Thursday, July 23, 2009

Network Connect Logs

There are a few logs that need to be collected to further troubleshoot Network Connect issues. The following logs will be needed:

- User Access log.
- Network Connect client side logs
- Screenshot of the route table from the client machine before and after the Network Connect session gets established
- Screenshot of the IP configuration settings on the client machine before and after the Network Connect session gets established

If the Network Connect session never gets established, then the screenshots of the route table and the IP configuration settings will not be necessary).

For Windows Platforms:
Browse to C:\Documents and Settings\User Profile\Application Data\Juniper Networks\Network Connect X.X.X (where X.X.X is the version of Network Connect that is used, eg. 5.3.0).

In this folder, there are some text files, these are the logs that need to be collected. The files are labeled:
- NetworkConnect.log
- NCService.log
- NCService.log (May be located under C:\Program Files\Juniper Networks\Common Files\NCService.log)
- nclauncher.log (Present in 6.0 and above)

In addition to the files above there are two files under C:\Documents and Settings\User profile\Application Data\Juniper Networks\Setup that need to be gathered.
- JuniperSetupCtrl.log
- JuniperSetupDLL.log

Note: The following logs may also be present in the above two folders and should be gathered if found:
- C:\Documents and Settings\username\Application Data\Juniper Networks\Network Connect\NCDiag.log
- C:\Documents and Settings\username\Application Data\Juniper Networks\Network Connect\NcGINA.log
- C:\Documents and Settings\username\Application Data\Juniper Networks\Setup\NeoterisSetupCtrl.log
- C:\Documents and Settings\username\Application Data\Juniper Networks\Setup\NeoterisSetup.log

If the client side logging for Network Connect is not enabled, navigate to Start > All Programs > Juniper Networks > Network Connect X.X.X > NC Troubleshooting (where x.x.x is the version of Network Connect that is used) to open the troubleshooting window:

To collect the logs, click on the "Logs" tab, select the "Detailed Info" option and then click "Explore Log Files"
This will bring up a window with all the Network Connect logs in it. Get a copy of all the log files in that folder.

To gather the User Access log:
- Log into the IVE Admin Console. Browse to Logs/Monitoring > User access log.
- Ensure View by Filter is set to Standard:Standard and click Save Log As

To collect a screenshot of the route table and IP Config
- Before user established connection with Network connect, get route print and ipconfig /all info and Print Screen the output
- Repeat the process once the Network Connect session has been established

For Macintosh Platforms:
- Open up the "Finder" window click on 'Home' icon
- Navigate to Library > Logs > Juniper Networks > Network Connect. Get a copy of all the log files in that folder.

To collect a screenshot of the route table and IP Config
- Open Terminal and type netstat -rn and ifconfig.
- Take screenshot by pressing keys: command/apple + shift + 3
- Repeat the process once the Network Connect session has been established

For Linux Platforms:
- Navigate to: /.juniper_networks/network_connect. The necessary log files are located there.
- Open Terminal and type netstat -rn > filename and ifconfig > filename
- Repeat the process once the Network Connect session has been established


Posted by furynax at 11:23 AM 0 comments
Labels: , , , ,

Network connect : Client System Checklist for Connectivity Access

When users are unable to access resources through the IVE (Instant Virtual Extranet), it is possible that there is a client-side firewall software, Anti-Malware, Anti-Spyware, or Anti-Virus that is preventing the access.

Begin by checking the settings on the client application software to verify that the IVE feature used is allowed access.

For Network Connect to communicate, the following ports must be open:

- UDP port 4242 on loopback address
- TCP port 443
- If using ESP mode, the UDP port configured on the SSL VPN ( default is UDP 4500)

If firewall filters are based on Application Name, use the following table to determine the process to permit:

- Host Checker/Secure Virtual Workspace (SVW) : dsHostChecker.exe
- Cache Cleaner : dsCacheCleaner.exe
- Windows Secure Application Manager (WSAM) : dsSamProxy.exe
- Network Connect (NC): dsNCService.exe / dsNetworkConnect.exe
- Windows Terminal Services (WTS): dsTermServ.exe
- Citrix Terminal Services : dsCitricProxy.exe
- Secure Meeting : dsCBoxUI.exe
- Juniper Installer Service : dsAccessService.exe
Posted by furynax at 10:25 AM 0 comments
Labels: , ,

Juniper SA6000 - Enabling ActiveX, Sun Java, or Microsoft Java on Client System to work with IVE

User must be on a supported platform (both operating system and browser) to access the IVE (Instant Virtual Extranet ), or SSL VPN, or any of its features. If the user does not have a compatible OS or browser, they could experience connectivity issues

ActiveX
- verify that you have ActiveX enabled, check settings within Internet Explorer by selecting Internet Explorer's Tools menu and then on Options
- Next, click on the Security tab and then on the Custom Level button
- Make sure the following options are checked:

* Download signed ActiveX controls: Prompt
* Download unsigned ActiveX controls: Disable
* Initialize and script ActiveX controls not marked as safe: Disable
* Script ActiveX controls marked as safe: Enable
* Run ActiveX controls and plug-ins: Enable
- Click OK

Sun Java
- verify Sun Java is enabled, check the settings within Internet Explorer. With Internet Explorer opened, select Tools > Internet Options
- Next, click the Advanced Tab and scroll down until you see Java (Sun). Place a checkmark in the box (Use JRE..requires restart)

Microsoft Java
- To verify Microsoft Java is enabled, check the settings within Internet Explorer. With Internet Explorer opened, select Tools > Internet Options.
- Next, click the Advanced Tab and scroll down to Microsoft VM. Place a checkmark in the box (JIT compiler for virtual...(requires restart)
- Click OK or Apply to enable Microsoft Java
Posted by furynax at 10:08 AM 0 comments
Labels: , ,

Port Required for Remote Monitoring using IPStor Console

TCP/11576 : Used for SAN Client and IPStor Console to IPStor Server management communication
TCP/11588 : Used for CCM Console for communication with IPStor Server
TCP/11762 : Used for IPStor Console and IPStor Server to SAN Client management communication
Posted by furynax at 8:41 AM 0 comments
Labels: , ,

Friday, July 10, 2009

Connect Tunnel Fails To Connect

Overview
Connect Tunnel fails to establish a connection to an appliance and displays the following error:

VPN Connection Failed. A connection with the server could not be established.

Resolution
This issue can occur if SSL Version 2.0 alone is enabled in Internet Explorer. Enable both SSL 3.0 and TLS 1.0 support by following these steps:

- Open Internet Explorer
- Click Tools > Internet Options
- Click Advanced > Security
- Under Security select the following checkboxes: Use SSL 3.0 &Use TLS 1.0
- Click OK to save and apply these settings.
Posted by furynax at 2:47 PM 0 comments
Labels: , , ,

Recovering an EX-750 Root Password

This technical note explains how to recover, reset, or restore, the root account password on an SonicWALL / Aventail EX-750 v8.x appliance. It does not apply to the Aventail Management Console (AMC) GUI administrator account passwords.

- Boot the appliance while connected to the serial port.
- Press the "ESC" key. You should see the following displayed:

GRUB loading stage2...

- Press the "ESC" key to enter the menu. NOTE: You must do this quickly.
- You should see a menu similar to the following (varies appliance by appliance):

GRUB version 0.93 (621K lower / 104748K upper memory)
+-------------------------------------------------------------------+
| fsl-purr 2.4.20 (Xda1)
| app 2.4.20_22 (Xda6)
|
|
+-------------------------------------------------------------------+

- One of the above will be highlighted; the highlighted one is your working/production partition. Make a note of it (such as Xda6, Xda7, or Xda8; it should not be Xda1). This will eventually be the root partition you'll edit.
- Using the up/down arrow keys on your keyboard, select:

fsl-purr 2.4.20 (Xda1)

- Press "ENTER" to boot to it.
- You'll see all of the kernel boot information scrolling by and then it may result in a command prompt caused by a failed fsck.
- Press CONTROL-D to continue and you will get to the fsl-purr login prompt.
- Login as root (no password required).
- Previously at the GRUB menu you noted which partition was initially highlighted (it should be Xda6, Xda7, or Xda8). Mount this partition replacing the 'X' with a 'h' (for example Xda6 would be hda6):

mount -t ext3 /dev/hda6 /mnt

- Edit the root password of that partition:
- vi /mnt/etc/shadow
- NOTE: you may also need to set your term type to "VT100" using this command:

export TERM=vt100

- Now replace the following line:

root:x:11753:0:99999:7:::

- With this...
root::11753:0:99999:7:::

- Save the file and then exit by typing this:

:wq

- Unmount the partition (for example for hda6):

umount /dev/hda6

- Reboot:

reboot or shutdown -r now

- Do *not* do anything with GRUB when it reboots. Let it boot automatically. It should boot up on the default partition.
- When the login screen appears, log in as root; no password will be required.
- Immediately change the password using the Linux password change utility. Type and enter:

passwd

- Type the new password. You will be prompted to confirm it. SonicWALL recommends using the password you use for the AMC admin account. If you change the AMC admin account password, the root password will be changed to match.
Posted by furynax at 2:34 PM 0 comments
Labels: , , ,

Thursday, July 09, 2009

Windows Command Tools To Troubleshoot Network Connectivity

arp –a Shows gateway MAC address.
gpresult Starts the Operating System Group Policy Result tool
ipconfig /all Displays the full TCP/IP configuration for all adapters
ipconfig /flushdns Flushes the DNS resolver cache. Helpful when troubleshooting DNS name resolution problems
nbtstat –a [MachineName] Obtains info from WINS or LMHOST (discovers who is logged on)
nbtstst –A [IP] Gets info from WINS or LMHOST (discovers who is logged on)
nbtstat -R Purges and reloads the remote cache name table
nbtstat –n Lists local NetBIOS names.
nbtstat -r Useful for detecting errors when browsing WINS or NetBIOS
netstat -ab The b switch links each used port with its application
netstat -an Shows open ports
netstat -an 1 | find "15868" Locates only lines with the number 15868 and redisplays every one second
netstat -an | find "LISTENING" Shows open ports with LISTENING status
net use Retrieves a list of network connections
net use file://1.2.3.4/ Sees if the machine can poll IP 1.2.3.4
net user Shows user account for the computer
net user /domain Displays user accounts for the domain
net user /domain [UserName] Shows account details for specific user
net group /domain Shows group accounts for the domain
net view Displays domains in the network
net view /domain Specifies computers available in a specific domain
net view /domain:
[DomainName] | more		 Shows user accounts from specific domain
net view /cache Shows workstation names
nslookup Looks up IP/hostnames and displays information helpful in diagnosing DNS issues
ping -a [IP] Resolves IP to Hostname
ping -t [IP] Pings host until stopped
set U Shows which user is logged on
set L Shows the logon server
telnet [IP] [port] Confirms whether the port is open
Posted by furynax at 9:09 PM 0 comments
Labels: ,

Configure Port Mirroring on H3C S5600

Port mirroring is about copy the packets passing through a port (called a mirroring port) to another port (monitoring port) connected with a monitoring device for packet analysis.

Serial Options

Baud rate : 9600
Data bits : 8
Parity : None
Stop bits :
Flow control : only XON/XOFF is enabled

Create a local mirroring group

[switch] sys
[switch] mirroring-group 1 local

Configure ports GigabitEthernet 1/0/1 and 1/0/2 as mirroring ports and port GigabitEthernet 1/0/3 as monitor port in the mirroring group

[switch] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 both
[switch] miroring-group 1 monitor-port GigabitEthernet 1/0/3

Display the config of all mirroring groups

[switch] display mirroring-group all
mirroring-group 1:
type : local
status : active
mirroring port :
GigabitEthernet1/0/1 both
GigabitEthernet1/0/2 both
monitor port : GigabitEthernet1/0/3
Posted by furynax at 8:53 PM 0 comments
Labels: , , ,

Monday, July 06, 2009

Removing Old Websense Database Partitions

Websense Reporting tools
- Go to Websense Reporting Tools (http://localhost/websense)
- Click Database Administration
- Under Available Partitions, disable Database Partitions accordingly (example : wslogdb63_10 & wslogdb63_11)
- Click Update

Microsoft SQL Server
- Login to Microsoft SQL Server Management Studio Express
- Under Object Explorer, Expand Databases (WEBSENSE\WEBSENSE\Databases\wslogdb63)
- Right click wslogdb63_10 & wslogdb63_11 and select Task > Detach

Windows Explorer
- Open windows Explorer and go to Program Files\Microsoft SQL Server and delete wslogdb63_10.mdf and wslogdb63_10_log.ldf
- Restart the server

Verification
- Check on Program Files\Websense\bin\Cache and folder whether there is any update on files caching (logXX.tmp)
- Verify Program Files\Websense\bin\Cache\BCP on bcpXXXX.tmp modified date
Posted by furynax at 10:59 AM 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)