Cisco IOS updates – lessons learned

6 10 2009

One of the things I’ve learned the hard way about Cisco updates is that several things can (and usually do) go wrong if you don’t pay attention to what is going on.
1. Using the wrong IOS to update – if you pick one that lacks features (or one that disables features) you need, your router or switch will “die”. There is no easy way to learn this, you just have to figure it out. Pick carefully grasshopper.
2. Not having enough space – IOS will usually tell you before you start copying that you are out of luck, but that usually leads to the next problem…
3. Deleting files you really need – I thought I was smart – my router didn’t have enough room to fit everything so instead of worrying about it, I just formatted flash and I was ready to copy. The problem is that format destroys vlan.dat – a file you probably need. Don’t delete or format if you don’t know what you are doing. Or even better, if the device has a place for a compact flash card, get a bigger one and use it and have multiple IOS images!
4. Crapping out on a TFTP transfer – One thing about having a far flung network is that you quickly learn how slow and unreliable your connections are — !!!00!!!000!!!! If you don’t know what that is, then this comment may be wasted on you. Think about what you are doing and try to put the files as close to the updated device as possible. USB stick plugged into the device is best, or a machine on the local LAN if USB doesn’t work or isn’t an option. You will thank me later. !!0!!0!!0000!0!


Exchange 2007: How to allow relay exceptions

17 07 2009

Although allowing unfettered relaying of e-mail through your Exchange 2007 server should be avoided, there are situations in which allowing relaying is desirable.

For example, suppose you have an HVAC system that reports to operations when a building’s air handling system strays outside preset parameters. These systems typically handle their reporting via e-mail and don’t authenticate with your SMTP server. The system simply needs your SMTP server in order to correctly route the message. In Exchange 2007, relay is made available through the use of a custom SMTP receive connector. I should note that, by default, Exchange 2007 does support relaying of mail for systems that authenticate. Today’s tip focuses on relaying from an unauthenticated system.

I don’t know about ‘desirable’ but relays are sometimes ‘inevitable’…

bes 5.0 nightmare

15 07 2009

bes 5.0 nightmare

Well BES 5.0, so far anyway, sucks. It sucks to get set up, the interface sucks, the it policy area looks like something that was designed as a rough draft on a white board and then just put into the product and so many other issues I really can’t list them all.

I’d pretty much agree with this. Why do companies feel the need to move to half baked web admin interfaces that only work on IE, after having a perfectly good Windows only client?

Patch Tuesday fun…

14 07 2009

Microsoft Security Bulletin Summary for July 2009

In addition to these there is also an unpatched exploit that should only affect Office 2003 unless a machine has Office Web components installed (see )

Check to see if Office 2003 or the above web components are installed on any of your machines, and use the temp fix at to disable the vulnerability.

Troubleshooting Active Directory Certificate Services

9 07 2009

Clients do not automatically enroll for certificates after autoenrollment is configured.

  • Cause: The Group Policy information used for autoenrollment has not yet replicated to the client computers. By default, this information can take up to two hours to replicate to all computers.
  • Solution: Wait for Group Policy to complete replication or use the Gpupdate command-line tool to force replication to occur immediately. For more information, see Gpupdate (

I love it when a plan comes together