Cisco ASA VPN to Cisco Router “MM_WAIT_MSG3”
Mar27

Cisco ASA VPN to Cisco Router “MM_WAIT_MSG3”

KB ID 0001531 Problem While migrating a VPN tunnel from an ASA 5520 firewall to a new 5516-X I got this problem. The other end was a Cisco router (2900). As soon as I swapped it over, it was stuck at MM_WAIT_MSG3, and phase 1 would not establish; NUFC-ASA5516x(config-tunnel-ipsec)# show crypto isa IKEv1 SAs: Active SA: 6 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 6 1 IKE Peer: 1.1.1.1 Type :...

Read More
Cisco ASA: “Wrong Serial Number?”
Mar27

Cisco ASA: “Wrong Serial Number?”

KB ID 0001530 Problem Cisco have done this for a while, the first time I saw it was years ago on a 5585, but all the NGFW models now have a ‘Serial Number” and a “Chassis Serial Number”. Normally you don’t care unless you need to log a TAC call online. So you issue a show version command, take a note of the serial number, and then it says, there’s no record of that serial number? Solution Just to be...

Read More
Disable ATS Heartbeat
Mar22

Disable ATS Heartbeat

KB ID 0001529 Problem After ESX 5.5 Update 2, VMware added ATS Heartbeat.Some vendors, (like HPE SureStore and VSA) recommend that this is disabled. I can’t find any info about whether it’s safe to do this in production, so to be on the safe side I placed the hosts in maintenance mode first. Enter Maintenance Mode Use the following command; vim-cmd /hostsvc/maintenance_mode_enter Disable ATS Heartbeat Use the following...

Read More
Exchange: Create a PFX Certificate and Import a Private Key
Mar22

Exchange: Create a PFX Certificate and Import a Private Key

KB ID 0001528 Problem On my test network I have an Exchange server (Exchange 2016). As it’s publicly available and connected to Office 365 it needs a digital certificate. Because its my test network, I don’t want to spend a fortune on a certificates, so I buy the cheapest one I can find. I replaced it last week with a 2 year certificate for about $5.00. When the certificate came I had certificate-name.crt, and a CA bundle,...

Read More
Virtual SAN:  Suppress ‘Datastore Usage on Disk’ Alarm
Mar19

Virtual SAN: Suppress ‘Datastore Usage on Disk’ Alarm

KB ID 0001527 Problem While deploying a HPE StoreVirtual VSA this week. We noticed all the local Datastore were showing an ‘Alarm’. If you are unfamiliar with Virtual SANs, then you give all the LOCAL Storage to them, which then gets ‘aggregated’ and provided back to the host(s) as fault tolerant clustered storage, like so; Which is great, but the VMware hosts just see that their LOCAL Datastore(s) are full,...

Read More
Deploying a ‘Nano’ Webserver (IIS)
Mar08

Deploying a ‘Nano’ Webserver (IIS)

KB ID 0001526 Problem We’ve had Server Core for a while now, and I’ve never really seen it deployed in anger. Now we have Nano Server. You don’t install this like normal Windows Server distributions, i.e. it’s not an option when you run the install DVD. Originally you have to create the image with Powershell, but now you can use ‘Nano Server Image Builder’. Nano Server is a tiny distribution, and...

Read More