Time Domain Reflectometer (TDR) for Network Professional

As a network engineer/administrator, you would encounter the cabling problem of patch panel to host, patch panel to switch, switch to switch.

In these scenarios, you can determine whether switch or physical layer (Layer 1 ) issue or not before contacting to cabling contractor.

To do so, you can use below commands.

show interface
show interface counters
show interface counters errors

Moreover, you still can find the cabling issue with another testing method. That is Time Domain Reflectometer.

To test this in cisco switch, use below commands.

test cable tdr interface port number

show cable-diagnostics tdr interface port number

You will know how to use it from below sample pictures.

If you are testing FastEthernet, Pair A and Pair B result must be Normal.
If you are testing GigabitEthernet , all Pair must be Normal.

Other than that result, you need to find out where is the distance that cable becoming fault.

The approximate cable fault distance is shown in result.

Yes, I believe you know the basic of TDR now.

This feature is include not only on Cisco Switch but also you can find in other brand switch like juniper, hp and dell.

If you want to know more about this in details, please go and read from below link.

Have a good time.
(Be knowledgeable, pass it on then)

Deploying Legal Notice Logon Banner in Domain Computers

As of Audit Purpose or Standard Organization Policy, we need to deploy legal notice logon banner message/warning of usage logon message in domain computers.

To do it automatically, we can use logon script/group policy.

Since group policy is easy to mange, I'd like to show you how to do it.

Open group policy management console, go to group policy objects, right click on it and select new to create new GPO as below. (You can create and link directly on the OU that you wish to deploy GPO but I create it separately to show clearly.)

Right click on newly created GPO and select edit to make changes.

Go go Computer Configuration>Windows Settings>Security Settings>Security Options> and find Interactive logon: Message tesxt for users ... . Enable and define the message that you wish to show as logon message.

Find Interactive logon: Message title for users attempting... and Define the message title for your logon message.

After that, link newly created GPO with the OU that you wish to display logon banner.

If you want your GPO immediately, just force update Group Policy via command line or else just wait to refresh the policy automatically by default timer.
Below is the sample logon banner message.
I used the Windows Server 2008 R2 Standard for this demonstration.

Have a good time.
(Be knowledgeable,pass it on then)

Upgrading the Cisco Switch IOS

According to business need, you will need to upgrade the OS of your network device in your infrastructure as a Network Administrator/Engineer.

I’d like to share the experience of upgrading the IOS in Cisco to the beginners and for those who haven’t done this yet.

Before complete the task, you should know and prepare the following.

- You must have correct IOS License for your devices
- You must have backup of current running configuration and IOS.
- You must have Local/Remote TFTP Server/FTP/SFTP Server to keep backup files and new IOS.
- You should prepare pre-configured same model device if you have. So you can replace if your task was something wrong.
- Upgrading task should do in Maintenance Windows. You shouldn’t do it however you have very good hands-on experience for that.
- You should read Tech Notes from Cisco about Bugs for your new IOS before upgrade. Then you can expected what need to be done if something unexpected issue occur.
- Be ensure the role and function of your device.

Let’s start the task if you well-prepared above steps.

In this example, I’ll use Cisco Catalyst 3560 PoE Switch to upgrade the IOS as need SSH to enable on it and current IOS do not support SSH because of it is not loaded cryptoimage IOS. Cryptoimage show include crypto and K9 in the file name.

Let’s begin.

- Check the IOS Version of switch. Take a look the photo and take note on red highlighted area for DRAM and Flash Capacity.

   "show version"

- Now, let’s check flash memory space. You would need to delete old IOS if there   is not enough free space to copy new IOS. Take note on red highlighted area. In this example, free space is enough.

 "show flash"

- Login with cisco id and password at Cisco Software Download webpage.

  Find the correct IOS for your switch model. As shown in picture, please download correct IOS as your need. (Ensure to use correct subscribe license feature, DRAM/Flash specification of yours). Take note IOS File Size and MD5 Hash Value too to re-check once it is loaded in Switch.

- Copy downloaded IOS to TFTP/FTP/SFTP Server. In my example, I used TFTP Server.
- Console in to switch and copy IOS from TFTP Server to flash memory of switch.

   "copy tftp flash"

- Once copy task finished, you need to check md5 has value as below to ensure your IOS file didn’t corrupted between processes.

  "verify /md5 flash: put new ios image file name with file extension here"

- If MD5 hash value is correct, will change booth path of switch from old IOS to new IOS as below.

  "boot system flash: put new ios image file name with file extension here"

- After that, copy running configuration to startup configuration as below.

  "copy running-config startup-config" or "write memory" or "write"

- Reload the switch then. Your switch should working as expected without any issue if your upgrading complete successfully.

- In this post, I didn’t mentioned details about IOS Licensing, Clearing Flash Memory space, checking booth path from zip file in Flash and setting up the TFTP Server. I’ll write about those if I’ve got time.

If you are willing to know how to choose correct IOS, please read it here. http://www.ictformyanmar.com/2014/03/what-is-different-ip-base-and-ip.html

However this post demonstrate the task with Switch, you could reference for router and firewall IOS upgrading task too.
But depends on the role of device, steps can be a bit different and complex because of you will need some requirement and pre-arrangement.

I’ll write more details about router and firewall if I’ve got a chance.

Have a good time.

(Be knowledgeable, pass it on then)

Solving "WSUS administration console was unable to connect to the WSUS Server via the remote API" error

Today, I've got below when I try to connect my WSUS Server via WSUS Console.

Below logs are display in Event Logs too.

The WSUS administration console was unable to connect to the WSUS Server via the remote API. 

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.
The WSUS administration console was unable to connect to the WSUS Server via the remote API.
Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.
System.Net.Sockets.SocketException -- No connection could be made because the target machine actively refused it
Stack Trace:
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
** this exception was nested inside of the following exception **

System.Net.WebException -- Unable to connect to the remote server
Stack Trace:
   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
   at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateServer(PersistedServerSettings settings)
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServerAndPopulateNode(Boolean connectingServerToConsole)
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.OnExpandFromLoad(SyncStatus status)

Time to investigate for why?

As mentioned in Log, I restarted Update Services service, IIS and SQL Service. Then try to connect again and still the same error pop out.

Second, I try to test the port 80 of WSUS Server whether open or not from other Serverby using  Telnet WSUS Server Name/IP 80 .
Port 80 is not opened. Then pretty sure Default Web Site Service of WSUS has been stopped for some reason.

Just go to IIS Manager and Start the Default Web Site. After that try again connect the WSUS Console and it's working then.

Actually, the error is come out because of me. Last day, I was tested WhatsUp Gold Network Monitoring Application by installing and that use IIS and SQL. I uninstall it after tested and didn't check WSUS that time.

The root cause is uninstalling WhatsUp Gold without checking properly.

So if you are having such kind of error, do not forget to check above steps what I did to bring up WSUS again. :P

My Server is Windows Server 2008 R2 SP2 and WSUS is 3.0 SP2.

May you all be happy.
(Be knowledgeable, pass it on then)

Putty Command Line Error - unknown option "-wt" in GNS3

You will receive "Putty Command Line Error" as below if your are using GNS3 and later version.

To overcome this error, just go and download Putty.exe that provide from below link.

After that , overwrite the Putty.exe in your pre-installed Putty.exe

Download Putty for GNS3

Once download and overwrite the Putty.exe, you may try to console Router/Switch/Firewall in GNS3.

If you want to know about for that, read details at http://forum.gns3.net/topic5016.html

May you all be happy.
(Be knowledgeable, pass it on then)

Finding Server Model and Serial Number in Linux remotely

Sometime you might need Server Model Name and Serial Number for Documentation, Audit or Warranty Lookup Purpose.

It's easy for Windows server to extract.

But for Linux, I believe, it will be a bit busy if you are not in touch with Linux.

I just want to share on how to for those who not in touch with Linux.

Login to Linux Server that you need to extract information for Server Model and Serial Number.

Key in below command as "root".

"dmidecode -t 1"

You might need to install dmidecode package if you Linux is not pre-installed or lower version.

To install that, just key in below command first.

"sudo yum install dmidecode"

Below sample result are tried in Red Hat and Debian for your reference in command usage and output.

May you all be happy.
(Be knowledgeable, pass it on then)