About Me

I have worked in IT Support, Software Development, Network Support and general IT Analyst. Like most System Administrators I am multi-talented , understanding modern technical systems, as well as having an in-depth understanding of IS Policy

Thursday, 20 March 2014

Factory Reset an ASA 5505

This will help you reset a Cisco ASA 5505 to its factory defaults and upgrade the IOS and ASDM version on it. 
  • Install TFTP d to your PC. http://tftpd32.jounin.net/
  • Make sure that the TFTP directory contains your images. An example will be.
    • Asa842-k8.bin
    • Asdm-645.bin

  • Connect your laptop to the asa using a console cable
  • Change the laptop ip to one on the asa's network
  • Copy both files to the flash of the ASA

  • If you need more space you can delete the older images. List what files are in there using the command show flash







  • To delete run the command delete filename
  • Change the config so that it boots from the new image
    boot system disk0:/asa842-k8.bin
    You may need to remove the old line
1. Power-cycle your security appliance by removing and re-inserting the power plug at the power strip.

2. When prompted, press Esc to interrupt the boot process and enter ROM Monitor mode. You should immediately see a rommon prompt (rommon #0>).

3. At the rommon prompt, enter the confreg command to view the current configuration register setting: rommon #0>confreg

4. The current configuration register should be the default of 0x01 (it will actually display as 0x00000001). The security appliance will ask if you want to make changes to the configuration register. Answer no when prompted.

5. You must change the configuration register to 0x41, which tells the appliance to ignore its saved (startup) configuration upon boot: rommon #1>confreg 0x41

6. Reset the appliance with the boot command: rommon #2>boot

7. Notice that the security appliance ignores its startup configuration during the boot process. When it finishes booting, you should see a generic User Mode prompt:
8. Enter the enable command to enter Privileged Mode. When the appliance prompts you for a password, simply press (at this point, the password is blank): ciscoasa>enable Password: ciscoasa#
ciscoasa> en
Password:  (blank)
ciscoasa# conf t
ciscoasa(config)#
Paste in the net config and watch for any errors

9. Write to memory. wr mem

10. The previously saved configuration is now the active configuration, but since the security appliance is already in Privileged Mode, privileged access is not disabled. Next, in configuration mode, enter the following command to change the Privileged Mode password to a known value (in this case, we'll use the password syst0m):  You can use the usual password
asa#conf t
#enable password syst0m

11. While still in Configuration Mode, reset the configuration register to the default of 0x01 to force the security appliance to read its startup configuration on boot:
asa(config)#config-register 0x01

12. Use the following commands to view the configuration register setting:
asa#show version

13. At bottom of the output of the show version command, you should see the following statement: Configuration register is 0x41 (will be 0x1 at next reload)

14. Save the current configuration with the copy run start command to make the above changes persistent:
asa#copy run start press return
Source filename [running-config]

15. Reload the security appliance: asa# reload System config has been modified. Save? [Y]es/[N]o:yes

Cryptochecksum: e87f1433 54896e6b 4e21d072 d71a9cbf

2149 bytes copied in 1.480 secs (2149 bytes/sec) Proceed with reload? [confirm]
Posted by at No comments:
Labels:

Tuesday, 4 March 2014

Upgrading to Exchange 2010 SP3 Update Rollup 3 from Exchange 2010 SP1

You Must run Setup with an elevated prompt or as an administrator.
Also make sure you have the necessary permissions to install (if you are a domain within a forest you may not have the correct permissions)

  1. Download SP3 and put on c drive of servers
  2. Take CASHT01 out of load balancer
    1. Take a snapshot
    2. Add the IIS 6 WMI compatibility (under IIS 6 Management Compatibility)
    3. Delete the contents of c:\Exchangesetuplogs (make sure you back these up first)
    4. Install Windows updates (Note: do not update KB2506143)
    5. Disable AV and backup services and pause any VM migrations
    6. Remove server from send connectors (might be overkill)
    7. Enable IPV6
    8. Run upgrade (using command line c:\upgradepath\setup.exe)
    9. Reboot
    10. Install Update Rollup 3
    11. Reboot
    12. Add server back to send connector
    13. Add CASHT01 back to Load balancer
    14. Check for issues and remove snapshot
    15. Make sure you enable and AV and backup services that were disabled.
  1. Take CASHT02 out of Load balancer
    1. Take a snapshot
    2. Add the IIS 6 WMI compatibility (under IIS 6 Management Compatibility)
    3. Delete the contents of c:\Exchangesetuplogs (make sure you back these up first)
    4. Install Windows updates (Note: do not update KB2506143)
    5. Disable AV and backup services and pause any VM migrations
    6. Remove server from send connectors (might be overkill)
    7. Enable IPV6
    8. Run Upgrade (using command line c:\upgradepath\setup.exe)
    9. Reboot
    10. Install Update Rollup 3
    11. Reboot
    12. Add server back to send connector
    13. Add CASHT02 back to Load balancer
    14. Check for issues and remove snapshot
    15. Make sure you enable and AV and backup services that were disabled.
  1. Put DBSVR1 into maintenance mode
    1. Copy StartDagServerMaintenance.ps1 and StopDagServerMaintenance.ps1 from c:\upgradepath\scripts to C:\Program Files\Microsoft\Exchange Server\V14\scripts
    1. C:\Program Files\Microsoft\Exchange Server\V14\scripts>.\StartDagServerMaintenance.ps1 -serverName DBSVR1 -overrideMinimumTwoCopies
When you run this script, it moves all the active databases to other DAG members. It pauses the node in the cluster, and sets the DatabaseCopyAutoActivationPolicy mailbox server setting to Blocked. The Suspend-MailboxDatabaseCopy cmdlet is run for each database hosted by the DAG member, and the cluster core resources will be moved to another server in the DAG if needed.

When you run this you should get some output like below. This does not mean it failed. If databases are being moved you can verify it through the console.

Run get-mailboxserver - id "servername"  and check the databasecopyautoactiviationpolicy. It should be set to blocked.


  1. Take a snapshot
  2. Add the IIS 6 WMI compatibility (under IIS 6 Management Compatibility)
  3. Delete the contents of c:\Exchangesetuplogs (make sure you back these up first)
  4. Install Windows updates (Note: do not update KB2506143) (Make sure KB25508886 is installed http://support.microsoft.com/kb/2550886)
  1. Disable AV and backup services and pause any vm migrations
  1. Enable IPv6
  1. Run Upgrade (using command line c:\upgradepath\setup /m:upgrade)
  1. Reboot
  1. Install Update Rollup 3
  1. Reboot
  1. Take DBSVR1 out of maintenance mode
    1. C:\Program Files\Microsoft\Exchange Server\V14\scripts>.\StopDagServerMaintenance.ps1 -serverName DBSVR1
After maintenance is complete, run this script to take the server out of maintenance mode. It will run the Resume-MailboxDatabaseCopy cmdlet for each database its hosting, resume the node in the cluster, and set the DatabaseCopyAutoActivationPolicy setting to Unrestricted.

  1. Check for issues and remove snapshot
  2. Make sure you enable and AV and backup services that were disabled.
  1. Put DBSVR2 into maintenance mode
    1. Copy StartDagServerMaintenance.ps1 and StopDagServerMaintenance.ps1 from c:\upgradepath\scripts to C:\Program Files\Microsoft\Exchange Server\V14\scripts
    2. C:\Program Files\Microsoft\Exchange Server\V14\scripts>.\StartDagServerMaintenance.ps1 -serverName DBSVR2  -overrideMinimumTwoCopies
    3. Take a snapshot (This is not really necessary as once the database has been moved to an upgraded mailbox server they cannot be moved back)
    4. Add the IIS 6 WMI compatibility (under IIS 6 Management Compatibility)
    5. Delete the contents of c:\Exchangesetuplogs (make sure you back these up first)
    6. Install Windows updates (Note: do not update KB2506143) (Make sure KB25508886 is installed http://support.microsoft.com/kb/2550886)
    7. Disable AV and backup services and pause any vm migrations
    8. Enable IPV6
    9. Run Upgrade (using command line c:\upgradepath\setup.exe)
    10. Reboot
    11. Install Update Rollup 3
    12. Reboot
  1. Take DBSVR out of maintenance mode
    1. C:\Program Files\Microsoft\Exchange Server\V14\scripts>.\StopDagServerMaintenance.ps1 -serverName DBSVR2
    2. Check for issues and remove snapshot
    3. Make sure you enable and AV and backup services that were disabled.


Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)