Windows In VMware Fusion ‘Cannot Access Shared Folders’

KB ID 0001627

Problem

Every so often I have a problem with the Windows 10 VM that I run on my mac in VMware Fusion, last time I needed to upgrade to Fusion 11.5, before that it was a registry fix. This time I could not access any files or folders on the parent mac.

Network Error
Windows cannot access \\vmware-host\Shared Folders\{Folder-Name}
You do not have permissions to access \\vmware-host\Shared Folders\{Folder-Name}. Contact your network administrator to request access.

Solution

Removing and re-adding the share in VMware Fusion didn’t fix the problem, in the end I had to grant VMware Fusion, ‘Full Disk’ access before the problem ceased.

System Preferences > Security & Privacy > Privacy > ‘Unlock’ > Full Disk Access > Tick ‘VMware Fusion.app”.

Related Articles, References, Credits, or External Links

NA

Cannot Access / Open ASDM

KB ID 0000458

Problem

Out of the box Cisco PIX/ASA devices should have a working ASDM. This config can get broken over time, and also there are a few things that can trip you up on your client machine.

Solution

Make sure the client machine you are using is not the problem

1. The ASDM runs using Java make sure the machine has Java installed.

Note: If you are using Java version 7 Update 51 see the following article.

Unable to Access ASDM – “Unable to launch device manager from…”

2. Make sure the internet browser you are using is supported:

Operating System
Browser
 
Java SE Plug-in1
Internet Explorer
Firefox2
Safari
Chrome

Microsoft Windows

10
8(8.1)
7
Server 2012 R2
Server 2012
2008 Server
XP

Yes

Yes

No support

Yes

8.0

Apple Macintosh OS X:

10.6
10.5
10.4

No support

Yes

Yes

Yes (64 bit only)

8.0

Ubuntu Linux 14.04
Debian Linux 7

N/A

Yes

N/A

Yes

8.0 (Oracle only)

Note: Support for Java 5.0 was removed in ASDM 6.4. Obtain Sun Java updates from java.sun.com.

Note: ASDM requires an SSL connection from the browser to the ASA. By default, Firefox does not support base encryption (DES) for SSL and therefore requires the ASA to have a strong encryption (3DES/AES) license. As a workaround, you can enable the security.ssl3.dhe_dss_des_sha setting in Firefox. See http://kb.mozillazine.org/About:config to learn how to change hidden configuration preferences.

3. Make sure you are NOT trying to access the ASDM through a proxy server, this is a common “gotcha”!

4. Can another machine access the ASDM?

5. If the ASDM opens but does not display correctly, then do the following, File > Clear ASDM Cache > File > Clear Internal Log Buffer > File > Refresh ASDM with the running Configuration on the Device.

Make sure the ASA is configured correctly, and your PC is “allowed” access

1. Connect to the firewall using either SSH, Telnet, or via the Console Cable.

2. Log into the firewall, go to enable mode > Enter the enable password

[box]

Type help or '?' for a list of available commands.
PetesASA> enable
Password: ********
PetesASA#

[/box]

3. The ASDM is enabled with the command “http server enabled”, to make sure that’s there issue a “show run http” command”

[box]

PetesASA# show run http
http server enable
http 10.254.254.0 255.255.255.0 inside
http 123.123.123.123 255.255.255.255 outside

[/box]

Note: if the command is NOT there, you need to issue the following three commands:

[box]

PetesASA# configure terminal
PetesASA(config)# http server enable
PetesASA(config)# write mem
Building configuration...
Cryptochecksum: 9c4700fe 475d22c4 13442d06 b0317c69

9878 bytes copied in 1.550 secs (9878 bytes/sec)
[OK]
PetesASA(config)# 

[/box]

Note: If you see a number after the command e.g. “http server enable 2456” then you need to access the ASDM on that port, like so {IP address/Name of ASA}:2456 (This is common if you’re port forwarding https but you still want to access the ASDM externally).

4. Assuming that the ASDM has been enabled, the IP address you are accessing from (or the subnet you are on) also needs to be allowed access. You will notice in step 3 above that when you issue the show run http command, it also shows you the addresses that are allowed access, if yours is NOT listed you can add it as follows:

[box]

PetesASA# configure terminal
PetesASA(config)# http 10.254.254.5 255.255.255.255 inside
PetesASA(config)# http 10.254.254.0 255.255.255.0 inside
PetesASA(config)# http 123.123.123.123 255.255.255.255 outside
PetesASA(config)# write mem
Building configuration...

Cryptochecksum: 9c4700fe 475d22c4 13442d06 b0317c89 9878 bytes copied in 1.550 secs (9878 bytes/sec)
[OK]
PetesASA(config)#

[/box]

5. At this point try and access the ASDM again.

6. The ASA needs to be told what file to use for the ASDM, to make sure its been told issue the following command, (If there is NOT one specified then skip forward to step 7 to see if there is an ASDM image on the firewal)l.

[box]

PetesASA# show run asdm
asdm image disk0:/asdm-739.bin

Note: on a Cisco PIX the results will look like..

PetesPIX# show run asdm
asdm image flash:/asdm-501.bin

[/box]

7. Write down the file that it has been told to use (in the example above asdm-632.bin). Then make sure that file is actually in the firewalls memory with a “show flash” command.

[box]

PetesASA# show flash
--#-- --length-- -----date/time------ path
142 15943680 May 08 2010 18:10:42 asa831-k8.bin
144 14240396 May 08 2010 18:11:50 asdm-739.bin
3 2048 Jul 21 2009 12:04:26 log
6 2048 Apr 28 2010 15:08:32 crypto_archive
163 393828 Feb 14 2010 12:23:28 crypto_archive/crypto_arch_1.bin
164 393828 Apr 28 2010 15:08:32 crypto_archive/crypto_arch_2.bin
147 9526560 Jul 21 2009 12:04:52 csd_3.4.1108.pkg
148 2048 Jul 21 2009 12:04:54 sdesktop
150 2648712 Jul 21 2009 12:04:54 anyconnect-win-2.3.0254-k9.pkg


127135744 bytes total (29583360 bytes free)

[/box]

Note: If the file you are looking for is NOT there then (providing you have a valid support agreement with Cisco) download an ASDM image and load it into the firewall see here for instructions.

Note: If the file is in the flash memory but was not referenced in step 6 then you can add the reference with the following command (obviously change the filename to match the one that’s listed in your flash memory).

[box]

PetesASA# configure terminal
PetesASA(config)# asdm image disk0:/asdm-631.bin
PetesASA(config)# write mem
Building configuration...
Cryptochecksum: 9c4700fe 475d22c4 13442d06 b0317c89

9878 bytes copied in 1.550 secs (9878 bytes/sec)
[OK]
PetesASA(config)#

[/box]

 

Related Articles, References, Credits, or External Links

Connecting to and Managing Cisco Firewalls

Cisco Allowing Remote Management

Cisco ASA5500 Update System and ASDM (From ASDM)

Safari: This connection Is Not Private Loop

KB ID 0001462

Problem

This has been bugging me for a while, I use Safari for most things, but recently going to an https (SSL secured) web page that uses a self signed, or expired certificate, give me this;

Now this is to be expected, normally you click ‘visit this website‘ it asks for you password, and away you go. However now it doesn’t, it loops you back here again and you can go round many times, until you give up and use FireFox.

Solution

This stung me yesterday when I wanted to get on the office MFD. The fix is easy, open a new private browsing window  (File > New Private Window). Then go to the same URL, what’s more, once you have been to that URL, it  now works in normal Safari

Related Articles, References, Credits, or External Links

NA

Error While Attempting to Access a Windows Share

KB ID 0000439

Problem

While attempting to connect to a Windows share you receive the error.

Windows cannot access {target machine name} Check the spelling of the name. Otherwise there might be a problem with your network. to try to identify and resolve network problems, click diagnose.

if you click “Diagnose” you will see the following,

Error code: 0x80070035 The network path was not found.

Note: You may also find that if you attempt to connect a share or map a drive via the target machines IP address it works fine.

Solution

1. Firstly I’m assuming you have used the correct target machine name (can you ping the target server by its name?)

2. Make sure the Computer Browser Service is both enabled and running.

3. On both the source and target machine, make sure NETBIOS over TCP/IP is enabled.

4. Finally of none of the above have worked, drop to command line and issue the following two commands. (Note: before proceeding take note of the machines IP address, subnet mask, default gateway and DNS settings (from command line run “ipconfig /all”).

[box] netsh winsock reset netsh int ip reset c:tempresetlog.txt [/box]

5. Reboot the server.

WARNING: When the server has rebooted, it will come back up with a DHCP address, if this is a server or machine that has a static IP address, you will need to re-enter the correct details post reboot.

Related Articles, References, Credits, or External Links

NA

HP E Series Wireless – Cannot Access Local LAN

 

KB ID 0000486

Problem

You have an HP HP E-Series Mobility E-MSM460, 466 & 430 Access Point, and you cannot access resources on your local LAN (though internet access works fine).

This is default “Out of the box” behavior, a lot of consumers want to provide wireless access but DONT want the wireless clients having access to their local servers. That’s fine but what if you do?

Solution

1. Log into the web management console of the access point, select VSC (Virtual Service Communities) > Locate your wireless VSC and click its name.

2. Scroll to the bottom of the page, Locate the “Wireless security filters” section. Make sure this section is NOT enabled (un-ticked), then click save.

Related Articles, References, Credits, or External Links

NA

Accessing Dell ‘DRAC’ Fails – ‘DRAC5 Console Redirection Client Unable to launch application’

KB ID 0000918

Problem

After I got a new laptop, I attempted to connect to my test server and was greeted with this error.

Application Error
Unable to launch the application

Name: DRAC5 Console Redirection Client
Publisher: Dell Inc
Location: {ip-address}:443

So I hit the details tab and got this,

Error: Missing required Permissions manifest attribute in main jar:
https://{ip-address}:443/plugins/vkvm/avctDRAC5Viewer.jar

Solution

Luckily I had seen a similar error a couple of weeks ago, while a colleague was trying to set up a Cisco ASDM. This is a ‘security feature’ of Java version 7 (Update 51). Work had pre-built my new laptop, so I simply downgraded to Java version 7 Update 45. And it burst into life.

DRAC 5 Java Workaround

Currently Dell consider DRAC5 EOL (End Of Life) and will not fix the certificate issue with updated firmware. Their official response is ‘Maintain an older version of Java’. So either downgrade or lower the security settings;

1. Windows Key + X > Control Panel.

2. Java > Security> Set to Medium.

Related Articles, References, Credits, or External Links

Original article written:19/02/14

Dell DRAC 5 – ‘Error when reading from SSL socket Connection’

Cisco ASA 5500 – Remote Management via VPN

KB ID 0000984

Problem

It’s been ages since I has to do this, I usually just manage firewalls via SSH from outside. But I was out on a client site last week and needed to connect to to my ASA, so I simply connected in via AnyConnect;

Note: The same procedure is applicable if you are an IPSEC VPN client, L2TP VPN client, or simply coming in over a site to site VPN link.

And attempted to SSH, no joy, I tried the ASDM, nothing. So basic troubleshooting kicked in, and I tried to ping its inside interface;

Solution

Normally, you would see this if you forgot to add ‘management-access inside‘ to the firewall. I was sure I had done, so I connected to one of my servers and then SSH’d to the firewall to check, and that command was there?

The cause of the problem was a change made in version 8.4(3). I had to edit the NAT rule for the remote traffic. But I’ll cover ALL the bases in case you are missing anything else.

1. Connect to the the firewall via CLI, and check management-access is on, on the interface you are connecting to, mines the ‘inside’ interface yours might be management or some other name you have allocated to the interface in question.

[box]

 User Access Verification

Password:
 Type help or '?' for a list of available commands.
 PetesASA> enable
 Password: ********
 PetesASA# show run management-access
 management-access inside
 PetesASA#

If yours is different or missing;

PetesASA# configure terminal
 PetesASA(config)# management-access inside [/box]

To do the same via ASDM.

2. Now I know, my remote VPN clients are getting a 10.253.254.x addresses, (show run ip local pool should tell you, unless you are using internal DHCP for the remote clients). After version 8.4(3) you need an extra command on the end of the NAT rule for that traffic. I’ll highlight the line below;

[box]

PetesASA# show run nat
 nat (inside,any) source static obj-10.254.254.0 obj-10.254.254.0 destination static obj-10.253.253.0 obj-10.253.253.0
 !
 object network obj_any
 nat (inside,outside) dynamic interface
 object network Media_PC
 nat (inside,outside) static interface service tcp 467 467
 !
 nat (outside,outside) after-auto source dynamic VPN_Pool interface
 PetesASA#[/box]

3. The line highlighted above, needs ‘route-lookup’ adding to the end of it.

[box]

PetesASA# configure terminal
 PetesASA(config)#nat (inside,any) source static obj-10.254.254.0 obj-10.254.254.0 destination static obj-10.253.253.0 obj-10.253.253.0 route-lookup[/box]

To do the same in the ASDM locate the NAT rule, edit it, and tick this box. (Configuration > Firewall > NAT Rules).

4. At this point your VPN client(s) should now be ale to ping the interface again.

5. As with any management traffic, also ensure that the subnet you are connecting from, has been allowed.

[box]

Check SSH

PetesASA# show run ssh
 ssh 10.253.253.0 255.255.255.0 inside
 ssh 10.254.254.0 255.255.255.0 inside
 ssh 123.123.123.123 255.255.255.255 outside
 ssh timeout 45
 ssh key-exchange group dh-group1-sha1
 PetesASA#

Check Telnet (If used)

PetesASA# show run telnet
 telnet 10.253.253.0 255.255.255.0 inside
 telnet 10.254.254.0 255.255.255.0 inside
 telnet timeout 45
 PetesASA#

Check ASDM (If used)

PetesASA# show run http
 http server enable
 http 10.253.253.0 255.255.255.0 inside
 http 10.254.254.0 255.255.255.0 inside
 http 123.123.123.123 255.255.255.255 outside
 PetesASA#

[/box]

5. Save the changes.

[box]

 PetesASA# write mem
 Building configuration...
 Cryptochecksum: 79745c0a 509726e5 b2c66028 021fdc7d

7424 bytes copied in 1.710 secs (7424 bytes/sec)
 [OK]
 PetesASA# [/box]

 

Related Articles, References, Credits, or External Links

Cisco ASA – Allow Remote Management

Connecting to and Managing Cisco Firewalls