Archive for month: May, 2013

You are here: / / / May

How to add a SSL certificate to a SonicWALL SSL-VPN

SSL: Create system backup first… !

SSL Solution:SSL

  1. Open up the SSL-VPN web management interface.
    1. Under SYSTEM, click CERTIFICATES (here you can generate a CSR and import certifictes).
  2. On the Generate Certificate Signing Request (CSR) page, enter the details about your organization’s legal business name and location. Then enter the other following information:
    1. For Name: Enter an alias (aka friendly name).
    2. For Domain Name (FQDN): enter the name you are securing (what is typed in the web browser)
    3. For Key Length (bits): choose at least 2048
    4. For City enter SAINT LOUIS — not St. Louis
    5. For State type out Missouri — not MO
    6. Enter a password
    7. click Submit…
  3. Then if prompted if you want to save or open the file csr.zip choose to save the file, then from the ZIP file extract the two files (server.csr and server.key). Rename server.csr to server.txt. Save the server.key file for later use.
  4. Order your SSL Certificate, and copy the contents of server.txt when prompted for your server’s CSR. I am using GoDaddy as the example. When it’s ready, download the certificate in the Apache format. You will receive two files, one with your cert and the other contains the Intermediate certificates.
  5. You’ll have to combine the two certs into one file. Open the Intermediate cert file in Notepad, and copy all text. Open your server cert file and paste in the copied text BENEATH what’s already there. Save it and make sure it’s named server.crt. Next, combine server.crt with the server.key file from step 3 into a flat ZIP file (flat meaning no subfolders), and then Import the zip file into the SSL-VPN in the location from step 1, and enter in the password you created in step 2. The device will restart (20 seconds) and then click the Default Certificte button to make it active. Test. Done.

Good Luck

Come by our IT Support Site, our SonicWall Page and our VPN Page to find out other ways we can help you!

/by

SOLVED: DCPromo Config Wizard Site List

When running dcpromo on Windows Server 2012 in a new site in an existing domain, the Site Name dropdown is empty.  When any page in the wizard is incomplete, you cannot continue.  This post found a resolution.

When you run dcpromo, you begin to see the “Active Directory Domain Services Configuration Wizard.  This wizard automatically detects your domain and suggests the appropriate domain selections.  This includes asking you which site should contain this new domain controller.  In prior versions of dcpromo, you set the site after installing the domain controller using AD Sites and Services.

In our case, we noticed that the sites were listed correctly, but we wanted to create a new site so we could select it in this dropdown.  We exited dcpromo, went to an existing domain controller, ran AD Sites and Services, and created the new site.

Next we returned to dcpromo on our target server and found that our new site wasn’t in the wizard.  We figured this was a replication issue and went to lunch.  When we came back, the site name still wouldn’t appear in the wizard, so we restarted the target server.

Now when we ran dcpromo, the site list was completely blank.  dcpromo clearly saw our domain by the other detections, but would no longer list the sites.  So, we changes DNS servers on the target server to use alternate DCs, but no change.

After seeing that Google had nothing to offer but hundreds of “How to run dcpromo” blogs, we started clicking around in dcpromo to see if we could make something work.  We tried selecting the domain, even though the detections showed our proper domain.  The domain selector showed some hexadecimal string that we presume was the hex value representation of our domain “mycompany.local”.  We selected this just to see if it fixed anything and found that it actually selected the hex value, not the domain string – and the wizard would not continue.

We then typed in our actual domain name in the domain textbox and clicked Next.

Now the Site Name selection list had our Sites listed correctly.

EDIT:  We realized after the fact that the corresponding site subnet entry has the wrong subnet mask.  We don’t know if this was the cause of the problem or just coincident.

See our Active Directory page for more information!

/1 Comment/by

Virtual Machine Fails to Respond to Network Traffic

The following issue pertains to an environment running a Windows 2012 Server Failover Cluster. This cluster had 3 nodes, each node running 4 VMs, running stably for months.

Suddenly one afternoon the virtual machines on one of the nodes failed to respond to network traffic. Looking at the VMs in the Failover Cluster Manager, they showed a status of “Running – locked”. Then VMs on that node began shutting down. They did not fail over to another node. The Clustered Shared Volume could not be browsed in Windows Explorer from the affected node. The iSCSI connector showed that the server’s connection to the SAN was up, however.

The Failover Cluster Manager showed the following critical errors: “Cluster Shared Volume ‘Volume1’ (‘name’) is no longer available on this node because of ‘STATUS_IO_TIMEOUT(c00000b5)’. All I/O will temporarily be queued until a path to the volume is reestablished.”

Earlier that afternoon, I had created a new virtual machine on that node. After creating it, I decided to back up the new VM using Microsoft DPM 2012. While I was doing so, that’s when the failure occurred. I discovered after a few minutes of research that it was this action—backing up a clustered virtual machine—that caused the problem. I stopped the DPM backup (which was hung anyway), deleted the job, and restarted the affected Cluster Node server. The VMs ran normally after that.

According to Microsoft, here are the conditions:

Consider the following scenario:

  • You enable the Cluster Shared Volumes (CSV) feature on a Windows Server 2012-based failover cluster.
  • Create a virtual machine on a CSV volume on a cluster node.
  • Start the virtual machine.
  • Try to create a backup of the virtual machine on the CSV volume by using Microsoft System Center Data Protection Manager (DPM).

In this scenario, one of the following issues occurs:

  • The backup is created, and the virtual machine enters a paused state.
  • The CSV volume goes offline. Therefore, the virtual machine goes offline, and the backup is not created.

Errors: Software snapshot creation on Cluster Shared Volume(s) (‘volume location’) with snapshot set id ‘snapshot id’ failed with error ‘HrError(0x80042308)(2147754760)’. Please check the state of the CSV resources and the system events of the resource owner nodes.

Log Name: System
Source: Microsoft-Windows-FailoverClustering
Date: Date and time
Event ID: 5120
Task Category: Cluster Shared Volume
Level: Error
Keywords:
User: SYSTEM
Computer: Computer name

Description: Cluster Shared Volume ‘Volume1’ (‘name’) is no longer available on this node because of ‘STATUS_IO_TIMEOUT(c00000b5)’. All I/O will temporarily be queued until a path to the volume is reestablished.

Cause: The virtual machine enters a paused state because the Ntfs.sys driver incorrectly reports the available space on the CSV volume when the backup software tries to create a snapshot of the CSV volume. Additionally, the CSV volume goes offline because it does not resume from a paused state after an I/O delay issue or error occurs.

Resolution: install the hotfix described here Please read through the hotfix information carefully, and consult Microsoft Support if you have any issues or questions

For other IT Support and IT Service issues take a look at our IT Support Page.

/by
Meet our Team Get a Quote Read Reviews

CONTACT US

  • Call: 314-343-1800
  • Contact

    Use red “Contact Us” button (right)

  • Chat

    Use red “We are online” button (bottom)

BUSINESS HOURS

Monday – Friday: 8am – 5pm
Saturday – Sunday: Closed
24 Hour Support Service Available

Customers Receiving Support:

Disclaimer: Acumen Consulting is an independent service provider of technical service for business networks. We have reseller partner agreements with all of the companies and brands for which we are offering service on acumenitsupport.com. All partner trademarks, registers trademarks, company names, product names, and brand names, are the property of their respective owners. We provide ONLY reseller services for the products listed.

Call Now