Monday, October 30, 2017

Change 2040/2042 HPE SAN Ports from FC to iSCSI

As I work with these SANs a lot, one of the first things I have to do is change the ports over from the default FC mode to iSCSI mode so they can be connected to the SAN via 10G fiber connections.

Believe it or not this is very tough to find out the exact syntax in the HPE documentation.

Since it is a simple process, I have outlined it below:

1. Connect to the SAN controller via Putty
2. Run this command:  set host-port-mode [FC | iSCSI | FC-and-iSCSI]

Parameters:

  • FC: Sets all ports to FC
  • iSCSI: Sets all ports to iSCSI
  • FC-and-iSCSI: Sets the first two ports to FC and the second two ports to iSCSI

That's all there is to it.  

Good luck!



Tuesday, April 11, 2017

[SOLVED] Cisco VPN Client on Windows 10 (Including the new build 1709 Fall Creator's Update) - This works!

***Updated 11/28/17 Fall Creator's Update**
***Please see my edits below for notes on build 1709, 01703, 1607, and build 1511.**

Here's how to get it working in 2 easy steps:

1. Download and install the Sonicwall 64-bit VPN client from HERE (as of this writing).

2. Install the Cisco VPN client.  Edit:  If you get an error that it cannot run on this operating system then just extract the .exe file using WinRar or a similar program and run the .msi file.  Problem solved.
3. Perform a quick registry edit: (This step is almost always not optional any longer)
  • Open Regedit
  • Browse to the registry key HKLM\SYSTEM\CurrentControlSet\Services\CVirtA
  • Select the display name to modify:
    • x86 - "@oem8.ifn,%CVirtA_Desc%;Cisco Systems VPN Adapter" to "Cisco Systems VPN Adapter"
    • x64 - "@oem8.ifn,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows" to "Cisco Systems VPN Adapter for 64-bit Windows"
  • Reboot

The first two steps worked for me without the need for registry edit.  I checked and the settings were already spelled correctly on my machine.  Full disclosure my systems are clean Windows 10 installs without being upgrades.

Without installing the Sonicwall client first you will get Error 433 after trying to connect.  Checking the logs shows that it cannot download the key to complete the secure connection.

What happens is that the Sonicwall client adds the DNE Lightweight filter network client on the machine.  I tried getting it directly from Citrix and installing it that way but was unsuccessful.

Using this method you can now get some more use out of the Cisco VPN client.  If you prefer you can uninstall the Sonicwall client afterward.  I've been told by several people that the DNE software remains even after the Sonicwall client is removed.

Build 1709 Fall Creator's Update

WARNING:  You should uninstall the Cisco VPN client prior to running this upgrade so repairing it afterward will make it much easier.  All of the steps above still work on this latest "Fall Creator's Update" upgrade of Windows 10.

Build 1703 Creator's Update EDIT: Updated 04/11/2017

WARNING:  You should uninstall the Cisco VPN client prior to running this upgrade so repairing it afterward will make it much easier.  All of the steps above still work on this latest "Creator's Build" upgrade of Windows 10.

Now for the not-so-fun-details.  I didn't uninstall prior to the upgrade and proceeded to spend the next 30 minutes clearing out registry entries until I finally found the right one to let me reinstall the product using the .MSI file.  After doing that, and making the registry edit, my VPN client is again working properly.

Version 1607 Build 14393.10 EDIT: Updated 08/03/2016

All of the steps above still work on this latest "Anniversary" build of Windows 10.  As with the 1511 build mentioned below, you will have to run a repair on the program or just do a clean install to get it working because Microsoft yet again determined that they would control which program we use.

You can go HERE to download the latest version of the media downloader and get version 1607.

And not to be left out HERE is a link to all of the new features in 1607 for IT pros.

As I update my Windows 10 machines I'll post updates if there are any issues or errors I run across with this build.  As I always say.... good luck.

BUILD 1511 EDIT: Updated 1/20/2016

I'm getting a lot of feedback about networking being broken after 1511.  I would highly advise you remove the Cisco VPN client and Sonic Global client software prior to installing build 1511.

I have now upgraded three different systems to 1511.  By removing both the Sonicwall and Cisco VPN software first, I had zero issues with it working properly afterward.

However, if the upgrade went through already, here's what you can do to help mitigate these issues.  There's no guarantee this is going to work but I have had two instances where the Cisco VPN software was removed by the 1511 upgrade and I was able to get it working by following the next steps below:

First just reinstall the VPN client using the .MSI file and not the .EXE file.  This will bypass Windows 10 checking the compatibility as I listed at the top.  Next just make the registry edits again and you'll be good to go.  After the registry edits, I have not had to restart but you can if you feel the need just to be sure.

If this does not work as an extra effort you will need to reset all networking on Windows 10.  Luckily this is pretty easy to do.

- Open an administrator command prompt
- Run "netcfg -d"
- Reboot and reconfigure your networking as needed.

Here's a sample of the output you will see:

Microsoft Windows [Version 10.0.10586]
(c) 2016 Microsoft Corporation.  All rights reserved.

C:\WINDOWS\system32\netcfg -d
SetupDiCallClassInstaller Erorr: 0x6
SetupDiCallClassInstaller Erorr: 0x6
SetupDiCallClassInstaller Erorr: 0x6
SetupDiCallClassInstaller Erorr: 0x6
SetupDiCallClassInstaller Erorr: 0x6
SetupDiCallClassInstaller Erorr: 0x6
SetupDiCallClassInstaller Erorr: 0x6
SetupDiCallClassInstaller Erorr: 0x6
NetSetup object deleted successfully on MUX
Successfully commited changes to the registry
Successfully commited changes to the registry
We are going to reboot now to complete the clean up. Save all of your work.

Press any key to continue…

I hope this helps out with the additional headaches caused by 1511.  As always if I find any more useful information with future updates to Windows 10 that affect this software, I'll be sure to update the post.

Good luck!





Friday, March 10, 2017

[SOLVED] How to Resolve Error 8614

I ran into this issue with two Domain Controllers that would not replicate.  DC2 was getting this error: "The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime"

Below are the steps I went through in order to remedy this situation and worked like a charm.

1. Verify which Domain Controller raised the 8614 error by using:

> repadmin /showrepl
or
> repadmin /showreps

* Run this command line in any DC not DC-A.

* In addition, open Event Viewer, in Applications and Services LogsDirectory Service, you will see an error with event ID 2042




According to Mirosoft knowledge base, it's maybe because the domain controller contains what so called lingering objects: http://support.microsoft.com/kb/2020053. This is the most possible reason for the error, because everything else are OK (time, default tombstone lifetime).


2. So, I have to remove those lingering objects from all DCs:

> repadmin /removelingeringobjects DC-A.MYDOMAIN.COM 5b0b944e-de7b-4f96-942b-1e040169db36 "CN=Configuration,DC=MYDOMAIN,DC=COM"

+ DC-A.MYDOMAIN.COM : FQDN of DC-A

+ 5b0b944e-de7b-4f96-942b-1e040169db36 : the GUID of DC-A. You can get it from the command repadmin /showrepl DC-A.

+ "CN=Configuration,DC=MYDOMAIN,DC=COM": NC in which DC-A raise the error (from the output of the command repadmin /showrepl)

* Repeat in all other DCs in forest.


3. Evaluate setting strict replication on all DCs in forest:

> repadmin /regkey * +strict


4. Set "Allow replication with divergent and corrupt partner = 1" on all DCs:

> repadmin /regkey * +allowDivergent


5. Flush DNS Cache and restart netlogon service in DC-A:

> ipconfig /flushdns

> net stop netlogon

+ rename netlogon.dns and netlogon.dnb file which locate in C:\Windows\System32\

> ipconfig /flushdns

+ > net start netlogon (this command will re-create netlogon.dns and netlogon.dnb files)

> ipconfig /registerdns


6. Check the replication of all DCs again using repadmin and Event Viewer

> repadmin /showrepl


7. Delete "Allow replication with divergent and corrupt partner" or set "Allow replication with divergent and corrupt partner = 0" in the registry of all DCs.

> repadmin /regkey * -allowDivergent


8. Check the replication of all DCs again using repadmin and Event Viewer


If you performed everything correctly, the Domain Controllers will now replicate successfully.

Tuesday, March 07, 2017

How to install a HPE CPxxxxxx.scexe firmware update on your ESXi Host

Follow the steps below to make it happen:
(The most common reason for failure is caused by the missing executable permission)
  • Enable SSH on your ESXi host (configuration tab, Security Profile, Properties)
  • Copy the CPxxxxxx.scexe file to /tmp on your ESXi Host using eg. WinSCP
  • Logon as root at your ESXi host and change to /tmp
  • Check with “ls” if your CP file is there
  • Change file permission to executable: “chmod +x CPxxxxxx.scexe”
  • Run the file: “./CPxxxxxx.scexe”
After you have completed these steps, reboot the host and you are done.


Good luck!