Category: Microsoft

Categories
Cisco Microsoft Windows

Windows 10 USB-to-Serial adapter Woes…

About 2 months ago, I had to go to a new customer site that was down and diagnose a problem.  Easy, I’ve done this a thousand times over the past 15 years…  Device not recognized. My USB-to-Serial adapter (no name brand off of Amazon) wasn’t working.  Code 10 Error.

I’m documenting this because, as infrequently as I actually use a console cable anymore, I tend to forget how to fix the issue when it arises.  2018 has been a funny year for Microsoft patching.  Seems to be a crap shoot of what will break once you apply new patches.  Windows 10 patches haven’t been immune to this.

Here’s how I fixed it.

  1. Download the PL2303_64bit_Installer.exe
  2. Unplug the USB-to-Serial Adapter
  3. Open up the previously downloaded exe.
  4. When prompted, plug in the USB-to-Serial Adapter
  5. Reboot

Now magically, you’ll have an adapter that provides a console port.

Some additional troubleshooting:  Apparently there is more than one version of the adapter on my computer but the one that works is 3.3.2.102 from 9/24/2008.

Hope this helps.

Categories
Microsoft VMWare Windows

Server 2016 VM losing network connectivity on VMWare ESXi 6.5

I ran into an issue recently where servers that have been running for 6+ months with normal patching/rebooting, but without issue, all of a sudden started losing network connectivity.  The icon would pop up in the tray and the server was no longer reachable.  I still don’t know the underlying cause of the issue, but here’s what I figured out.

Thanks to this blog post, I was able to throw some commands at the box (network tuning stuff) and determine which specific command fixed the network access.

Here are the commands:
netsh int tcp set global chimney=Disabled
netsh int tcp set global autotuninglevel=normal
netsh int tcp set supplemental custom congestionprovider=none
netsh int tcp set global ecncapability=Disabled
netsh int ip set global taskoffload=disabled
netsh int tcp set global timestamps=Disabled
netsh int tcp set global RSS=Enable
netsh int tcp set global rsc=disabled

The supplemental custom command didn’t work for some reason, but the winner here was to enable RSS on the network interface.

Hope this helps.

Categories
Microsoft Windows

Quickly Change Network Interface IP’s

I change my network card IP’s all the time to connect directly to hardware for initial configuration. I’ve been manually doing this for 15 years now. I finally sat down and learned netsh, put it into stupidly simple batch files and now have a folder on my desktop with all the common IP ranges.

Here’s an exerpt of the script to change the interface from it’s current state to 192.168.10.22.

@echo off
netsh interface ip set address "Ethernet" static 192.168.10.22 255.255.255.0 192.168.10.1 1
goto end
:end
end of script

To set the interface back to DHCP use this one.

@echo off
netsh interface ip set address "Ethernet" dhcp
netsh interface ip set dns "Ethernet" dhcp
goto end
:end
end of script

Note “Ethernet” in this case is the name of my network card. Your’s might be Local Area Connection or something similar. Modify accordingly.

Copy that into notepad, save as a .bat and run as administrator.  Away you go.

Categories
Cisco Microsoft Uncategorized Windows

Troubleshooting Network Performance Issues

This won’t be a tutorial, however, the purpose of this post is to highlight some common TCP/IP issues that degrade network performance.

Network Congestion – If your firewall/router graphs your network usage, use that or obtain your current throughput (up/down) to your ISP. Use the current usage and then run a few speed tests in order to determine if your hardware is capable of hitting your maximum download/upload speeds you currently pay for. So if you have a 100 meg fiber circuit and your firewall is showing you are currently using about 60 megs at any given time, you should be able to get somewhere close to 40 megs on a download test from speedtest.net. If not, either your provider is not giving you the bandwidth you are paying for or you have a hardware issue. If you have SNMP capable devices, a really simple tool is STG

Maximum Segment Size (MSS) – I’ve run into this issue a number of time, mostly when dealing with GRE/DMVPN tunnels. It’s usually fixed on Cisco routers by issuing ip tcp mss 1400. You can read more here: TCP MSS Adjustment

High TCP Retransmissions – This one you’ll probably have to take out Wireshark and start a packet capture from the device that is having issues in your network or use a network tap or even a span port on a switch. If TCP retransmissions are high, you have a problem somewhere in your network. Most commonly on wireless.

TCP Window Scaling – I’ve seen this most commonly on modern firewalls that use Deep Packet Inspection (DPI). Please read more here.

Slow DNS Responses – in most enterprise environments, PC’s will have a local DNS server to query from which would cut down on this problem, however if the server were having CPU/Memory/Disk issues, it can still happen. Likewise, if you do not have a local DNS resolver, and use a remote DNS server, this can also be a problem. I’ve used a tool from Google in the past to help troubleshoot and to point me to the best DNS server based on my network/location called Namebench.

Path MTU Discovery (PMTUD) – This is where the “secure by default” methodology of most firewall’s today may kick you in the butt. By disabling ICMP, you also disable Path MTU Discovery. It’s a simple fix but Cisco has the best explanation I’ve been able to find on it. You can read that here. Then someone felt very strongly about the subject and created a website dedicated to it here.

Routing Issues – In this case it would be poorly configured asymmetrical routing. Traffic goes out on a nice 100 meg connection but comes back to you on your backup 20 meg connection, likely due to a BGP configuration problem.

TCP Offload – Depending on how your servers are configured, this could be a blessing or a curse. I’ve most commonly had a problem with this on virtualized servers where the host/virtual NIC weren’t on the same page. Disabling it helped.

SMB 3.0 Multichannel – Read here for details on it, but simply put, add more network interfaces to your file server and you’ll have better performance.

I have re-created the wheel here somewhat but if you want a single source for some good information on most of these issues, please visit this site.

Also, learn Wireshark. It will become your best friend.

Categories
Microsoft pfSense

Terminal Server Aware Web Proxy Server with pfSense

At work, I have a client that was requesting the ability to monitor/block sites that their users were visiting.  This is traditionally quite easy with just a squid proxy server or a Barracuda Web Filter but they really didn’t want an extra server to be installed during this process AND they were using a terminal server.

I started looking for server side applications that I could install and just have the admin pull the data from there, however, the costs I was finding were a bit too much.  I setup a pfSense in a quick lab to demo this up.  After installing pfSense on some old hardware, did a basic configuration of the box, and then installed the Squid proxy package.  I configured this to be a traditional proxy where I had to send traffic on a specific port, and the user was required to login.  That was really the trick to get the terminal server users broken apart.  I know it could probably use a little masaging with NTLM authentication or some other clean mechanism but for the lab and the purposes of this client, this hit the mark for a great price.

I did mention that they did not want to install new hardware during this process, but the knew they needed to upgrade their Linksys “router” that was currently firewalling their network.  I am once again impressed with the flexibility and ease of use that pfSense gives you.  I truly only have 1 complaint about the system at all but it has nothing to do with this and as I understand it, that feature has been added in pfSense 2.0.  The management of OpenVPN clients/certificates is somewhat of a nightmare for large installs unless you use a single certificate for all users (not recommended).