Dreamweaver – ‘You Need To Install The Legacy Java SE 6 Runtime’

KB ID 0001213 

Problem

I used to use Dreamweaver all the time, it was used to design and build the site and handle all the uploads etc. Since I moved to WordPress I don’t use is as much. But it’s still a great code editor so I still fire it up on occasion. At least I did until this started happening;

To open “dreamweaver” you need to install the legacy Java SE 6 runtime.
Click “More info…” to visit the legacy Java SE 6 download website.

Solution

I’m a bit twitchy about Java, I need to tread a fine line between keeping updated, and still having a version that works with my clients firewalls. The amount of times things have ‘smashed’ because Java has updated for me are numerous. Java can turn a 25 second job into a two hour job.

So the thought of ‘downgrading’ to version 6 was not one I relished. But thankfully, if you avoid the Sun Java site and install the Apple Legacy Java package everything continues to work.

If you’re still having problems, see this article.

Related Articles, References, Credits, or External Links

NA

Windows BranchCache (Hosted and Distributed)

KB ID 0001212 

Problem

The purpose of BranchCache is, (as the name implies) to cache files in branch sites, without the need for a local file server or DFS. There are essentially two deployment models, In Hosted Mode a server in the branch caches the files locally as they are requested by clients.

This works because the main file server provides a hash of the requested file, the branch server will download it, and if another client asks for the same file it can check the hash on it’s local copy to see if it’s been updated, if not it serves the file locally without the need to be downloaded again. As the branch connections are typically slower, this makes things a lot more efficient.

Note: You cannot deploy BranchCache on a RODC domain controller.

But what if there is no server onsite? Then you can use Distributed Mode, where every client can download and cache a copy, then the clien’s serve the files to each other.

Solution

Deploy The Main Office BranchCache File Server.

BrachCache for Network Files is a server role, select it and complete the Wizard.

 

You can carry out the following procedure with domain group policy, but it’s just as easy to setup in local group policy, on the file server. Windows Key + R > gpedit.msc > Computer Configuration > Administrative Templates > Network > Lanman Server > Hash Publication for Branch Cache.

Enable the policy and set to Allow hash publication for all  share folders > Apply  > OK.

Note: You have enabled Hashing for ‘All shares ‘so the next step is a moot point. If you selected ‘Allow hash publication only for shared folders on which BrancCache is enabled’, then you would definitely need to do the following!

Now on the ‘Shares’ select the caching option.

Enable BranchCache.

Now I’ve created a Domain Group Policy called ‘BranchCache Firewall Policy’. Because to serve files you need to enable a couple of pre-configured firewall rules.

Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound Rules > Add Rule.

Enable the pre-configured rule for ‘BranchCache – Content Retrieval (Uses HTTP).

Repeat the procedure and also add a rule for ‘BrachCache – Peer Discovery (Uses WSD)’.

Deploy The Branch Office ‘Hosted BranchCache’ Server.

Just as you did at the main office, install the ‘Brach Cache for Network Files’ Role.

But this time install the additional BrachCache Server Feature.

The server will be serving files, so link the ‘BranchCache Firewall Policy‘ to the OU that contains the branch server. Then to start it servicing files, issue the following command;

[box]Enable-BCHostedServer -RegisterSCP[/box]

To make sure it’s running;

[box]Get-BCStatus[/box]

Ensure ContentServerIsEnabled has been set to ‘True‘.

If you scroll to the bottom of the output, you can see where the cache is going to live, and what ‘percent’ of the drive size it can grow to. You can change these two values.

To Move BrachCache Folder Location

In this example I’ve got a volume on my Branch server, and I’ve created a folder on there to store my cached files in.

[box]Set-BCCache -MoveTo {Drive:)\{Folder}[/box]

To Change BrachCache Drive Percentage

[box]Set-BCCache -Percentage {Percent}[/box]

BranchCache Configure Client PC’s (For Hosted Mode)

Create a new policy and link it to the OU that your branch client PC’s are in.

Edit it.

Navigate to;

Computer Configuration > Policies > Administrative Templates > Network > BranchCache.

Policy: Turn on Branch Cache: Enabled.

Policy: Enable Automatic Hosted Cache Discovery by Service Connection Point: Enabled.

To test, (after the policy had been applied/refreshed). On a client PC issue the following command;

[box]netsh branchcache show status all[/box]

Ensure current status is ‘running’.

BranchCache Configure Client PC’s (For Distributed Mode)

If your client machines are going to serve BranchCache files, you will need to link the ‘BrachCache Firewall Policy‘ you created above to the OU that contains the client PC’s in the branch site.

Create a new policy and link it to the OU that your branch client PC’s are in.

Edit it.

Navigate to;

Computer Configuration > Policies > Administrative Templates > Network > BranchCache.

Policy: Turn on Branch Cache: Enabled.

Policy: Set BranchCache Distributed Cache Mode: Enabled.

Policy: Configure BranchCache for network files: Enabled.

Policy: Maximum round trip network latency: 0 (zero)

Related Articles, References, Credits, or External Links

NA

CentOS 7 – Serving HTTPS with Apache2

KB ID 0001210  

Problem 

This week I’ve been working on changing the site over to https. Buying a digital certificate used to be an expensive long winded affair, but not anymore. A quick internet search turned up a 3 year SSL certificate for less than 15 quid.

Getting the certificate was the easy bit, getting it installed so that Apache would use it was another ‘challenge’. On a scale of one to ten, I’m about a three (on a good day) with Linux!

Before you start, you need to generate a CSR and send that to whoever you are going to buy your cert from

Linux (CentOS 7) Generating CSR (Certificate Signing Requests)

What about free Certs? There are some firms that offer free certs, some require you to install software that updates the cert every ninety days, other have a short lifespan. I’m not usually one to spend any money but for a fiver a year, why not?

Solution

Your certificate vendor will sent you your certificate, it will probably come with at least one other cert. In my case it came with three other CA Certs (a RootCA and two Intermediate CA Certs). If you are unfamiliar with certificates, here’s the two golden certificate rules;

  • You MUST trust the authority (CA), that issued the certificate, or issued the cert to the CA that issued the cert etc.
  • The NAME on the certificate, either the Common Name (CN), or the Subject Alternative Name (SAN). MUST match the address you are going to.

What you will find with these <ahem> cheaper certificates, is that you trust a CA, and that CA issues another CA Certificate, (to a subordinate CA), that Issues another CA Certificate (To a Subordinate CA), and that CA issues your certificate. All these certificates form a ‘chain’ and it looks like this;

OK why is that important? Well to trust your certificate, your visitors, (and Apache) need to be able to see all the certificates in this chain, right back to the RootCA certificate at the top (which they will trust, or there’s not much point selling them!)

Some vendors will give you a certificate bundle, mine did not so I had to make one (this is not hard to do, see below). But now when you make that certificate bundle, you will have a better understanding of what you are doing, (putting all the CA certs in the chain order, into one file).

Installing SSL Certificates Into Apache

Before you start you may need to install mod_ssl ‘yum install mod_ssl’ will do that 🙂

First you need to copy all the files into CentOS, I created a folder in ‘/etc/ssl/’ called ‘localcertificates’ and copied in the domain cert, the key file (that got generated when I made the CSR – See the link above). And I’ve copied in all the CA Certificates. (I use FileZilla to do this because it’s free, and easy to use).

Now Log into your CentOS server via SSH and navigate to this directory, then use the ‘CAT’ command to make a certificate bundle with all your CA Certificates, (notice the order, SubCA2 > SubCA1 > RootCA). Note: Your certificates will probably have different names.

[box]

cd /etc/ssl/localcerts
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > My-CA.ca-bundle

[/box]

Now in the same directory you will have another file called My-CA.ca-bundle. To get Apache to use the certificates you need to edit the httpd.conf  file. In CentOS 7 that usually lives in ‘/etc/httpd/conf’. I use nano because it’s easier to edit files with,  (yum install nano). Im also going to back-up the config up as well, in case something goes wrong!

[box]

cd /etc/httpd/conf 
cp httpd.conf httpd.conf-old 
nano httpd.conf

[/box]

Locate the part of the file that says ‘Listen *.80’ and place a line below it that says ‘Listen *.443’.

Scroll to the end of the file and paste in the following, (change the filenames to match your own).

[box]

<VirtualHost *:443>     
     SSLEngine On
     SSLCertificateFile /etc/ssl/localcerts/your-file.crt
     SSLCertificateKeyFile /etc/ssl/localcerts/your-file.key
     SSLCertificateChainFile/etc/ssl/localcerts/My-CA.ca-bundle

     ServerAdmin admin@your-domain.com
     ServerName www.your-site.com
     DocumentRoot /var/www/html
     ErrorLog /var/www/logs/error.log
     CustomLog /var/www/logs/access.log combined
</VirtualHost>

[/box]

Note: Make Sure the Logs folder exists in /var/www if you use the same paths as me! Also SSLCertificateChainFile will change in newer versions of Apache to SSLCACertificatePath.

You can now restart Apache and browse to https://www.your-site.com. It can take a little while before it’s back up!

[box]

apachectl restart
apachectl status

[/box]

Everything’s Broken Help!!

This is why we backed up the config, first if there’s a problem ‘apache status’ usually says ‘theres a problem on line XYZ of the httpd.conf file’, if you open it in a text editor that will point you to a resolution. If all else fails, you can restore the original config like so;

[box]

cd /etc/httpd/conf 
cp httpd.conf-old httpd.conf
apachectl start
apachectl status

[/box]

How To Redirect All HTTP Traffic to HTTPS in Apache?

That’s even easier, if you have a virtual host for poor 80 already setup in https.conf then just add ‘ Redirect / https://www.your-site.com/’ to it. I did not, but adding one did not break/affect my site at all. After the text you pasted in above for the  virtualhost for SSL just paste in a new one for http (TCP port 80).

[box]

<VirtualHost *:80>     
  ServerName www.your-site.com
  DocumentRoot /var/www/html
  ErrorLog /var/www/logs/error80.log
  CustomLog /var/www/logs/access80.log combined

  Redirect / https://www.your-site.com/
</VirtualHost>

[/box]

 

Related Articles, References, Credits, or External Links

NA

How to track the source of failed logon attempts in Active Directory

KB ID 0001209 

Problem

If a large number of failed logon attempts occur within a certain period of time it could be an indication of a security threat, which is why it is important that organizations have a pro-active means of auditing and monitoring whenever this happens. There are a number of ways you can perform this audit, one of which is using the native tools. Here we will take you through the steps so that you know how to perform this audit when required:

Solution

  1. Run gpmc.msc to Configure Group Policy Audit Settings

  1. Edit domain’s Default Domain Policy in the Group Policy Management Editor.

  1. Expand Computer Configuration>Windows Settings>Security Settings > Local Policies > Audit Policy and double-click ‘Audit logon events’.

  1. In the Audit logon event properties, select the Security Policy Setting tab and select Success.

  1. Open command prompt and run the command gpupdate/force to update Group Policy.

  1. To know about the failed logon events, filter the Security Event Log for Event ID 4625.

  1. Double-click on any event to see details of the source from where the failed logon attempts were made.

Conclusion

Regularly auditing failed logon attempts through monitoring your Security event logs is necessary for ensuring security and stability of Active Directory environments. Native tools allow you to view these Security event logs but it is perhaps not the most pro-active or user-friendly method. Many organizations find that it makes more sense to deploy an automated solution, like LepideAuditor Suite – Active Directory that provides in depth reporting and real time alerting.

Windows RDWeb – Remote Desktop Shortcut Missing

KB ID 0001208 

Problem 

As soon as you start publishing apps to your RDWeb server the ‘Remote Desktop’ icon disappears. Now there’s a good reason for this, it stops users having a desktop open, then opening apps on multiple different servers, and the whole thing turning into a resources nightmare. But what if you only have one RDS server? 

Solution

To get the shortcut back you need to change a registry key. Navigate to;

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\CentralPublishedResources\PublishedFarms\{collection-name}\RemoteDesktops\{collection-name}

Locate the ShowInPortal value and change it to 1.

At this point it’s worth noting that you might want to change the ‘name’ of the shortcut back to ‘Remote Desktop’.

You don’t need to restart anything, simply refresh the web page and the application will re-appear.

Remote Desktop Keeps Disappearing Again?

Each time there’s an update, or you publish some new applications it can revert back again. To stop this I simply create a Group Policy Preference, (make sure you have changed the key(s) before you do this).

Create or edit an existing policy that’s linked to the RDS server, and navigate to;

Computer Configuration > Preferences > Windows Settings > Registry > New > Registry Wizard > Another Computer

Navigate to the RDS server, you have set the registry keys on.

Select the ‘Name‘ and ‘ShowInPortal‘ Value > Make sure the policy is set to ‘update’.

Related Articles, References, Credits, or External Links

NA

RDS – Custom Start Menu (Remove Administrative Tools)

KB ID 0001207 

Problem 

Why is it so difficult to remove Administrative tools! The one folder you might not want your users having access to is on everyones start menu by default? I’ve seen posts saying to change the permissions so users can’t run the snap-in’s in that folder, and other posts that suggest removing it from the ‘all users’ profile, and yet more posts that say remove it in preferences with a post Vista start menu. NONE OF THAT WORKED?

This solution is for Windows Server 2012 R2, if you’re running an earlier version then I invite you to post a decent solution a the bottom of the page.

What I did was create a Custom Start screen, then exported that to XML, then configured all my users to use that start screen.

Solution

Log in as an administrator, and tailor the start screen to how you would like if for your users.

Then open a PowerShell session and export the settings to an XML file. I’ve already setup a network share on the RDS server itself to store the XML file in, (grant users ‘read‘ rights to the share).

[box]

Export-StartLayout -Path \\{server-name}\{share=name}\{file-name.xml} -As xml

[/box]

Now on the GPO linked to your RDS Server(s) add the following;

[box]

Computer Configuration > Administrative Templates > Start Menu and Taskbar > Start Screen Layout

[/box]

Enable the policy, and point it to the file you exported above. Then either force a policy refresh or wait a while for the new policy to take effect.

Related Articles, References, Credits, or External Links

NA

Linux (CentOS 7) Generating CSR (Certificate Signing Requests)

KB ID 0001206 

Problem

If you want to use digital certificates on your CentOS server, then you will need to generate a CSR. It does not matter if you want to purchase a publicly signed certificate, or even if you are going to sign your own. Below is how to generate a CSR for a single web host.

Note: Most cert vendors now require a minimum key length of 2048 so thats what I’m going to use. And I’m assuming you have openSSL installed (type ‘openssl version‘ to find out). 

Solution

Execute the following command

[box]

[root@WebHost ~]# openssl req -newkey rsa:2048 -nodes -keyout www.YourSite.com.key -out www.YourSite.com.csr

[/box]

The CSR Generation process will begin and you will have to answer some questions;

[box]

Generating a 2048 bit RSA private key
.........................................+++
........................+++
writing new private key to 'www.YourSite.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:GB
State or Province Name (full name) []:Teesside
Locality Name (eg, city) [Default City]:Middlesbrough
Organization Name (eg, company) [Default Company Ltd]:YourSite
Organizational Unit Name (eg, section) []:YourSite
Common Name (eg, your name or your server's hostname) []:www.YourSite.com
Email Address []:administrator@YourSite.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password123
An optional company name []:YourSite

[/box]

This will actually create the CSR, now you need to get the text from the CSR, and sent it to your certificate vendor ,or sign it with your own CA.

[box]

[root@WebHost ~]# cat www.YourSite.com.csr
-----BEGIN CERTIFICATE REQUEST-----
NIIDKTCCAhECAQAwga4xCzAJBgNVBAYTAkdCMREwDwYDVQQIDAhUZWVzc2lkZTEW
MBQGA1UEBwwNTWlkZGxlc2Jyb3VnaDEUMBIGA1UECgwLUGV0ZU5ldExpdmUxFDAS
BgNVBAsMC1BldGVOZXRMaXZlMRwwGgYDVQQDDBN3d3cucGV0ZW5ldGxpdmUuY29t
MSowKAYJKoZIhvcNAQkBFhtpbmZvcm1hdGlvbkBwZXRlbmV0bGl2ZS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCudW2OhXUnEIpiN2oQnREoZVAn
Cvvb07+7gZb5NgxSSc8pYab3ic6mmEabM3c/m9mLtO3m4ZSTJrU9QC91Vn6PF90K
iqApOfizUnNFEOSJptpcoLxlUWUJF8PZUn9fYZyNhp30QQ3B5ajxc4ML0BB+4Wp2
1sjJzfAvtSsFmUSCEXlJTrWnYkGpZz4dYYRlQgTniY4++M/AG9gL99XuSKcSD5K0
4qr07J9a6AYA0tXJq+yN3EzcLSBkIVDuNv84e+CyXc8RV+BkaRTr/gYGwQU4C+IG
87Lw8GC6P1adUi2mR4GMMbZLPYa14Psao4ZA/Ihk9EFS2xqXQH2AZ2nUGPM7AgMB
AAGgNTAXBgkqhkiG9w0BCQcxCgwIcGFzc3dvcmQwGgYJKoZIhvcNAQkCMQ0MC1Bl
dGVOZXRMaXZlMA0GCSqGSIb3DQEBCwUAA4IBAQAPUo4AVBajrflZQRI8MrRyndpD
s6MqZQwYlrceZVZrut+htS14ZC/GbaPC7gOvxYyS52RSW4UiG3egi6H7NnhqHjR+
Dz859bLKIut3YeCo3sK5+aCxvcGEjA1uduqKg5WFwPj5BvnsIYezq3O5Q4FvfQAy
FElb9snk0sJ6GFYifjeza8+w6CIabUpyl0kyDoAbnjnnyhR0s5/h4L7X3zqaQ0J+
OZVRyj54nLXoFDw1n8pGRb31khlEwDzXvVe9+wreCZ6lLqhDki94Uq5LenqofUlw
MPucqVIA9lgvQ8vjyTWVQYYffMRlAx7g/SdVTIhFBqq7rsh9/XHn7qfXlc4c
-----END CERTIFICATE REQUEST-----
[root@WebHost ~]#

[/box]

Related Articles, References, Credits, or External Links

NA

Cisco Stacking 3750 Switches

KB ID 0001205 

Problem

You can stack Cisco 3750-X Switches in groups of up to 9 switches, and they can then be managed as one switch. Here I’ve got 2 switches.

 

Solution

Removing 3750-X Switches Stack Configuration

One of my switches had already been in a stack, so I needed to remove its stack configuration. It thought it was switch 4 in the stack so I issued the following commands;

[box]

Switch(config)# no switch 4 provision 
Switch(config)# wr mem 

[/box]

Cisco 3750-X Configure Stacking

Don’t connect any stacking cables yet, decide which switch is going to the the ‘master’ and log onto that switch, and issue the following commands;

[box]

Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#switch 1 priority 15
Changing the Switch Priority of Switch Number 1 to 15
Do you want to continue?[confirm] {Enter}
New Priority has been set successfully
Switch(config)#do write mem
Building configuration...
[OK]

Switch(config)#do reload
Proceed with reload? [confirm] {Enter}
[/box]

When the switch reloads you will see.

[box]

Waiting for Stack Master Election...
SM: Waiting for other switches in stack to boot...
###############################################################

[/box]

At this point you can connect the stack cables and power on the second switch. With multiple switches connect each stack port one, to the switch below’s stack port two. Then on the last switch connect its stack port one back to stack port two on the top switch, (so there is a ‘ring’.)

If you have more than two switches you can set their priority (as you did above) priority 15 will always win the ‘elections’ and be the master switch, number the rest accordingly. The default is ‘1’ so if you don’t then it works out the order based on MAC addresses, (which is not good!).

When all the switches are booted, check all is well;

[box]

Switch#show switch
Switch/Stack Mac Address : 74a2.e69a.0c00
                                           H/W   Current
Switch#  Role   Mac Address     Priority Version  State
----------------------------------------------------------
*1       Master 74a2.e69a.0c00     15     3       Ready
 2       Member 204c.9e5f.4000     1      3       Ready

Switch#show ip int brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES NVRAM  administratively down down
FastEthernet0          unassigned      YES NVRAM  administratively down down
GigabitEthernet1/0/1   unassigned      YES unset  down                  down
GigabitEthernet1/0/2   unassigned      YES unset  down                  down
GigabitEthernet1/0/3   unassigned      YES unset  down                  down
GigabitEthernet1/0/4   unassigned      YES unset  down                  down
{----------------Output Removed For the Sake of Brevity---------------------}
GigabitEthernet1/1/1   unassigned      YES unset  down                  down
GigabitEthernet1/1/2   unassigned      YES unset  down                  down
GigabitEthernet1/1/3   unassigned      YES unset  down                  down
GigabitEthernet1/1/4   unassigned      YES unset  down                  down
Te1/1/1                unassigned      YES unset  down                  down
Te1/1/2                unassigned      YES unset  down                  down
GigabitEthernet2/0/1   unassigned      YES unset  down                  down
GigabitEthernet2/0/2   unassigned      YES unset  down                  down
GigabitEthernet2/0/3   unassigned      YES unset  down                  down
{----------------Output Removed For the Sake of Brevity---------------------}
GigabitEthernet2/1/1   unassigned      YES unset  down                  down
GigabitEthernet2/1/2   unassigned      YES unset  down                  down
GigabitEthernet2/1/3   unassigned      YES unset  down                  down
GigabitEthernet2/1/4   unassigned      YES unset  down                  down
Te2/1/1                unassigned      YES unset  down                  down
Te2/1/2                unassigned      YES unset  down                  down
Switch#

[/box]

Make sure your stack cabling is OK;

[box]

Switch# show switch stack-ports summary

Switch#/  Stack   Neighbor   Cable    Link   Link   Sync      #         In
 Port#     Port              Length    OK   Active   OK    Changes   Loopback
          Status                                          To LinkOK
--------  ------  --------  --------  ----  ------  ----  ---------  --------
  1/1     OK         2      50 cm     Yes    Yes    Yes        1        No
  1/2     OK         2      50 cm     Yes    Yes    Yes        1        No
  2/1     OK         1      50 cm     Yes    Yes    Yes        1        No
  2/2     OK         1      50 cm     Yes    Yes    Yes        1        No

Switch# show switch stack-ring speed

Stack Ring Speed        : 32G
Stack Ring Configuration: Full
Stack Ring Protocol     : StackWisePlus
Switch#

[/box]

If you are also using XPS redundant power cables remember that’s only supported for up to four switches, (without an extra XPS-2200 rack power unit). I power off the switches before I fit these.

Why do they have green and yellow ends: If you look on the switch you will see the ‘socket’ is marked with a yellow and a green ‘semi-circle’. that means a green end or a yellow end can be plugged into that socket.

That makes no sense, so anything can plug into anything, why colour code them? That’s because there is a different cable that has a ‘red’ end on it for plugging into an XPS-2200 rack power supply, like this;

Then to test your XPS Power  Cables.

[box]

Switch>show env power all
SW  PID                 Serial#     Status           Sys Pwr  PoE Pwr  Watts
---  ------------------  ----------  ---------------  -------  -------  -----
1A  C3KX-PWR-350WAC     LIT18410MD4 OK              Good     Good     350/0
1B  Not Present
2A  C3KX-PWR-350WAC     LIT18410JJ3 OK              Good     Good     350/0
2B  Not Present

Switch#show stack-power neighbors
Power Stack           Stack   Stack    Total   Rsvd    Alloc   Unused  Num  Num
Name                  Mode    Topolgy  Pwr(W)  Pwr(W)  Pwr(W)  Pwr(W)  SW   PS
--------------------  ------  -------  ------  ------  ------  ------  ---  ---
Powerstack-2          SP-PSS  Ring     700     320     380     0       2    2

    Power Stack           Port 1  Port 1             Port 2  Port 2
SW  Name                  Status  Neighbor SW:MAC    Status  Neighbor SW:MAC
--  --------------------  ------  ----------------   ------  ----------------
1   Powerstack-2          Conn    2:204c.9e5f.4000   Conn    2:204c.9e5f.4000
2   Powerstack-2          Conn    1:74a2.e69a.0c00   Conn    1:74a2.e69a.0c00

[/box]

Stack Power Profiles (Setting Up)

Stack Power Modes

Default (Power sharing Mode): All the power from all the power supplies, is aggregated together, and no power is reserved – if a power supply failed there is a chance that there might not be enough power.

Redundant Mode: The power supplied by the largest power supply in the stack, is taken away from the total power output in case there is an outage.

Stand Alone Mode: Stops a switch participating in a power stack completely.

Each mode can be configured to run strict, or non-strict, (with the exception of a stand alone mode).

Strict: If actual power drops below budgeted power, things may get powered down.
Non Strict: Actual power can run above budgeted power, if that extra power is available.

[box]

Switch(config)# stack-power switch 1 port 1 enable 
Switch(config)# stack-power switch 1 port 2 enable 
Switch(config)# stack-power switch 2 port 1 enable 
Switch(config)# stack-power switch 2 port 2 enable
Switch(config)# stack-power stack Power-Stack-1 
Switch(config-stackpower)# mode redundant
Switch(config-stackpower)# stack-power switch 1
Switch(config-stackpower)# stack-power switch 2
Switch(config-stackpower)# exit

[/box]

 

Related Articles, References, Credits, or External Links

Cisco Catalyst – Upgrading ‘Stacked’ Switches

Mac OSX – Testing Packet Fragmentation Over VPN

KB ID 0001204 

Problem

Many moons ago I wrote a post about a problem where I had no RDP over a VPN connection, and all the hoops I jumped though to troubleshoot and fix the problem.

Today I had a similar problem, I was connected to a client via Cisco AnyConnect, and I had hair-pinned that traffic, from the client site, over an IPSEC VPN to their servers in the Data Center. Pings were successful, but not RDP. 

To be honest this affects various types of TCP traffic, but it only ever seems to trip me up with RDP! In the past I used to ping and set the traffic to ‘not fragment’ and manually set the packet size, then I increased/decreased the packet size until I found the optimal MTU size like this;

But these are Windows options, how can I do the same thing on my Mac?

Solution

Well things on the Mac are even easier! It will even find the value for you, (in a manner of sorts). You set the minimum packet size, and the maximum packet size, and ask it to increment each ping packet by one. Below I’ve narrowed the scope to fit it on one screenshot;

Syntax;

ping -g {lowest-value} -G {highest-value} -h 1 -D {IP-address}

As you can see above, I started at 1370 and the last ‘working’ ping was sequence 8, so the last working value was 1386

Related Articles, References, Credits, or External Links

NA

Windows Server – Disk Performance Missing From Task Manager?

KB ID 0001203 

Problem

If your machine is struggling, a good place to look first is the performance tab on ‘Task Manager’

Here you can see CPU and Memory Stats and how our network cards are performing, but wheres the disk stats?

Solution

Before you can see them you need to enable them, open a PowerShell, (or an administrative command window). and run the following command;

diskperf -y

 

Now re-open task manager and go to the performance tab and you can see the stats for the hard drives;

I can’t think why, but if you wanted to turn this off again issue the following command;

diskperf -n

Related Articles, References, Credits, or External Links

NA