VMware: Find Connected ISO’s

KB ID 0001708

Problem

If you want to search your VMware estate to find VMs that have connected CD/DVD ISO files, then here are your best two options;

Option 1: Use PowerCLI

Whilst connected to your virtual infrastructure (Connect-VIServer) issue the following command;

[box]

Get-VM | FT Name, @{Label="ISO file"; Expression = { ($_ | Get-CDDrive).ISOPath }}

[/box]

Option 2: Use PowerCLI

If you don’t already have RVTools then get it downloaded! One of the many cool things it does, is show ISO data. (On the vCD tab).

Ejecting All Connected VMware ISO files.

If you want to eject all those ISO files you can use the following PowerCLI syntax;

[box]

Get-VM | Get-CDDrive | where {$_.IsoPath -ne $null} | Set-CDDrive -NoMedia -Confirm:$False

[/box]

Note This will not work if a VM is powered off, and you will see a “The operation is not allowed in the current state.” error.

Related Articles, References, Credits, or External Links

NA

vSphere – Floppy Drive ‘Won’t Appear’

KB ID 0001020

Problem

“It’s 2015 why are you messing around with floppy drives?” I hear you ask! Well for importing certificate requests, and issued certificates from an offline root CA server, it’s still considered best practice to use a virtual floppy drive rather than connect the offline root server to the production network.

So today while deploying a PKI infrastructure, I needed to present a floppy drive to a Windows Server 2012 R2 Issuing (subordinate CA). Despite me adding the hardware, presenting a floppy image and ticking ‘connected’ the floppy drive refused to ‘appear’ in Windows.

Solution

The problem was the client had a ‘Pre-hardened’ Server 2012 R2 template, that I had used to deploy the server, and in the BIOS of the template the floppy drive was disabled.

1. Set the VM to boot into BIOS next time it starts (you can reboot and keep pressing F2).

2. Main > Legacy Diskette A: > Set to [1.44/1.25 MB 3 1/2].

3. At this point I hit F10 (Save and Exit), booted up the VM, and it was still missing!

4. Turns out (after some more BIOS digging) that the controller was also disabled! Advanced > I/O Device Configuration.

5. Set Floppy disk controller to ‘Enabled’ > F10 > Boot the VM. Problem solved!

Related Articles, References, Credits, or External Links

NA

Windows – How to Join a Wireless Network

KB ID 0000676 

Problem

You can still right click the networking icon in your task tray and manually join a wireless network, but with the new UI there is a much more user friendly way.

Solution

1. Bring up the Settings menu (Press Windows Key+I, or swipe in form the left on a tablet/tablet) > Select the available networks icon.

2. Select the wireless network you want to connect to.

3. If you want to always connect to this network tick the box and select ‘Connect’.

4. If your router has a PIN number for access (check its documentation) then you can enter that here, and follow the instructions. The PIN number is usually shown on the router/access point on a sticker. However if you use a WEP or WPA password, then select ‘Connect using security key instead’.

Note: The system for joining a wireless netork using a PIN number, is very insecure! just to a Google search for “hacking wireless with reaver”, I suggest you disable this feature if you can.

5. Type in your WEP/WPA Key > Next.

6. All being well, you should now be connected.

Related Articles, References, Credits, or External Links

NA

Cisco Catalyst – Upgrading IOS (via USB)

KB ID 0001056

Problem

Had a stack of 3560-X Switches to update today, and when I went looking for the notes I used last time, I could not find them. So This time I took the time to document the procedure.

Solution

Now I could load in the IOS image from TFTP like this, but last time I did this I used a spare USB drive and the image ‘tar’ file, and found it a lot less hassle.

1. Make sure you have formatted your dive at FAT32, download you image file to it and put it in the switch.

At console you should see something like this;

[box]Apr 22 13:13:18.466: %USBFLASH-5-CHANGE: usbflash0 has been inserted![/box]

2. Update the switch like so;

[box]

Petes-Switch#archive download-sw usbflash0:/c3560e-universalk9-tar.150-2.SE6.tar
examining image...
extracting info (110 bytes)
extracting c3560e-universalk9-mz.150-2.SE6/info (581 bytes)
extracting info (110 bytes)

System Type:             0x00000002
  Ios Image File Size:   0x0135B200
  Total Image File Size: 0x0187BA00
  Minimum Dram required: 0x08000000
  Image Suffix:          universalk9-150-2.SE6
  Image Directory:       c3560e-universalk9-mz.150-2.SE6
  Image Name:            c3560e-universalk9-mz.150-2.SE6.bin
  Image Feature:         IP|LAYER_3|PLUS|SSH|3DES|MIN_DRAM_MEG=128

Old image for switch 1: flash:/c3560e-universalk9-mz.122-55.SE8
  Old image will be deleted before download.

Deleting `flash:/c3560e-universalk9-mz.122-55.SE8' to create required space

————output removed for the sake of brevity————

extracting c3560e-universalk9-mz.150-2.SE6/dc_default_profiles.txt (66292 bytes)
extracting c3560e-universalk9-mz.150-2.SE6/c3560e-universalk9-mz.150-2.SE6.bin (20288000 bytes)
extracting info (110 bytes)

Installing (renaming): `flash:update/c3560e-universalk9-mz.150-2.SE6' ->
                                       `flash:/c3560e-universalk9-mz.150-2.SE6'
New software image installed in flash:/c3560e-universalk9-mz.150-2.SE6


All software images installed.
Petes-Switch#reload
Proceed with reload? [confirm]

*Mar  1 00:09:14.243: %SYS-5-RELOAD: Reload requested by console. Reload reason: Reload command

[/box]

3. At this point when the switch reloads, it will take a long time to boot as it performs a lot of updates and code rewrites when it restarts.

Upgrading The Catalyst Service Module

These switches have a 10Gb Service module in them that also needs updating, once the switch reboots you will have to wait a few minutes before the service module boots as well, if you don’t wait then you will see this; [box]

Petes-Switch#show switch service-modules
Switch/Stack supports service module CPU version: 03.00.76
                          Temperature                     CPU
Petes-Switch#  H/W Status       (CPU/FPGA)      CPU Link      Version
-----------------------------------------------------------------
 1             OK               48C/43C         notconnected  N/A

[/box]

You may also see an error like this (I’ve blogged this before).

[box]

Mar 30 01:29:55.128: POST: Macsec Uplink Loopback Tests : Passed Decryption Mode
Mar 30 01:29:57.594: POST: Macsec Uplink Loopback Tests : End
Mar 30 01:29:57.594: %PLATFORM-6-FRULINK_INSERTED: FRULink 10G SM module inserted.
Mar 30 01:32:13.188: %PLATFORM_SM10G-3-SW_VERSION_MISMATCH: The FRULink 10G Service Module
(C3KX-SM-10G) in switch 1 has a software version that is incompatible with the IOS software
 version. Please update the software. Module is in pass-thru mode.
Petes-Switch#show switch service-modules
Switch/Stack supports service module CPU version: 03.00.76
                          Temperature                     CPU
Petes-Switch#  H/W Status       (CPU/FPGA)      CPU Link      Version
-----------------------------------------------------------------
 1             OK               54C/54C         ver-mismatch  03.00.41

[/box]

Or it may simply look like this;

[box]

Mar 30 01:32:29.403: %PLATFORM_SM10G-6-LINK_UP: The FRULink 10G Service Module (C3KX-SM-10G)
communication has been established.
Petes-Switch#
Petes-Switch#show switch service-modules
Switch/Stack supports service module CPU version: 03.00.76
                          Temperature                     CPU
Petes-Switch#  H/W Status       (CPU/FPGA)      CPU Link      Version
-----------------------------------------------------------------
 1             OK               50C/48C         connected     03.00.76

[/box]

To perform the upgrade, you will need a matching image for the service module.

[box]

Petes-Switch#archive download-sw usbflash0:/c3kx-sm10g-tar.150-2.SE6.tar
examining image...
extracting info (100 bytes)
extracting c3kx-sm10g-mz.150-2.SE6/info (499 bytes)
extracting info (100 bytes)

System Type:             0x00010002
  Ios Image File Size:   0x017BDA00
  Total Image File Size: 0x017BDA00
  Minimum Dram required: 0x08000000
  Image Suffix:          sm10g-150-2.SE6
  Image Directory:       c3kx-sm10g-mz.150-2.SE6
  Image Name:            c3kx-sm10g-mz.150-2.SE6.bin
  Image Feature:         IP|LAYER_3|MIN_DRAM_MEG=128
  FRU Module Version:    03.00.76


Updating FRU Module on switch 1...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Updating FRU FPGA image...

FPGA image update complete.

All software images installed.
Petes-Switch#reload
Proceed with reload? [confirm]

Mar 30 01:47:19.459: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload command.

[/box]

Related Articles, References, Credits, or External Links

Cisco Catalyst – Upgrading ‘Stacked’ Switches

Cisco ASA – Find Out VPN Tunnel Uptime

KB ID 0000863 

Problem

I needed to get the Uptime/Duration of a particular VPN tunnel this week. It was for a client with multiple VPN tunnels that was having problems with just one.

Solution

Option 1 via Command Line

1. Connect to to the firewall > Go to enable mode and use the following command, replace 123.123.123.123 with the IP of your VPN endpoint.

[box]

PetesASA>
PetesASA> enable
Password: ********
PetesASA# show vpn-sessiondb l2l filter name 123.123.123.123 | incl Duration
Duration : 0h:08m:26s <<<<<<<
PetesASA#

[/box]

If you want a LOT MORE information use the following command;

[box]

PetesASA# show vpn-sessiondb detail l2l filter name 123.123.123.123

Session Type: LAN-to-LAN Detailed

Connection : 123.123.123.123
Index : 312 IP Addr : 123.123.123.123
Protocol : IKEv1 IPsec
Encryption : IKEv1: (1)3DES IPsec: (1)3DES
Hashing : IKEv1: (1)SHA1 IPsec: (1)SHA1
Bytes Tx : 18999 Bytes Rx : 26267
Login Time : 14:20:36 UTC Mon Sep 30 2013
Duration : 0h:32m:55s <<<<<<<
IKEv1 Tunnels: 1
IPsec Tunnels: 1

IKEv1:
Tunnel ID : 312.1
UDP Src Port : 500 UDP Dst Port : 500
IKE Neg Mode : Main Auth Mode : preSharedKeys
Encryption : 3DES Hashing : SHA1
Rekey Int (T): 86400 Seconds Rekey Left(T): 84425 Seconds
D/H Group : 2
Filter Name :
IPv6 Filter :

IPsec:
Tunnel ID : 312.2
Local Addr : 10.254.254.0/255.255.255.0/0/0
Remote Addr : 172.16.254.0/255.255.255.0/0/0
Encryption : 3DES Hashing : SHA1
Encapsulation: Tunnel PFS Group : 2
Rekey Int (T): 28800 Seconds Rekey Left(T): 26825 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4607975 K-Bytes
Idle Time Out: 30 Minutes Idle TO Left : 26 Minutes
Bytes Tx : 18999 Bytes Rx : 26267
Pkts Tx : 94 Pkts Rx : 114

NAC:
Reval Int (T): 0 Seconds Reval Left(T): 0 Seconds
SQ Int (T) : 0 Seconds EoU Age(T) : 2000 Seconds
Hold Left (T): 0 Seconds Posture Token:
Redirect URL :

PetesASA#

 

[/box]

Option 2 Via the ASDM

1. Connect to the ASDM > Monitoring > VPN > Sessions > Select the one you are interested in > Logon time Duration.

Related Articles, References, Credits, or External Links

NA

iPhone / iPad – Using the Cisco AnyConnect Client

KB ID 0000474 

Problem

You have an Apple device and you would like to create a remote VPN connection to a Cisco device running AnyConnect.

Note: This is not a walkthrough on how to configure AnyConnect, for that go here.

Be aware that in addition to your SSL VPN licences your Cisco ASA device also needs a “AnyConnect Mobile – ASA 5510” license. If not you will receive this error.

Solution

1. Firstly you need to download and install the Cisco AnyConnect client from iTunes.

2. Once installed launch the AnyConnect client software.

3. As this is the first time we have launched it we need to configure a connection, select “Add VPN Connection”.

4. Give the connection a name, and enter either public IP of your Cisco Device (Or its public name) > Save.

5. Slide the button from Off to On.

6. If you are using a “Self signed” certificate on the Cisco device you will see this warning, simply click continue.

7. Depending on how your authentication is setup, supply your username and password > Connect.

8. All being well, the client should say connected. (If you get a licensing error see here).

9. You are now connected to your corporate network, all the while you are connected you will see the VPN icon at the top of the screen.

 

Related Articles, References, Credits, or External Links

Android – Using the Cisco AnyConnect Client

Cisco AnyConnect Error (Apple)

Apple iPhone / iPad – Enable Cookies

 

 

Android – Using the Cisco AnyConnect Client

 

KB ID 0000539 

Problem

You have an Android device* and you would like to create a remote VPN connection to a Cisco device running AnyConnect.

Note: This is not a walkthrough on how to configure AnyConnect, for that go here.

Be aware that in addition to your SSL VPN licences your Cisco ASA device also needs a “AnyConnect Mobile” license. If you do not have one you will receive this error.

*Note: At time of writing the AnyConnect client is only available for Samsung, HTC, Lenovo, and Android phones that have been rooted.

Solution

1. First head over to the Android Market, locate and then install the AnyConnect Client on your device.

2. Once installed launch the AnyConnect client.

3. Add New VPN Connection.

4. Tap Description.

5. Give the connection a recognisable name.

6. Set the server address, to either the public IP of your Cisco device, or if you have a public DNS name that points to it e.g. vpn.yourdomain.com you can enter that. (Providing the device can resolve that address using DNS).

7. You should not need to enter Certificate details, unless your IT department have secured the AnyConnect profile with certificates like this. In most cases you would supply a username and password to connect, so this is not relevant. If you are unsure speak to the person/department that looks after your Cisco device.

8. To save the connection click “Done”.

8. To start the connection, simply tap it.

Note: To delete/edit a connection profile tap and hold it.

9. Type in your credentials > OK.

10. When connected you will get a “Green Tick” and the logo at the top of the screen will show a closed padlock. This padlock logo will remain all the time you are connected.

11. To disconnect, simply tap the green tick, and the client software will terminate the connection.

Related Articles, References, Credits, or External Links

Thanks to David Simpson for trusting me with his phone for half an hour.

Android AnyConnect Error

iPhone / iPad – Using the Cisco AnyConnect Client