Networking

Fixed: Remove extra ip address from commandline.

Occasionally you may have a need to remove an additional ip address that has been assigned to a network card. For example you might have a card listening on two ip address’s – say 192.168.1.2 and 192.168.1.3
You can remove this from the gui but there may be reasons where the gui is not available but access to the server via psexec (or the Windows 2008R2 core mode) is the only access to the server that you have.
To remove the ip address just type in
netsh interface ipv4 delete address “Local Area Connection” addr=192.168.1.3

Simple as that but it took a while stepping through the netsh commands to get the correct syntax for this. I use netsh for switching my laptop to customer ip ranges for troubleshooting when on their lan or when configuring switches, but this is the first time I’ve had the requirement to remove an extra ip address.

Fixed – unable to connect to vpn with Verizon wireless cards

After about 3 weeks and many calls with Verizon technical support we finally got to the bottom of being unable to connect via a VPN on USB Verizon wireless cards (an older PCMCIA card was still working fine).

It turns out that the IP Code was set to general – which is normally placed on residential air cards to restrict ip traffic. The tech removed this “feature” and we confirmed vpn worked again.

So, if you are having this problem, contact Verizon Technical support and ask them to remove General IP code from the phone. If the Tier1 support person doesn’t know what you are talking about, request they instant message level 3 support who will know what you are talking about.

Good luck and I hope this prevents 3 weeks of VPN failure for other people.

Thanks to Eric for persevering and finally getting an answer

Peer is not authorized to use remote address and Cyberguard firewalls

One of my customers has a cyberguard firewall that was working perfectly when I configured it in the office. However on shipping it to the customer, it was placed behind a horrible Verizon modem that broke most of the configuration parameters I had put in place. Most of them were fixable straight away, but I’ve never been able to get it to vpn back to the head office. I was getting the error message “Peer is not authorized to use remote address” in the log files.
Various responses in google mentioned I had to add noauth to the /etc/ppp file but this file doesn’t exist on the cyberguard unit. However, using the Advanced section and editing the “pptp.connect to office” file, adding “noauth” (without quotes) to the end of the file, the vpn connection worked.
This isn’t documented anywhere in google that I’ve seen so hopefully this will help someone else.

MBSA for Visio

There is a great tool for integrating Microsoft Baseline Security Analyzer (MBSA) into Visio network diagrams but this is almost useless for the consulting side of things. MBSA requires that it is run as a user with credentials on the domain which is not possible to do on a consultants laptop as it is unlikely that it is going to be a member of the customers domain. Therefore MBSA will not scan the machines and the benefit is lost. It would work if the customer had a copy of visio, but this is unlikely for most of my customers.
I don’t have admin rights on the network back in the office so I can’t even try it out on my office network either 🙁
However, if you are not a consultant and have visio, then this tool is well worth checking out as it will give you colour coded status for each server on the network within visio. From first impressions it does look like you need to have your servers in visio as a server object – you can’t use one of your own objects like a dell rack mount object.

solving ftp connection problems from a cmd prompt.

I’m not sure why, but a couple of times this week I’ve been unable to ftp files to any of my remote hosts from a command prompt (or within leechftp – my client of choice). When it failed, I would just get a connection refused error message before the username/password handshake takes place. As I’m running service pack2 and have the windows firewall enabled, I looked in the c:\windows\pfirewall.log file (something that I learnt about whilst doing the MCSDT exam – I didn’t know it did a log or that is where it put it!) and I was getting some dropped packets but no reason why. After a bit of digging on google I came across the How Windows Firewall Works document and it mentions that the Application Layer Gateway Service is required if you enable Windows Firewall on a computer that is an FTP client that does not use PASV ftp. The ALG service was running on the computer but a quick restart of the service and I could start ftp’ing again. I don’t see any obvious errors in the event logs as to why this service was not working properly but restarting the service is a lot more convenient than having to reboot the entire machine.