Monday, October 27, 2014

How to get on which Cisco Switch Port the Windows Server is connected | Cisco Discovery Protocol

Problem : How to get on which Cisco Switch Port the Windows Server is connected

Environment : Windows Server 2003 / 2008 / 2012 (With all revisions), Cisco Switching Landscape for Network

Solution :
In our scenario, we have tough time to get the which server is connected on which port of the Cisco Switch. We have to trace it manually or by running some commands on Cisco switch.

What if you dont have to goto Network team for getting the desired data. And yes, this is possible using only two tools.

With the help of Cisco Discovery Protocol, we can get the information which we require.

You need following tools to get your solution
Website Link : http://www.winpcap.org/windump/install/
Tool 1 : http://www.winpcap.org/install/bin/WinPcap_4_1_3.exe
Tool 2 : http://www.winpcap.org/windump/install/bin/windump_3_9_5/WinDump.exe

Steps :
1) Get the tool WinPcap installed on the server of which you need theinformation
2) Copy Windump.exe too on the same server.
3) Open command prompt and run the below commands to find out which NICs are being used :

D:\Softwares>WinDump.exe -D
1.\Device\NPF_{DE4A706A-7211-48B7-B48F-5D9ACBBD5BD8} (Microsoft)
2.\Device\NPF_{5F6BF467-20A0-4A4D-AD69-EA627FA97FCA} (Broadcom L2 NDIS client driver)
3.\Device\NPF_{9E039A06-2207-44F0-B916-B8A9D0C8DE57} (Broadcom L2 NDIS client driver)
4.\Device\NPF_{F93A488D-6FB9-4069-BF74-2210120088ED} (Broadcom L2 NDIS client driver)
5.\Device\NPF_{587BD189-1FDC-48D4-94E8-C03606950A75} (Broadcom L2 NDIS client driver)


4) Run following commands to get the data:
WinDump.exe -nn -v -i \Device\NPF_{DE4A706A-7211-48B7-B48F-5D9ACBBD5BD8} -s 1500 -c 1 "ether[20:2] == 0x2000"
WinDump.exe -nn -v -i \Device\NPF_{5F6BF467-20A0-4A4D-AD69-EA627FA97FCA} -s 1500 -c 1 "ether[20:2] == 0x2000"
WinDump.exe -nn -v -i \Device\NPF_{9E039A06-2207-44F0-B916-B8A9D0C8DE57} -s 1500 -c 1 "ether[20:2] == 0x2000"
WinDump.exe -nn -v -i \Device\NPF_{F93A488D-6FB9-4069-BF74-2210120088ED} -s 1500 -c 1 "ether[20:2] == 0x2000"
WinDump.exe -nn -v -i \Device\NPF_{587BD189-1FDC-48D4-94E8-C03606950A75} -s 1500 -c 1 "ether[20:2] == 0x2000"


D:\Softwares>WinDump.exe -nn -v -i \Device\NPF_{DE4A706A-7211-48B7-B48F-5D9ACBBD5BD8} -s 1500 -c 1 "ether[20:2] == 0x2000"
WinDump.exe: listening on \Device\NPF_{DE4A706A-7211-48B7-B48F-5D9ACBBD5BD8}
10:57:59.174135 CDPv2, ttl: 180s, checksum: 692 (unverified), length 357
        Device-ID (0x01), length: 3 bytes: 'A1'
        Version String (0x05), length: 187 bytes:
          Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEB2, RELEASE SOFTWARE (fc1)
          Copyright (c) 1986-2005 by Cisco Systems, Inc.
          Compiled Wed 08-Jun-05 01:19 by yenanh
        Platform (0x06), length: 20 bytes: 'cisco WS-C3750G-16TD'
        Address (0x02), length: 13 bytes: IPv4 (1) XXX.XX.X.XX
        Port-ID (0x03), length: 21 bytes: 'GigabitEthernet3/0/17'
        Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping
        Protocol-Hello option (0x08), length: 32 bytes:
        VTP Management Domain (0x09), length: 3 bytes: 'EPC'
        Native VLAN ID (0x0a), length: 2 bytes: 5
        Duplex (0x0b), length: 1 byte: full
        AVVID trust bitmap (0x12), length: 1 byte: 0x00
        AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
        Management Addresses (0x16), length: 13 bytes: IPv4 (1) XXX.XX.X.XX
1 packets captured
951404 packets received by filter
0 packets dropped by kernel

D:\Softwares>WinDump.exe -nn -v -i \Device\NPF_{5F6BF467-20A0-4A4D-AD69-EA627FA9
7FCA} -s 1500 -c 1 "ether[20:2] == 0x2000"

WinDump.exe: listening on \Device\NPF_{5F6BF467-20A0-4A4D-AD69-EA627FA97FCA}
10:58:59.176044 CDPv2, ttl: 180s, checksum: 692 (unverified), length 357
        Device-ID (0x01), length: 3 bytes: 'A1'
        Version String (0x05), length: 187 bytes:
          Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEB2, RELEASE SOFTWARE (fc1)
          Copyright (c) 1986-2005 by Cisco Systems, Inc.
          Compiled Wed 08-Jun-05 01:19 by yenanh
        Platform (0x06), length: 20 bytes: 'cisco WS-C3750G-16TD'
        Address (0x02), length: 13 bytes: IPv4 (1) XXX.XX.X.XX
        Port-ID (0x03), length: 21 bytes: 'GigabitEthernet3/0/17'
        Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping
        Protocol-Hello option (0x08), length: 32 bytes:
        VTP Management Domain (0x09), length: 3 bytes: 'EPC'
        Native VLAN ID (0x0a), length: 2 bytes: 5
        Duplex (0x0b), length: 1 byte: full
        AVVID trust bitmap (0x12), length: 1 byte: 0x00
        AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
        Management Addresses (0x16), length: 13 bytes: IPv4 (1) XXX.XX.X.XX
1 packets captured
329579 packets received by filter
0 packets dropped by kernel

D:\Softwares>WinDump.exe -nn -v -i \Device\NPF_{9E039A06-2207-44F0-B916-B8A9D0C8DE57} -s 1500 -c 1 "ether[20:2] == 0x2000"
WinDump.exe: listening on \Device\NPF_{9E039A06-2207-44F0-B916-B8A9D0C8DE57}
10:59:06.868032 CDPv2, ttl: 180s, checksum: 692 (unverified), length 357
        Device-ID (0x01), length: 3 bytes: 'A1'
        Version String (0x05), length: 187 bytes:
          Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEB2, RELEASE SOFTWARE (fc1)
          Copyright (c) 1986-2005 by Cisco Systems, Inc.
          Compiled Wed 08-Jun-05 01:19 by yenanh
        Platform (0x06), length: 20 bytes: 'cisco WS-C3750G-16TD'
        Address (0x02), length: 13 bytes: IPv4 (1) XXX.XX.X.XX
        Port-ID (0x03), length: 21 bytes: 'GigabitEthernet3/0/20'
        Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping
        Protocol-Hello option (0x08), length: 32 bytes:
        VTP Management Domain (0x09), length: 3 bytes: 'CCC'
        Native VLAN ID (0x0a), length: 2 bytes: 5
        Duplex (0x0b), length: 1 byte: full
        AVVID trust bitmap (0x12), length: 1 byte: 0x00
        AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
        Management Addresses (0x16), length: 13 bytes: IPv4 (1) XXX.XX.X.XX
1 packets captured
378 packets received by filter
0 packets dropped by kernel

D:\Softwares>WinDump.exe -nn -v -i \Device\NPF_{F93A488D-6FB9-4069-BF74-2210120088ED} -s 1500 -c 1 "ether[20:2] == 0x2000"
WinDump.exe: listening on \Device\NPF_{F93A488D-6FB9-4069-BF74-2210120088ED}
10:59:23.290285 CDPv2, ttl: 180s, checksum: 692 (unverified), length 353
        Device-ID (0x01), length: 3 bytes: 'A2'
        Version String (0x05), length: 183 bytes:
          Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(25)SEB2, RELEASE SOFTWARE (fc1)
          Copyright (c) 1986-2005 by Cisco Systems, Inc.
          Compiled Wed 08-Jun-05 01:19 by yenanh
        Platform (0x06), length: 20 bytes: 'cisco WS-C3750G-16TD'
        Address (0x02), length: 13 bytes: IPv4 (1) XXX.XX.X.XX
        Port-ID (0x03), length: 21 bytes: 'GigabitEthernet3/0/17'
        Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping
        Protocol-Hello option (0x08), length: 32 bytes:
        VTP Management Domain (0x09), length: 3 bytes: 'CCC'
        Native VLAN ID (0x0a), length: 2 bytes: 5
        Duplex (0x0b), length: 1 byte: full
        AVVID trust bitmap (0x12), length: 1 byte: 0x00
        AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
        Management Addresses (0x16), length: 13 bytes: IPv4 (1) XXX.XX.X.XX
1 packets captured
50844 packets received by filter
0 packets dropped by kernel

D:\Softwares>WinDump.exe -nn -v -i \Device\NPF_{587BD189-1FDC-48D4-94E8-C03606950A75} -s 1500 -c 1 "ether[20:2] == 0x2000"
WinDump.exe: listening on \Device\NPF_{587BD189-1FDC-48D4-94E8-C03606950A75}
11:00:11.087081 CDPv2, ttl: 180s, checksum: 692 (unverified), length 353
        Device-ID (0x01), length: 3 bytes: 'A2'
        Version String (0x05), length: 183 bytes:
          Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(25)SEB2, RELEASE SOFTWARE (fc1)
          Copyright (c) 1986-2005 by Cisco Systems, Inc.
          Compiled Wed 08-Jun-05 01:19 by yenanh
        Platform (0x06), length: 20 bytes: 'cisco WS-C3750G-16TD'
        Address (0x02), length: 13 bytes: IPv4 (1) XXX.XX.X.XX
        Port-ID (0x03), length: 21 bytes: 'GigabitEthernet3/0/13'
        Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping
        Protocol-Hello option (0x08), length: 32 bytes:
        VTP Management Domain (0x09), length: 3 bytes: 'CCC'
        Native VLAN ID (0x0a), length: 2 bytes: 5
        Duplex (0x0b), length: 1 byte: full
        AVVID trust bitmap (0x12), length: 1 byte: 0x00
        AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
        Management Addresses (0x16), length: 13 bytes: IPv4 (1) XXX.XX.X.XX
1 packets captured
2884594 packets received by filter
0 packets dropped by kernel



Tuesday, October 21, 2014

Unable to access Admin Shares (e.g. D$, E$, F$, G$) remotely in Windows Server 2012

Problem : 
Not able to access windows Admin shares  (e.g. D$, E$, F$, G$) from remote location on Windows Server 2012 Virtual Machine hosted on VMware ESXi 5.1 Infrastructure.

Observations : 
You get access denied error (I dont have screenshot of it) when you try accessing the drive from remote location.

Even if you add permissions for required ID, it behaves in same manner.

In event Viewer, you will get the event as below :


It was the Virtual Machine created on VMware ESXi 5.1 Visualization platform

Solution : 

This behavior of windows is because of the Group policy applied on the server is restricting Removable storage access from remote location.

Solution can be either from Windows side(Editing Group Policy) or VMware side(Disable Hotplug / HotAdd).
I prefer VMware side solution as we done have to compromise on the security of Windows System.

Steps :

To disable HotPlug capability using the vSphere Client:
    - Connect to the ESXi/ESX host or vCenter Server using the vSphere Client.
    - Power off the virtual machine.
    - Right-click the virtual machine and click Edit Settings.
    - Click the Options tab.
    - Click General > Configuration Parameters > Add Row.
    - Insert a new row with the name devices.hotplug and a value of false.


    - Power on the virtual machine.
Reference : http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012225

And you have done it!

Enjoy accessing your favorite drives from Remote locations!!!

Please feel free to comment.

Solved : The user profile failed to attach. The process cannot access the file becase it is being used by another process

Issue :  The user profile failed to attach. Please contact Support. Status : 0x0000000B, Message: Cannot open virtual disk Error Code: 0x000...