Skip to main content


Showing posts from 2014

Time Domain Reflectometer (TDR) for Network Professional

As a network engineer/administrator, you would encounter the cabling problem of patch panel to host, patch panel to switch, switch to switch. In these scenarios, you can determine whether switch or physical layer (Layer 1 ) issue or not before contacting to cabling contractor. To do so, you can use below commands. show interface show interface counters show interface counters errors Moreover, you still can find the cabling issue with another testing method. That is Time Domain Reflectometer. To test this in cisco switch, use below commands. test cable tdr interface   port number show cable-diagnostics tdr interface   port number You will know how to use it from below sample pictures. If you are testing FastEthernet, Pair A and Pair B result must be Normal. If you are testing GigabitEthernet , all Pair must be Normal. Other than that result, you need to find out where is the distance that cable becoming fault. The approximate cable fault distance is sh

Deploying Legal Notice Logon Banner in Domain Computers

As of Audit Purpose or Standard Organization Policy, we need to deploy legal notice logon banner message/warning of usage logon message in domain computers. To do it automatically, we can use logon script/group policy. Since group policy is easy to mange, I'd like to show you how to do it. Open group policy management console, go to group policy objects, right click on it and select new to create new GPO as below. (You can create and link directly on the OU that you wish to deploy GPO but I create it separately to show clearly.) Right click on newly created GPO and select edit to make changes. Go go Computer Configuration>Windows Settings>Security Settings>Security Options> and find Interactive logon: Message tesxt for users ... . Enable and define the message that you wish to show as logon message. Find Interactive logon: Message title for users attempting... and Define the message title for your logon message. After that, link newly crea

Upgrading the Cisco Switch IOS

According to business need, you will need to upgrade the OS of your network device in your infrastructure as a Network Administrator/Engineer. I’d like to share the experience of upgrading the IOS in Cisco to the beginners and for those who haven’t done this yet. Before complete the task, you should know and prepare the following. - You must have correct IOS License for your devices - You must have backup of current running configuration and IOS. - You must have Local/Remote TFTP Server/FTP/SFTP Server to keep backup files and new IOS. - You should prepare pre-configured same model device if you have. So you can replace if your task was something wrong. - Upgrading task should do in Maintenance Windows. You shouldn’t do it however you have very good hands-on experience for that. - You should read Tech Notes from Cisco about Bugs for your new IOS before upgrade. Then you can expected what need to be done if something unexpected issue occur. - Be ensure the role

Solving "WSUS administration console was unable to connect to the WSUS Server via the remote API" error

Today, I've got below when I try to connect my WSUS Server via WSUS Console. Below logs are display in Event Logs too. The WSUS administration console was unable to connect to the WSUS Server via the remote API.  Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service. The WSUS administration console was unable to connect to the WSUS Server via the remote API. Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service. System.Net.Sockets.SocketException -- No connection could be made because the target machine actively refused it Source System Stack Trace:    at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)    at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, S

Putty Command Line Error - unknown option "-wt" in GNS3

You will receive "Putty Command Line Error" as below if your are using GNS3 and later version. To overcome this error, just go and download Putty.exe that provide from below link. After that , overwrite the Putty.exe in your pre-installed Putty.exe Download Putty for GNS3 Once download and overwrite the Putty.exe, you may try to console Router/Switch/Firewall in GNS3. If you want to know about for that, read details at May you all be happy. (Be knowledgeable, pass it on then)

Finding Server Model and Serial Number in Linux remotely

Sometime you might need Server Model Name and Serial Number for Documentation, Audit or Warranty Lookup Purpose. It's easy for Windows server to extract. But for Linux, I believe, it will be a bit busy if you are not in touch with Linux. I just want to share on how to for those who not in touch with Linux. Login to Linux Server that you need to extract information for Server Model and Serial Number. Key in below command as "root". "dmidecode -t 1" You might need to install dmidecode package if you Linux is not pre-installed or lower version. To install that, just key in below command first. "sudo yum install dmidecode" Below sample result are tried in Red Hat and Debian for your reference in command usage and output. May you all be happy. (Be knowledgeable, pass it on then)

7z Cracker, useful tool

I am very like 7zip Application among many of zip application because of easy to use, support many zip file format and handy. Sometime I need to zip and protected it with password by using 7zip for some important files. One day, I've forgot the password to unlock one of my important files. Then I seek application to unlock it and found out 7z Cracker as the best. It's really useful to crack your password protected files within few seconds even you give complex password. If you would like to try it or need urgently to unlock for your password protected files, you can download it from below link. But you also need to download 7za Application to work your 7z Cracker. Your pre-installed 7z application will not work for this and so download it from below link. You can reference Read Me file  for "How to use"  that include inside the 7z Cracker Appl

How to check the vpn user list and session in Cisco ASA 5520?

You've deployed Cisco ASA Firewall and setup Local AAA Server to create useraccount for IPSec VPN usage. As a network administrator, you've responsibility to check and monitor the list of vpn user and active session for security and audit purpose. You can use ASDM GUI to do such task but its handy to do. So, it is better to user CLI for that. Below are some useful commands to check user list and active vpn user sessions. To check user list, use below commands - show run | grep username - show aaa local user To check active vpn user list and sessions, use below commands - show vpn-sessiondb remote | grep Username (This command result will let you know how many user are active) - show vpn-sessiondb remote filter name username (This filter command will let you know details of vpn session user by inserting active vpn username in "username" ) Yes. That's all. Here I show you with Cisco ASA 5520 and its software version is 8.2 (5). May

Solving "The name of the security certificate is invalid" error

We purchase SSL Certificate to get secure when we use Outlook Web Access with Exchange Server. We use the External Domain URL for OWA when we purchase SSL Certificate. But the issue can come out when your Internal URL and External URL of Exchange Server are different. The issue is user will get security alert pop-up when he/she open outlook client everytime. To get rid of this issue, we need to change the Internal URL of OWA on Server. Let's start. First, run the Exchange Management Powershell as Administrator. "Use Get-ClientAccessServer | FL" command to collect existing configuration for revert back if something goes wrong. Next, use "Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUrl https:// /autodiscover/autodiscover.xml" command and change the URL accordingly. Only High-lighted text are need to aware as yours. After that, go to Exchange IIS Manager and select Application Pool

Singapore ISP broadband service will be get 2Gbps in early 2015

Singapore ISP broadband service will be get 2Gbps in early 2015 Singapore Local Internet Service Provider, ViewQwest, announces its new 2Gbps fiber broadband service to be made commercially available in early-2015, offering the fastest residential internet connection in Singapore. In a statement released Wednesday, the local internet service provider (ISP) said the 2Gbps service will be tested among a group of selected customers until year-end, before it is made commercially available in early-2015. This new service will also be on demo at the Sitex exhibition show to be held from November 27 to 30, the company said. For further details about this service from ViewQwest, please go and reand at ZDNET . Source : May you all be happy. (Be knowledgeable, pass it on then)

Link Aggregating with Synology NAS and Cisco Switch

I’d like to share how to setup Link Aggregating between Synology NAS and Cisco Switch. I’ve got one Synology NAS with 4 Network Ports and I’m going to use 2 of them. Both Network Port to be as one Logical Link, Fault Tolerance and Load Balancing. To do that, I need to configure Link Aggregating on Synology NAS and EtherChannel with LACP on Cisco Switch. Below is brief steps to do to meet with my requirements. - Get connected Synology NAS and Cisco Switch as shown in picture. - Bonding two Network Ports of Synology NAS and assign IP Address - Configure EtherChannel with LACP in Cisco Switch and add two physical ports as Member. OK. Let’s begin from Synology NAS. - Login to the Synology and go to Control Panel>Network>Create>Create Bond - Select IEEE 802.3ad to get Fault Tolerance and Load Balancing Featureyou’re your switch not support 802.3ad you can only select Fault Tolerance only feature). After that click “Next”. - Choose the network port f

Enabling Service for New Internal Transport Certificate for Exchange Hub Transport

After you restore your Exchange Hub Transport Server Operating System from Failure or revert back to previous snapshot of your Exchange Hub Transport Server Virtual machine, you will see below error in you server event log. We can solve this error by doing below way. - Generate new certificate and assign the service that previously we assigned in old certificate and enable to use. Kindly take a look for how to generate new certificate at this link ( . Once you generated new certificate, just use Powershell command as show below and enable the service that you need. Enable-ExchangeCertificate -Services "SMTP" -Thumbprint "New Certificate Thumbprint Here" You will be ask to overwrite existing default SMTP setting and just "Yes". Well...we are done. May you all be happy. (Be knowledgeable, pass it on then)

Replacing expired internal transport certificate in Microsoft Exchange Hub Transport Server with new certificate

As a busy system administrator, you could overlook as below event logs. You need to renew the expired internal transport certificate when you see this event logs. It's easy. First you need to check the certificate details with Powershell command as below Get-ExchangeCertificate | fl Then you know what certificate is expired and what are its service and thumbprint. Once you knew all details about it, take note/copy thumbprint of it and try to replace with new certificate by using Powershell command as below. Get-ExchangeCertificate –Thumbprint "Invalid Certificate Thumbprint Here" | New-ExchangeCertificate  Powershell will prompt you to perform overwrite the existing certificate. Just type "Y" or "Yes" or hit "Enter". Now you already replaced out of date internal transport certificate. Next step is to remove the invalid/ out of date certificate. Use below Powershell command to remove it. Remove-Exchan