On one of my recent Exchange migration projects I ran into
an issue after installing a certificate on a Network Load Balancing device and
it took some Scooby Dooing to get it to install properly, so I thought I’d
share how we resolved it. The issue was
that the NLB device was not installing the Certificate chain in the correct
order and it was causing issues with any device that would not reorder the
chain correctly, mostly Android devices.
The symptom was that any Android devices that had “Accept All SSL
Certificates” unchecked were getting certificate errors. Since my goal during a migration is to have
little to no impact to the end-users, this was a problem for me.
We are a small group of technical people with common interests that want to share and post our thoughts and opinions of our everyday experiences with technologies. A few of us decided that writing our thoughts down will help us to understand the technologies we use a little better.
Monday, October 15, 2012
Wednesday, October 10, 2012
Multiple Subnets on the Outside Interface of a Cisco ASA
Recently I had a customer provide a Cisco 2821 router along with a Cisco ASA 5520 to setup at a DR site. The router was provided in case the ISP provided a small subnet for connecting the router to the ISP's equipment (usually a /29 or /30), and also gave another subnet that would provide the functional IP space for the customer's equipment (something like a /24).
This network in blue has been a reoccurring pattern over the last few years and I want to put forward the simple premise: Use the ASA by itself instead of putting a slow router in front of it. Let me be clear there are perfect reasons to have a router in front, such as if you are running BGP to route the subnet you have, or to have another layer of control. My point here is don't put a slow router in front of a faster firewall and don't start asking your boss to buy an expensive fast router just to add another hop...
This network in blue has been a reoccurring pattern over the last few years and I want to put forward the simple premise: Use the ASA by itself instead of putting a slow router in front of it. Let me be clear there are perfect reasons to have a router in front, such as if you are running BGP to route the subnet you have, or to have another layer of control. My point here is don't put a slow router in front of a faster firewall and don't start asking your boss to buy an expensive fast router just to add another hop...
HP Virtual Connect Password Recovery
Have you ever lost or forgotten the Virtual Connect Administrator credentials? I have been stumped working on equipment where I did not have the information available and I needed to get logged in.
First off I will begin by saying that "Yes" you must have physical access to the enclosure. Below is the easy method of performing the Lost Password Recovery process.
First off I will begin by saying that "Yes" you must have physical access to the enclosure. Below is the easy method of performing the Lost Password Recovery process.
This process will retain the original configuration while changing the Administrator password
- Locate the backside of the chassis that you are needing to perform the password recovery from.
- Remove the Virtual Connect Ethernet module from interconnect bay 1.
HP Onboard Administrator Password Recovery or Reset
Have you ever lost or forgotten the Onboard Administrator credentials? I have had issues working on equipment where I did not have the information handy and I needed to get logged in.
First off I will begin by saying that "Yes" you must have physical access to the enclosure. Below is the easy method of performing the Lost Password Recovery process.
First off I will begin by saying that "Yes" you must have physical access to the enclosure. Below is the easy method of performing the Lost Password Recovery process.
This process will retain the original configuration while changing the Administrator password
- Connect your computer via serial cable to the Active Onboard Administrator
- Use a program such as Putty or HyperTerminal to access the console via the serial connection.
- Press and hold the Reset button on the Active Onboard Administrator for 5 seconds
- Once the Reset has begun you will see the following screen
- Press the L key to start the Password Recovery process.
- Write down the password displayed from the reset.
- Option 2 would be to remove the device from the enclosure and read the factory sticker for the default password but if you are like me you would rather not remove the device.
- Log into the Onboard Administrator to verify the password reset was successful.
- Once logged in I would change the default password before you forget or loose your notes.
- To change the password use the command set password
- Your configuration should now be maintained and your password should be changed.
Saturday, October 6, 2012
Welcome to TechStump!
We
are a small group of technical people with common interests that want to
share and post our thoughts and opinions of our everyday experiences with technologies. A
few of us decided that writing our thoughts down will help us to
understand the technologies we use a little better. We are taking to heart Albert Einstein's quote, "If you can't explain it simply, you don't understand it well enough."
The things we are going to try to accomplish with this blog:
We hope you enjoy the info and look forward to your feedback and comments...
-TechStump
- Blog to help retain and clarify the knowledge that we have acquired during our everyday technical life.
- Document the process of technical stumps that we face and how we solve them.
- Provide useful information in an interesting or humorous manner to the other technical stump grinders.
- Document best practices that work for us and hopefully others.
We hope you enjoy the info and look forward to your feedback and comments...
-TechStump
Subscribe to:
Posts (Atom)