Exchange – Certificate Invalid ‘Revocation Check Failed’

KB ID 0001121 

Problem

When you check the status of a certificate in Exchange and it it displayed at ‘Invalid’ and the details show that the revocation check has failed.

Solution

This can happen if your certificate CA has its CRL or OCSP information setup incorrectly, or the Exchange sever simply cannot access them to verify the validity of the certificate. If you are using your own CA the correct way to fix the problem is setup a CRL or an OCSP responder properly.

Windows Certificate Services – Setting up a CRL

Microsoft Certificate Services Configuring OCSP

However there may be some circumstances where you want the certificate to work but don’t have the time/inclination  to fix the CRL/OCSP. I found myself in this situation on my test network. I wanted to use this certificate but it was quicker to ‘hack’ Exchange than to fix the CRL and reissue certificates.

This is more a workaround then  a fix, you can get Exchange to ‘not bother ‘enforcing the revocation check, it will still show as having a revocation error but it wont be flagged as ‘invalid’.

Run the registry editor (regedit) > Navigate to;

[box]
>HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
[/box]

Change the State value to 23e00 (Hexadecimal).

Navigate to;

[box]
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
[/box]

Change the State value to 23e00 (Hexadecimal).

Navigate to;

[box]
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
[/box]

Change the State value to 23e00 (Hexadecimal).

Reboot the server and now the certificate view will have changed;

Related Articles, References, Credits, or External Links

NA

Windows Server 2012 – Add Role Error 0x800f0902

KB ID 0001120 

Problem

I was setting up a print server yesterday, when I tried to add the print server role it failed with this error;

Unable to obtain feature list error 0x800f0902

Solution

Internet searching was pointing to a problem with the ‘Task Scheduler Service’ and suggested stopping that, which I was unable to do. It turns out my server had just finished Windows updates, and needed to reboot, (it was a new deployment). Post reboot it was fine.

Related Articles, References, Credits, or External Links

NA

Windows Server 2012 R2 – Stop IE Opening ‘In Metro’

KB ID 0001119 

Problem

I was working on some Server 2012 R2 servers this morning, and every time I tried to launch IE, instead of the normal IE 11, it stubbornly kept opening the the IE App.

Solution

Hit the Windows key > Type in ‘internet options’ > make the following changes;

Programs Tab > Opening Internet Explorer > Select ‘Always in Internet Explorer on the desktop’ > Apply > OK.

Related Articles, References, Credits, or External Links

NA

Cisco ASA – Active / Active Failover

KB ID 0001114

Usually when I’m asked to setup Active/Active I cringe, not because its difficult, its simply because people assume active/active is better than active/standby. I hear comments like ‘we have paid for both firewalls lets use them’, or ‘I want to sweat both assets’.

The only real practical use cases I can think of for Active /Active are;

  • You have a multi-tenancy environment and want to offer your tenants failover firewall capability.
  • You have multiple LAN subnets and what to split them though different firewalls.

What Active/Active Wont Give You

Load balancing: It’s a firewall! If you want load balancing buy a load balancer! People assume because both firewalls are passing traffic, they must load balance, they don’t, in fact they don’t even pass traffic from the same subnet.

VPNS: Yes theres no VPNs with Active Active. (This is 100% the case up to an including version 9.0, after version 9.0 they have stopped saying it’s not supported, but don’t say it’s supported).

Deploy Cisco ASA in Active/Active Failover

Here’s what Im going to setup;

For a more ‘logical’ view heres what is actually being setup;

1. Make sure the Licences are on the firewalls allow multiple contexts. and Active/Active, for 5510, 5512-X, and 5508-X that means Security Plus, for all other models a ‘base’ licence is required. (Note: This CANNOT be done on an ASA 5505 or 5506-X).

[box]

ciscoasa(config)# show version

Cisco Adaptive Security Appliance Software Version 8.4(2) 

——OUTPUT REMOVED FOR THE SAKE OF BREVITY—

Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Disabled       perpetual
Security Contexts                 : 5              perpetual
GTP/GPRS                          : Disabled       perpetual

——OUTPUT REMOVED FOR THE SAKE OF BREVITY—

Configuration last modified by enable_15 at 08:04:40.249 UTC Wed Oct 14 2015
ciscoasa(config)#

[/box]

2. Put the firewalls in Multiple context mode.

[box]

ciscoasa(config)# mode multiple 
WARNING: This command will change the behavior of the device
WARNING: This command will initiate a Reboot
Proceed with change mode? [confirm] 
Convert the system configuration? [confirm] 
!
The old running configuration file will be written to flash

Converting the configuration - this may take several minutes for a large configuration

The admin context configuration will be written to flash

The new running configuration file was written to flash
Security context mode: multiple 

[/box]

3. Let it reboot.

4. Make sure the firewall is in routed mode, and multiple context mode, repeat on the other firewall.

[box]

ciscoasa> enable
Password: *********
ciscoasa# show mode
Security context mode: multiple 
ciscoasa# show firewall
Firewall mode: Router
ciscoasa#

[/box]

5. Once ASA1 is backup give it a sensible hostname, and ensure all the physical interfaces (and any sub interfaces) are NOT shutdown, and add then to the relevant VLAN (they are shut down by default).

[box]

ciscoasa(config)# hostname PHYSICAL-ASA    
PHYSICAL-ASA(config)# interface gigabitEthernet 0
PHYSICAL-ASA(config-if)# no shut
PHYSICAL-ASA(config)# interface gigabitEthernet 0.1
PHYSICAL-ASA(config-subif)# no shut
PHYSICAL-ASA(config-subif)# vlan 800
PHYSICAL-ASA(config)# interface gigabitEthernet 0.2
PHYSICAL-ASA(config-subif)# no shut
PHYSICAL-ASA(config-subif)# vlan 900
PHYSICAL-ASA(config)# interface gigabitEthernet 1
PHYSICAL-ASA(config-if)# no shut
PHYSICAL-ASA(config-if)# interface gigabitEthernet 1.1
PHYSICAL-ASA(config-subif)# no shut
PHYSICAL-ASA(config-subif)# vlan 100
PHYSICAL-ASA(config-subif)# interface gigabitEthernet 1.2
PHYSICAL-ASA(config-subif)# no shut
PHYSICAL-ASA(config-subif)# vlan 200
PHYSICAL-ASA(config-subif)# exit
PHYSICAL-ASA(config)# exit
PHYSICAL-ASA# 

[/box]

6. Failover link NEEDS to be configured and used by the SYTEM Context, so its configured here. (Note: I’m using the same physical interface for LAN and Stateful failover information).

[box]

PHYSICAL-ASA(config)# failover lan unit primary
PHYSICAL-ASA(config)# failover lan interface FAILOVER GigabitEthernet2
INFO: Non-failover interface config is cleared on GigabitEthernet2 and its sub-interfaces
PHYSICAL-ASA(config)# failover link FAILOVER GigabitEthernet2
PHYSICAL-ASA(config)# failover interface ip FAILOVER 172.16.1.1 255.255.255.0 standby 172.16.1.2
PHYSICAL-ASA(config)#

[/box]

7. You can only have TWO failover groups (you can have many contexts, depending on the licence on your firewall).

[box]

PHYSICAL-ASA(config)# failover group 1
PHYSICAL-ASA(config-fover-group)# polltime interface msec 500 holdtime 5
PHYSICAL-ASA(config-fover-group)# primary 
PHYSICAL-ASA(config-fover-group)# preempt 100
PHYSICAL-ASA(config-fover-group)# exit
PHYSICAL-ASA(config)# failover group 2
PHYSICAL-ASA(config-fover-group)# polltime interface msec 500 holdtime 5
PHYSICAL-ASA(config-fover-group)# secondary 
PHYSICAL-ASA(config-fover-group)# preempt 200

[/box]

Note: Unlike Active/Passive the ASA can preempt and ‘fail-back’ automatically.

8. Setup and assign your CONTEXTS (virtual firewalls), to these groups.

[box]

PHYSICAL-ASA(config)# admin-context admin    
PHYSICAL-ASA(config)# context admin
PHYSICAL-ASA(config-ctx)# config-url disk0:/admin.cfg

Cryptochecksum (changed): d9951253 3b82d2ce 840166f8 ccd3d7f1 
INFO: Context admin was created with URL disk0:/admin.cfg
INFO: Admin context will take some time to come up .... please wait.
PHYSICAL-ASA(config-ctx)# context vASA1
Creating context 'vASA1'... Done. (2)
PHYSICAL-ASA(config-ctx)# allocate-interface GigabitEthernet1.1 inside_vASA1
PHYSICAL-ASA(config-ctx)# allocate-interface GigabitEthernet0.1 outside_vASA1
PHYSICAL-ASA(config-ctx)# config-url disk0:/vASA1.cfg

WARNING: Could not fetch the URL disk0:/vASA1.cfg
INFO: Creating context with default config
PHYSICAL-ASA(config-ctx)# join-failover-group 1
PHYSICAL-ASA(config-ctx)# context vASA2
Creating context 'vASA2'... Done. (3)
PHYSICAL-ASA(config-ctx)# allocate-interface GigabitEthernet1.2 inside_vASA2 
PHYSICAL-ASA(config-ctx)# allocate-interface GigabitEthernet0.2 outside_vASA2
PHYSICAL-ASA(config-ctx)# config-url disk0:/vASA2.cfg                        

WARNING: Could not fetch the URL disk0:/vASA2.cfg
INFO: Creating context with default config
PHYSICAL-ASA(config-ctx)# join-failover-group 2

[/box]

The following will show you a summary of the contexts.

[box]

PHYSICAL-ASA(config)# show run | b context
admin-context admin
context admin
  config-url disk0:/admin.cfg
!

context vASA1
  allocate-interface GigabitEthernet0.1 outside_vASA1 
  allocate-interface GigabitEthernet1.1 inside_vASA1 
  config-url disk0:/vASA1.cfg
  join-failover-group 1
!

context vASA2
  allocate-interface GigabitEthernet0.2 outside_vASA2 
  allocate-interface GigabitEthernet1.2 inside_vASA2 
  config-url disk0:/vASA2.cfg
  join-failover-group 2
!

[/box]

10. Now configure vASA1.

[box]

PHYSICAL-ASA(config)# changeto context vASA1
PHYSICAL-ASA/vASA1(config)# interface outside_vASA 1
PHYSICAL-ASA/vASA1(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
PHYSICAL-ASA/vASA1(config-if)# ip address 123.123.123.123 255.255.255.0 standby 123.123.123.124
PHYSICAL-ASA/vASA1(config-if)# no shut
PHYSICAL-ASA/vASA1(config)# interface inside_vASA 1
PHYSICAL-ASA/vASA1(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
PHYSICAL-ASA/vASA1(config-if)# ip address 10.5.100.1 255.255.255.0 standby 10.5.200.2
PHYSICAL-ASA/vASA1(config-if)# no shut
PHYSICAL-ASA/vASA1(config-if)# exit
PHYSICAL-ASA/vASA1(config)# route outside 0.0.0.0 0.0.0.0 123.123.123.1
PHYSICAL-ASA/vASA1(config)# monitor-interface inside 
PHYSICAL-ASA/vASA1(config)# monitor-interface outside
PHYSICAL-ASA/vASA1(config)# object network obj_any
PHYSICAL-ASA/vASA1(config-network-object)# subnet 0.0.0.0 0.0.0.0
PHYSICAL-ASA/vASA1(config-network-object)# nat (inside,outside) dynamic interface
PHYSICAL-ASA/vASA1(config-network-object)# exit
PHYSICAL-ASA/vASA1(config)# exit
PHYSICAL-ASA/vASA1# 

[/box]

11. Now configure vASA2.

[box]

PHYSICAL-ASA/vASA1(config)# changeto context vASA2
PHYSICAL-ASA/vASA2(config)# interface inside_vASA 2
PHYSICAL-ASA/vASA2(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.       
PHYSICAL-ASA/vASA2(config-if)# ip address 10.6.200.1 255.255.255.0 standby 10.6.200.2
PHYSICAL-ASA/vASA2(config-if)# no shut              
PHYSICAL-ASA/vASA2(config)# interface outside_vASA 2
PHYSICAL-ASA/vASA2(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
PHYSICAL-ASA/vASA2(config-if)# ip address 120.120.120.120 255.255.255.0 standby 120.120.120.122
PHYSICAL-ASA/vASA2(config-if)# exit
PHYSICAL-ASA/vASA2(config)# route outside 0.0.0.0 0.0.0.0 120.120.120.1
PHYSICAL-ASA/vASA2(config)# object network obj_any
PHYSICAL-ASA/vASA2(config-network-object)# subnet 0.0.0.0 0.0.0.0
PHYSICAL-ASA/vASA2(config-network-object)# nat (inside,outside) dynamic interface
PHYSICAL-ASA/vASA2(config-network-object)# exit
PHYSICAL-ASA/vASA2(config)# 

[/box]

12. Go back the the System context and save ALL the changes.

[box]

PHYSICAL-ASA/vASA2(config)# changeto system 
PHYSICAL-ASA(config)# wr mem all
Building configuration...
Saving context :           system : (000/003 Contexts saved) 
Cryptochecksum: e63d00e3 18224da1 be9d77c6 27c6e54d 

2109 bytes copied in 0.300 secs
Saving context :            admin : (001/003 Contexts saved) 
Cryptochecksum: f2f07827 f2784851 89925ac1 86c1e96f 

974 bytes copied in 0.330 secs
Saving context :            vASA1 : (002/003 Contexts saved) 
Cryptochecksum: 037e3a39 fe10e4d0 ff72d306 36fcf1ed 

1930 bytes copied in 0.330 secs
Saving context :            vASA2 : (003/003 Contexts saved) 
Cryptochecksum: e9024f22 53ad6316 70f7ccad 4394c81c 

1879 bytes copied in 0.230 secs
[OK]                                                         
PHYSICAL-ASA(config)# 

[/box]

Note: Configuration on the main (physical) firewall is complete, the ‘failover’ configuration needs to now be setup on the second physical ASA.

13. On the ’Secondary’ Physical ASA.

[box]

ciscoasa# configure terminal 
ciscoasa(config)# interface gigabitEthernet 0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# interface gigabitEthernet 0.1
ciscoasa(config-subif)# no shut
ciscoasa(config-subif)# vlan 800
ciscoasa(config-subif)# interface gigabitEthernet 0.2
ciscoasa(config-subif)# no shut
ciscoasa(config-subif)# vlan 900
ciscoasa(config-subif)# interface gigabitEthernet 1
ciscoasa(config-if)# no shut
ciscoasa(config-if)# interface gigabitEthernet 1.1
ciscoasa(config-subif)# no shut
ciscoasa(config-subif)# vlan 100
ciscoasa(config-subif)# interface gigabitEthernet 1.2
ciscoasa(config-subif)# no shut
ciscoasa(config-subif)# vlan 200
ciscoasa(config-subif)# exit
ciscoasa(config)# failover lan unit secondary 
ciscoasa(config)# failover lan interface FAILOVER GigabitEthernet2       
INFO: Non-failover interface config is cleared on GigabitEthernet2 and its sub-interfaces
ciscoasa(config)# failover link FAILOVER GigabitEthernet2                     
ciscoasa(config)# failover interface ip FAILOVER 172.16.1.1 255.255.255.0 standby 172.16.1.2
ciscoasa(config)# 

[/box]

14. Remember failover is off by default, and we have not switched it on, this needs to be done on both of the physical ASA’s (primary and secondary). Note: Make sure the ‘failover’ interface is NOT in a shut down state first!

[box]

Secondary


ciscoasa(config)# interface GigabitEthernet2
ciscoasa(config)# no shut
ciscoasa(config)# failover
ciscoasa(config)# 

Primary

PHYSICAL-ASA(config)# int gigabitEthernet 2
PHYSICAL-ASA(config-if)# no shut
PHYSICAL-ASA(config)# failover
PHYSICAL-ASA(config)#

[/box]

Note: If building in GNS3 sometimes you need to put a switch in the middle of the ‘backup link’ or the firewalls don’t detect each other!

17. Top Tip: Remember that you need to make the changes on the active firewall context in the correct failover group. Change the firewall prompt to show you all this information.

[box]

PHYSICAL-ASA# conf t
PHYSICAL-ASA(config)# prompt hostname context priority state
PHYSICAL-ASA/pri/act(config)# 

[/box]

Testing Active/Active Failover

If you change to vASA1 (notice it’s active).

[box]

PHYSICAL-ASA/pri/act(config)# changeto context vASA1
PHYSICAL-ASA/vASA1/pri/act(config)# 

[/box]

Now change to vASA2, (This ones in standby so DONT make changes here or they wont get replicated / saved).

[box]

PHYSICAL-ASA/vASA1/pri/act(config)# changeto context vASA2
PHYSICAL-ASA/vASA2/pri/stby(config)# 

[/box]

Note: Moral of the story is you need to be aware what physical firewall you are on (primary or secondary) what mode you are in (active or standby) and what context you are in (vASA1 or vASA2). So in this example to make a change to vASA2 you would need to go to Secondary/Standby/vASA2 to edit the active firewall, (confusing eh! That’s why I change the firewall prompt).

Now you will want to test things, probably by pinging, don’t forget ICMP is not enabled by default an you will need to enable it, (in each context).

[box]

vASA1 (as specified above), make sure it says ‘act’ on the end of the prompt.

PHYSICAL-ASA/pri/act(config)# changeto context vASA1
PHYSICAL-ASA/vASA1/pri/act(config)# policy-map global_policy
PHYSICAL-ASA/vASA1/pri/act(config-pmap)# class inspection_default
PHYSICAL-ASA/vASA1/pri/act(config-pmap-c)# inspect icmp
PHYSICAL-ASA/vASA1/pri/act(config-pmap-c)# exit
PHYSICAL-ASA/vASA1/pri/act(config-pmap)# exit
PHYSICAL-ASA/vASA1/pri/act(config)# exit
PHYSICAL-ASA/vASA1/pri/act# 

vASA2 (as specified above), make sure it says ‘act’ on the end of the prompt.

PHYSICAL-ASA/sec/stby# changeto context vASA2
PHYSICAL-ASA/vASA2/sec/act# conf t
PHYSICAL-ASA/vASA2/sec/act(config)# policy-map global_policy
PHYSICAL-ASA/vASA2/sec/act(config-pmap)# class inspection_default
PHYSICAL-ASA/vASA2/sec/act(config-pmap-c)# inspect icmp
PHYSICAL-ASA/vASA2/sec/act(config-pmap-c)# exit
PHYSICAL-ASA/vASA2/sec/act(config-pmap)# exit
PHYSICAL-ASA/vASA2/sec/act(config)# exit

[/box]  

Cisco IOS – Setting Up DHCP Scopes

KB ID 0001112 

I usually only have to do this on very small sites, or occasionally on the test bench. Most of the time we will have a server sat doing DHCP. The procedure below was carried out on a router, but the procedure is the same for a catalyst switch.

By default DHCP is disabled, you have to turn it on, then create a ‘dhcp pool.’

[box]

Petes-Router(config)#service dhcp
Petes-Router(config)#ip dhcp pool DATA-VLAN-10

[/box]

Then set the range of addresses and scope options.

[box]

Petes-Router(dhcp-config)#network 172.16.1.0 255.255.255.0
Petes-Router(dhcp-config)#default-router 172.16.1.1
Petes-Router(dhcp-config)#dns-server 8.8.8.8 8.8.4.4
Petes-Router(dhcp-config)#domain-name petenetlive.com
Petes-Router(dhcp-config)#exit

[/box]

Don’t forget to EXCLUDE the ip address of the router/switch from the DHCP scope, and any other static IP’s you have.

[box]

Petes-Router(config)#ip dhcp excluded-address 172.16.1.1

[/box]

There’s nothing to stop you running multiple scopes either, below I add another scope for my voice VLAN, and exclude the router IP on that VLAN, and my PBX.

[box]

Petes-Router(config)#ip dhcp pool VOICE-VLAN-11
Petes-Router(dhcp-config)#network 172.16.2.0 255.255.255.0
Petes-Router(dhcp-config)#default-router 172.16.2.1
Petes-Router(dhcp-config)#dns-server 8.8.8.8 8.8.4.4
Petes-Router(dhcp-config)#exit
Petes-Router(config)#ip dhcp excluded-address 172.16.2.1
Petes-Router(config)#ip dhcp excluded-address 172.16.2.250

[/box]

Related Articles, References, Credits, or External Links

NA

HP Networking – Tracing Networks and Locating IP addresses

KB ID 0001110

After not touching one for a couple of years, I was back on HP switches recently, and I had to map out a clients switches. Now I could have used some software, but they didn’t have SNMP enabled so, I had to ‘re acquaint’ myself with LLDP.

For a basic LLDP View of attached devices.

[box]

HP-Switch-1# show lldp info remote-device

 LLDP Remote Devices Information

  LocalPort | ChassisId                 PortId PortDescr SysName
  --------- + ------------------------- ------ --------- ----------------------
  10        | Cisco1.petenetlive.com       Gig...
  10        | 00 1c f6 c8 55 8f         || ... Gigabi... Cisco1.petenetlive.com
  13        | Cisco1.petenetlive.com       Gig...
  13        | 00 1c f6 c8 55 92         || ... Gigabi... Cisco1.petenetlive.com
  23        | c0 91 34 dd 3b c0         23     23        HP-Switch-2
  24        | c0 91 34 dd 3b c0         24     24        HP-Switch-2

[/box]

For a More Detailed LLDP View of attached devices.

Note: This command will NOT show up in the help menu!

[box]

HP-Switch-1# show lldp info remote all

 LLDP Remote Device Information Detail

  Local Port   : 10
  ChassisType  : local
  ChassisId    : Cisco1.petenetlive.com
  PortType     : local
  PortId       : GigabitEthernet0/15
  SysName      :
  System Descr : Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Ver...
  PortDescr    :

  System Capabilities Supported  : bridge
  System Capabilities Enabled    : bridge

  Remote Management Address
     Type    : ipv4
     Address : 111.222.111.222

------------------------------------------------------------------------------
  Local Port   : 10
  ChassisType  : mac-address
  ChassisId    : 00 1c f6 c8 55 8f
  PortType     : inte...
  PortId       : || PeteNet || 10Mb ||...
  SysName      : Cisco1.petenetlive.com
  System Descr : Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Ver...
  PortDescr    : GigabitEthernet0/15

  System Capabilities Supported  : bridge, router
  System Capabilities Enabled    :

  Remote Management Address
     Type    : ipv4
     Address : 111.222.111.222

------------------------------------------------------------------------------
  Local Port   : 13
  ChassisType  : local
  ChassisId    : Cisco1.petenetlive.com
  PortType     : local
  PortId       : GigabitEthernet0/18
  SysName      :
  System Descr : Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Ver...
  PortDescr    :

  System Capabilities Supported  : bridge
  System Capabilities Enabled    : bridge

  Remote Management Address
     Type    : ipv4
     Address : 111.222.111.222

------------------------------------------------------------------------------
  Local Port   : 13
  ChassisType  : mac-address
  ChassisId    : 00 1c f6 c8 55 92
  PortType     : inte...
  PortId       : || PeteNet || Previou...
  SysName      : Cisco1.petenetlive.com
  System Descr : Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Ver...
  PortDescr    : GigabitEthernet0/18

  System Capabilities Supported  : bridge, router
  System Capabilities Enabled    :

  Remote Management Address
     Type    : ipv4
     Address : 111.222.111.222

------------------------------------------------------------------------------
  Local Port   : 23
  ChassisType  : mac-address
  ChassisId    : c0 91 34 dd 3b c0
  PortType     : local
  PortId       : 23
  SysName      : HP-Switch-2
  System Descr : HP J9145A 2910al-24G Switch, revision W.15.13.0014, ROM W...
  PortDescr    : 23

  System Capabilities Supported  : bridge, router
  System Capabilities Enabled    : bridge, router

  Remote Management Address
     Type    : ipv4
     Address : 192.168.1.221

  Poe Plus Information Detail

    Poe Device Type         : Type2 PSE
    Power Source            : Unknown
    Power Priority          : Unknown
    Requested Power Value   : 0 Watts
    Actual Power Value      : 0 Watts

------------------------------------------------------------------------------
  Local Port   : 24
  ChassisType  : mac-address
  ChassisId    : c0 91 34 dd 3b c0
  PortType     : local
  PortId       : 24
  SysName      : HP-Switch-2
  System Descr : HP J9145A 2910al-24G Switch, revision W.15.13.0014, ROM W...
  PortDescr    : 24

  System Capabilities Supported  : bridge, router
  System Capabilities Enabled    : bridge, router

  Remote Management Address
     Type    : ipv4
     Address : 192.168.1.221

  Poe Plus Information Detail

    Poe Device Type         : Type2 PSE
    Power Source            : Unknown
    Power Priority          : Unknown
    Requested Power Value   : 0 Watts
    Actual Power Value      : 0 Watts

[/box]

To find what Port an IP address is on

First ping the IP address, to make sure that the switch has the MAC address you are looking at, in its ARP cache.

  [box]

HP-Switch-1# ping 192.168.251.2
192.168.251.2 is alive, time = 3 ms

[/box]

Then look for it in the ARP cache;

[box]

HP-Switch-1# show arp

 IP ARP table

  IP Address       MAC Address       Type    Port
  ---------------  ----------------- ------- ----
  192.168.251.1    e8b748-c757b0     dynamic 13
  192.168.251.2    005056-a61c1c     dynamic 5  << It’s on port 5
  192.168.251.5    005056-a606d9     dynamic 7

[/box]

Or if you already know its MAC address;

[box]

HP-Switch-1# show mac-address 005056-a61c1c

 Status and Counters - Address Table - 005056-a61c1c

 Port
 -------
 5

[/box]

Related Articles, References, Credits, or External Links

Cisco IOS – Enabling LLDP

Exchange – Message Not Sent ‘Because there are too many recipients’

 

When attempting to send an email to a large amount of recipients, you may see the following error;

   

This message wasn’t delivered to anyone because there are too many recipients, the limit is {number}. This message has {number} recipients

 

To check what the limit is set to launch the Exchange Management Shell, and ecxecute the following command;

  [box type=”shadow”]Get-TranportConfig[/box]    

To raise the limit (in this example to 2000) use the following command;

  [box type=”shadow”]Set-TranportConfig -MaxRecipientEnvelopeLimit 2000[/box]