Other

Changing The MTU On An AudioCodes E-SBC Device

Leave a Comment

I recently had a requirement to change the MTU on an AudioCodes E-SBC to match that of an upstream routing device. The MTU change cannot be made via the GUI and must be performed via the CLI, if you don’t have access to supporting documentation this can be quite difficult to locate.

1. Using Putty or a similar application connect to your device using Telnet as the connectivity method.

2. When prompted for authentication enter the devices user name and password.

3. Once authenticated type the word “enable” and when prompted enter the enable password, if you do not know this or it doesn’t match the password you utilised to initially authenticate, try the devices default password.

4. Once in enable mode enter the following commands, each on a new line, in order to change the MTU. Note the MTU listed is an example and should be adjusted to match that of the upstream routing equipment. The listed interface in this example is the one that is connected to the routing device, to identify what interface name you need to use run “show running-config” and review the output until you see the interface name that matches the assigned IP address to the WAN interface for example.

configure data
interface gigabitethernet 0/0
mtu 1400

That’s it all done, don’t forget to burn the change to flash once complete.

Veeam SureBackup – Virtual Lab Creation Failure

Leave a Comment

I was recently in the process of configuring a virtual lab for Veeam Backup & Replication 6.1 Patch 1 to find that should you select not to create a virtual machine folder or resource pool at the Host configuration stage, the lab creation will fail. A valid question would be why would you not want to create the folder or resource pool, however in my case this was a small deployment and the customer only had VMware Essentials Plus licensing which does not offer resource pools as a feature. The error being experienced was the following:

Registering proxy appliance Error: The object has already been deleted or has not been completely created

Failed to register VM, configFile ‘[Datastore Name]  Virtual Lab Name/drv_va.vmx’, name ‘Virtual Lab Name’, isTemplate ‘False’, poolRef ‘resgroup-8’, hostRef ‘host-9’, folderRef ‘ha-folder-vm’

In order to resolve this error, ensure that the creation of the virtual machine folder and resource pool is enabled in the virtual lab configuration. As a result, I have now logged this issue with Veeam as a product bug.

That’s it!

Update: Veeam have now confirmed this is a bug in version 6.1 Patch 1.

URL: http://forums.veeam.com/viewtopic.php?f=24&t=13501

Veeam Backup & Replication – Exchange 2010 DAG Issue

Leave a Comment

I recently experienced an issue with a Microsoft Exchange 2010 Database Availability Group (DAG) failing over during a Veeam Backup & Replication job. The issue was occurring due to the snapshot committal process in VMware, which causes a brief pause in virtual machine I/O. This pause was causing the DAG member to lose sight of the file share witness, which in this case was housed on the customer CAS server, and subsequently fail over.

The resolution to this issue was to increase the CrossSubnetThreshold and CrossSubnetDelay of the cluster. The CrossSubnetThreshold specifies how many heartbeats can be skipped before the cluster fails over and the CrossSubnetDelay specifies the heartbeat interval. The threshold you set for both of these properties can depend on many factors, for example the speed of your underlying storage array or the size of the virtual machine that be being snapshot. In my case I needed to set both values to their maximum. This can be performed by carrying out the following:

1. Navigate to Start -> Administrative Tools and launch Windows PowerShell Modules

2. When the Powershell Window opens please enter the following command:
 
$cluster = Get-Cluster; $cluster.CrossSubnetThreshold = 10; $cluster.CrossSubnetDelay = 4000
 
3. Once the command has completed please run the following and ensure that the CrossSubnetDelay and CrossSubnetThreshold are set to 4000 and 10.
 
Get-Cluster | fl *

4. Re-run your Veeam backup job and see if the cluster fails over. If the backup completes correctly you can they reduce the CrossSubnetDelay and CrossSubnetThreshold to find the optimum values.

That’s it, your done.

Windows Server 2008 R2 – RRAS Duplicate DNS Entries

Leave a Comment

I recently installed the Routing & Remote Access service on a Windows Server 2008 R2 domain controller. While this is not a recommended approach, it was unfortunately the only server available to host the role. Shortly after installing the role and binding it to the DHCP service, I noticed that when pinging the domain controller it was returning an IP address in the DHCP range. On further inspection it appeared the IP address assigned to the virtual RRAS adapter was registering against DNS and therefore creating two entries for the domain controller. To resolve this issue, the following steps were performed.

1. Navigate to Start -> Administrative Tools and click the DNS option.

2. When the DNS console opens, expand the “Forward Lookup Zones” container and then expand your local domain name.

3. Locate the incorrect host A record for your domain controller and delete it by right clicking the record and selecting delete.

4. In the DNS console, right click the servers name and select properties.

5. In the properties window click the listeners tab and select the “Only the following IP addresses” radio button.

6. In IP addresses list remove the incorrect IP address and then click ok and exit the DNS console.

That’s it, you should no longer experience duplicate DNS entries for your domain controller.

D-Link ShareCenter Pulse – Review

Leave a Comment

I recently picked up D-Link DNS-320 ShareCenter Pulse 2-Bay NAS for some home storage. I have been quite impressed by the device, particularly due to the price, and have written a short review of the ShareCenter below.

1. Price & Quality

The DNS-320, which is the two hard drive bay version of the ShareCenter, cost me £63.99 from a large online retailer. Compared to other small home NAS devices on the market this is very cheap, especially when compared to rival NetGear products. The device itself is very compact and comprised of black ABS plastic with a gloss finish, adding to the light feeling of the product. It feels sturdy enough to survive a drop, but it isn’t as good a build quality as a NetGear ReadyNAS Duo, however the quality of both products are certainly reflected in their respective prices. The ShareCenter also contains a standard eluminted power light and LED indicators for both drive bays.

2. Technical Specification & Setup

The ShareCenter carries a decent amount of features, again when looking at what price range it sits in. Some of the key features that impressed me with the device are the following:

Support for upto 4 Terrabytes – 2 x 2 TB hard disk drives
RAID 0, RAID 1 & JBOD Support
Gigabit Ethernet Connectivity
HTTPS Web Management
Email/SMS Notifications
Group Based File & Share Permissions
DLNA Certified
D-Link Green Power Efficiency

The setup of the device was extremely easy, after unboxing the product adding the hard disks drives took seconds. The top of the ShareCenter slides off exposing the two SATA data and power connectors for the hard disk drives. To install the disks, it was a simple case of plugging them directly into the SATA connectors and sliding the lid of the ShareCenter back in place. The only remaining parts of the setup after this was to connect both power and Ethernet, and then turn the device on. Once the device was powered on, D-Link provide an easy setup wizard on an bundled CD-ROM that discovers the NAS on your network and guides you through processes such as IP addressing, RAID setup and domain membership, if required.

3. Device Management & Performance

Out of the box my ShareCenter was running the base firmware version of 1.00. The web interface for this version of firmware is admittedly very basic and not aesthetically pleasing. The first thing I did was to download the latest version of firmware (Version 2.00) from the D-Link website and apply it to the device. Firmwaring the device was very simple, just downloading the firmware file and selecting it through the web management interface was all that we needed. After applying the firmware update a major GUI change is applied, amongst many bug fixes and new features. A screenshot of the new management GUI is featured below.

Performance of the NAS, contrary to other reviews for the DNS-320 on the internet, was actually quite good. I have populated my ShareCenter with two Samsung HD204UI Spinpoint F4 2TB Hard Drives which is connected over a 100 megabit network. When transferring a single 40 gigabyte file to the NAS I was getting a solid 10.2 megabytes a second. When transferring 1.8 gigabytes of data to the NAS, which was made up of around six hundred individual files, I received 9.25 megabytes per second.

4. Overall

Overall the D-Link ShareCenter Pulse is a great device for a small amount of money when compared to other 2 bay NAS solutions on the market. It’s high storage capacity, management, power efficiency and DNLA compliance make for a great device if your looking for some cheap networked storage.

For more information on the D-Link ShareCenter, click here.

Remote Desktop Services – Remote Desktop Can’t Find The Computer

3 Comments

I recently encountered an issue where users attempting to connect to a server via the “Remote Desktop” tab in the RD Web Access site were presented with a “Remote Desktop can’t find the computer” error when attempting to connect to a resource, as shown in the below screenshot.

After performing some research it appeared that the DefaultTSGateway property in the RD Web Access IIS site needed to be populated with the external fully qualified domain name of the RD Gateway server. By performing this, the request made for a server via the Remote Desktop tab in the RD Web Access site was then directed through the RD Gateway server. To achieve this, and resolve the issue the following actions were performed.

1. Connect to your RD Web Access server and open the IIS 7 management console.

2. Expand Server Name -> Sites -> Default Web Site -> RDWeb -> Pages -> en-US

3. In the Application Settings pane, click the DefaultTSGateway entry and select edit from the action pane on the right hand side, as shown in the below screenshot.

4. In the edit DefaultTSGateway box that is now presented, in the value section, enter the external fully qualified domain name of your RD Gateway server. For example, rdsgateway.domain.co.uk and click ok.

5. Test resource access from the RD Web Access site to a server via the Remote Desktop tab. You should now be able to connect and authenticate correctly. One thing to note is that you will only be allowed to connect to internal resources that have been specified in your Resource Authorisation Policy (RAP) in the RD Gateway manager.

That’s it, your all done.

Remote Desktop Services – RemoteApp Certificate Issue

2 Comments

I was recently involved in a Remote Desktop Services deployment for three hundred users. After configured Remote Desktop Services and publishing a RemoteApp, which had been digitally signed with a Go Daddy certificate and deployed via an MSI, I was prompted with a “Do you trust the publisher of this RemoteApp program” warning as shown in the below screenshot.

Obviously this was going to be an inconvenience for users, so to resolve this issue I performed the following actions.

1. Create a new Group Policy object via the Group Policy Management Console.

2. Edit the GPO and navigate to the following location, User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client.

3. Within the Remote Desktop Connection Client folder double click the “Specify SHA1 thumbprints of certificates representing trusted .rdp publishers” group policy object and check the enabled radio button.

4. Now open the SSL certificate you are using for RemoteApp signing, click the Details tab and then scroll down the details pane until you see the “Thumbprint” item. Click the thumbprint entry and you should now see a large alphanumeric string, copy this string and paste the contents into the “Comma separated list of SHA1 trusted certificate thumbprints” box in the GPO we were editing in step 3.

5. Now that you have pasted the thumprint string into the GPO, remove all space and capitalise all lower case letters of the string. For example, if your thumprint looks like this, “95 1f 22 02 c3 6e a6 b0 64 0c db 8e b5 4a bb 98 0c bd ed af” once you have pasted it into the GPO, you need to modify it to read like this, “951F2202C36EA6B0640CBD8EB54ABB980CBDEDAF”.

6. Close down the GPO editor and then link the created GPO to a users organisational unit where the RemoteApp users reside. Log a RemoteApp user off and back on again and test the RemoteApp program, you should now hopefully see that the certificate warning is suppressed and the application loads straight away.

That’s it, your all done.

Lync Server 2010 – Audio Test Service Issue

5 Comments

I recently experienced an issue when attempting to check the audio quality from a Lync 2010 client. When clicking the “Check” button under the enterprise voice tab of the client, I was greeted with a “Call has not completed or has ended” error. After some investigation it turned out this had occurred due to the primary SIP domain being renamed after the Lync Server installation had been performed and as a result the Test Call auto attendant still had the old SIP domain appended to it. To resolve this issue the following actions were performed:

1. Log on to your Lync server and open the Lync Server Management Shell. When the Management Shell opens type in the following command without quotations, “Get-CSAudioTestServiceApplication” and press return. You should now be presented with a service output and the key part we are looking for is the following:

OwnerUrn: urn:application:testbot
SipAddress: sip:R[email protected]

In my case, my primary SIP domain was no longer contoso.local, this was not even a secondary SIP domain. This ment that when attempting to perform a test call, the SIP address associated with the test bot could not be reached.

2. Now that you have confirmed the SIP address being used for the test call is incorrect, we can now look at a second section of the Get-CSAudioTestServiceApplication output in order to identify exactly what Active Directory attribute we need to modify. Under the identity section of the output you should see a similar string to the following:

Identity: CN={46577062-9cae-404b-b89c-a3d39511e4cc},CN=Application Contacts,CN=RTC Service,CN=Services,CN=Configuration,DC=contoso,DC=local

The CN={46577062-9cae-404b-b89c-a3d39511e4cc} attribute is the one which holds the SIP information for the test call bot. Now we know what attribute we need to modify, you can perform the following actions:

3. Logon to domain controller. From the Run dialog box type adsiedit.msc and click ok to open the ADSI Editor.

4. Right click ADSI Edit and then choose Connect To, and then select Configuration from the “Select a well known Naming Context list” and click ok.

5. Click on node CN={46577062-9cae-404b-b89c-a3d39511e4cc}, CN=Application Contacts, CN=RTC Service, CN=Service, CN=Configuration, DC=yourdomain, DC=local, and then right click this node and then select properties.

Note: Replace the “CN=46577062-9cae-404b-b89c-a3d39511e4cc” attribute that was identified in the Get-CSAudioTestServiceApplication output with the GUID for your organisation. The GUID’s specified are unquie to my Active Directory domain.

6. Choose the msRTCSIP-PrimaryUserAddress attributes, and change the domain part of value to sip:RtcApplication-0e0e407a-6283-4c93-99fa-c0e252b8af09@yourdomain.co.uk, opposed to your domain.local. Essentially the domain part of the attribute must match what ever your primary SIP domain is.

7. Log on to your Lync 2010 front end server and restart Audio Test Service. Once the service has been restarted, attempt a test call from Lync 2010 client.

That’s it, you should now be able to make test audio calls from Lync clients.

Remote Desktop Services – Windows XP Single Sign On

2 Comments

I recently experienced an issue with getting RemoteApp single sign on working from Windows XP workstations. When launching a published RemoteApp through either an .RDP or MSI file, users were prompted for authentication even though they had already authenticated on login. In order to stop this from occurring, the following actions were performed.

1. Ensure that the Windows XP workstation is running service pack 3 and ensure that the Remote Desktop Connection 7.0 Client is also installed. The Remote Desktop Connection 7.0 client can be obtained from here.

2. Install the Credential Security Support Provider (CredSSP) package. This enables credentials to be passed to target servers. The CredSSP package can be obtained from here.

3. Ensure that at least .NET Framework 3.5 SP1 is also installed on the workstation.

4. Configure a computer level Group Policy on a domain controller to enable delegating default credentials. A detailed explanation of how to configure the group policy object is detailed here.

5. The final step is to apply hotfix KB953760 which address a particular single sign on issue with Windows XP SP3 based workstations. The hotfix can be directly downloaded from here. When the hotfix has been applied reboot the workstation.

That’s it, you should hopefully now no longer be prompted for authentication when opening published RemoteApp’s on Windows XP SP3 workstations.