Link Aggregating with Synology NAS and Cisco Switch

I’d like to share how to setup Link Aggregating between Synology NAS and Cisco Switch.

I’ve got one Synology NAS with 4 Network Ports and I’m going to use 2 of them.
Both Network Port to be as one Logical Link, Fault Tolerance and Load Balancing.

To do that, I need to configure Link Aggregating on Synology NAS and EtherChannel with LACP on Cisco Switch.

Below is brief steps to do to meet with my requirements.


- Get connected Synology NAS and Cisco Switch as shown in picture.
- Bonding two Network Ports of Synology NAS and assign IP Address
- Configure EtherChannel with LACP in Cisco Switch and add two physical ports as Member.



OK. Let’s begin from Synology NAS.
- Login to the Synology and go to Control Panel>Network>Create>Create Bond



- Select IEEE 802.3ad to get Fault Tolerance and Load Balancing Featureyou’re your switch not support 802.3ad you can only select Fault Tolerance only feature). After that click “Next”.


- Choose the network port for bonding and click Next.
- Assign the IP Address. Click Apply and wait to be applied the setting.



Let’s configure Cisco Switch now.
- Will use GigabitEthernet 3 and 4 to use Link Aggregation and member of Group.
- Take a look below picture for the command on how to configure EtherChannel with LACP. (There may be a bit different on hostname, port number when you configure your Switch but all the commands are same.)


- You can re-check whether you EtherChannel are correct and working or not as shown below photo.



You can see the Network Port bonding status on Synology NAS as below picture after you configure EtherChannel on your Switch.



If you want to make sure you configuration are working or not, just shutdown either one port on Cisco Switch or unplug one of the Network Cable on either Synology NAS or Cisco Switch Port.
Your link between Synology NAS and Cisco Switch should not disconnect even one link down if everything is correct. Only the connection between Synology and Cisco Switch will failure if both network connection fail.

Well… I believe you got something on how to aggregate the links between Synology NAS and Cisco Switch.

I use Synology Model RS2414rp+ with Firmware DSM 5.0-4493 and
Cisco WS-C2960G with IOS version 15.0 for this demonstration.

May you all be happy.
(Be knowledgeable, pass it on then)


Enabling Service for New Internal Transport Certificate for Exchange Hub Transport


After you restore your Exchange Hub Transport Server Operating System from Failure or revert back to previous snapshot of your Exchange Hub Transport Server Virtual machine, you will see below error in you server event log.

We can solve this error by doing below way.




- Generate new certificate and assign the service that previously we assigned in old certificate and enable to use.

Kindly take a look for how to generate new certificate at this link (http://en.ictformyanmar.com/2014/10/replacing-expired-internal-transport.html).

Once you generated new certificate, just use Powershell command as show below and enable the service that you need.

Enable-ExchangeCertificate -Services "SMTP" -Thumbprint "New Certificate Thumbprint Here"

You will be ask to overwrite existing default SMTP setting and just "Yes".


Well...we are done.


May you all be happy.
(Be knowledgeable, pass it on then)

Replacing expired internal transport certificate in Microsoft Exchange Hub Transport Server with new certificate

As a busy system administrator, you could overlook as below event logs.

You need to renew the expired internal transport certificate when you see this event logs.


It's easy.

First you need to check the certificate details with Powershell command as below

Get-ExchangeCertificate | fl

Then you know what certificate is expired and what are its service and thumbprint.




Once you knew all details about it, take note/copy thumbprint of it and try to replace with new certificate by using Powershell command as below.

Get-ExchangeCertificate –Thumbprint "Invalid Certificate Thumbprint Here" | New-ExchangeCertificate 

Powershell will prompt you to perform overwrite the existing certificate. Just type "Y" or "Yes" or hit "Enter".



Now you already replaced out of date internal transport certificate.

Next step is to remove the invalid/ out of date certificate.

Use below Powershell command to remove it.

Remove-ExchangeCertificate -ThumbPrint "old-thumbprint-here"



Yes. You've done in replacing new certificate with old certificate and removed the invalid certificates from your server.

May you all be happy.
(Be knowledgeable, pass it on then)

Solving from RDP stopped working after disabling TLS1.0

You will not able to login to your Server with RDP and encounter "Connection Timeout or Socket Timeout" error message after enabled TLS 1.1 or 1.2 from TLS 1.0 to get better security as this link (http://www.ictformyanmar.com/2014/08/enabling-tls-12-on-iis-75-and-256-bit.html).

Here is resolution for that kind of issue.

- Go to Terminal Service Configuration by typing tsconfig.msc in Run Box and change the Security Layer Setting of RDP-Tcp to RDP Security Layer.

(or)

- Double click the RDP-Tcp from Remote Desktop Session Host Configuration and change Security Layer Setting to RDP Security Layer.



You should able to Remote Desktop to your Server then.

IMPORTANT:  You are vulnerable to Man-In-The-Middle attack when using RDP Security Layer because there is no Server Authentication.
If you are running RDP over a VPN connection and there is no risk for interception then this may be okay.

May you all be happy.
(Be knowledgeable, pass it on then)