CISCO -- Create Etherchannel port on CISCO 3560 12.2.53 SE2

Today, I'll create Etherchannel Port on CISCO Catalyst 3560G for our storage. Here is the steps i performed on the siwtch.

Create Channel Group and assign Ports
sw3560g> enable
sw3560g# configure Terminal
sw3560g<'config># interface range gi0/17-18
sw3560g<'config-if-range># switchport mode access
sw3560g<'config-if-range># switchport access vlan 2
sw3560g<'config-if-range># channel-group 1 mode active
sw3560g<'config-if-range># end
sw3560g# show etherchannel 1 detail  <=Check the status of Etherchannel
sw3560g# copy running-config startup-config

Change Etherchannle Load-Balance Mode
sw3560g> enable
sw3560g# configure terminal
sw3560g<'config># port-channel load-balance src-mac
sw3560g<'config># end
sw3560g# show etherchannel load-balance  <=Check the load-balance mode
sw3560g# copy running-config startup-config

Update-20100820
After implemented the etherchannel on switch, I found the switch shows lots of ports flapping messages in log. After google some solution and found that the issue was caused by third party device is not support LACP (Link Aggregation Control Protocol) mode. for this reason, I reset the channel-group mode from Active to On mode and the event log disappeared.

Exchange -- Exchange 2007 ActiveSync Stoped after upgrade from SP1 to SP2 ??

After doing the redirection to simplify OWA URL, all the exchange 2007 mail functions are running normally besides unified services that we don't need it. Users can use simple URL to access Web mail, use smartphone to access mails through Exchange ActiveSync and use Outlook client to access mails through Outlook Anywhere service.


Few weeks ago, we upgraded the exchange 2007 server from SP1 to SP2. All the customized changes for simplify OWA URL had recovered to default, so i have to do it again on the exchange server.

Recently, We have a request to enable autodiscover service on the exchange server but we don't sufficient domain SSL Certification to run this service. We requested a new certificate from Go Daddy and imported to exchange server. After all the exchange configuration for new SSL certification, i restarted the IIS services and we got a new issue on Push Mail.

When we tried to sync the mails through spartphone, we got an error message "Server is not available, please try it later". When we tried to direct access the path http://exchangeExternalURL/Microsoft-Server-Sync/, we got HTTP500 page and told us there has an internal error on the server. We follow these two clues to search the solution and find some idea from other users.
Those solution are briefed as below:
1. Check the authentication method on the Microsoft-Server-ActiveSync.
    This virtual folder should enabled as "Basic Authentication".
2. Restart IIS Services through Service console.
3. Restart Exchange IM and ATM services through service console.
4. Restart Application Pool (MSExchangeSyncAppPool).
5. Recreate Microsoft-Server-ActiveSync virtual folder.
6. Reboot Exchange server.
All the above solution can't help me to solve the issue.

Well, since all the behavior pointed to IIS virtual folder fail, we tried to compared with our testing exchange server's virtual directory to see if we can find any different or not. Just as expected, we found that there has a web.config file located in Default Web Site but not show in the testing exchange server. We checked the content and found this file was the configuration file for any changes on the default web site. We tried to renamed this file and restart IIS. Luckily, the issue been solved. Our smartphone can communicated with Exchange server and sync the mails as usual. After review the result, we found that the issue might caused by IIS7 new inherit behavior and caused the redirect settings inherited by sub virtual folder.

There has a web site can help you to test your remote connectivity is running normal or not.
Exchange Remote Connectivity Analyzer

Exchange -- Redirect HTTP to HTTPs for OWA accessing on Exchange 2007 SP1

We created a Exchange 2007 as our mail system and installed on Windows 2008 Standard edition recently. All functions works well.
But recently, users complaint that the link to access web mail is too long and hard to remember.
They wonder if they can just type in the address without https or subaddress (/owa) to access the web mail. Here are the scenario we need:
1. http + public host name -> https + public host name + /owa
2. https + public host name -> https + public host name + /owa
3. http + public host name + /owa -> https + public host name + /owa
4. http + internal host name -> https + public host name + /owa

I searched the web and found that Microsoft has an official documents for these scenarios.
Simplify the Outlook Web App URL
It has detail steps for the configuration. I extracted the main steps as below:
=========================================================
Use IIS Manager to simplify the Outlook Web App URL when SSL is required

1. Start IIS Manager.
   
2. Expand the local computer, expand Sites, and then click Default Web Site.
   
3. At the bottom of the Default Web Site Home pane, click Features View if this option is not already selected.
   
4. In the IIS section, double-click HTTP Redirect.
   
5. Select the Redirect requests to this destination check box.
   
6. Type the absolute path of the /owa virtual directory. For example, type https://mail.contoso.com/owa.
   
7. Under Redirect Behavior, select the Only redirect requests to content in this directory (not subdirectories) check box.
   
8. In the Status code list, click Found (302).
   
9. In the Actions pane, click Apply.
   
10. For the new settings to take effect, open a Command Prompt window, and then type iisreset /noforce to restart IIS.

Use IIS Manager to remove redirection from a virtual directory 
To remove redirection from a virtual directory, perform the following steps:

1. Start IIS Manager.
   
2. Navigate to the virtual directory.
   
3. Double-click the HTTP Redirect icon in the Features view of the virtual directory.
   
4. Clear the Redirect requests to this destination check box.
   
5. In the Actions pane, click Apply.
   
6. For the new settings to take effect, open a Command Prompt window, and then type iisreset /noforce to restart IIS.
   

You may not be able to use the procedure above to remove redirection from a virtual directory that doesn't have a physical path, such as /Exchange, /Exchweb, or /Public. Use the following procedure to remove redirection from a virtual directory that doesn't appear in IIS Manager.

1. Open a command window
   
2. Navigate to \System32\Inetsrv
   
3. Enter the following command: appcmd set config "< web site >/< virtual directory >" /section:httpredirect /enabled:false -commit:apphost

==========================================================================
But after follow the steps to setup the server, i found there have some tricks need to note to meet the goal.

1. Need to disable "Require SSL" on the default web site.
   It can allow http access from clients. (Make sure the sub folder do not inherit the configuration)
2. Need to clear all redirect setting that inherited from default web site on the all virtual directorys. (Include /owa)
3. Need to modify the  error page 403 and change the respond on virtual folder OWA to redirect to main page when access to virtual folder without using SSL.

Fortigate -- How to format boot device and reinstall firmware

In this post, I listed the pre-require list and steps to format boot device and reinstall firmare and configuration.

Pre-requirement
1. Console cable.
2. Terminal program.
3. Latest firmware.
4. TFTP server.
5. Set static IP on PC ( suggest to set IP 192.168.1.168/24)
6. Backup configuration.
7. Allow the TFTP flow pass through the firewall.
8. Configure serial port as below value.
    Baud Rate: 9600
    Data: 8
    Parity: none
    Stop: 1
    Flow Control: none

Formating boot device (Total process takes about 30 Sec.)
Reboot the unit (or unplug and plug the power cord) and interrupt the boot process when "press any key ..." to enter configuration. Press any key and take you into the menu and select "F" to format the boot device. If no error occurred, you can keep on next step to load the firmware.

Installing Firmware (Total process takes about 8.5 minutes)
From the menu, select "G" to download the firmware through tftp server.
1. Input the PC IP set in pre-requirement. (Can be changed when need)
2. Input local IP address for FG. The IP has to be same subnet as PC.
3. Input firmware name in tftp server. (ex:image.out)
4. After firmware has been loaded, save it as default firmware by pressing "D".
The screenshoot as below:

5.When all process done, the unit will restart.

Restoring the configuration (Total process takes about 1 minute and 45 Sec.)
1. Use default account (admin) and password (blank) to logon to the unit.
2. Execute the command " execute restore config tftp FG-FW_20100120.conf 192.168.1.168"
3. After the configuration has been downloaded, the unit will restart with original configuration.