Problem with Users running Windows Vista or windows 7 with CISCO NAC release 4.6.1

Here is a problem that my co-worker Mike Maron recently ran into along with the solution.

If you have users or guest desktops/laptops with windows vista or windows 7 installed that cannot access the network via NAC, it is due to a problem with windows User account Control. When this feature is enabled (it is by default), it doesn’t work properly because NAC requires Internet Explorer to run in elevated mode in order to release and renew IP addresses.

There are two workarounds to this issue

1. Right click IE and selecting run as administrator (this only works if the user has administrative rights to local PC) and then access the nac page. In many cases the user does not have administrative rights to the computer, so they can not run IE as admin, nor can they disabled user account control. http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/461/461rn.html#wp791975

2. There is also a way on the NAC appliance to bounce switch port via NAC instead of windows which will allow the PC to properly renew the IP address.

In OOB Management > Profiles>Port>choose profile to edit
Make sure the check box for Bounce the port based on role settings after VLAN is changed is checked off and update



Then navigate to User Management>User roles>Choose role and edit
Make sure Bounce switch Port after login ( OOB ) is enabled as well as Refresh IP after Login( OOB ) and save role .

Replication Manager Problem

I had an RM job that suddenly stopped working with the following error
2009 10 27 13:13:03 EMCRM01 INFO:Replica 2009 10 27 13:13:03 created from application set xxxxxxxx_db_logs, job VPMPRODDBSQLCL_no_Verify by cerbadmin.
2009 10 27 13:13:03 EMCRM01 INFO:Starting RecoverPoint checkpoint of [application set:servername_db_logs / job: servername _no_Verify] at time 2009 10 27 13:13:03.
2009 10 27 13:13:03 EMCRM01 INFO:This operation can take a long time. Please be patient.
2009 10 27 13:10:53 servername 004052 WARNING:Unable to find Invista CLI path. If Invista instances are being used, install InvCLI into the default path: C:\Program Files\EMC\INVCLI\.
2009 10 27 13:10:53 servername 000600 ERROR:Storage device S:\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\MSDBData.mdf could not be located on supported arrays. Please check if there are problems communicating with the storage arrays.
2009 10 27 13:10:53 servername 026051 ERROR:processGetStorageDetails - failed to write Storage Details.
2009 10 27 13:10:53 servername 026607 ERROR:An unexpected internal error occurred: rawMessage::getSessionId - null buffer
2009 10 27 13:10:53 servername 026607 ERROR:An unexpected internal error occurred: rawMessage::getRequestId - null buffer

The workaround to resolve this error is as follows.
Go into the hosts tab of Replication manager, right click on the host you are having a problem with, and select rediscover arrays. Then execute the job again and it should complete successfully now.

Rename Netapp Filer (useful for netapp to emc migration of NAS)

The following steps are useful to rename a netapp filer, in order to preserve name space when migrating from netapp to emc. Unfortunately DFS wansn't used before I started working here, so I had 4 netapp filer names hosting CIFS shares that I had to migrate to EMC Celerra. After using rainfinity to replicate the shares from netapp to EMC, I had to perform the following steps to steal the name for the netapp and reuse it on the Celerra.

1. Connect to the filer by \\filername\c$\etc and copy the existing rc & hosts files as rc.old & hosts.old.
2. Open up the original hosts file and search and replace for the filers name and replace with the new name
3. Open up the original rc file, update the following hostname
4. Update the NetBIOS name on the filer by typing "options cifs.netbios_aliases "
5. Run the following on the filer you are renaming "CF disable" to disable the cluster, "CIFS Terminate" to terminate the cifs service.
6. Remove the entry for the old filer name from Active Directory users and computers and from DNS
7. Run Cifs Setup to add the filer back into Active directory and DNS with the new name
8. Run "CF enable" to enable the cluster.
9. Connect to the node that you failed over to and type "CF takeover" this will cause a reboot of the filer that you renamed
10. Once the filer that you renamed is back & you will see a message saying giveback operation is now available
11. run "cf giveback"

Problem Adding New Host to Replication manager

I ran into an interesting problem today when trying to connect a new host to Replication Manager. When I right clicked on the host and selected discover arrays I would get the following error (SymApi not present, but function "SymInquiry All" Invoked).




















It turns out that windows 2003 servers that are 64 bit must have the Solutions Enabler 32 bit client on them. The 64 bit Solutions enabler client is ONLY for 64 bit 2008 servers. After uninstalling the 64 bit client from the 2003 servers and then installing the 32 bit client on them (no downtime is required by the way) I was still running into this issue. What I then had to do was the following:

• Stop the RM service from the server that I was trying to add to RM
• Go into the following directory C:\Program Files (x86)\EMC\rm\client\bin
• Renamed symapi_db_emcrm_client.db to symapi_db_emcrm_client.db.old
• Restart the rm client services.
• Right click the host in RM and select discover arrays, this error should now be resolved.
  

How To Create MetaLun on EMC Clariion

Here are the steps invovled in creating a MetaLun on an EMC Clariion CX4. The steps below show creating 4 luns of size 6,400 MB which are then expanded into 1 lun of 25 gigs. Photos 1 and 2 will need to be performed 4 times in order to create all 4 luns, and I set these up as follows:
LUN 3924 Raid Group 27 raid 1+0 LUN ID 3924 6,400 MB
LUN 3925 Raid Group 26 raid 1+0 LUN ID 3924 6,400 MB
LUN 3926 Raid Group 25 raid 1+0 LUN ID 3924 6,400 MB
LUN 131 Raid Group 24 raid 1+0 LUN ID 3924 6,400 MB
I then expanded lun 131 to the full capacity of 25 gigs by striping it across the 3 other luns.

Winmail.dat exchange problem, trendmicro scanmail

I just migrated all of my Microsoft Exchange users from one windows 2003 active passive cluster, to 4 windows 2003 virtual exchange servers. Suddenly users started having a problem with microsoft office attachments, they were replaced with a winmail.dat file. To make a long story short, trendmicro scanmail was the root cause of the problem.

Here is the trendmicro support article I found that pointed to different symptoms than I had (it says a second email, in this case it was the only email and it always replaced office files with winmail.dat), however it was the fix for this issue as well. To quickly test to see if it was the issue i just disabled spam filtering in scanmail (we use postini so this is just an extra layer)

A second email with only a winmail.dat file attachment is received when sending an email through ScanMail for Exchange (SMEX) 8.0

Solution ID:
EN-1037111
Product:
ScanMail for Exchange - 8.0 2000/2003/2007
Operating System:
Windows Server 2003 - SP2; Windows Server 2003 R2; Windows Server 2003 Standard Edition; Windows 2000 Server - SP4
Published:
4/11/2008 12:49 AM

Problem:
The second email has the same subject of the original email and contains only a winmail.dat file attachment.
The header of this second email contains the following information:
Content-Type: application/ms-tnef;
name="winmail.dat"
:
:
X-TM-AS-Product-Ver: SMEX-8.0.0.1259-5.000.1023-15772.002
X-TM-AS-Result: No--36.821000-5.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No

Solution:
Public

The abovementioned X-TM-AS headers imply that the ScanMail Anti Spam feature is also enabled on the Exchange Server.
This also means that the content type of the message is application/ms-tnef. Note, however, that the application/ms-tnef (winmail.dat) does not contain the actual message itself. It just contains either the embedded OLE objects, special Outlook features or formatting of the message if it was sent in Rich Text format. So, we can safely exclude this kind of message from Antispam scanning to avoid receiving this type of issue.
Perform the following steps on the affected ScanMail for Exchange 8.0 server to resolve this.
1.
Make sure that the latest patch for SMEX 8.0 is installed in your machine.
2.
Open the Registry Editor.
Important: Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
3.
Add the following key:
* Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion\
* Key: AntiSpamSkipScanning
* Type: REG_SZ
* Value: application/ms-tnef;
Note: Make sure to include the semi-colon ( ; ) at the end of the value.data.
4.
Restart the SMEX_Master service.
5.
Send another test emails and observe the system response.
These steps will configure ScanMail for Exchange 8.0 Antispam not to filter the application/ms-tnef content-type, thus preventing the issue.
Related Information:
•
Description of Transport Neutral Encapsulation Format (TNEF) in Outlook 2000
•
What is an "application/ms-tnef" attachment?

Rename Netapp Filer, creates Snapdrive issue

After renaming our Netapp FAS 3020C filer which I use for NAS and ISCSI storage, there was an issue with all hosts that connect to it. All hosts that had snapdrive and snapmanager for SQL suddenly all SQL backups failed and I got RPC errors when trying to open snapdrive from computer manager (this will also apply if using Snapmanager for Exchange). The fix was pretty simple

From DOS
List the current IP and filername that snapdrive is currently using:
"c:\program files\netapp\snapdrive\sdcli.exe" preferredIP list

ADD the new filer name and IP:
"c:\program files\netapp\snapdrive\sdcli.exe" preferredIP set -f TypeNewFilerName -IP TypeIPaddressofFiler

Delete the old Filername:
"c:\program files\netapp\snapdrive\sdcli.exe" preferredIP delete -f oldfilername

Confirm that the correct current IP and filername is now the only thing listed:
"c:\program files\netapp\snapdrive\sdcli.exe" preferredIP list

Stop Snapdrive from DOS
net stop swsvc
Start Snapdrive from DOS
net start swsvc

After the above backups successfully completed and i was able to open snapdrive from computer manager