PowerShell – Getting Server IP Address Information

KB ID 0001404

Problem

I’ve been rebuilding some Hyper-V hosts over the last few weeks, and one thing I learned rebuilding VMware ESX hosts is, ‘make sure you know what all the network cards are doing before you flatten it!’

The same is true of storage as well but here I’m just concentrating on networking.

List Network Cards and MAC Addresses

If you have these documented you can rename the network card correctly after the rebuild and the mac addresses ensure you have the right names assigned to the right NICs. (Without having to go and check all the cabling afterwards!)

[box]Get-NetAdapter | Select Name, MACAddress, vlanID[/box]

List Network Teams and Members

From the names of the network connections above we can see we are using network teaming, but even if yours dont have sensible names, you can get the team names and the NICs that are a member of each team with the following command;

[box]Get-NetLbfoTeam[/box]

List NICs and IP addresses

To see what IP addresses are in use on which NICs, (physical or virtual) use the following;

[box]Get-NetIPAddress -AddressState Preferred -AddressFamily IPv4 | Select Name, IPAddress, PrefixLength[/box]

Hyper-V: Get vSwitch and Virtual NIC info

As stated above, I’m rebuilding Hyper-V hosts, the following lists all the Management vSwitch(es) and vNICS, (and their names).

[box]Get-VMNetworkAdapter -ManagementOS[/box]

Hyper-V: Get vSwitch and Virtual NIC VLAN info

In addition to above, I also need to know the VLANs the vNICs are on.

[box]Get-VMNetworkAdapterVLAN -ManagementOS[/box]

Related Articles, References, Credits, or External Links

NA

Build a PIX Firewall for your test network

Working with GNS3 and PEMU – (Part 2)

KB ID 0000662 

Problem

In Part 1 we installed and Licensed our Virtual PIX, now we will give it an IP address and get the firewalls web management console running.

To complete this procedure you will need to,

1. Have a TFTP server up and running (CLICK HERE).

2. Know how to connect to a Cisco Firewall (CLICK HERE).

Solution

Step 1 (Add an interface to your host machine)

1. On your host PC/VM Click Start > Run > hdwwiz.cpl {enter} > At the “Add Hardware Wizard” click Next > Let it search > Tick “Yes I’ve allready connected the hardware > Next > Scroll to the bottom > Select “Add a new hardware Device > Next.

2. Select “Install the hardware that I manually select” > Next > Next > Select Network Adaptor > Next > Next > Finish.

3. Click Start > Run > ncpa.cpl > Right Click the new NIC and rename it to loopback adaptor > Then give it a valid IP on your test network. (Right click > properties > TCP/IP).

Step 2 (Configure the connection)

4. Connect to the PIX as shown in Part 1 > Give the PIX an IP address with the following commands;

[box]

enable
{Password} - Set blank by default
configure terminal
int e1
no shutdown
nameif inside
ip address {ip on test network}{subnet of test network}
write men

[/box]

5. To connect tie PIX to the Loopback adaptor you need to add some networking in the GNS3 console > Drag the cloud object into the work area > Right click > Configure.

6. Select C0.

7.Select the loopback adaptor > Add > Apply OK

Note: If you are presenting a real adaptor you will only see some uncomprehensable numbers – locate the “Network Device List” Batch file in the GNS3 directory and run it whis will de-cypher those numbers for you.

8. Drag a switch onto the workspace.

9. Click the connection tool and select “Fast Ethernet”.

10 Select the cloud (Loopback Adaptor) and drag a connection to the switch.

11. Select the PIX (Inteface e1) and drag a connection to the switch.

12. All green lights is good 🙂

13 From another machine on the network make sure you can ping the PIX to test connectivity.

Note: If you are using Microsoft Hyper-V server, you may find that the whole thing fails at this point, If thats the case, then close down the Guest machine and add and configure a “Legacy Network Card”. Bring the system back up and configure the new network card accordingly.

Also if you are in a virtual environment you can simply add another network card and get the cloud to use that instead of using a loopback adapter.

Step 3 Install and configure the ASDM (Web Inteface)

1. Set up your TFTP server and have the asdm image file ready in the TFTP servers root directory.

2. We are now going to allow connection to the PIX via Telnet – becaue the console can be a bit twichy in the GNS3 environment.

[box]

enable
{Password} <-blank be default
configure terminal
telnet 0.0.0.0 0.0.0.0 inside
passwd cisco <- sets telnet password to cisco
write men

[/box]

3. Now you can telnet to the PIX from another machine and copy the ASDM image from your TFTP server to the PIX.

[box]

enable
{Password} <-blank by default
copy tftp flash
{ip of the hosst running TFTP}
{filename of the asdm inage}
{Enter} to accept

[/box]

4. Once the file is copied over you need to let the Firewall know that its the one to use, turn on the internal http server and allow access.

[box]

enable
{Password} <-blank by default
conf t
asdm image flash:asdm-603.bin
http server enable
http 0.0.0.0 0.0.0.0 inside
write men

[/box]

The file will be copied over into the firewalls flash memory (Time for a coffee).

5. Now simply connect via the ADSM inteface – if your unsure how to do that see my article here

Using the information above you can present multiple network cards and clouds to the Virtual firewalls various interfaces (There are 5 interfaces on this firewall – its a PIX 525) – enjoy

NB Please dont email and ask me for PIX images and/or activation keys as refusal often offends – PL

Related Articles, References, Credits, or External Links

NA

Resizing Windows Volumes / Drives in VMware vSphere / ESX

KB ID 0000381 

Problem

This article is primarily geared towards making your guest virtual machines hard drives LARGER, If you want to SHRINK or make the drive smaller then see the following article.

Resizing Guest Hard Drives using the VMware Converter

Solution

Re sizing a Guests Hard Drive (Make it larger)

1. On the properties of the VM select the hard disk in question and locate its size.

2. Enter the new size and hit OK. Note: Making the drive size smaller, will have no affect, if you want to do that clone the drive. If the option is “Greyed out” then make sure you DO NOT have any snapshots for this machine.

Re-sizing the guests “Volume” Option 1 – Graphically

Note: To do this using diskpart skip forward to number 10.

3. On the guest > Right click “My Computer” > Manage > Locate “Disk Management”. You will see there’s some free space that’s appeared on the end of the drive, (Click action > Re-scan if you can’t see it).

4. Simply right click the existing volume and select “Extend Volume”.

5. Next.

6. Copy in the extra space you want to assign (all of it probably) > Next.

7. Finish.

8. All the physical drive should now be committed.

9. And just to be sure, look in “My Computer” the drive is now 300 GB.

Re-sizing the guests “Volume” Option 2 – From Command Line with diskpart

10. Start > run > cmd{enter}

[box]diskpart list volume&lt select volume x –Where x is the volume number of the volume to be re sized[/box]

11. The final command is simply extend (This uses ALL the available free space.) Note the volume size in the picture below has jumped up by 40 GB.

Resizing a System (boot) Partition.

Server 2008 R2 and Windows 7 can do this quite happily. Older versions of Windows do not like having their system drive re sized, you see the following error if you try,

Error: The volume you have selected may not be extended. Please select another volume and try again.

Option 1 (Connect this drive to another machine)

In a virtual environment this is much simpler, but even if its a real physical hard drive, you can put it into another server and re size it. In an ESX environment simply do the following,

1. Shut down the machine that needs its drive re sizing, then go to another virtual machine’s properties and select add.

2. Hard Disk > Next.

3. Select “Use existing virtual disk” > Next.

4. Browse to the the drive we want to re size > Next.

5. Next.

6. Finish.

7. Now on the VM (Action > Re-scan disks). You will see the drive, and it’s not listed as a system drive, so you can extend it using any of the methods listed above.

8. For example, heres the drive re sized using disport.

9. when you have re sized the drive go back to the properties of the machine you have connected it to, and remove it.

10. OK.

11. Now power on the original VM and drive will be re sized.

Option 2 (Re size the Windows volume with GParted)

Note: This will work for a physical server as well.

1. Here’s our system drive with some nice shiny free space.

 

2. Make sure the server in question can boot from CD, in VMware do the following to boot to the machines BIOS, for a real server watch the screen as the server boots for instructions (Usually F10, F1 or Esc but differs depending on vendor).

3. Locate the boot order and make sure CD/DVD is at the top of the list.

4. Download GParted burn the image to CD, if you are working on a real server (use ImgBurn if your stuck). Or simply point the VM to the iso image, and boot the machine in question from it. At the welcome screen press Enter.

5. Use your arrow and tab keys to select Don’t touch the keymap > OK.

6. Pick a language.

7. We want to launch the GUI (X Windows), so select 0 (Zero).

8. Select Re size/Move > Drag the arrow to include the free space > Re size/Move.

9. Apply

10. Apply.

11. Close.

12. Click GParted > Quit.

13. Exit > Reboot/Shutdown > OK.

14. Remove the CD/ISO and press Enter.

15. The guest will run chkdsk the firs time it boots. This is normal don’t panic.

16. Once booted the volume will be re sized.

Shrink a Windows Partition with diskpart

1. To actually make the volume smaller with diskpart, the initial commands are the same.

2. If you use “shrink” on its own is will shrink the drive as much as it can (I cannot think of any situation where you would do this!). So to shrink the volume by 10 GB simply issue a “shrink minimum 10240”. (The figure in in MB).

 

Related Articles, References, Credits, or External Links

Original Article Written 24/01/11

Windows Server 2012 – Install Error

KB ID 0000618 

Problem

I thought I’d spin up Server 2012 today, and as usual with all new OS’s I run them up in VMware Workstation to take a look (I’m running Workstation 8.0.3 build-703057).

As soon as it started up I was greeted by this.

Your PC needs to restart.
Please hold down the power button.
Error Code: 0x0000005D
Parameters:
0x000000000FEBFBFF
0×0000000020000800
0×0000000000000000
0×0000000000000000

Below is information for VMware Workstation and ESXi 5

Solution

For VMware Workstation

1. In my case it was simply a BIOS setting that needed to be enabled. Enter your system BIOS and locate a feature called Data Execution Prevention, (or No Execute Memory Protection).

2. Enable that setting, then ensure you shut the machine down then manually power it back on again.

Additional Points to Note when installing Server 2012

Make sure on the properties of the VM > Hardware > Processors > Tick Virtualize Intel VT-x/EPT or V/RVI (Note: Virtual support should also be enabled in the host machines BIOS).

VMware Workstation – Error – “Virtualized Intel VT-x/EPT is disabled”

VMware Workstation likes to automatically install VMware Tools, Sometimes Server 2012 does not like this and sits with a black screen that will flash blue when you click on it. So to Stop it Installing VMware Tools, Options Tab > VMware Tools > Select Manual. Note: you can always snapshot it and then manually install it later it you want to test. This has been a problem since the early releases of Windows 8.

Solution For ESXi5

1. Here’s the same problem on an ESXi 5 host.

2. Before you do anything you need to be at ESXi 5.0 U1 for Server 2012 to be supported (That’s build number 623860 or better).

3. However in this case the problem is the same as above, The server in question was an HP Proliant ML 350 G5. Boot the server and press F9 to enter the RBSU > Advanced Options.

4. Processor Options

5. Enable ‘No-Execute Memory Protection” > Exit and save settings.

6. And now we are good to go.

Follow up

04/07/12 Email from Simon Reindl:

I had to update my Bios as InsydeH2O does not offer any tweaking options, It is using Compal Bios (previous 9, now 10 – downloaded from Compal.com. It is using InsydeH20 BIOS on a Compal motherboard. It is a custom build.

 

Related Articles, References, Credits, or External Links

NA

Deploy Dual Virtual ASA Firewalls In Active/Standby Failover

KB ID 0000053

Problem

Now you have created your Virtual ASA platform you want to deploy 2 of them in failover configuration.

Solution

Notes:

Software To Download

Qemu with ASA

Dynamips

WinPcap

Sample Batch File

[box] @echo off ECHO Telnet to 127.0.0.1 on port 1234 to access ASA Console ECHO ——————————————————- ECHO * * * * * * *DO NOT CLOSE THIS WINDOWS* * * * * * * * qemupcap -L . -hda FLASH1 -hdachs 980,16,32 -kernel vmlinuz -initrd asa-nolina.gz -m 256 –no-kqemu -append “auto nousb ide1=noprobe bigphysarea=16384 console=ttyS0,9600n8 hda=980,16,32” -net nic,vlan=0,model=pcnet,macaddr=00:aa:00:00:01:01 -net pcap,vlan=0,ifname=DeviceNPF_{120662E6-8B8B-4A6D-A0B1-9159DBD283BA} -net nic,vlan=1,model=pcnet,macaddr=00:aa:00:00:01:02 -net pcap,vlan=1,ifname=DeviceNPF_{BF1F38D4-5D13-4DA2-B50B-17B1F35B1FA8} -net nic,vlan=2,model=pcnet,macaddr=00:aa:00:00:02:02 -net pcap,vlan=2,ifname=DeviceNPF_{2AA77C53-B558-4E7C-A377-E92BF9FAF1BB} -serial telnet::1234,server,nowait[/box]

MAKE SURE ALL THE MAC ADDRESSES AND Network ID’s are unique!!!!!!

Commands to enter at Telnet

modprobe e100 ifconfig eth0 up ifconfig eth1 up ifconfig eth2 up cd /mnt/disk0 ./lina_monitor

Command to save config

[box]copy run disk0:/.private/startup-config[/box]

Related Articles, References, Credits, or External Links

NA

Building a Virtual Cisco ASA

KB ID 0000051

Problem

You would like to create a virtual Cisco ASA platform in a virtualized environment for training and or testing.

Solution

Notes:

Software To Download

Qemu with ASA
Dynamips
WinPcap

Sample Batch File

[box]

@echo off
ECHO Telnet to 127.0.0.1 on port 1234 to access ASA Console
ECHO ——————————————————-
ECHO * * * * * * *DO NOT CLOSE THIS WINDOWS* * * * * * * *
qemupcap -L . -hda FLASH1 -hdachs 980,16,32 -kernel vmlinuz -initrd asa-nolina.gz -m 256 –no-kqemu -append “auto nousb ide1=noprobe bigphysarea=16384 console=ttyS0,9600n8 hda=980,16,32” -net nic,vlan=0,model=pcnet,macaddr=00:aa:00:00:01:01 -net pcap,vlan=0,ifname=DeviceNPF_{120662E6-8B8B-4A6D-A0B1-9159DBD283BA} -net nic,vlan=1,model=pcnet,macaddr=00:aa:00:00:01:02 -net pcap,vlan=1,ifname=DeviceNPF_{BF1F38D4-5D13-4DA2-B50B-17B1F35B1FA8} -net nic,vlan=2,model=pcnet,macaddr=00:aa:00:00:02:02 -net pcap,vlan=2,ifname=DeviceNPF_{2AA77C53-B558-4E7C-A377-E92BF9FAF1BB} -serial telnet::1234,server,nowait

[/box]

MAKE SURE ALL THE MAC ADDRESSES AND Network ID’s are unique!!!!!!

Commands to enter at Telnet

[box]
modprobe e100

ifconfig eth0 up

ifconfig eth1 up

ifconfig eth2 up

cd /mnt/disk0

./lina_monitor [/box]

Command to save config

[box]
copy run disk0:/.private/startup-config
[/box]

Related Articles, References, Credits, or External Links

GNS3 Cannot Connect Network Interfaces when running on VMware vSphere

GNS3 Cannot Connect Network Interfaces when running on VMware vSphere

KB ID 0000671 

Problem

I have plenty of real ASA firewalls to play with, but it’s getting round to re-certification time, so for ease I thought I’d run up a Virtual ASA on my vSphere 5 box just for testing and breaking.

However no matter what type of Virtual Network adaptor I used (vmxnet3, e1000, etc) I could not connect to the virtual firewall.

Solution

1. Firstly make sure you actually have an IP address in the correct range set on the ASA, and the interface is up.

Note: To connect a virtual ASA to the outside world you need to have a ‘Cloud’, then assign your machines NIC to the cloud. Finally you join the cloud to the ASA with a switch.

2. From my laptop (out on the network), I could not connect to, or ping the ASA 🙁

3. However if you log into your ESX/vCenter Server and change the settings on the virtual switch that the parent VM is attached to. Configuration > Networking > Switch > Properties > vSwitch > Edit > Security Tab > Change Promiscuous Mode to Accept > OK.

4. Now it works!

Related Articles, References, Credits, or External Links

NA

Build a PIX Firewall for your test network

Working with GNS3 and PEMU – (Part 1)

KB ID 0000061 

Problem

Cisco Firewall’s are expensive, I know I own some, and my firm sells them, getting hardware to run on your test bench is difficult enough, but getting high end Cisco equipment is an expensive proposition for your average “Techy”. These days most people run their test networks in virtual environment. I run Hyper-V at at home for Testing and I have my own VMware ESX server at work for testing and proof of concept work.

However the big problem is to build test networks that reflect what we are doing in a corporate environment. We usually have to compromise and find some obscure Linux firewall to pop in the virtual environment, which is a pain if like me your a died in the wool Cisco-ite.

To do this we need some software – PEMU PIX emulator has been out for quite some time, but some users will find it “sandal wearingly difficult” to set up, so an easier prospect is to use the GNS3 software which is a nice GUI wrapper that contains PEMU (It does a lot more as well but that’s outside the scope of this exercise).

What do you need?

1. A PC – I’m running on a windows XP VM but a physical machine will do just as well.

2. A version of the Cisco PIX software, this needs a Valid Cisco support agreement and a CCO Login to Cisco.

3. A Valid Cisco PIX Serial Number and activation key – from a firewall you have legally purchased!.

Solution

Step 1 (Get Everything together)

1. Download GNS3 from http://www.gns3.net/

2. Download the PIX Operating system from Cisco (Note PIX and ASA firewall’s have DIFFERENT operating systems). At time of writing the latest version is 8.0(3) so this is the one we will use. At this point it might be worth downloading the ASDM which we will use in part 2 later – at time of writing 6.0(3)).

Step 2 Install and configure GNS3

3. Run the setup file for GNS3.

4. Click Next > I Agree > Next > Next > Next Install.

5. You may need to install WinPcap as part of the install just accept all the defaults. When done, GNS3 setup will continue.

6. Click finish

7. Launch GNS3

8. If the setup wizard starts just click OK. Click Edit > Preferences.

9. Select Pemu on the left then enter the following three pieces of information Under “Defaults PIX Settings”. PIX Image: The path to the PIX OS you downloaded in step 2. Key: the activation Key from your PIX Firewall. Serial: The Serial number of the PIX Click Apply > OK

Note: This trips a lot of people up (Including me for about three hours!) You get the key and serial from the firewall by issuing a “show version” command. However modern PIX firewall’s display their Serial number in Decimal, PEMU was built when PIX was at version 6 and the serials in those days were displayed in HEX – so use windows calculator (in scientific mode) to convert the serial number to HEX (EXAMPLES BELOW ARE NOT REAL KEYS!!)

Like so,

PIX Serial = 405400123 converted to Hex = 1829EA3B Key to Enter = 0x1829EA3B

If the activation key is 0x36b86cee 0xb136bdee 0x20c173ee 0xf62b35ee you remove the spaces and replace them with commas, i.e. 0x36b86cee,0xb136bdee,0x20c173ee,0xf62b35ee

10. Back in the main screen click and drag the PIX firewall from the left hand column to the central workspace.

11. Right click the firewall and Select Start

12. Right click it again and select console >and you will connect to the virtual firewall.

13. Now you have to enter the Activation key (Yes even though you have allready put it in).

Enter the following commands;

Note: NOT REAL KEYS!!

[box]enable {password} – blank by default configure terminal activation 0x36b86cee 0xb136bdee 0x20c173ee 0xf62b35ee write mem reload[/box]

That’s you up and running,Note: the passwords will be blank. In Part 2 we will install the web management console and give the PIX a real connection.

 

Related Articles, References, Credits, or External Links

GNS3 Cannot Connect Network Interfaces when running on VMware vSphere