe

Space savings with ESX vmdk's on NetApp is amazing. Ran it, 76% savings.

NAS01> df -s /vol/vm
Filesystem used saved %saved
/vol/vm/ 34707032 109758560 76%
NAS01>

Frame Relay command

Here's a cool command that I learned about this weekend:

no frame-relay inverse-arp (protocol) (dlci)

Basically you can use this interface command to limit which DLCI's you can use through the inverse arp process.

So if I have DLCI's 102,202,302,402,502 ect available, I could use this command to tell it never to use DLCI's 102 and 502, for whatever reason, for example if it was a requirement in the lab exam.

no frame-relay inverse-arp ip 102

no frame-relay inverse-arp ip 502

Frame Relay MultiLink on GNS3 and CCIE study update

It's been awhile since I posted last. At this point I've pretty much been able to cover almost all of the relevant chapters in the Routing TCP/IP vol 1 book. Currently I'm going through a phase of review and mini labs to harden alot of this material into my brain and then I plan on reviewing the CCIE Written Exam book chapters. I hope to be done doing a solid review of the material I've covered so far in a few weeks. Then I will start in on the vol. 2 book. Originally I thought I was going to be able to take the written 3 months after starting to study. That isn't the case now as I haven't had as much study time with family and work as I thought/hoped I would. Nevertheless, I am still learning a ton and I am actually spending alot of time in GNS3. Hopefully that will shave some time off my lab studying.

Now onto the Frame Relay Stuff.

I was trying to do a lab for Frame Relay Multilink on GNS3 through the frame switch. I wasn't ever able to get it working. After double and checking the configuration I finally gave up and figured it wasn't something that the GNS3/Dynamips frame switch was meant to do.

I was able to get it working by going Back to Back Frame-Relay. Configs Below.

****R1****

interface MFR1

ip address 192.168.1.1 255.255.255.0

no keepalive

frame-relay map ip 192.168.1.1 101

frame-relay map ip 192.168.1.2 101

!

interface MFR1.1 point-to-point

ip address 192.168.2.1 255.255.255.0

frame-relay interface-dlci 102

!

interface MFR1.2 point-to-point

ip address 192.168.3.1 255.255.255.0

frame-relay interface-dlci 103

!

interface Serial1/0

no ip address

encapsulation frame-relay MFR1

serial restart-delay 0

no arp frame-relay

!

interface Serial1/1

no ip address

encapsulation frame-relay MFR1

serial restart-delay 0

no arp frame-relay

!

interface Serial1/2

no ip address

encapsulation frame-relay MFR1

serial restart-delay 0

no arp frame-relay

!

end

****R1****

****R2****

hostname R2

!

interface MFR1

ip address 192.168.1.2 255.255.255.0

no keepalive

frame-relay map ip 192.168.1.1 101

!

interface MFR1.1 point-to-point

ip address 192.168.2.2 255.255.255.0

frame-relay interface-dlci 102

!

interface MFR1.2 multipoint

ip address 192.168.3.2 255.255.255.0

frame-relay map ip 192.168.3.1 103

!

interface Serial1/0

no ip address

encapsulation frame-relay MFR1

serial restart-delay 0

no arp frame-relay

!

interface Serial1/1

no ip address

encapsulation frame-relay MFR1

serial restart-delay 0

no arp frame-relay

!

interface Serial1/2

no ip address

encapsulation frame-relay MFR1

serial restart-delay 0

no arp frame-relay

!

****R2****

r1#sh int mfr1

MFR1 is up, line protocol is up

Hardware is Multilink Frame Relay bundle interface

Internet address is 192.168.1.1/24

MTU 1500 bytes, BW 4632 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation FRAME-RELAY, loopback not set

Keepalive not set

DTR is pulsed for 2 seconds on reset

LMI DLCI 1023 LMI type is CISCO frame relay DTE

FR SVC disabled, LAPF state down

Broadcast queue 0/64, broadcasts sent/dropped 13/0, interface broadcasts 0

Last input 00:00:52, output never, output hang never

Last clearing of "show interface" counters 00:11:27

Input queue: 0/75/6/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/120 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

32 packets input, 4580 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

38 packets output, 6821 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions

r1#

Routing TCP/IP

I started reading the Routing TCP/IP vol 1 book today. I've started with the OSPF chapter. This book is awesome. It is so detailed and yet written in a way that makes the technical informtation easy to digest. It's really bringing out the geek in me.

OSPF Priorities

I wanted to see what would happen if two routers on an ethernet segment were both configured with a priority of 0. Each router also had a loopback interface with OSPF turned on. Basically the routers will only form the 2WAY/DROTHER relationship and no routing updates will be exchanged between the two.

CCIE Study Progress

It's been a few weeks since I decided to begin the journey towards CCIE certification. I went on vacation to Maui shortly after my first post. Unfortunately I broke my leg while boogie boarding after a wave smashed me into the shore. After my surgery I'll be in a cast for 8 weeks. The only good that's really come of it is that now I have alot of time to study. I was originally going to begin with IPV6 but have switched gears to OSPF. After OSPF I'll hit frame relay in depth and then maybe move on to IPV6 and OSPF v3. I've watched a ton of videos and I have been reading the latest CCIE certification book from Cisco press. When I get back home I'll start reading the Routing TCP/IP vol 1 chapters on OSPF. I've also got dynamips and GNS3 installed on my laptop now and have setup a topology that I'm currently using for OSPF features, frame relay and EIGRP for redistribution into an NSSA area. I've gotten a little boost in confidence as I was able to configure the topology without too much hassle and much of the training from the CCNP track is coming back to me even though it's been awhile and I haven't touched OSPF since.

Above is a picture of my current topology.

Below are Router configs from my lab. I plan to next include authentication for the the virtual links and change the point-to-multipoint OSPF topology to NBMA.

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

ip cef

!

interface Loopback1

ip address 192.168.1.1 255.255.255.255

!

interface Serial1/0

no ip address

encapsulation frame-relay

serial restart-delay 0

!

interface Serial1/0.1 point-to-point

ip address 10.1.1.1 255.255.255.0

ip ospf network point-to-point

ip ospf priority 255

frame-relay interface-dlci 102

!

interface Serial1/0.2 multipoint

ip address 172.16.1.1 255.255.255.0

ip ospf network point-to-multipoint

ip ospf priority 255

frame-relay map ip 172.16.1.3 104 broadcast

frame-relay map ip 172.16.1.2 103 broadcast

!

interface GigabitEthernet2/0

ip address 10.11.11.1 255.255.255.0

ip ospf priority 255

negotiation auto

!

router ospf 1

router-id 1.1.1.1

log-adjacency-changes

area 1 virtual-link 5.5.5.5

network 10.1.1.1 0.0.0.0 area 0

network 10.11.11.1 0.0.0.0 area 1

network 172.16.1.1 0.0.0.0 area 0

network 192.168.1.1 0.0.0.0 area 0

!

ip classless

no ip http server

no ip http secure-server

!

!

gatekeeper

shutdown

!

line con 0

exec-timeout 0 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

end

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

ip cef

!

interface Loopback1

ip address 192.168.2.1 255.255.255.255

!

interface Serial1/0

no ip address

encapsulation frame-relay

serial restart-delay 0

!

interface Serial1/0.1 point-to-point

ip address 10.1.1.2 255.255.255.0

ip ospf network point-to-point

ip ospf priority 0

frame-relay interface-dlci 201

!

interface GigabitEthernet2/0

ip address 172.17.0.1 255.255.255.0

ip ospf priority 255

negotiation auto

!

router ospf 1

router-id 2.2.2.2

log-adjacency-changes

area 2 stub

network 10.1.1.2 0.0.0.0 area 0

network 172.17.0.1 0.0.0.0 area 2

network 192.168.2.1 0.0.0.0 area 0

!

ip classless

no ip http server

no ip http secure-server

!

gatekeeper

shutdown

!

line con 0

exec-timeout 0 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

end

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R3

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

ip cef

!

interface Loopback1

ip address 192.168.3.1 255.255.255.255

!

interface Serial1/0

ip address 172.16.1.2 255.255.255.0

encapsulation frame-relay

ip ospf network point-to-multipoint

ip ospf priority 0

serial restart-delay 0

frame-relay map ip 172.16.1.3 301 broadcast

frame-relay map ip 172.16.1.1 301 broadcast

no frame-relay inverse-arp

!

interface FastEthernet2/0

ip address 172.18.0.1 255.255.255.0

ip ospf priority 255

duplex auto

speed auto

!

router ospf 1

router-id 3.3.3.3

log-adjacency-changes

area 3 stub no-summary

network 172.16.1.2 0.0.0.0 area 0

network 172.18.0.1 0.0.0.0 area 3

network 192.168.3.1 0.0.0.0 area 0

!

ip classless

no ip http server

no ip http secure-server

!

gatekeeper

shutdown

!

line con 0

exec-timeout 0 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

end

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R4

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

ip cef

!

interface Loopback1

ip address 192.168.4.1 255.255.255.255

!

interface Serial1/0

ip address 172.16.1.3 255.255.255.0

encapsulation frame-relay

ip ospf network point-to-multipoint

ip ospf priority 0

serial restart-delay 0

frame-relay map ip 172.16.1.1 401 broadcast

frame-relay map ip 172.16.1.2 401 broadcast

!

interface FastEthernet2/0

ip address 172.19.0.1 255.255.255.0

ip ospf priority 255

duplex auto

speed auto

!

router ospf 1

router-id 4.4.4.4

log-adjacency-changes

area 4 nssa default-information-originate no-summary

network 172.16.1.3 0.0.0.0 area 0

network 172.19.0.1 0.0.0.0 area 4

network 192.168.4.1 0.0.0.0 area 0

!

ip classless

no ip http server

no ip http secure-server

!

gatekeeper

shutdown

!

line con 0

exec-timeout 0 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

end

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R5

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

ip cef

!

interface Loopback1

ip address 192.168.5.1 255.255.255.255

!

interface GigabitEthernet1/0

ip address 10.11.11.2 255.255.255.0

negotiation auto

!

interface GigabitEthernet2/0

ip address 10.11.12.1 255.255.255.0

ip ospf priority 255

negotiation auto

!

router ospf 1

router-id 5.5.5.5

log-adjacency-changes

area 1 virtual-link 1.1.1.1

network 10.11.11.2 0.0.0.0 area 1

network 10.11.12.1 0.0.0.0 area 5

!

ip classless

no ip http server

no ip http secure-server

!

gatekeeper

shutdown

!

line con 0

exec-timeout 0 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

end

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R6

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

ip cef

!

interface GigabitEthernet1/0

ip address 172.17.0.2 255.255.255.0

negotiation auto

!

router ospf 1

router-id 6.6.6.6

log-adjacency-changes

area 2 stub

network 172.17.0.2 0.0.0.0 area 2

!

ip classless

no ip http server

no ip http secure-server

!

gatekeeper

shutdown

!

line con 0

exec-timeout 0 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

end

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R7

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

ip cef

!

interface FastEthernet1/0

ip address 172.18.0.2 255.255.255.0

duplex auto

speed auto

!

router ospf 1

router-id 7.7.7.7

log-adjacency-changes

area 3 stub

network 172.18.0.2 0.0.0.0 area 3

!

ip classless

no ip http server

no ip http secure-server

!

gatekeeper

shutdown

!

line con 0

exec-timeout 0 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

end

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R8

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

ip cef

!

interface Loopback1

ip address 18.208.193.4 255.255.192.0

!

interface FastEthernet1/0

ip address 172.19.0.2 255.255.255.0

duplex auto

speed auto

!

router eigrp 10

passive-interface FastEthernet1/0

network 18.208.192.0 0.0.63.255

no auto-summary

!

router ospf 1

router-id 8.8.8.8

log-adjacency-changes

area 4 nssa

redistribute eigrp 10 metric 50 subnets

network 172.19.0.2 0.0.0.0 area 4

!

ip classless

no ip http server

no ip http secure-server

!

gatekeeper

shutdown

!

line con 0

exec-timeout 0 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

end

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R9

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

ip cef

!

interface GigabitEthernet1/0

ip address 10.11.12.2 255.255.255.0

negotiation auto

!

router ospf 1

router-id 9.9.9.9

log-adjacency-changes

network 10.11.12.2 0.0.0.0 area 5

!

ip classless

no ip http server

no ip http secure-server

!

gatekeeper

shutdown

!

line con 0

exec-timeout 0 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

end

SecureCRT GNS3 and Windows 7 Console Issue

I was having issues getting securecrt to work on Windows 7 with GNS3 as the telnet client. I found this link which helped me solve the problem:

http://www.gns3.net/phpBB/topic1246.html


My string for Terminal Command now looks like:

start C:\PROGRA~2\SecureCRT\securecrt.exe /T /telnet 127.0.0.1 %p

Apparently it was translating to the IPV6 address for local host. So replace %h with 127.0.0.1 and it works.

You also don't need the securecrt.vbs script in Windows 7 I guess.

Tabbed Console sessions for GNS3!

CCIE

I've decided to begin studying for the CCIE R&S exam. During my studying most of my posts to this blog will be about the CCIE and what I'm studying for at the time. I've decided to tackle IPV6 first, since that was my weakest area when I was taking the CCNP tests. Alot more to come....

How to Import Mail from Mac Mail into Outlook 2003/2007

From inside Mac Mail select all of the e-mail message you wish to export.
Select File > Save As
Change the format to "RAW Format"
Once the file is done saving, transfer it to a windows PC
Rename the file to mail.mbox
Download and Install IMAP Size - www.broobles.com/imapsize/download.php
From IMAPSIZE go to Tools > mbox2eml...
Select the location for the converted messages
Once the conversion is done Open Outlook Express

Select all of the converted messages in Windows explorer and drag them to the Outlook Express Inbox

Once the messages all appear in Outlook Express open Outlook 2003/2007
File > Import From another Program or File > Outlook Express ......

Walla, Mac Mail moved onto your Exchange Server

Removing GFI EndPointSecurity 3.0 Agent

This program is intended to block the use of unauthorized USB devices on computers and servers.
http://www.gfi.com/endpointsecurity

I found this installed at a site with no management console available. There is no uninstaller for the program, and GFI contends that you must use the console. I tried several times to remove the program to no avail. The thing is worse than SpyWare.

This is how I finally got rid of it:

Download Process Explorer - http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Download HijackThis - http://free.antivirus.com/hijackthis/

Go into the service, change the service properties to not restart. Stop the service, you may have to do this several times. Once the service is stopped open a command window and type: sc delete "Service Name"

Open Process Explorer, Change the Priority of the process, eppsver.exe (or something close to that) to the lowest possible.

Open up the properties from process explorer and kill each thread.

Once all the threads are killed delete the Program Files Folder that contains eppsvr.exe, I think it was GFI.

Run Hijack This and delete the startup Hook. Reboot and make sure the thing is gone.

Cisco SSL VPN's and DFS

If you want VPN clients that are a different subnet than your other LAN's, to be able to access a DFS share, then the VPN subnet needs to be associated with an AD Site.

Dell PowerConnect 6200 Stack, Updated!

I had some further conversation's with Dell and they were able to provide me with documentation to further verify the Cross Stack 802.3ad Functionality:

Here's an example show command from a Dell Support Page that illustrates Ports spanning multiple switches that are active in a Port Channel:

Example

Console#show interfaces port-channel

Channel Ports Hashing-mode

------- --------------------------------------- ------------

ch1 Active: 1/e1, 2/e2 1

ch2 Active: 2/e2, 2/e7 Inactive: 3/e1 2

ch3 Active: 3/e3, 3/e8 3

ch4 No Configured Ports 5

ch5 No Configured Ports 6

ch6 No Configured Ports 4

ch7 No Configured Ports 3

ch8 No Configured Ports 3

I still need to get some Demo switches. You would think that Dell would be advertising this feature way more since Cisco is the only other vendor that does this, that I know of.

***Updated*** Dell PowerConnect 6200 Stack

***Update***

A colleague of mine has tested this and verified that it in fact does work. He did note that you cannot enable flow control on a per interface basis it has to be done for the entire switch. This is a little bit of an issue because it is recommended that this is enabled on the NetApp interfaces but not for VMWARE hosts. So it's a bummer if you have your storage and virtualization systems connected to the same stack.

Apparently Dell makes a stackable switch that provides functionality close to Cisco's Stackwise.

http://www.dell.com/downloads/global/products/pwcnt/en/PC_6200Series_proof1.pdf

Like the Cisco 3750 series switches, with the Dell PowerConnect 6200 series you can have a Port-Channel span multiple physical switches. Cisco calls this Cross-Stack EtherChannel, I haven't quite figured out what Dell calls it yet.

While the performance isn't as robust as some of the 3750 switches, the price is way lower.

From Dell's site it was hard to determine whether or not the PowerConnect did support this type of configuration. I confirmed with two different people at Dell that it did. I am waiting on a couple to test.

Symantec Endpoint Protection Migration and Deployment Wizard SBS 2008

I was unable to use the Migration and Deployment wizard with SBS 2008. When I got to "Specify the name of a new group that you wish to deploy clients to" the wizard would go to "Loading" for a second and then return to the previous screen. The Built in Administrator account is disabled in SBS 2008 by default. There are to ways around this issue:

1) Enable the Built in Administrator account, log on, and run the Wizard from that account.

OR

2) Go to the Start Menu, Right click the command Prompt and Select "Run as Administrator"

Command Prompt:

Microsoft Windows [Version 6.0.6002]

Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>cd C:\Program Files (x86)\Symantec\Symantec Endpoint Protect

ion Manager\bin

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin>firstuse.bat

SQL Server 2008 Setup requires Microsoft .Net framework 3.5 to be installed

I was installing SQL 2008 the other day and kept getting the following error:

"SQL Server 2008 Setup requires Microsoft .Net framework 3.5 to be installed"

I tried running the .NET Cleanup and reinstalling with no luck. It turns out that this error was being cause by a bad download of the SQL 2008 Standard Media from the MS Site. I downloaded the product again without issue.

802.3ad MultiMode Dynamic VIF and an HP Procurve Switch

These are the configs to get LACP and 802.1q working between a NetApp and HP Procurve. An HP "Trunk". There are other ways to configure this, but after an e-mail to NetApp and phone call to HP, it sounds like this is the "preferred" way to configure the two devices together.

You will notice that VLAN 1 is tagged on the HP Procurve Trunks. VLAN 1 must be tagged or the NetApp will not communicate over it. By default it is not tagged on HP or Cisco switches.

IP addresses, VLAN Numbers and Hostnames have been changed.

/ETC/RC

hostname NAS01

vif create lacp vif0 e0a e0b

vlan create vif0 1 10

ifconfig vif0-1 `hostname`-vif0-1 netmask 255.255.255.0 wins

ifconfig vif0-10 `hostname`-vif0-10 netmask 255.255.255.0 wins

route add default 192.168.1.1 1

routed on

options.dns.enable on

options.nis.enable off

savecore

/ETC/HOSTS

127.0.0.1 localhost

192.168.1.2 NAS01 NAS01-vif0-1

10.0.0.2 NAS01 NAS01-vif0-10

Below is the HP config. Before you run the Trunk (ports) (trunkname) lacp command for the ports connected to the Filer, you need to drop down to each interface and run "lacp passive". I know it doesn't show up in the config, but if you run the trunk command without the LACP passive command it will place "LACP Active" in the configuration. I was unable to get the Trunk to come up properly when this was in place. Also, you'll want to turn Flow Control on for the ports the NAS is using.

Running configuration:

; J9022A Configuration Editor; Created on release #N.11.15

interface 25

name "NAS01e0a"

flow-control

exit

interface 26

name "NAS01e0b"

flow-control

exit

trunk 25-26 Trk1 LACP

vlan 1

name "Production"

untagged 1-20,27-36,Trk4-Trk6

ip address 192.168.1.3 255.255.255.0

tagged Trk1

no untagged Trk2-Trk3

exit

vlan 10

name "Storage"

untagged Trk2-Trk3

no ip address

tagged Trk1

exit

Backup Exec System Recovery, Can't Map Drive to Restore Server

I was trying to map the machine that needed to be recovered to a network share from the Symantec Backup Exec System Recovery Bootable Recovery CD.. The interface would map the drive but never let me get into it. It also wouldn't ask me for credentials.

I found a way around this, if you go back to the screen where you select the file image to use, click browse. Double Click Computer. Select your C drive, but don't double click it. Hold Down Shift + F10. A menu should come up with an option to go to the command line.

Map your share from the command line:

net use r: \\server\sharename /user:domain\username password

I was then able to get back to the browse window and select the image to restore from the share.

Hyper-V no VHD Mount?

Apparently you can't mount VHD's straight to your OS anymore in Hyper-V. I remember being able to do this in VS2005. Lame.

Free Wifi Survey Tool

I found a great free wireless survey tool that works with Windows 7.

The tool is Covers and it can be found here:

http://www.celtrio.com/download/

Cisco Aironet 1252 AP and N Data rates

I was having an issue getting Netbooks to connect to the Cisco Wireless AP's with "N" Data rates. Standing 10 feet away I'll I could get was 54 MBPS. I spoke with TAC and apparantely Cisco only supports the "N" rates if you are using Open Authentciation or WPA2-AES at the moment. Good to Know.

Cisco Aironet 1252 and IPHONE Wireless Not Working

I deployed a few Cisco 1252 AP's and ran into an issue getting the IPHONE to connect to them over the wireless network. It would not connect using WPA-PSK TKIP or even just plain open authentication. Cisco TAC was unable to come up with a solution. So I procceded to systematically change options on the radio one by one. I was able to get the iphone connected after disabling the Cisco Aironet Extensions on the radio interface. I haven't had issues in the past with 1242 AP's and iphones, but with the 1252 there does seem to be a problem. My AP's were also deployed autonomously.

I found this wiki article about Aironet Extensions which I have never used:

http://supportwiki.cisco.com/ViewWiki/index.php/Is_it_possible_to_use_Aironet_extentions_in_a_mixed_environment_with_Cisco_and_non-Cisco_clients%3F

I'm not sure if this is a new thing that these are on by default now.

Cisco AP, Microsoft IAS, PEAP Issues

I had a recent PEAP deployment for a client go south this week. It was supposed to be a simple reconfiguration from LEAP to PEAP, no big deal....

3 Cisco 1231 AP's running 12.4, Microsoft IAS server, Windows 2003 Server, self signed certificate, Cisco Aironet Cards and Windows XP/Vista Clients.

After everything was configured I could not get the wireless to work. I looked into many potential causes and had a Cisco and Microsoft Call going with no luck. I also had the configuration mirror Microsoft and Cisco documents to the letter and had ruled out all solutions I could find online. I was recieving several errors in my event logs related to IAS:

- Event 2, Reason-Code=8, Reason=the specified user account does not exist.

- Reason-Code = 16, Reason = Authentication was not successful because an unknown user name or incorrect password was used.

- Reason-Code = 260, Reason = The message or signature supplied for verification has been altered

I accidently discovered what I believe the problem to be after trying to install a hotfix. The hotfix failed with this error:

The Service Pack 2 \i386\update\update.inf file is not correct.

Which led me here: http://support.microsoft.com/kb/946938

Which then led me to this KB from Microsoft stating the fact that this change is unsupportable and will cause system instability: http://support.microsoft.com/kb/933700

"Microsoft does not support changing the location of the Program Files folder by modifying theProgramFilesDir registry value. If you change the location of the Program Files folder, you may experience problems with some Microsoft programs or with some software updates."

As far as I can tell the issue was caused due to the registry change or potential corruption of installed windows components/hotfixes after such change.

I reinstalled IAS on another server, mirrored the configuration and updated the cert on clients and AP configs. My wireless clients began working immediatly with no further issues.

This issue was rather difficult to pin point so I hope it saves someone else some headaches.

New Cisco 1252 AP's

The Cisco 1252 Wireless N AP's don't come with an external power supply out of the box like the others int eh 1200 series do. So if you don't plan on using POE or a power injector you'll need this part: AIR-PWR-SPLY1=

Also with the AP's there are three 2.4 GHz Dipole part numbers listed in the ordering guide:

AIR-ANT2422DG-R
AIR-ANT2422DW-R
AIR-ANT4941

The "DG" part number is a gray antenna that does not pivot and is shorter than the other two. The only place I was able to find the clarification on Cisco's site was here:

http://cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/at_a_glance_c45-513837.pdf

Hailing in Anchorage