ICT for Myanmar in English

As a network engineer/administrator, you would encounter the cabling problem of patch panel to host, patch panel to switch, switch to switch.

In these scenarios, you can determine whether switch or physical layer (Layer 1 ) issue or not before contacting to cabling contractor.

To do so, you can use below commands.

show interface
show interface counters
show interface counters errors

Moreover, you still can find the cabling issue with another testing method. That is Time Domain Reflectometer.

To test this in cisco switch, use below commands.

test cable tdr interface port number

show cable-diagnostics tdr interface port number

You will know how to use it from below sample pictures.





If you are testing FastEthernet, Pair A and Pair B result must be Normal.
If you are testing GigabitEthernet , all Pair must be Normal.

Other than that result, you need to find out where is the distance that cable becoming fault.

The approximate cable fault distance is shown in result.

Yes, I believe you know the basic of TDR now.

This feature is include not only on Cisco Switch but also you can find in other brand switch like juniper, hp and dell.

If you want to know more about this in details, please go and read from below link.
https://supportforums.cisco.com/document/74231/how-use-time-domain-reflectometer-tdr 

Have a good time.
(Be knowledgeable, pass it on then)

As of Audit Purpose or Standard Organization Policy, we need to deploy legal notice logon banner message/warning of usage logon message in domain computers.

To do it automatically, we can use logon script/group policy.

Since group policy is easy to mange, I'd like to show you how to do it.

Open group policy management console, go to group policy objects, right click on it and select new to create new GPO as below. (You can create and link directly on the OU that you wish to deploy GPO but I create it separately to show clearly.)


Right click on newly created GPO and select edit to make changes.


Go go Computer Configuration>Windows Settings>Security Settings>Security Options> and find Interactive logon: Message tesxt for users ... . Enable and define the message that you wish to show as logon message.



Find Interactive logon: Message title for users attempting... and Define the message title for your logon message.


After that, link newly created GPO with the OU that you wish to display logon banner.



If you want your GPO immediately, just force update Group Policy via command line or else just wait to refresh the policy automatically by default timer.
Below is the sample logon banner message.
I used the Windows Server 2008 R2 Standard for this demonstration.


Have a good time.
(Be knowledgeable,pass it on then)

Today, I've got below when I try to connect my WSUS Server via WSUS Console.



Below logs are display in Event Logs too.

The WSUS administration console was unable to connect to the WSUS Server via the remote API. 

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.
The WSUS administration console was unable to connect to the WSUS Server via the remote API.
Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.
System.Net.Sockets.SocketException -- No connection could be made because the target machine actively refused it 172.16.99.98:80
Source
System
Stack Trace:
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
** this exception was nested inside of the following exception **

System.Net.WebException -- Unable to connect to the remote server
Source
Microsoft.UpdateServices.Administration
Stack Trace:
   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
   at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateServer(PersistedServerSettings settings)
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServerAndPopulateNode(Boolean connectingServerToConsole)
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.OnExpandFromLoad(SyncStatus status)

Time to investigate for why?

As mentioned in Log, I restarted Update Services service, IIS and SQL Service. Then try to connect again and still the same error pop out.

Second, I try to test the port 80 of WSUS Server whether open or not from other Serverby using  Telnet WSUS Server Name/IP 80 .
Port 80 is not opened. Then pretty sure Default Web Site Service of WSUS has been stopped for some reason.

Just go to IIS Manager and Start the Default Web Site. After that try again connect the WSUS Console and it's working then.




Actually, the error is come out because of me. Last day, I was tested WhatsUp Gold Network Monitoring Application by installing and that use IIS and SQL. I uninstall it after tested and didn't check WSUS that time.

The root cause is uninstalling WhatsUp Gold without checking properly.

So if you are having such kind of error, do not forget to check above steps what I did to bring up WSUS again. :P

My Server is Windows Server 2008 R2 SP2 and WSUS is 3.0 SP2.

May you all be happy.
(Be knowledgeable, pass it on then)

You will receive "Putty Command Line Error" as below if your are using GNS3 and later version.



To overcome this error, just go and download Putty.exe that provide from below link.

After that , overwrite the Putty.exe in your pre-installed Putty.exe

Download Putty for GNS3

Once download and overwrite the Putty.exe, you may try to console Router/Switch/Firewall in GNS3.

If you want to know about for that, read details at http://forum.gns3.net/topic5016.html

May you all be happy.
(Be knowledgeable, pass it on then)

Sometime you might need Server Model Name and Serial Number for Documentation, Audit or Warranty Lookup Purpose.

It's easy for Windows server to extract.

But for Linux, I believe, it will be a bit busy if you are not in touch with Linux.

I just want to share on how to for those who not in touch with Linux.

Login to Linux Server that you need to extract information for Server Model and Serial Number.

Key in below command as "root".

"dmidecode -t 1"

You might need to install dmidecode package if you Linux is not pre-installed or lower version.

To install that, just key in below command first.

"sudo yum install dmidecode"

Below sample result are tried in Red Hat and Debian for your reference in command usage and output.




May you all be happy.
(Be knowledgeable, pass it on then)

I am very like 7zip Application among many of zip application because of easy to use, support many zip file format and handy.

Sometime I need to zip and protected it with password by using 7zip for some important files.

One day, I've forgot the password to unlock one of my important files.

Then I seek application to unlock it and found out 7z Cracker as the best.

It's really useful to crack your password protected files within few seconds even you give complex password.

If you would like to try it or need urgently to unlock for your password protected files, you can download it from below link.

http://sourceforge.net/projects/sevenzcracker/

But you also need to download 7za Application to work your 7z Cracker. Your pre-installed 7z application will not work for this and so download it from below link.

http://sourceforge.net/projects/sevenzip/?source=typ_redirect

You can reference Read Me file  for "How to use"  that include inside the 7z Cracker Application when you downloaded.



May you all be happy.
(Be knowledgeable, pass it on then)

You've deployed Cisco ASA Firewall and setup Local AAA Server to create useraccount for IPSec VPN usage.
As a network administrator, you've responsibility to check and monitor the list of vpn user and active session for security and audit purpose.

You can use ASDM GUI to do such task but its handy to do.
So, it is better to user CLI for that.
Below are some useful commands to check user list and active vpn user sessions.

To check user list, use below commands

- show run | grep username
- show aaa local user



To check active vpn user list and sessions, use below commands

- show vpn-sessiondb remote | grep Username (This command result will let you know how many user are active)
- show vpn-sessiondb remote filter name username (This filter command will let you know details of vpn session user by inserting active vpn username in "username" )




Yes. That's all.

Here I show you with Cisco ASA 5520 and its software version is 8.2 (5).


May you all be happy.
(Be knowledgeable, pass it on then)

We purchase SSL Certificate to get secure when we use Outlook Web Access with Exchange Server.

We use the External Domain URL for OWA when we purchase SSL Certificate.

But the issue can come out when your Internal URL and External URL of Exchange Server are different.

The issue is user will get security alert pop-up when he/she open outlook client everytime.



To get rid of this issue, we need to change the Internal URL of OWA on Server.

Let's start.

First, run the Exchange Management Powershell as Administrator.

"Use Get-ClientAccessServer | FL" command to collect existing configuration for revert back if something goes wrong.



Next, use "Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUrl https://mail.ictformyanmar.com/autodiscover/autodiscover.xml" command and change the URL accordingly.

Only High-lighted text are need to aware as yours.

After that, go to Exchange IIS Manager and select Application Pools. Then right click on MSExchangeAutodiscoverAppPool and click Recycle.



Fine. We are done!

You can re-check by using Get-ClietAccessServer | FL command to ensure changed URL.

If everything is fine, just close and open the outlook client at user's PC and you won't see any secrutiy pop-up regarding Certificate.

I've use ClientAccess service only on my Server.If you use  WebServicesVirtualDirectory, OABVirtualDirectory and UMVirtualDirectory, you also need to change the URL for these too.

My server is  Microsoft Exchange Server 2007. Powershell command is different and depends on Server Version. So, do not forget to reference Microsoft Powershell Technet Website.


May you all be happy.
(Be knowledgeable, pass it on then)

Singapore ISP broadband service will be get 2Gbps in early 2015

Singapore Local Internet Service Provider, ViewQwest, announces its new 2Gbps fiber broadband service to be made commercially available in early-2015, offering the fastest residential internet connection in Singapore.

In a statement released Wednesday, the local internet service provider (ISP) said the 2Gbps service will be tested among a group of selected customers until year-end, before it is made commercially available in early-2015.

This new service will also be on demo at the Sitex exhibition show to be held from November 27 to 30, the company said.

For further details about this service from ViewQwest, please go and reand at ZDNET.

Source : http://www.zdnet.com/sg/singapore-isp-unveils-2gbps-fiber-broadband-service-7000035717/?s_cid=e539&ttag=e539&ftag=TRE17cfd61


May you all be happy.
(Be knowledgeable, pass it on then)

I’d like to share how to setup Link Aggregating between Synology NAS and Cisco Switch.

I’ve got one Synology NAS with 4 Network Ports and I’m going to use 2 of them.
Both Network Port to be as one Logical Link, Fault Tolerance and Load Balancing.

To do that, I need to configure Link Aggregating on Synology NAS and EtherChannel with LACP on Cisco Switch.

Below is brief steps to do to meet with my requirements.


- Get connected Synology NAS and Cisco Switch as shown in picture.
- Bonding two Network Ports of Synology NAS and assign IP Address
- Configure EtherChannel with LACP in Cisco Switch and add two physical ports as Member.



OK. Let’s begin from Synology NAS.
- Login to the Synology and go to Control Panel>Network>Create>Create Bond



- Select IEEE 802.3ad to get Fault Tolerance and Load Balancing Featureyou’re your switch not support 802.3ad you can only select Fault Tolerance only feature). After that click “Next”.


- Choose the network port for bonding and click Next.
- Assign the IP Address. Click Apply and wait to be applied the setting.



Let’s configure Cisco Switch now.
- Will use GigabitEthernet 3 and 4 to use Link Aggregation and member of Group.
- Take a look below picture for the command on how to configure EtherChannel with LACP. (There may be a bit different on hostname, port number when you configure your Switch but all the commands are same.)


- You can re-check whether you EtherChannel are correct and working or not as shown below photo.



You can see the Network Port bonding status on Synology NAS as below picture after you configure EtherChannel on your Switch.



If you want to make sure you configuration are working or not, just shutdown either one port on Cisco Switch or unplug one of the Network Cable on either Synology NAS or Cisco Switch Port.
Your link between Synology NAS and Cisco Switch should not disconnect even one link down if everything is correct. Only the connection between Synology and Cisco Switch will failure if both network connection fail.

Well… I believe you got something on how to aggregate the links between Synology NAS and Cisco Switch.

I use Synology Model RS2414rp+ with Firmware DSM 5.0-4493 and
Cisco WS-C2960G with IOS version 15.0 for this demonstration.

May you all be happy.
(Be knowledgeable, pass it on then)

After you restore your Exchange Hub Transport Server Operating System from Failure or revert back to previous snapshot of your Exchange Hub Transport Server Virtual machine, you will see below error in you server event log.

We can solve this error by doing below way.




- Generate new certificate and assign the service that previously we assigned in old certificate and enable to use.

Kindly take a look for how to generate new certificate at this link (http://en.ictformyanmar.com/2014/10/replacing-expired-internal-transport.html).

Once you generated new certificate, just use Powershell command as show below and enable the service that you need.

Enable-ExchangeCertificate -Services "SMTP" -Thumbprint "New Certificate Thumbprint Here"

You will be ask to overwrite existing default SMTP setting and just "Yes".


Well...we are done.


May you all be happy.
(Be knowledgeable, pass it on then)

As a busy system administrator, you could overlook as below event logs.

You need to renew the expired internal transport certificate when you see this event logs.


It's easy.

First you need to check the certificate details with Powershell command as below

Get-ExchangeCertificate | fl

Then you know what certificate is expired and what are its service and thumbprint.







Now you already replaced out of date internal transport certificate.

Next step is to remove the invalid/ out of date certificate.

Use below Powershell command to remove it.

Remove-ExchangeCertificate -ThumbPrint "old-thumbprint-here"



Yes. You've done in replacing new certificate with old certificate and removed the invalid certificates from your server.

May you all be happy.
(Be knowledgeable, pass it on then)