Cisco Stacking 3750 Switches
KB ID 0001205 Problem You can stack Cisco 3750-X Switches in groups of up to 9 switches, and they can then be managed as one switch. Here I’ve got 2 switches. Solution Removing 3750-X Switches Stack Configuration One of my switches had already been in a stack, so I needed to remove its stack configuration. It thought it was switch 4 in the stack so I issued the following commands; Switch(config)# no switch 4 provision...
Mac OSX – Testing Packet Fragmentation Over VPN
KB ID 0001204 Problem Many moons ago I wrote a post about a problem where I had no RDP over a VPN connection, and all the hoops I jumped though to troubleshoot and fix the problem. Today I had a similar problem, I was connected to a client via Cisco AnyConnect, and I had hair-pinned that traffic, from the client site, over an IPSEC VPN to their servers in the Data Center. Pings were successful, but not RDP. To be honest this affects...
Windows Server – Disk Performance Missing From Task Manager?
KB ID 0001203 Problem If your machine is struggling, a good place to look first is the performance tab on ‘Task Manager’ Here you can see CPU and Memory Stats and how our network cards are performing, but wheres the disk stats? Solution Before you can see them you need to enable them, open a PowerShell, (or an administrative command window). and run the following command; diskperf -y Now re-open task manager and go to...
vSphere – ‘The Number of HA Heartbeat Datastores for this host is 0’
KB ID 00011202 Problem Seen after enabling HA on your vSphere Cluster HA Error: The number of heartbeat datastores for host is 0, which is less than required: 2 or HA Error: The number of heartbeat datastores for host is 1, which is less than required: 2 I had this on my test network today, and to be honest thats not really surprising because I don’t have any shared storage. Note: You can see the same error if your ‘HA...
Device Boots to ROMMON (Cisco ASA)
KB ID 0001199 Problem After recently picking up some second hand ASA5512-X firewalls, I went to run them up, and make sure they were ok, however on boot up they went straight to ROMMON like so; Use ? for help. rommon #0> Now I know what ROMMON is, it’s the base operating system of the device, its job is a bit like the BIOS on a PC, it locates and loads the operating system. The only time you should ever see a rommon prompt...
Cisco ASA – Packet Tracer Fails VPN:Encrypt:Drop
KB ID 0001198 Problem Sometimes when troubleshooting VPN traffic, you may choose to use the ‘packet-tracer’ command to simulate interesting traffic. I did this today and got; Phase: {number} Type: VPN Subtype: encrypt Result: DROP Config: Additional Information: Result: Drop-reason: (acl-drop) Flow is denied by configured rule I replicated the error on the test bench. Solution Below is the full packet trace;...
MAC OSX – Connecting to Cisco IPSEC VPN
KB ID 0001197 Problem Here we are dealing with the older IPSEC VPN method of remote VPNs, NOT AnyConnect. There is/was a VPN client for Mac OSX which you can still download. But modern versions of OSX have the Cisco IPSec VPN client built into them. I’m assuming you have already configured the firewall, if not see the article below; Cisco ASA5500 Client IPSEC VPN Access Solution Open your network preferences and add in a new...
Cisco ASA – Converting IKEv1 VPN Tunnels to IKEv2
KB ID 0001196 Problem We’ve had IKEv2 support on Cisco ASA for a while, (since version 8.4). I tend to setup site to site VPN tunnels at command line, and on the rare occasions I’m using the ASDM I normally just ignore the IKEv2 settings. Like all techies I know a way that works, so I will keep doing it that way. What’s the difference between IKEv1 and IKEv2? IKE version 2 is a lot more efficient and has a smaller...
VMware Upgrading the vSphere Virtual Center Appliance
KB ID 0001193 Problem I had a vCenter 6.0.0.1 appliance on my test network and wanted to update it to version 6.0.0.2. But I didn’t want to reinstall the whole thing from scratch. Solution Let’s assume it’s going to go wrong! Take a snapshot off the appliance first. Go to the patch update site and get the latest patch for your version of vCenter. Upload the ISO file into your vSphere storage, and present it to your...
Citrix NetScaler – SSL Offloading
KB ID 0001192 Problem What is SSL Offloading? If you run https services (Note: I say services, this does not have to be a website), the actual security is handled by SSL/TLS, one of the things this does is encrypt the traffic between the client and server. (This is why your online banking and shopping is done over https and not http.) Thats great, but encrypting and decrypting all that traffic takes a lot of processing cycles, if you...