Branko Santo

Just today had a situation where we had some strange behaviour. Some users and OUs were not replicating. OK I go in do some diagnostics just to find out those are some two old DCs which had been brought back to life after like 4 months.

 The thing is their Tombstone time expired and now they were no good (if you know what I mean). It took some time and a whole lot of searching

 Here is the TechNet article on it.

Reconnecting a Domain Controller After a Long-Term Disconnection

P.S. I passed 70-298 my finall exam for the MCSE: Security

It was a drag

Luckily these two posts made it clear (aftear a couple of hours lost) as to how to make everything right in Virtual PC

Link one

Link two

Check out the comments on them there is some wisdom there too

Well since I am now studying for my ISCW it was time to test SDM and how it works. None the less it only works on Windows operating systems. First couple of practices I did went with no problem, but as soon as I got to 3 routers and some tunneling and encryption I got the popular memory stack problems. Needing to alleviate this problem I sat down and thought hard. Having before tried the Windows inside Linux and vice versa, I knew there was no really good solution. Finally it came to me that while trying Fedora inside VMWare on Windows I was running the InternetworkExpert topology with something like 15ish routers. Sitting on 3 routers inside VMWare on Fedora and using SDM from my host Windows really works cool. And its not a problem to setup.

1. After you have everything setup for host/guest communication with VMWare start the Dynamips process on Linux

2. On Windows create your .net file and set it up so that each router has an interface pointing out through the VMWare interface to you host machine.

3. Add addressing on those interfaces and ping them from the host machine, should work.

4. Connect with your SDM to the routers

Happy securing and device hardening

I just finished the Cisco Academy teleworker connectivity chapter and learned some good stuff.

These two use a lot of the same logic, in principle the key is a router connection to the provider and NAT/PAT translation on the inside part of the network.

Steps to cover a PPPoE connection are:

1. Configure the “outside” interface which will be used to connect yourself to the provider (note: no ip address)
2.  Configure your dialer interface which will negotiate your IP and make sure you are connected (note: mtu size 1492)
3. Configure NAT/PAT (note: take care of mss, max 1452)
4. Setup DHCP for the inside network
5. Make a default route to the provider

The PPPoA situation is very close and differs in an obligatory mode and encapsulation settings.

No testking, pass4sure, actualtest or anything else

Since I am an MCT, MOCs for the upgrade are available and I must say I did not read everything. The upgrade exam is consisted actually of two exams, one for TS: Active directory and one for TS: Network Infrastructure. You need to pass both to get the upgrade, I barely scraped through Network Infrastructure with 700/1000 (the exact ammount needed to pass) and failed the AD part (572/1000). There is a lot of new stuff on the exams. And the new stuff is really cool, I already wrote about it and now that I have studied it some more there are just words of praise for the MS team. RODC and Core Server installation is such a great combination for a branch office. Interesting is that I have not even touched the infrastructure part of the material and I passed it, which would perhaps mean that it was a bit easier or that I had more luck guessing   Well it was stuff I work more with so it was a bit easier for me. I really do bealive that a person with expirience could go through the MOCs and pass these exams (perhaps not in a first try but not all that hard) so when you get the chance prepare yourselves and get to it.

I will report back if I pass next time.

P.S. Second shot is on the table until end of January!

P.S.S. No I can’t share the MOCs

This sounds too much like FBI and CIA

IIN – Inteligent Information Network

SONA -  Service Oriented Network Architecture

Been reading the Cisco network academy program and this is the first chapter. I felt lost, thought I was in design land. Anyway some great info is there. Thinking of organizing a strong and flexible network? Surely take a look at this as it describes the architecture of an enterprise network all together with SOHO/Mobile workers/Branch offices. I already knew a good deal of this as the layered network structure (access/distribution/core) is a part of the BCMSN that recently succumbed to my brain.

The biggest problem of all the topics seems to be the remote worker connecting to the inside of the network. VPNs, IPSec, MPLS  are all parts of the ISCW so can’t wait to get on to those.

Gotta go now

Well today was an interesting day Got up at 4AM finished the nuggets, went to the gym got back home and with a full hart and a gigantic cup of coffee wanted to setup SDM on a network. Should be a trivial task! Well with all the trouble Dynamips provides on Windows I decided to boot up my Fedora, but what was I thinking it does not run SDM as its strictly for MS operating systems (I am an “MS guy” but don’t get me started on how wrong this is!). OK I decide to install VMWare and install an XP inside. Time lost? like 4 hours and a busted kernel and no result.

OK than I switch back to my XP x64 and Dynamips still goes on to give me crap now with memory allocation problems (not the regular stack dumps, this is totally new!) Time lost like an 2 or 3 hours on installing another XP inside this one to test it inside, and it didnt work there too! Then I get a wild idea and decide to switch the IOS which has served me for such a long time, and I manage to get everything working at least for the time being.

And I must be the stupidest networker  trying to get my host and Dynamips to cooperate. First I miss the interface that I actually did connect, than I misstype the IP address and after that forget to bring it up. And now that I have it running I am just to strained to try anything   Just another crazy day in trying to get …. somewhere

Yesterday I got a surprise  first 4 seasons of “Will and Grace” probably one of the best series ever. So have with what to relax. I could go for some icecream. Naaaahhhh, well enough babbling and on to new victories. Take care people!

Well I was quick to go through the CBT Nuggets for this one and as always its great to listen to Jeremy again

I am totally loving MPLS and can’t wait to get into the nitty gritty of it. Anyway as my plan is to go after the CCIP after I get done with CCNP I will have a solid base to build on. Security topics are great and I must say SDM is a gift for as all-in-one network/system admins. It is just so nice to see such a tool and hopefully I will be good at using it but after all CLI is the place where I like to be.

So will be starting today or tomorrow with  the Cisco academy program and will report in more details as I go though the chapters.

Take care

well I have been reading up a bit on the topics, looking over book contents and some CBTs.

All in all it seems that IPSec + VPN, network/device hardening and MPLS are around 90% of the material. There are topics on connections (DSL, Cable and such) but from the first look it does not seem all that in depth.

Here are the topics from the Cisco site:

• Implement basic teleworker services
• Implement Frame-Mode MPLS
• Implement a site-to-site IPSec VPN
• Describe network security strategies
• Implement Cisco Device Hardening
• Implement Cisco IOS firewall
• Describe and configure Cisco IOS IPS

I already watched some videos on MPLS and I like it    IPSec and VPN I am familiar with from Microsoft networking so this should be an easire one as I have a solid foundation on some of the topics.

Will be reporting soon and hopefully much more than for BCMSN.

Ok friday is going to be hopefully my last day studying for BCMSN since saturday morning I am gonna take the exam.

Feeling good but not great, wireless is perhaps my weak point but I know a good deal.

Well we shall see saturday

Edit: Passed the exam 923/1000, it was not all that hard. I was pretty scared from the BSCI since I barely scraped through that one. Weakest part of the exam for me was Voice and than Wireless. No contacts with wireless equipment at all and next to none with voice so it was expected. People say BSCI and BCMSN are quite harder than the rest of the CCNP curriculum and I certinaly hope so. Anyway 2 down 2 to go. Hoping to shoot down these by the end of May since I will be also trying to pass my MCSA upgrade to 2008 until end of January (while the second shot is active).

Thanks to everybodies support and see you next time