Remote Desktop Services: RDS Sizing Calculations

KB ID 0001753

Problem

This is a horrible subject to find any decent information on. Microsoft are typically ‘vague’ and most people are stuck with using trial and error, or massively overestimating hardware to be on the safe side. I get asked this occasionally and, just like Microsoft, it’s a question I don’t like to answer!

People are reticent to tell you that you need ‘x’ amount of CPU and ‘y’ amount of RAM. Simply because ‘it depends’ e.g. a dozen users just doing some file and print, and working on office documents, will be much less of a requirement, than a dozen users making MS Teams calls and doing 3D Auto CAD modelling.

I’m going to Assume: That we are deploying RDS in a virtual environment, so I’ll be talking about vCPU requirements. BE AWARE: Running a VM with a LOT of vCPUs can be counter productive for performance (Google CPU Ready).

RDS Sizing Requirements

RDS Dependancies

Most of these will be common sense, 

  • Domain Authentication: Usually via Active Directory or Azure AD credentials.
  • DNS Resolution: Not just for the RDS server roles deployed, for resolving the names on Certificates, and for third party hosted applications.
  • Third Party (Line of Business) Applications: Not all apps support RDS deployment, and many that do, require different licensing (Check!)
  • File and Print: Thankfully these days most file storage is moving into the cloud, but users still need user profiles? How are you going to present them?FXLogix, Redirected folders, Shared folders etc.
  • Access: These days having RDP open to the outside world is a thing of the past, it you want to connect to RDS you either come in via an RDS Web Gateway, or even better, by connecting to a VPN, then accessing the RDS deployment.
  • Licensing: Obviously the RDS servers themselves require licensing, but so does RDS. Depending on what licence model you buy, (user CALs, or device CALs). Typically most people buy user CALs (Device CALs are good for things like call centres e.g. where 3 shift workers use the same PC in a 24 hour period so you can buy 1 device CAL rather than 3 user CALs).*

*Note: Whats a SAL then? A Subscriber Access Licence is used if you have your servers SPLA licenced from a service provider. These are usually on a monthly rental basis.

RDS Sizing: Roles

You can,  (and I think it’s still the default) put all the RDS roles on one server, obviously this is not ideal for anything other than a tiny deployment (5-10 users doing very low impact roles for example). But the individual roles required are;

RD Session Host: This is what does all the heavy lifting, it hosts the remote user sessions. Typically these will be the server(s) in your deployment that suffer with recourse constraints if you get something wrong. As I’ve mentioned above if you’re running 3rd Party Line of Business applications on here MAKE sure they are designed and optimised for RDS. Finally based on what your users are doing is it worth having better/faster/local storage on these servers.

RD Connection Broker: This role had two primary jobs, 1) Connect remote users to the least utilised session hosts, and 2) Reconnect users to the correct session host if they’ve dropped a connection, or have an existing open RDS session. 

RD Web Server: This provides a web logon portal for RDS so that RDS desktops and applications can be accessed over HTTPS. Remember just because traffic is on HTTPS (TCP port 443) do not assume it’s trusted and non malicious. Nearly every exploit and attack these days used HTTPS or SSH to get traffic in and out of your network. Unless you are inspecting https it’s not more secure than http! Typically the RD Web server is deployed in a DMZ. In some small deployments it can also be on the RD Connection broker.

RD Licence Server: Typically this gets put on ‘Another‘ server in the environment, the draw back of this is people forget where it is, and don’t check before decommissioning a server then find out a few days later their licence server disappeared. You install this role, then register it with Microsoft, then finally add your licences to it.

RDS Sizing Calculations

For all RDS roles apart from the RD Session Host(s) Then the footprint is relatively small.

RD Session Host(s) CPU: This depends on the amount of users, typically no more more than 4 users per vCPU , and up to a maximum of 8 vCPUs per host, (this should tell you you need an RDS Session Host for every 24 (approx) users). Remember to factor in additional hosts in case you suffer a loss of server/hypervisor. For that reason it’s also good practice to deploy your session hosts with anti-affix city rules so that they are not all on the same hypervisor host!

RD Session Host(s) RAM: Again depends on the user and what they will be doing, as a rule of thumb, allow between 2 and 8 GB per user, but do not allocate more than 128 GB per RDS Session Host.

RD Connection Broker: (2x vCPU, 8GB RAM, 70GB HDD) Note: Can scale up to 8 vCPU, 16 GB RAM, 70 GB HDD) for larger deployments.

RD Web Server: (2x vCPU, 4GB RAM, 70GB HDD) Note: Can scale up to 8 vCPU, 16GB RAM, 70 GB HDD) for larger deployments. Once you get larger than this you need to look as load balancing multiple RD Web servers.

RD Licensing: (1 x vCPU, 4GB RAM, 70GB HDD) Assuming there’s no additional compute requirements on the same host.

I welcome any feedback and recommendations below.

Related Articles, References, Credits, or External Links

Deploying Remote Desktop Services

Deploying Exchange 2013

Part Two – Prerequisites for Windows Server 2008 R2

KB ID 0000717

Problem

Originally I was just going to write a ‘Prerequisite for Exchange 2013’ article, but the needs of Windows Server 2008 R2 are so much greater than those of Windows Server 2012, I split them up. With that in mind, Id suggest you use Window s server 2012 rather than 2008 R2. (It will be supported for longer).

But if you are determined read on.

Solution

Planning ‘Time spent on reconnaissance is seldom wasted’

If you are going to deploy Exchange 2013 within your organisation, then you either already have Exchange (or another mail server product), or it’s a ‘Greenfield Site’.

You already have Exchange

Coexistence with Exchange 2003 is not supported, before you consider bringing in Exchange 2013, you will need to migrate to Exchange 2010, (a migration to Exchange 2007 would also work, but Exchange 2010 would be more sensible). Exchange 2013 Server can coexist in the same Exchange environment with both Exchange 2007 and Exchange 2010.

Exchange 2003 to 2010 Transition “Swing Migration”

Make Sure you have the DVD or ISO file for Exchange 2013, you don’t want to download a 3.5GB File at a clients site through a slow ADSL Link! Also the prerequisite software is pretty big, get all that burned to disk, or on a USB Drive before you start.

Software Requirements

Well we are installing on Server 2008 R2 (Standard/Enterprise or Datacenter, though if you plan to deploy this server as part of a DAG Group, it needs to be Enterprise/Datacenter), so what else would you need to worry about? How about backup software? Does your current backup solution support Exchange 2013? Also check with your anti-virus/antispam vendor that 2013 wont be a problem. Do you have any mail archiving software, custom email signature software etc? Take a good look at the software packages in your existing mail system to make sure.

Outlook Client Access: Be aware your clients need to be using the following versions of Outlook BEFORE you migrate them.

  • Outlook 2013.
  • Outlook 2010 (With SP1 and this update).
  • Outlook 2007 (With SP3 and this update).
  • Outlook for Mac 2011.
  • Entourage 2008 for Mac, Web Services Edition.

Hardware Requirements

1. CPU: As you’re planning on deploying with Windows Server 2008 R2 you will already have a server with an x64 bit CPU to deploy Exchange 2013 on, though IA64 is NOT supported.

2. RAM: This is dependent on what roles the server will have, for a Client Access Server the recommendation is 4GB, for a Mailbox Server it’s 8GB. And if the server will hold both roles the figure remains at 8GB. Though if I were deploying an Exchange 2013 Server in anger I would start at 12GB for a small (less than 80 mailbox’s) deployment and work upwards.

3. Disk Space: The drive which will hold the Exchange program files needs 30GB free space (that seems like a lot!) then there are some smaller figures you need to add up,

500MB per Universal Massaging Pack Language you are going to deploy.
200MB free on the servers system (OS) drive.
500MB free on the drive that will house the message queue database.

If the server will be a Mailbox server then it will need sufficient room to store the mailbox/public folder databases.

4. DVDROM Drive: Actually this is not really a requirement, but I’m mentioning it because a few modern servers ship without DVDROM drives now. You don’t want to go to site with a disk and look like a clown! Exchange 2013 will deploy quite happily from an ISO image. (If in doubt use 7ZIP to extract the ISO to a folder, and take that with you).

Pre Deployment – Environment

1. The Windows 2008 R2 server should be at least SP1. (If in doubt, Windows Key+R > winver {enter}).

2. Your forest functional level should be at least Windows Server 2003. To see your forest functional level, Windows Key > Active Directory Domains and Trusts > Action > Raise Forest Functional Level.

3. The domain controller that is holding the Schema Master FSMO role in your domain, needs to be at least Windows Server 2003 SP2. To see which server is the schema master server, run the following command;

[box]netdom query /domain:YOURDOMAINNAME fsmo[/box]

Note: In this example, I’m on a standalone server, that’s also a domain controller (not recommended for production environments!). In a live environment you may need to plan in some downtime to update the schema master.

4. The server you are deploying on, must already be a member of your domain.

5. Run Windows Update, and make sure the server is fully up to date.

6. You will need to install both .Net 4.5 and Windows Management Framework 3.0 (That’s new WMI and Powershell 3 in case you were wondering), and Windows Management Framework 3.0. (Note: you need the Windows6.1-KB2506143-x64 version).

Note: These two pieces of software are needed on the server that will prepare the Active Directory, so they are not strictly prerequisites for Exchange 2013.

7. The Exchange 2013 Server needs the AD DS (RSAT) administration tools installing. To do that simply run the following command;

[box]Add-WindowsFeature RSAT-ADDS[/box]

Note: If you skipped step 6 then you will see the following error;

The term ‘Add-WindowsFeature’ is not recognized as the name of a cmdlet function, script file, or operable program.

Pre Deployment – Roles Required

Like previous versions of Exchange, you need to add certain roles to the server before you can install the product. Which roles you need, depend on whether you are deploying a server with the client access server role, or the mailbox server role (Note: if the server will hold BOTH roles, then the roles for mailbox server will cover both.)

Mailbox Server (Or Mailbox Server with Client Access Sever) – Roles Required

1. Issue the following PowerShell command;

[box]Import-Module ServerManager[/box]

2. Issue the following PowerShell command;

[box]Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI [/box]

2. After running this command you may need to reboot.

3. Once complete you need to install the Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit.

4. Then install the Microsoft Office 2010 Filter Pack 64 bit

5. Then install the Microsoft Office 2010 Filter Pack SP1 64 bit

Note: At time of writing there is no Office 2013 Filter pack. I suspect that when it is released, it will need installing instead of the Office 2010 version, (that’s what happened with Exchange 2010 anyway).

6. Then install the Windows Identity Foundation (KB974405). Note: Download Windows6.1-KB974405-x64.msu

7. Then install the Knowledge Base article KB2619234 (Enable the Association Cookie/GUID that is used by RPC over HTTP to also be used at the RPC layer in Windows 7 and in Windows Server 2008). Note: This update requires a reboot.

8. Then install the Knowledge Base article KB2533623 (Insecure library loading could allow remote code execution). If you are fully up to date you may find that this update will not be applicable to your system, and you will see the following popup.

Client Access Server Only – Roles Required

The only difference for a server running the Client Access Role is that .Net 4.5 and the WindowsManagement Framework are not requirements. However if you have been following all the steps you will already have them installed. And having them installed will cause you no problems. So, follow all the same steps, and install all the roles and software that is required for the ‘Mailbox/Combined Mailbox and Client Access Server’.

Related Articles, References, Credits, or External Links

Deploying Exchange 2013 – Part One – Prerequisites for Windows Server 2012

Deploying Exchange 2013 – Part Three – Deploying Exchange 2013 On a ‘Greenfield Site’

 

Deploying Exchange 2013

Part One – Prerequisites for Windows Server 2012

KB ID 0000716 

Problem

Originally I was just going to write a ‘Prerequisite for Exchange 2013’ article, but the needs of Windows Server 2008 R2 are so much greater, I split them up.

Solution

Planning ‘Time spent on reconnaissance is seldom wasted’

If you are going to deploy Exchange 2013 within your organisation, then you either already have Exchange (or another mail server product), or it’s a ‘Greenfield Site’.

You already have Exchange

Coexistence with Exchange 2003 is not supported, before you consider bringing in Exchange 2013, you will need to migrate to Exchange 2010, (a migration to Exchange 2007 would also work, but Exchange 2010 would be more sensible). Exchange 2013 Server can coexist in the same Exchange environment with both Exchange 2007 and Exchange 2010.

Exchange 2003 to 2010 Transition “Swing Migration”

Warning: Even at Exchange 2010 – You cannot upgrade to Exchange 2013 without Service Pack 3.

Make Sure you have the DVD or ISO file for Exchange 2013, you don’t want to download a 3.5GB File at a clients site through a slow ADSL Link! Also the prerequisite software is pretty big, get all that burned to disk, or on a USB Drive before you start.

Software Requirements

Well we are installing on Server 2012 (Standard or Datacenter) so what else would you need to worry about? How about backup software? Does your current backup solution support Exchange 2013? Also check with your anti-virus/antispam vendor that 2013 wont be a problem. Do you have any mail archiving software, custom email signature software etc? Take a good look at the software packages in your existing mail system to make sure.

Outlook Client Access: Be aware your clients need to be using the following versions of Outlook BEFORE you migrate them.

  • Outlook 2013.
  • Outlook 2010 (With SP1 and this update).
  • Outlook 2007 (With SP3 and this update).
  • Outlook for Mac 2011.
  • Entourage 2008 for Mac, Web Services Edition.

Hardware Requirements

1. CPU: As you’re planning on deploying with Windows Server 2012 you will already have a server with an x64 bit CPU to deploy Exchange 2013 on, though IA64 is NOT supported.

2. RAM: This is dependent on what roles the server will have, for a Client Access Server the recommendation is 4GB, for a Mailbox Server it’s 8GB. And if the server will hold both roles the figure remains at 8GB. Though if I were deploying an Exchange 2013 Server in anger I would start at 12GB for a small (less than 80 mailbox’s) deployment and work upwards.

3. Disk Space: The drive which will hold the Exchange program files needs 30GB free space (that seems like a lot!) then there are some smaller figures you need to add up,

500MB per Universal Massaging Pack Language you are going to deploy.
200MB free on the servers system (OS) drive.
500MB free on the drive that will house the message queue database.

If the server will be a Mailbox server then it will need sufficient room to store the mailbox/public folder databases.

4. DVDROM Drive: Actually this is not really a requirement, but I’m mentioning it because a few modern servers ship without DVDROM drives now. You don’t want to go to site with a disk and look like a clown! Exchange 2013 will deploy quite happily from an ISO image. (If in doubt use 7ZIP to extract the ISO to a folder, and take that with you).

Pre Deployment – Environment

1. The Windows 2012 server should be at least RTM, and should NOT be pre-release (If in doubt, Windows Key+R > winver {enter}). The build number should be at least 9200.

2. Your forest functional level should be at least Windows Server 2003. To see your forest functional level, Windows Key > Active Directory Domains and Trusts > Action > Raise Forest Functional Level.

3. The domain controller that is holding the Schema Master FSMO role in your domain, needs to be at least Windows Server 2003 SP2. To see which server is the schema master server, run the following command;

[box] netdom query /domain:YOURDOMAINNAME fsmo [/box]

Note: In this example, I’m on a standalone server, that’s also a domain controller (not recommended for production environments!). In a live environment you may need to plan in some downtime to update the schema master.

4. The server you are deploying on, must already be a member of your domain.

5. Run Windows Update, and make sure the server is fully up to date. You will find Windows Update in Server Manager > Local Server.

6. Windows Server 2012 comes pre installed with .Net 4.5 and Windows Management Framework 3.0 (That’s new WMI and Powershell 3 in case you were wondering). So there’s nothing to do for this step, I only mention it for completeness.

7. The Exchange 2013 Server needs the AD DS (RSAT) administration tools installing. To do that simply run the following command;

[box] Install-WindowsFeature RSAT-ADDS [/box]

Note: As previously stated, the server used in the example above is a domain controller, so it already had the tools installed, hence the NoChangeNeeded exit code.

Pre Deployment – Roles Required

Note: From THIS POINT FORWARD, all roles can now installed with the RTM release of Exchange 2012 during setup. The following will only need to be carried out if you are installing the pre-release version of Exchange 2013.

Like previous versions of Exchange, you need to add certain roles to the server before you can install the product. Which roles you need, depend on whether you are deploying a server with the client access server role, or the mailbox server role (Note: if the server will hold BOTH roles, then the roles for mailbox server will cover both.)

Client Access Server Only – Roles Required

1. Issue the following PowerShell command;

[box] Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation [/box]

2. After running this command you may need to reboot.

3. Once complete you need to install the Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit.

Mailbox Server (Or Mailbox Server with Client Access Sever) – Roles Required

1. Issue the following PowerShell command;

[box] Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation[/box]

2. After running this command you may need to reboot.

3. Once complete you need to install the Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit.

 

4. Download and Install the Microsoft Office 2010 Filter Pack 64 bit

5. Download an Install the Microsoft Office 2010 Filter Pack SP1 64 bit

Note: At time of writing there is no Office 2013 Filter pack. I suspect that when it is released, it will need installing instead of the Office 2010 version, (that’s what happened with Exchange 2010 anyway).

Related Articles, References, Credits, or External Links

Deploying Exchange 2013 – Part Two – Prerequisites for Windows Server 2008 R2

How To Install Exchange 2016 (Greenfield Site)

Stop Exchange Store.exe Taking 99 – 100% Physical Memory

KB ID 0000903 

Problem

Before you go any further with this article THIS IS COMPLETELY NORMAL! It may look a little odd if you look in Task Manager.

Store.exe will take as much RAM as it can get hold of, the difference between that, and a program that ‘hogs’ memory is, it has been designed to monitor the system, and release memory as it’s required by other processes.

So for 99.999% of you stop reading now!

OK, You can cap the memory that Exchange uses, but Microsoft recommend that you don’t do this. Why did I do it then? Well my company uses N-central to monitor our clients servers, and when monitoring the metrics for memory, it reports as failed if it stays at 99% for a while. This can happen quite often on some busier Exchange servers. So I set about capping the memory that store.exe would use.

Solution

1. Launch ADSIEdit.msc > Connect to the Configuration Context.

2. Navigate to;

[box]Services > Microsoft Exchange > ‘Organization Name’ >  Administrative Groups > ‘Administrative Group Name’ > Servers > < ‘Server Name’ > InformationStore[/box]

Open its properties > Locate the msExchESEParamCacheSizeMax attribute. Edit its value.

IMPORTANT:

After Exchange 2010 SP1 you also need to set the msExchESEparamCacheSizeMin  to the SAME VALUE.

3. Finaly restart the Microsoft Exchange Information Store service.

 

Related Articles, References, Credits, or External Links

NA

GNS3 – Error ‘ghostsize is to small for device’

KB ID 0000935 

Problem

While doing a quick lab in GNS3, I tried to add NAT to a router, and it fell over with the following error;

[box]

R3(config-if)#ip nat outside
% NBAR ERROR: parsing stopped
% NBAR Error : Activation failed due to insufficient dynamic memory
% NBAR Error: Stile could not add protocol node
%NAT: Error activating CNBAR on the interface FastEthernet0/0
R3(config-if)#
*Mar 1 00:01:11.655: %SYS-2-MALLOCFAIL: Memory allocation of 10260 bytes failed
from 0x62915CD4, alignment 0
Pool: Processor Free: 28660 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Exec", ipl= 0, pid= 93, -Traceback= 0x6148BFF8 0x60016604 0x6001C564 0x6001CBBC 0x636756E4 0x62915CDC 0x628F468C 0x628F9DA0 0x628F5968 0x628FA474 0x628F5968 0x628F8344 0x628F5968 0x628F5B2C 0x62928FBC 0x62933A20
*Mar 1 00:01:11.659: %NBAR-2-NOMEMORY: No memory available for StILE lmalloc, -Traceback= 0x6148BFF8 0x62915CF8 0x628F468C 0x628F9DA0 0x628F5968 0x628FA474 0x628F5968 0x628F8344 0x628F5968 0x628F5B2C 0x62928FBC 0x62933A20 0x62920BD0 0x6293DF70 0x6293E2F0 0x61C77C70
R3(config-if)#
*Mar 1 00:01:12.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
R3(config-if)#

[/box]

A quick Google told me, this was because I didn’t have enough memory assigned to the router, and I was supposed to change this, save the new setting, and reload the router. But as soon as I did that, this happened. (Note: Seen in GNS3, I could not console to the router).

[box]

GNS3 management console. Running GNS3 version 0.8.6.
Copyright (c) 2006-2013GNS3 Project.

=> *** Warning: ghostsize is to small for device R3. Increase it with the ghostsize option.

[/box]

Solution

1. Locate the filename.net file for your project, and open it.

Note: Usually in C:Users{user-name}GNS3Projects

2. Locate the section that contains your router settings, (you should see the IOS image name). Below that change the RAM value, here I changed it from 128 to 256, then save the file and reopen your GNS3 project.

3. To stop this happening again, whilst in GNS3 > Edit > IOS Images and Hypervisors > Locate the router image, and set the default RAM figure here > Save > Click Test settings to make sure.

Related Articles, References, Credits, or External Links

NA

ASA – Memory Error (Post upgrade to version 8.3)

KB ID 0000553 

Problem

I’ve split this article away from this one, as it tripped me up this week again, so I think it deserves an article of its own.

Some ASA firewalls that shipped prior to February 2010 may need a hardware memory upgrade, before you can update them to version 8.3 and beyond. If not you will see the following;

Memory Error as seen on an ASA5510

[box]

*************************************************************
**
** *** WARNING *** WARNING *** WARNING *** WARNING ***
**
** ----> Minimum Memory Requirements NOT Met! <---- **
**
** Installed RAM: 256 MB **
** Required RAM: 1024 MB **
** Upgrade part#: ASA5510-MEM-1GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
**************************************************************

[/box]

Memory Error as seen on an ASA5505

[box]

**************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING ***
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 256 MB **
** Required RAM: 512 MB **
** Upgrade part#: ASA5505-MEM-512= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
***************************************************************

[/box]

ASDM Memory Error as seen on an ASA5505

Solution

ASA Memory Requirements

ASA 5500 Memory Requirements for version 8.3 and Later
Cisco ASA

Mem
(Pre 8.3)

Mem
(Post 8.3)
New ASA
(after Feb 2010) shipped with
Memory Part Number
5505 10 User
256MB
256MB
512MB
 
5505 50 User
256MB
256MB
512MB
 
5505 Unlimited
256MB
512MB
512MB
ASA5505-MEM-512=
5505 Sec Plus
256MB
512MB
512MB
ASA5505-MEM-512=
5510
256MB
1GB
1GB
ASA5510-MEM-1GB=
5510 Sec Plus
256MB
1GB
1GB
ASA5510-MEM-1GB=
5520
512MB
2GB
2GB
ASA5520-MEM-2GB=
5540
1GB
2GB
2GB
ASA5540-MEM-2GB=
5550
4GB
4GB
4GB
 
5580-20
8GB
8GB
8GB
 
5580-40
12GB
12GB
12GB
 

Fitting the Memory Upgrade to an ASA5505

Fitting the Memory Upgrade to an ASA5510

Related Articles, References, Credits, or External Links

Cisco ASA5500 Update System and ASDM (From ASDM)

Cisco ASA5500 Update System and ASDM (From CLI)

Cisco PIX/ASA 8.3 Command Changes {NAT / Global / Access-List}

Update Cisco ASA – Directly from Cisco (via ASDM)

KB ID 0000636 

Problem

Warning:

Before upgrading/updating the ASA to version 8.3 (or Higher) Check to see if you have the correct amount of RAM in the firewall (“show version” command will tell you). This is VERYIMPORTANT if your ASA was shipped before February 2010. See the link below for more information.

ASA – Memory Error (Post upgrade to version 8.3)

Warning 2:

Be aware, if you are upgrading to an OS of 8.4(2) or newer you can no longer access the device via SSH when using the default username of “pix” you need to enable AAA authentication for SSH, do this before you reboot/reload the firewall or you may lock yourself out.

ASA Enable AAA LOCAL Authentication for SSH

Its been a while since I wrote how to update the ASA by command line, and how to update the ASA from the ASDM. Now you can update the ASA directly from Cisco, providing you have a valid cisco CCO account.

Solution

1. Connect to the the ASDM on the ASA > Tools > Check for ASA/ASDM Updates.

2. Supply your Cisco CCO account information.

3. Next.

4. Decide if you want to update the OS of the ASA or the ASDM, or both.

5. Next.

6. The software will download. (The OS is downloading here), Note: it will get downloaded to the machine that the ASDM is running on first.

7. Then the ASDM software will download.

8. You may find that there is not enough room in flash memory, if so you will see this error. (if it does not error skip to step 11).

9. If you are stuck for room you can delete some items from your flash memory > Tools > File Management.

10. Here you can see I’m deleting and old version of the ASDM. Note you could delete the live version of the ASDM and Operating system if you had no choice (THOUGH DONT REBOOT THE FIREWALL until the new ones have uploaded, or you will be loading the files in in ROMMON mode!)

11. Once all the files have been downloaded to your location, they will be uploaded to the firewalls flash memory.

12. Next.

13. Finish.

Note: What happens now is the following commands are issued in the background automatically; (Note the versions numbers may be different in your case).

[box]

asdm image disk0:/asdm-649.bin
no boot system disk0:/asa843-k8.bin
boot system disk0:/asa844-1-k8.bin
boot system disk0:/asa843-k8.bin

[/box]

14. After the firewall reboots, it should come back up with the new OS and ASDM version.

Related Articles, References, Credits, or External Links

Cisco ASA5500 Update System and ASDM (From CLI)

Cisco ASA5500 Update System and ASDM (From ASDM)