Windows IP conflict when there is no conflict

Posted 2013/02/20 by knightfoo
Categories: Microsoft, Technology

Just had an interesting problem with a customer that seems a bit obscure, so I figured I would write it down to help someone else.  All of the other solutions to this issue focus solely on there being a problem on the Windows side, which may not necessarily be the case.

Situation: customer is setting up a Windows 2008 R2 server in a VMware cluster, on a VLAN that is sitting behind a firewall. The firewall is is the gateway for the VLAN (say 192.168.34.1). When configuring the network interface on the server, picking ANY IP address in the 192.168.34.0/24 network results in the error message “Windows had detected an IP address conflict”. This happens even if there are no other devices on the VLAN aside from the firewall.

The issue? There was a static (identity) NAT entry in the Cisco ASA firewall for 192.168.34.0/24. By default, Cisco firewalls will proxy ARP for NAT entries.

  • (8.3(1), 8.3(2), and 8.4(1)) The default behavior for identity NAT has proxy ARP disabled. You cannot configure this setting.
  • (8.4(2) and later) The default behavior for identity NAT has proxy ARP enabled, matching other static NAT rules. You can disable proxy ARP if desired.

This is desirable behavior for a firewall on the edge of the network because the upstream router needs to know where to send traffic for NAT’ed hosts. For internal firewalls this can cause issues, especially with 8.4 code where you need to setup identity NAT to exempt devices from NAT.

The solution? Add “no-proxy-arp” to the end of your identity NAT statements:

nat (inside,outside) source static obj_Internal obj_Internal no-proxy-arp route-lookup

The other (less desirable) solution is to disable the ARP-checking functionality in Windows, but this means it won’t be able to detect a legitimate IP conflict. You can do this through a quick registry hack: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, create a DWORD named “ArpRetryCount” with a value of “0″.

Call Manager Express – Class of Restriction (COR) Lists

Posted 2012/09/11 by knightfoo
Categories: Cisco, Technology

Tags: , ,

I spend most of my time as a voice engineer dealing with Call Manager and Contact Center Express, but once in a while I get thrown a “small” problem involving Call Manager Express.  CME is generally deployed for smaller customers (<100 phones) who don’t need all the fancy features or capacity offered by full-blown Call Manager.  Unfortunately, most of my customers are fairly large so I don’t get to play with CME often.

A few weeks ago I had some spare cycles so I was tossed into a case for a customer having issues with their CME and some FXO lines.  Summary: they have 8 FXO lines, 6 of which in a hunt group, and 2 need to be assigned for 2 specific individuals at the company.  The hunt group configuration was tricky, but let’s focus on the 2 extra lines.  They want these FXO ports setup so that User1 and User2 always use 0/2/1 and o/2/2 (respectively) for outbound calls, so that when people call back they get the right person.  This would be a piece of cake in UCM: create a special partition and CSS for each of those users, add route patterns pointing to the correct FXO as the gateway, and apply the CSS to the user phones.  15 minutes of work, tops.  Except CME doesn’t have Partitions and Calling Search Spaces.

Read the rest of this post »

Is this thing on?

Posted 2011/12/29 by knightfoo
Categories: Personal

Tags: , ,

Wow, guess it’s been a while. Kind of lost track of the last time I posted here until mom reminded me – I installed the WordPress app on my Thunderbolt (woot, 4G) and saw that the last post was Nov. 23, 2010. Shoot, over a year. I’m such a slacker.

Amazingly I still get a fair number page views for some reason. The most popular post for the last year has been my rant about Microsoft Visio crashing because of a bluetooth add-in. It actually used to rank above the official Microsoft KB article on the issue for several months in a row and still bounces to the top spot once in a while. The second most popular post now (used to be #1) is my Volvo Sunroof Repair post that details how to replace the selector gate in a sunroof. This one is probably popular due to the expensive nature of sunroof repairs and lack of warranty coverage. Most dealers won’t even give an estimate without $200 to investigate.
Read the rest of this post »

Educational Efficiency

Posted 2010/11/23 by knightfoo
Categories: Rant, Technology

I work for a fairly large technology partner, and I deal with quite a few government and educational entities. I understand that they need to go through extra steps to ensure they are spending public funds in the best possible way and maintain accountability. Most of the time it is just an annoyance, but once in a while I run across a shining gem of bureaucracy that makes me shake my head more than usual.

If you’re a publicly funded school (K-12, community college, etc), this is generally what you need to do in order to purchase equipment for network infrastructure:

  1. Determine through some means that you need to buy/upgrade something
  2. Approach vendor/partner to put together a high level design and determine equipment needed
  3. Write an RFP with list of said equipment and post in a public place
  4. Wait for minimum number of bidders to respond
  5. Pick best price and order

Sounds pretty fair and logical, right? The whole process probably takes a minimum of 4-6 weeks, maybe longer for large or complex projects.

Now this is where it get’s stupid. In Texas there is something called the DIR contract. Every year, technology vendors from all fields apply for this contract, which involves pre-negotiated pricing and discounts on hardware and services. Once you get your contract number, you can sell approved equipment and services to nearly any state entity without the need for bidding. The customer knows they are getting the best price, and that the company they are buying from has already been vetting process. It takes months of paperwork to get this contract, but it is worth it for technology companies because it saves a LOT of time when dealing with state and local government and education.

So go back to the process in paragraph 2 and you’ll realize why I got so annoyed when I get an RFP on my desk with an exact list of part numbers required, and they just want a price per item then a total price. This list came out of a configuration tool, meaning that a partner or vendor already went through the trouble of building a configuration (with pricing included) and provided this list to the school. The school then copy/pasted this list into a Word document, stripped out the pricing, and sent it out for companies to bid on. You know what they’ll get? 5 responses, 3 of which will be from companies on the DIR contract, and 2 from random vendors that will be tossed out because they can’t come close on price. The 3 vendors will all have the same price, and the decision will come down to flipping a coin twice or pulling a name out of a hat.

Healthcare Fail

Posted 2010/08/22 by knightfoo
Categories: Personal, Politics, Rant

It amazes me that people still don’t “get it” when it comes to health care and why the system in the United States sucks so bad. It seems like the people who are whining about the government getting involved in healthcare are either wealthy enough that they can buy any insurance they want, they get insurance through their employer that is sufficient for their needs, or they simply never get sick. I can’t imagine any other reason which would make people so oblivious to what is going on around them.

I have a friend who just turned 21 and she suffers from a few “girl problems” – cysts, hormones, etc. She doesn’t live with her parents anymore and doesn’t have a job that provides health insurance, but she makes enough money that she doesn’t live in poverty. Unless of course you want to buy your own health insurance, and at $400/mo or more for decent coverage, that’s worse than a car payment. Also, until the new health care regulations go into place, she would probably be excluded due to preexisting conditions.

Since the surgery and other treatments are so expensive, her doctor pretty much told her “You’ll just have to put up with it for now, and if one of the cysts ruptures it’ll become a life and death situation then you can get the surgery for free”. Yeah, stuff like this happens every day – people can’t afford preventive medicine, so they have to wait until it’s so bad that an emergency room can’t turn them away. Not only does it make life miserable for them, it risks death, and by time that point comes then the cost to fix the problem is much higher.

If someone can’t afford $5,000 to fix a problem, they certainly can’t afford $10,000 after the emergency room visit, which will most likely result in temporary or permanent loss of wages. Are people so blind that they can’t see this happening? Or so selfish that they don’t care unless it happens to their family or friends? Personally I would rather pay a little more now than have to pay a lot later, which is the whole idea of insurance.

NOT having health insurance for every citizen is one of the many factors slowly dragging us into debt year by year. Hell, every state in the country requires car insurance, and they regulate said car insurance to make sure people aren’t being gouged. Why is it such a big deal to do this with health insurance?

Moto Droid gets Froyo

Posted 2010/08/11 by knightfoo
Categories: Technology

Around 5 am this morning my Droid popped up with a system update: 2.2 was finally here!  Of course I had to install it immediately and see what kind of new goodies were available.  I haven’t had a lot of time to play with it but here are some first impressions and highlights:

  • More home screens -  five instead of three now, and a quick navigation bar at the bottom to get around.
  • Quick button – instead of just the little app tab, there is a button at the bottom of the screen with quick access to Phone, Apps, and Browser. Long pressing the App button brings up a snapshot of all five home screens.
  • Phone – there is now a Favorites tab with your most accessed contacts.
  • USB tethering!
  • Camera – load time is much faster, and the pullout menu to adjust flash, focus etc. has been replaced with small buttons on the main screen.  You can easily adjust flash, timer, white balance, zoom and GPS.
  • Gallery – fixed an annoying bug where web album photos took forever to load.
  • Multitasking – long pressing the home button now brings up eight apps instead of six.  Minor  improvement, but how long did the iPhone wait for task switching?
  • Swype – still not available by default on the Droid, but I am on the beta program. I had to reinstall Swype because it detected the OS was different  and refused to work. The keyboard would show but tracing resulted in zero output.  After grabbing the installer again and reinstalling  it worked fine.
  • Exchange Mail – typing an address in the To: field now searches the Global Address List (GAL), but you still cannot just do a GAL search. Yes, better than no GAL at all, but it would be nice to have full search capabilities so you can view other contact information (phone, fax, address, etc) and add the contact to your local contact list. Touchdown is still my app of choice for Exchange mail.

The responsiveness is as good  or better than 2.1, though there are some apps that seem to lag a bit at times (Touchdown, Dolphin Browser HD). This is probably just a result of some APIs that the developers need to update. Overall a good experience though!

Technology is Cool

Posted 2010/07/28 by knightfoo
Categories: Technology

I was driving through the middle of west Texas a couple nights ago (boring) and came upon a flat area with dozens of flashing red lights spread across the horizon.  The pattern was odd – off, flash-flash-flash, off – so I couldn’t figure out what it was.  Radio towers just flash on and off, plus it wouldn’t make sense to have  so many do close together.

So I take out the Droid, open Maps and zoom to  my location. Turn on the satellite layer, and look around – bam, three-bladed shadows. Wind turbines!  It turns out the flash-flash-flash was caused by the rotors moving in front of the lights while they were on, which I eventually saw a few miles down the road when they were close enough to spot in the moonlight. You can’t deny that is cool, and  it will only become more common.  Heck, in  five or ten years you might even be able to pull up live satellite images and see yourself   driving through.  It’s a good time to be alive.


Follow

Get every new post delivered to your Inbox.