Category Archives: Uncategorized

Aruba Instant – AP boot image commands and upgrade

Leave a reply

I asked if there was a way to recover from a corrupted AP image.  Since the IAP will not fully boot we needed a way to replace the corrupted image via the AP boot menu options.  These commands aren’t well documented so I figured I would post this to hopefully help out others that face the same issue.

The first step is to reboot the AP and break the boot cycle.  You will need to press any key when prompted:

APBoot 1.5.5.5 (build 55373)
Built: 2016-06-09 at 11:36:40

Model: AP-32x
DRAM: 491 MB
SF: Detected MX25U3235F with page size 64 kB, total 4 MB
Flash: 4 MB
N

Hit <Enter> to stop autoboot: 0
apboot>

There are a number of options in the apboot menu: (may change on older firmware)

apboot> ?

?              – alias for ‘help’

boot           – boot the OS image

clear          – clear the OS image or other information

dhcp           – invoke DHCP client to obtain IP/boot params

factory_reset  – reset to factory defaults

help           – print online help

mfginfo        – show manufacturing info

osinfo         – show the OS image version(s)

ping           – send ICMP ECHO_REQUEST to network host

printenv       – print environment variables

purgeenv       – restore default environment variables

reset          – Perform RESET of the CPU

saveenv        – save environment variables to persistent storage

setenv         – set environment variables

tftpboot       – boot image via network using TFTP protocol

upgrade        – upgrade the APBoot or OS image

version        – display version

In this post I’m going to concentrate on the OS related commands.  The first thing we did was clear the corrupt os using the “clear os” command:

apboot> clear os

512 bytes written to volume aos0

Next we validated that partition0 is clear using the “osinfo” command:

apboot> osinfo

Partition 0 does not contain a valid OS image

Partition 1 does not contain a valid OS image

The next step is to get network connectivity. If the network has DHCP available simply type the “dhcp” command:

apboot> dhcp

eth0: link up, speed 1 Gb/s, full duplex

DHCP broadcast 1

DHCP DNS domain:

If DHCP is not available you will need to assign a static IP.  Here is a sample of that configuration:

apboot> setenv ipaddr 192.168.11.2
apboot> setenv netmask 255.255.255.0
apboot> setenv gatewayip 192.168.11.1

Now that we are on the network we need to provide the address of the TFTP server.  This is accomplished using the “serverip” command:

apboot> setenv serverip <TFTP server IP>

Ensure that a valid IAP image is in the TFTP directory of your server.  Make sure you use the correct image for the AP model that you are trying to upgrade.  In my example I’m upgrading an IAP-325.

Upgrade the OS using the “upgrade os” command:

apboot> upgrade os ArubaInstant_Hercules_8.3.0.6_69128

eth0: link up, speed 1 Gb/s, full duplex

Using eth0 device

TFTP from server 172.20.50.51; our IP address is 172.20.70.100; sending through gateway 172.20.70.1

Filename ‘ArubaInstant_Hercules_8.3.0.6_69128’.

Load address: 0x44000000

Loading: #################################################################

#################################################################

#################################################################

#######################################

done

Bytes transferred = 15293120 (e95ac0 hex)

Image is signed; verifying checksum… passed

Signer Cert OK

Policy Cert OK

RSA signature verified.

15293120 bytes written to volume aos0

Verifying flash…

Upgrade successful.

Validate the image using the “osinfo” command:

apboot> osinfo

Partition 0:

image type: 0

machine type: 40

size: 15293120

version: 8.3.0.6-8.3.0.6

build string: ArubaOS version 8.3.0.6-8.3.0.6 for Hercules (p4build@pr-hpn-build07) (gcc version 4.6.3 20120201 (prerelease) (Linaro GCC 4.6-2012.02) ) #69128 SMP Thu Feb 14 08:35:24 UTC 2019

flags: Instant preserve

oem: aruba

Image is signed; verifying checksum… passed

Signer Cert OK

Policy Cert OK

RSA signature verified.

Validate the IAP boot partition is set to the correct partition using “printenv” command.  Look for the os_partition variable:

apboot> printenv

os_partition=0

If the partition is not correct, set the os_partition using the “set_env” command:

apboot> setenv os_partition 0

Make sure you save your settings:

apboot> save

Now your IAP is ready to be reloaded using the “reset” command or just power cycle the AP. The IAP should boot with the newly upgraded image.

Hope this helps.

Airwave Root

Leave a reply

AirWave 8.2.10.0 CentOS7 install:

Re-Enable Root, Reset Password, and delete GRUB

Yes, you need to boot from a Live Distro, or mount the disk with another VM. Knppoix/Ubuntu/Backtrack are what I typically have on hand. If you use Ubuntu make sure you use

“Try without Installing” / Try Ubuntu and don’t install over your AMP server

– Shutdown the AirWave VM

– Add CD ROM to VM, and mount ISO to CD ROM.

– Edit VM Options, Boot Options, Force BIOS setup

              You may have Boot from EFI option with 6.7U3

– Save 

– Boot the AirWave VM

– In the vm BIOS got right to the Boot option

– Hightlight the CD-ROM option, and ++ to move it above Hard Drive

– Exit, Save Changes, Yes

– If Ubuntu use “Try Ubuntu” Option

– open terminal:

 Remove Grub Password

You probably don’t need this but here if you need to get into the boot loader:

sudo mount /dev/sda2 /mnt

sudo nano /mnt/grub/grub.conf

– delete the line that starts with password

– save file

umount /mnt

Enable Root Login

While you’re here go ahead and re-enable root login.

Mount the / drive:

sudo mount /dev/mapper/vg_system-lv_root /mnt

Change passwd file:

sudo nano /mnt/etc/passwd

change the root from nologon to /bin/bash

root:x:0:0:bin:/bin:/sbin/nologin  to  root:x:0:0:root:/root:/bin/bash

Set/Reset Root/Console Password

– set the root password / reset the ampadmin password

cd /mnt

sudo chroot /mnt

passwd ampadmin

passwd root

exit

Unmount the drive and reboot

cd /

sudo umount /mnt

Reboot Ubuntu/Linux and edit the VM setting to disconnect the CDROM and boot into AirWave. 

Airwave Upgrade for New Centos

Leave a reply

Basic Crib

the OVA file contains the new version if used to build a new instance.  A hardware AW upgrade would be similar in process, but we would have to build it from scratch (install the OS first, then use the .iso file for the AW install) on the same box after copying off the backup file.

To upgrade CentOS for Airwave the process in the Release Notes is correct:

  1. First, upgrade your live AW to 8.2.10.0.  This upgrades the databases so they can be restored later in the steps.
  2. Backup this live AW and copy off this backup file somewhere
    1. (CLI) Backup > Backup Now. 
      1. (GUI) To grab the “nightly” or “weekly” backups – if you’ve waited long enough since the upgrade to 8.2.10.0 so they can run since your upgrade – go to System > Backups
    2. Command line for SCP from AW (don’t use Solarwinds SFTP/SCP Server as it doesn’t like the encryption ciphers… OpenSSH in Linux works well) (This step is the most difficult in terms of getting the SCP server running, reachable, and the syntax correct):
      1. If I had a “awbackupfolder” folder on my Linux box on the Desktop for a user named “username”, I would reference the existing folder as relatively from my login directory: Desktop/awbackupfolder/  (the trailing “/” is optional here)
      2. The CLI SCP syntax cannot take the “~” tilde character so reference the folder in another way
      3. username@192.168.21.21:Desktop/awbackupfolder/
    3. Power off the AW server (we’ll need the new box to have the same IP because AW licenses are tied to it)
  3. Build a new AW server with the right storage, cpu, and memory requirements.  This is a good opportunity to increase hard disk size if you’ve been holding off.
    1. Building from OVA file will install the CentOS 7 version.
    2. To login to the newly deployed box, use the default: user = root and password = admin
    3. Use the same basic startup-script info as before, keeping the same IPs
    4. You will need a complex password.  Store it somewhere safe: this is your CLI and your WebUI password for “admin” login
  4. Once the box is up, from the CLI copy over the backup file via SCP.
    1. Files > Upload
      1. username@192.168.21.21:Desktop/awbackupfolder/ampbackup_date_time.tar.gz
  5. Now restore from the backup.
    1. Backup > Restore > AMP Restore, select the file.  Sometimes the numbers don’t match what you type – I think due to hidden files (.digest files).  Make sure it is the right one (it should be the only one here)
    2. VisualRF backup file is already contained in the AW Backup file, so there isn’t a need to do that restore separately.
  6. Log in to the system after it is up with the new password.  Perform basic checks that information is still flowing correctly.
  7. Delete the old virtual machine once everything is running fine.
  8. Have a cup of coffee.

OWA Blank Page Fix

Leave a reply

OWA Fix
Run Script Fix
At flashing cursor, type the following commands

If you are using Exchange 2010

1. CD “C:\Program Files\Microsoft\Exchange Server\V14\Bin” and then press <ENTER>
2. Subdirectory will change to the above.
3. updatecas.ps1, then press <ENTER>

If you are using Exchange 2007

1. CD “C:\Program Files\Microsoft\Exchange Server\Bin” and then press <ENTER>
2. Subdirectory will change to the above
3. UpdateOwa.ps1, and then press <ENTER>

The script will perform a number of different commands, and then simply complete by dropping you back to the DOS prompt
Type EXIT to close the Shell window

Generate UC Certificate

Leave a reply

When generating a UC Certificate via the snap in i get this from the MMC:

Error:  “Certificate Request Processor The request contains no certificate template information. 0x80094801 (-2146875391) Denied by Policy Module 0x80094801 the request does not contain a certificate template extension or the Certificate Template request attribute”

Microsoft’s resolution: Generate the request some other way. yeah ok

J’s solution: certreq -submit -attrib “CertificateTemplate: WebServer” WebServerCertReq.txt

Error installing CA Web Enrollment after migrating or restoring a CA

Leave a reply

Error:

Certification Authority Web Enrollment: Configuration Failed Active Directory Certificate Services setup failed with the following error:

The parameter is incorrect. 0x80070057 (WIN32: 87)

Cause The likely issue is that the value of SetupStatus at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration is configured to hexidecimal 6003, but should be configured to hexidecimal 6001.

This is because 6003 indicates that CA Web Enrollment is already installed and 6001 indicates that it is not yet installed.

Fix:

Resolution Modify the registry SetupStatus to read 6001 and then install CA Web Enrollment. You can modify that registry setting with the following certutil command from Windows PowerShell or a command prompt run as Administrator: certutil -setreg config\setupstatus 0x6001

 

Lync Customer gets disconnected while trying to park or hold calls

Leave a reply

Description: Lync Customer gets disconnect while trying to park or hold

Why: The mediation server is configured to use RTCP. After the gateway receives a=sendonly or a=inactive in the SDP, it doesn’t send any media traffic (no RTCP). The server ends the connection with RTCP timer is not disabled and Mediation Server encountered a gateway media stream timeout.

Resolution:

Set the mediation server setting with this switch to disable RTCPActiveCalls and RTCPCallsOnHold: Set-CsTrunkConfiguration -RTCPActiveCalls $false -RTCPCallsOnHold $false -EnableSessionTimer $True

More Info

 

RTCPActiveCalls

This parameter determines whether RTCP packets are sent from the PSTN gateway, IP-PBX, or SBC at the service provider for active calls. An active call in this context is a call where media is allowed to flow in at least one direction. If RTCPActiveCalls is set to True, the Mediation Server or Lync Server client can terminate a call if it does not receive RTCP packets for a period exceeding 30 seconds. Note that disabling the checks for received RTCP media for active calls in Lync Server elements removes an important safeguard for detecting a dropped peer and should be done only if necessary. The default is True.

RTCPCallsOnHold

This parameter determines whether RTCP packets continue to be sent across the trunk for calls that have been placed on hold and no media packets are expected to flow in either direction. If Music on Hold is enabled at either the Lync Server client or the trunk, the call will be considered to be active and this property will be ignored. In these circumstances use the RTCPActiveCalls parameter. Note that disabling the checks for received RTCP media for active calls in Lync Server elements removes an important safeguard for detecting a dropped peer and should be done only if necessary. The default is True.

EnableSessionTimer

This parameter specifies whether the session timer is enabled. Session timers are used to determine whether a particular session is still active. Note that even if this parameter is set to False, session timers can be applicable if the remote connection has session timer enabled. In such a case, the Mediation Server will reply to session timer probes from the remote entity. The default is False.

Office 2010 Documents dont open

Leave a reply

After some research, our problem seems to be a security setting in Office 2010. You can resolve it by the following steps:

1. Open word (or excel or powerpoint)

2. Select File

3. Select Options

4. select Trust center

5. select Trust center settings

6. select Protected view

7. Deselect all 3 options:

Enable protected view for files originating from the internet

Enbable protected view for files located in potentially unsafe locations

Enable protected view for outlook attachments

8. Repeat these steps for excel and or powerpoint