Cisco ASA – Converting IKEv1 VPN Tunnels to IKEv2
KB ID 0001196 Problem We’ve had IKEv2 support on Cisco ASA for a while, (since version 8.4). I tend to setup site to site VPN tunnels at command line, and on the rare occasions I’m using the ASDM I normally just ignore the IKEv2 settings. Like all techies I know a way that works, so I will keep doing it that way. What’s the difference between IKEv1 and IKEv2? IKE version 2 is a lot more efficient and has a smaller...
VMware Upgrading the vSphere Virtual Center Appliance
KB ID 0001193 Problem I had a vCenter 6.0.0.1 appliance on my test network and wanted to update it to version 6.0.0.2. But I didn’t want to reinstall the whole thing from scratch. Solution Let’s assume it’s going to go wrong! Take a snapshot off the appliance first. Go to the patch update site and get the latest patch for your version of vCenter. Upload the ISO file into your vSphere storage, and present it to your...
Citrix NetScaler – SSL Offloading
KB ID 0001192 Problem What is SSL Offloading? If you run https services (Note: I say services, this does not have to be a website), the actual security is handled by SSL/TLS, one of the things this does is encrypt the traffic between the client and server. (This is why your online banking and shopping is done over https and not http.) Thats great, but encrypting and decrypting all that traffic takes a lot of processing cycles, if you...
Citrix NetScaler – ‘Certificate is not a server certificate’
KB ID 0001191 Problem While attempting to bind a certificate to a Virtual Server on my NetScaler this happened; Error Certificate is not a server certificate Solution Before you proceed, delete the problem certificate to avoid confusion! I had generated this certificate with Microsoft Certificate Services, and I had made a wildcard certificate like so; Certificate Services – Create a ‘Wildcard Certificate’ Remember if you use the...
NetScaler – SSL Virtual Server State: Down Effective State: Down
KB ID 0001190 Problem When trying to setup SSL Offloading on a NetScaler Virtual Server. I was unable to get the State and Effective State to ‘go green’. Solution If you hit the ‘down arrow’ to the left it will give you a little more information, it also says ‘SSL feature disabled’. Log directly into the appliance and issue the following command; enable feature SSL Hit the ‘refresh’...
Firefox Error – SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY
KB ID 0001189 Problem Firefox is what I use when Opera does not work, so when I tried to connect to some management servers that did not support Opera this happened; Secure Connection Failed An error occurred during a connection to {FQDN). SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY) Solution Navigate to ‘about:config’...
Citrix NetScaler – Simple HTTP Site Load Balancing
KB ID 0001188 Problem Here is the simplest load balancing scenario I can think of, I’ve got two web servers, (on http port 80) and I’m presenting them though my NetScaler as an HTTP (Virtual Server). Solution First we add the ‘back-end’ servers. Connect to the management IP of your NetScaler and login > Configuration > Traffic Management > Load Balancing > Servers > Add. Define a name for the...
NetScaler – Locate the Host ID
KB ID 0001187 Problem To apply a license to your NetScaler you need the supply the Host ID to the licensing portal. A quick internet search yielded the commands, but the were not working? Solution Note: If this is a new installation, the username and password will both be set to nsroot. Whatever I was reading, didn’t tell me I needed to drop to shell mode! shell lmutil lmhostid As you can see this ones 0050569d5a96, (which I...
Windows – Suppress the ‘First Run’ Welcome to Windows Animation
KB ID 0001186 Problem I don’t like ‘first-run’ dialogs, Internet Explorer is annoying enough, Now Windows and Office insist on playing me a film clip when they start for the first time. I’m a busy guy I have things to do, stop asking me questions and making recommendations! It takes this long to create a user profile? I don’t think so. Solution You can do this by local policy on the machine, but domain...
Cisco – Cannot Connect to the ASA FirePOWER Module
KB ID 0001182 Problem There’s an alarming amount of people who have contacted me about this error; Cannot connect the the ASA FirePOWER module. Cannot connect the the ASA FirePOWER module.. Check that it is correctly configured and on the network. It’s also possible that the management address is being translated by NAT. Please verify the IP address/Hostname and port. Note: If you have just updated or re-imaged the SFR...