Cisco ASA VPN to Cisco Router “MM_WAIT_MSG3”
KB ID 0001531 Problem While migrating a VPN tunnel from an ASA 5520 firewall to a new 5516-X I got this problem. The other end was a Cisco router (2900). As soon as I swapped it over, it was stuck at MM_WAIT_MSG3, and phase 1 would not establish; NUFC-ASA5516x(config-tunnel-ipsec)# show crypto isa IKEv1 SAs: Active SA: 6 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 6 1 IKE Peer: 1.1.1.1 Type :...
Cisco ASA: “Wrong Serial Number?”
KB ID 0001530 Problem Cisco have done this for a while, the first time I saw it was years ago on a 5585, but all the NGFW models now have a ‘Serial Number” and a “Chassis Serial Number”. Normally you don’t care unless you need to log a TAC call online. So you issue a show version command, take a note of the serial number, and then it says, there’s no record of that serial number? Solution Just to be...
Disable ATS Heartbeat
KB ID 0001529 Problem After ESX 5.5 Update 2, VMware added ATS Heartbeat.Some vendors, (like HPE SureStore and VSA) recommend that this is disabled. I can’t find any info about whether it’s safe to do this in production, so to be on the safe side I placed the hosts in maintenance mode first. Enter Maintenance Mode Use the following command; vim-cmd /hostsvc/maintenance_mode_enter Disable ATS Heartbeat Use the following...
Exchange: Create a PFX Certificate and Import a Private Key
KB ID 0001528 Problem On my test network I have an Exchange server (Exchange 2016). As it’s publicly available and connected to Office 365 it needs a digital certificate. Because its my test network, I don’t want to spend a fortune on a certificates, so I buy the cheapest one I can find. I replaced it last week with a 2 year certificate for about $5.00. When the certificate came I had certificate-name.crt, and a CA bundle,...
Virtual SAN: Suppress ‘Datastore Usage on Disk’ Alarm
KB ID 0001527 Problem While deploying a HPE StoreVirtual VSA this week. We noticed all the local Datastore were showing an ‘Alarm’. If you are unfamiliar with Virtual SANs, then you give all the LOCAL Storage to them, which then gets ‘aggregated’ and provided back to the host(s) as fault tolerant clustered storage, like so; Which is great, but the VMware hosts just see that their LOCAL Datastore(s) are full,...
Deploying a ‘Nano’ Webserver (IIS)
KB ID 0001526 Problem We’ve had Server Core for a while now, and I’ve never really seen it deployed in anger. Now we have Nano Server. You don’t install this like normal Windows Server distributions, i.e. it’s not an option when you run the install DVD. Originally you have to create the image with Powershell, but now you can use ‘Nano Server Image Builder’. Nano Server is a tiny distribution, and...