morpah - Summary:
There are reports of Broadband issues at Daisy Wholesale with packet loss affecting some users as of today at 10am~ BST. No further information at this time.
#outage Level 3 cable cuts in Europe (between UK/IE)
Summary:
There are reports of a Level3 submarine cable cut on an underwater cable between United Kingdom and Ireland. There’s also information of a pre-existing fibre failure on the secondary cable thereby impacting both protected and unprotected services according to sources.
Impacted For: 15 hours 48 minutes
“special midwifery service”
“Special midwifery service, Pat is on his way” “what’s it going to be today”
Change MSSQL database owner / schema
Looking to change the schema/owner on a stored procedure that you’ve restored from a different MSSQL database server. The following took me a while to work out based on all the different options. sp_changedbowner did not work for me, I had to change the schema rather than the actual owner.
ALTER SCHEMA [new schema name] TRANSFER [old schema].[stored procedure/object]
example:
ALTER SCHEMA dbo TRANSFER databdev.sp_ASPBannner_DBinfo
This was annoying to find especially as I was initially getting ‘Cannot find the object ‘sp_ASPBannner_DBinfo’, because it does not exist or you do not have permission’ and similar errors.
Jay Greig
Port ASIC on Cisco’s
Need to see what ports are on a particular ASIC in a cisco?
For most IOS switches:
show platform pm if-numbers
The ‘port’ column contains the ASIC number as the first number before the forward slash.
For 6500 switches:
sh int ge13/1 cap | i ASIC
This will display what ASIC the port is on.
DCOM Config Security options greyed out
If you come across a similar issue to myself with Windows 2008 within Component Services that all of the security options in the majority of the DCOM Config entries are greyed out and you cannot change them you may need to do the following on the particular CLSID entry in regedit
1. Open regedit to 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\
{61738644-F196-11D0-9953-00C04FD919C1}' <- this is the CLSID of the app you wish to
amend
2. Right click the {61738644-F196-11D0-9953-00C04FD919C1} key and select
permission.
3. Next click Advanced and change the ownership from Trusted Installed to the
administrator account that you're using.
4. Re-open the component services/dcom config screen and you should now be
able to amend security on the CLSID.
The particular error I had was the following:
The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}
and APPID
{61738644-F196-11D0-9953-00C04FD919C1}
to the user DOMAIN\sharepointwa SID (S-1-5-21-3696552686-295401563-3087639421-4121)
from address LocalHost (Using LRPC) running in the application container Unavailable
SID (Unavailable). This security permission can be modified using the
Component Services administrative tool.
This actually turned out to be the IIS WAM Admin Component
Configuring Netflow on 6500 and 7600 series
6500 and 7600 series devices are designed and utilised to handle a large amount of packet data. Netflow sampling on a busy core or edge router in any setup can place a huge unwanted load on supervisor CPU’s. The below netflow configuration allows the ability to create an accurate measurement based on a single packet from a flow. So, from 1 single packet the remainder of a flow can be analysed and recorded.
Firstly enable netflow export as you would normally:
core2(config)#ip flow-export source (Source Interface) core2(config)#ip flow-export version 5
Flush netflow sampling data to the exported destination every 1 minutes
core2(config)#ip flow-cache timeout active 1
Next you should then enable flows and mls netflow sampling on all interfaces you wish to record data from
core2(config)#interface fa0/1 core2(config-if)#ip flow ingress core2(config-if)#mls netflow sampling
Finally, you should enable ‘mls’ as the above configuration is for the MSFC only:
core2(config)#mls netflow This enables the sending of mls netflow data core2(config)#mls nde sender version 5 This will ensure more accurate statistics by setting a longer age time before a flow is ended core2(config)#mls aging long 64 core2(config)#mls aging normal 32
The below will ensure that all necessary data regarding a flow is exported, i.e. source, destination, vlan etc. This will also configure sampling as previously mentioned in this article reducing CPU utilisation on your edge and core devices.
core2(config)#mls flow ip interface-full core2(config)#mls nde interface core2(config)#mls sampling packet-based 1024
Jay greig
Cisco IOS Disabling IPv6 Stateless Autoconfig
Ok, this one actually took me a little while to find. In a setup I had been working on recently a switch had a number of IPv6 /48′s added to an SVI. The problem with this was that each /48 was for a specific customer but unfortunately the Cisco’s were automatically advertising these prefixes for servers to auto configure essentially but inadvertently stealing other customers addresses.
Running the following will show you the current status of the SVI and stateless autoconfig:
switch(config-if)#do sh ipv6 int vlan 105
Vlan105 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::217:59FF:FFFF:FFFF
No Virtual link-local address(es):
Global unicast address(es):
FFFF:FFFF:FFFF:1::1, subnet is FFFF:FFFF:FFFF:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF2A:14DA
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Input features: Access List
Output features: Check hwidb
Inbound access list HOST_PACL
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
Hosts use stateless autoconfig for addresses.
From the above you can see ‘stateless autoconfig’ is enabled. By running the below you can set the flags for RA (Router Advertisements) to disable stateless autoconfiguration.
switch(config-if)#int vlan 105 switch(config-if)#ipv6 nd prefix default no-autoconfig switch(config-if)#ipv6 nd other-config-flag switch(config-if)#ipv6 nd managed-config-flag
switch(config-if)#do sh ipv6 int vlan 105
Vlan105 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::217:59FF:FFFF:FFFF
No Virtual link-local address(es):
Global unicast address(es):
FFFF:FFFF:FFFF:1::1, subnet is FFFF:FFFF:FFFF:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF2A:14DA
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Input features: Access List
Output features: Check hwidb
Inbound access list HOST_PACL
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
Hosts use DHCP to obtain routable addresses.
Hosts use DHCP to obtain other configuration.
Hope this helps people:)
Jay Greig
Enabling Netflow and NDE on Cisco 7600 series router
I recently updated a 7200 series router to a 7600 series – quite a big change. The config used was exactly the same and I couldn’t for the life of me work out why netflow was showing such a small amount of traffic. In short it turns out you need to enable something called NDE (Netflow Data Export). Without this enabled the router will only export flows for the MSFC which is mainly management traffic.
All you need to add is the following line in addition to the normal flow export lines:
mls nde sender version 5
The following guide was quite useful for this: http://www.cisco.com/en/US/docs/routers/7600/ios/15S/configuration/guide/nde.html
So if you’re using an RSP720 or similar and find that you’re not seeing as much traffic as you should be when enabling netflow then this is likely why.
Hope this helps someone.
Jay Greig
IIS Rewrite Redirect Non HTTPS to HTTPS
A quick and simple method for forcing people to use HTTPS on a site. The code uses Microsofts IIS Rewrite which is an additional feature in IIS 7 and IIS 7.5. You can easily place the following code into the applications web.config and adjust accordingly, it maintains the subfolder/path string and won’t strip it out.
<configuration>
<system.webServer>
<httpErrors errorMode="DetailedLocalOnly" defaultPath="./error/404.html" defaultResponseMode="ExecuteURL">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="./error/404.html" responseMode="ExecuteURL" />
</httpErrors>
<rewrite>
<rules>
<rule name=”HTTP to HTTPS redirect” stopProcessing=”true”>
<match url=”(.*)” />
<conditions>
<add input=”{HTTPS}” pattern=”off” />
</conditions>
<action type=”Redirect” url=”https://{HTTP_HOST}{REQUEST_URI}” redirectType=”Found” />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
There’s a few examples out there that don’t seem to work to great, but the above is tested and works just file.
Hope this helps people!
Jay Greig
