I just troubleshooted a server which on reboot stopped on “Applying Computer Settings” and refesed to start. The I stumbled om this and apparently there is a bug in APC Powerchute 6.x regarding an expired Certificate for the java software.
In rebooted the server in Safe Mode and disabled the services and tadaa It started!
Edit 2005-08-16:
There is now a KB article
I had a problem with a bluescreening computer today and had some time to spare so I thought I’d try to debug the mini dump. Googeling a little i found this excellent description on how to do it in Dana Epp’s Blog.
Links
Be sure to visit all the options under “Configuration” in the Admin Menu Bar above. There are 16 themes to choose from, and you can also create your own.
Hur ofta behöver man inte en mailadress för att registrera i en tävling eller för att ladda ner ett program… men man vill inte att företaget skall “dela med sig” av adressen så att din mailbox fylls av spam. Här är lite länkar till lite tjänster som erbjuder slaskmailboxar:
Slaskpost.se – Mailen ligger kvar i 24h
www.mailinator.com – Mailen ligger kvar i 24h
www.jetable.org/en/index – Adressen pekas till din egen mailadress men raderas efter 1 – 8 dagar.
Here are some links to dasBlog users I have found:
Frank Caico
Johnny Hughes – My Blog dasBlog Themes
Yannis Roussochatzakis
Prylar
Designtorget
Granit
Lagerhaus
Bolagret
IKEA
Linum
Miljögården
Möbler
IKEA
MIO Möbler
Svenska Hem
Norrgavel
BO Concept
Asko Möbler
Jysk
Europa Möbler
Compact Living
Gardiner
| PIX Firewall |
|---|
pixfirewall(config)# write terminalBuilding configuration...: Saved:PIX Version 6.1(1)nameif ethernet0 outside security0nameif ethernet1 inside security100enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptedhostname pixfirewallfixup protocol ftp 21fixup protocol http 80fixup protocol h323 1720fixup protocol rsh 514fixup protocol rtsp 554fixup protocol smtp 25fixup protocol sqlnet 1521fixup protocol sip 5060fixup protocol skinny 2000names!--- Issue the access-list command to avoid !--- Network Address Translation (NAT) on the IPSec packets.access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 pager lines 24interface ethernet0 autointerface ethernet1 automtu outside 1500mtu inside 1500ip address outside 14.36.100.50 255.255.0.0ip address inside 172.18.124.152 255.255.255.0ip audit info action alarmip audit attack action alarmip local pool ippool 10.1.2.1-10.1.2.254pdm history enablearp timeout 14400global (outside) 1 14.36.100.51!--- Binding access list 101 to the NAT statement to avoid !--- NAT on the IPSec packets.nat (inside) 0 access-list 101Nat (inside) 1 0.0.0.0 0.0.0.0 0 0route outside 0.0.0.0 0.0.0.0 14.36.1.1 1route inside 10.1.1.0 255.255.255.0 172.18.124.1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00timeout uauth 0:05:00 absolute!--- Enable access to the TACACS+ and RADIUS protocols.aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius !--- Associate the partnerauth protocol to RADIUS.aaa-server partnerauth protocol radius aaa-server partnerauth (inside) host 172.18.124.196 cisco123timeout 5no snmp-server locationno snmp-server contactsnmp-server community publicno snmp-server enable trapsfloodguard enable!--- Tell PIX to implicitly permit IPSec traffic.sysopt connection permit-ipsecno sysopt route dnat!--- Configure a transform set that defines how the traffic will be protected.crypto ipsec transform-set myset esp-des esp-md5-hmac!--- Create a dynamic crypto map and specify which !--- transform sets are allowed for this dynamic crypto map entry.crypto dynamic-map dynmap 10 set transform-set myset!--- Add the dynamic crypto map set into a static crypto map set.crypto map mymap 10 ipsec-isakmp dynamic dynmap!--- Enable the PIX to launch the Xauth application on the VPN Client.crypto map mymap client authentication partnerauth!--- Apply the crypto map to the outside interface.crypto map mymap interface outside!--- IKE Policy Configuration.isakmp enable outsideisakmp identity addressisakmp policy 10 authentication pre-shareisakmp policy 10 encryption desisakmp policy 10 hash md5isakmp policy 10 group 2isakmp policy 10 lifetime 86400!--- IPSec group configuration for VPN Client.vpngroup vpn3000 address-pool ippoolvpngroup vpn3000 dns-server 10.1.1.2vpngroup vpn3000 wins-server 10.1.1.2vpngroup vpn3000 default-domain cisco.comvpngroup vpn3000 idle-time 1800vpngroup vpn3000 password ********telnet timeout 5ssh timeout 5terminal width 80Cryptochecksum:3f9e31533911b8a6bb5c0f06900c2dbc: end [OK]pixfirewall(config)# |
Follow these steps to configure Microsoft Windows 2000 server with IAS. This is a very basic setup to use a Windows 2000 IAS server for RADIUS authentication of VPN users. If you require a more complex design, please contact Microsoft for assistance.
Note: These steps assume that IAS has already been installed on the local machine. If not, please add this through Control Panel > Add/Remove Programs.
aaa-server partnerauth (inside) host 172.18.124.196 cisco123 timeout 5
Note: In this example, “cisco123” is the shared secret.
Note: The VPN Client can only use this method for authentication.
Follow these steps to configure Microsoft Windows 2003 server with IAS.
Note: These steps assume that IAS has already been installed on the local machine. If not, please add this through Control Panel > Add/Remove Programs.
The example below shows a client named “Pix” with IP address 10.66.79.44. Client-Vendor is set to RADIUS Standard, and the shared secret is “cisco123.”
Click OK when you are finished.
Click OK when you are finished.
This section provides information you can use to confirm your configuration is working properly.
Certain show commands are supported by the Output Interpreter Tool 
( registered customers only) , which allows you to view an analysis of show command output.
This section provides information you can use to troubleshoot your configuration. For additional information, refer to Troubleshooting the PIX to Pass Data Traffic on an Established IPSec Tunnel.
Certain commands are supported by the Output Interpreter Tool ( registered customers only) , which allows you to view an analysis of show command output.
Note: Before issuing debug commands, please see Important Information on Debug Commands and IP Security Troubleshooting – Understanding and Using debug Commands.
| Note: | The parts of this text that are displayed in magenta are valid for Windows 2000 only |
|---|
Displays, sets, or removes cmd.exe environment variables.
SET [variable=[string]]
| variable | Specifies the environment-variable name. | |
| string | Specifies a series of characters to assign to the variable. |
Type SET without parameters to display the current environment variables.
If Command Extensions are enabled SET changes as follows:
SET command invoked with just a variable name, no equal sign or value will display the value of all variables whose prefix matches the name given to the SET command. For example:
SET P
would display all variables that begin with the letter ‘P’
SET command will set the ERRORLEVEL to 1 if the variable name is not found in the current environment.
SET command will not allow an equal sign (=) to be part of the name of a variable.
However, SET command will allow an equal sign in the value of an environment variable in any position other than the first character.
One new switch has been added to the SET command in Windows NT 4, and another one in Windows 2000:
SET /A expression SET /P variable=[promptString]
The /A switch specifies that the string to the right of the equal sign is a numerical expression that is evaluated. The expression evaluator is pretty simple and supports the following operations, in decreasing order of precedence:
| () | - grouping | |
| * / % | - arithmetic operators | |
| + - | - arithmetic operators | |
| << >> | - logical shift | |
| & | - bitwise and | |
| ^ | - bitwise exclusive or | |
| ¦ | - bitwise or | |
| = *= /= %= += -= &= ^= ¦= <<= >>= |
- assignment | |
| , | - expression separator |
If you use any of the logical or modulus operators, you will need to enclose the expression string in quotes. Any non-numeric strings in the expression are treated as environment variable names whose values are converted to numbers before using them. If an environment variable name is specified but is not defined in the current environment, then a value of zero is used. This allows you to do arithmetic with environment variable values without having to type all those % signs to get their values. If SET /A is executed from the command line outside of a command script, then it displays the final value of the expression. The assignment operator requires an environment variable name to the left of the assignment operator. Numeric values are decimal numbers, unless prefixed by 0x for hexidecimal numbers, 0b for binary numbers and 0 for octals numbers. So 0x12 is the same as 0b10010 is the same as 022. Please note that the octal notation can be confusing: 08 and 09 are not valid numbers because 8 and 9 are not valid octal digits.
The /P switch allows you to set the value of a variable to a line of input entered by the user. Displays the specified promptString before reading the line of input. The promptString can be empty.
Environment variable substitution has been enhanced as follows:
%PATH:str1=str2%
would expand the PATH environment variable, substituting each occurrence of "str1" in the expanded result with "str2". "str2" can be the empty string to effectively delete all occurrences of "str1" from the expanded output. "str1" can begin with an asterisk, in which case it will match everything from the begining of the expanded output to the first occurrence of the remaining portion of str1.
May also specify substrings for an expansion.
%PATH:~10,5%
would expand the PATH environment variable, and then use only the 5 characters that begin at the 11th (offset 10) character of the expanded result.
If the length is not specified, then it defaults to the remainder of the variable value.
If either number (offset or length) is negative, then the number used is the length of the environment variable value added to the offset or length specified.
%PATH:~-10%
would extract the last 10 characters of the PATH variable.
%PATH:~0,-2%
would extract all but the last 2 characters of the PATH variable.
Finally, support for delayed environment variable expansion has been added. This support is always disabled by default, but may be enabled/disabled via the /V command line switch to CMD.EXE. See CMD /?
Delayed environment variable expansion is useful for getting around the limitations of the current expansion which happens when a line of text is read, not when it is executed.
The following example demonstrates the problem with immediate variable expansion:
set VAR=beforeif "%VAR%" == "before" (set VAR=after;if "%VAR%" == "after" @echo If you see this, it worked)
would never display the message, since the %VAR% in BOTH IF statements is substituted when the first IF statement is read, since it logically includes the body of the IF, which is a compound statement.
So the IF inside the compound statement is really comparing "before" with "after" which will never be equal.
Similarly, the following example will not work as expected:
set LIST=for %i in (*) do set LIST=%LIST% %iecho %LIST%
in that it will NOT build up a list of files in the current directory, but instead will just set the LIST variable to the last file found.
Again, this is because the %LIST% is expanded just once when the FOR statement is read, and at that time the LIST variable is empty.
So the actual FOR loop we are executing is:
for %i in (*) do set LIST= %i
which just keeps setting LIST to the last file found.
Delayed environment variable expansion allows you to use a different character (the exclamation mark) to expand environment variables at execution time.
If delayed variable expansion is enabled, the above examples could be written as follows to work as intended:
set VAR=beforeif "%VAR%" == "before" (set VAR=afterif "!VAR!" == "after" @echo If you see this, it worked)set LIST=for %i in (*) do set LIST=!LIST! %iecho %LIST%
If Command Extensions are enabled, then there are several dynamic environment variables that can be expanded but which don't show up in the list of variables displayed by SET.
These variable values are computed dynamically each time the value of the variable is expanded.
If the user explicitly defines a variable with
one of these names, then that definition will override the dynamic one described below:
| %CD% | - | expands to the current directory string. | |||
| %DATE% | - | expands to current date using same format as DATE command. | |||
| %TIME% | - | expands to current time using same format as TIME command. | |||
| %RANDOM% | - | expands to a random decimal number between 0 and 32767. | |||
| %ERRORLEVEL% | - | expands to the current ERRORLEVEL value. | |||
| %CMDEXTVERSION% | - | expands to the current Command Processor Extensions version number. | |||
| %CMDCMDLINE% | - | expands to the original command line that invoked the Command Processor. |
| Warning note: | A note on NT 4's SET /A switch from Walter Zackery in a message on alt.msdos.batch.nt: | |
|---|---|---|
| "The SET /A command has a long list of problems. I wouldn't use it for much more than simple arithmetic, although even then it truncates all answers to integers." | ||
On the other hand, limited though it may seem, the SET command's math function can even be used for a complex task like calculating the date of Easter Day for any year.
!— Access List for NAT-0
access-list NAT-0-INSIDE remark — No address translation for the VPN connections to Local LAN
access-list NAT-0-INSIDE permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
!— Access List for VPN Clients to Inside
access-list OUTSIDE-IN permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
!— Setting up DHCP Pool for Clients
ip local pool VPNPOOL1 192.168.10.1-192.168.10.254
!— No NAT from VPN to Inside
nat (inside) 0 access-list NAT-0-INSIDE
!— Authentication
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host [Radius Server] [Radius Session Key] timeout 5
aaa-server LOCAL protocol local
!— Configure a transform set that defines how the traffic will be protected.
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
!— Create a dynamic crypto map and specify which
!— transform sets are allowed for this dynamic crypto map entry.
crypto dynamic-map VPNUSERSZONE 10 set transform-set ESP-3DES-MD5
!— Add the dynamic crypto map set into a static crypto map set.
crypto map VPNZONE 10 ipsec-isakmp dynamic VPNUSERSZONE
!— ???
crypto map VPNZONE client configuration address initiate
crypto map VPNZONE client configuration address respond
!— Enable the PIX to launch the Xauth application on the VPN Client.
crypto map VPNZONE client authentication LOCAL
!— Apply the crypto map to the outside interface.
crypto map VPNZONE interface outside
!— IKE Policy Configuration.
isakmp enable outside
isakmp identity address
isakmp client configuration address-pool local VPNPOOL1 outside
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
!— IPSec group configuration for VPN Client.
vpngroup VPNCLIENTS1 address-pool VPNPOOL1
vpngroup VPNCLIENTS1 dns-server 192.168.1.17
vpngroup VPNCLIENTS1 default-domain domain.com
vpngroup VPNCLIENTS1 idle-time 1800
vpngroup VPNCLIENTS1 password 1234567890
Login: admin
Password: admin