Problem With PXE Across Subnets

Similar Messages

• Kernel Panic with Netboot Across Subnet Intel iMac

  I have a problem with trying to netboot a intel iMac across the subnet. It connects up goes to the spinning globe then the spinning globe stops spinning and I get a kernel panic.
  I've tested that the mac can netboot in the same subnet as the netboot server. But I've got no idea why it's getting a kernel panic when trying to netboot across the subnet.
  I'm using bombichs NBAS version 1.2
  OS X 10.4.6 Server on the netboot server
  I've created the intel netboot image via the updated 10.4.6 "System Image Utility" and have enabled it via Server Admin.
  Here is the log I get after the restart.
  ============================================
  panic(cpu 0 caller 0x002B7C75): nfsbootgetfh(v2,UDP) failed with 2
  Backtrace, Format - Frame : Return Address (4 potential args on stack)
  0x1396b994 : 0x128b5e (0x3bbeb8 0x1396b9b8 0x131bbc 0x0)
  0x1396b9d4 : 0x2b7c75 (0x3d3fb0 0x2 0x0 0x2)
  0x1396bdb4 : 0x2d027a (0x120a358 0x24a9c00 0xc 0x10)
  0x1396bea4 : 0x1c6e6c (0x1 0x23b20c0 0x2466420 0x2486e00)
  0x1396bee4 : 0x3111ab (0x23584c0 0x1 0x1396bf98 0x20)
  0x1396bfb4 : 0x136e86 (0x0 0x7 0xfffff7ff 0x4a1000)
  0x1396bfd4 : 0x197a21 (0x0 0xffffffff 0x4461f8 0x4a1000) Backtrace terminated-invalid frame pointer 0x0
  Kernel version:
  Darwin Kernel Version 8.6.1: Tue Mar 7 16:55:45 PST 2006; root:xnu-792.9.22.obj~1/RELEASE_I386
  Model: iMac4,1, BootROM IM41.0039.B00, 2 processors, Intel Core Duo, 1.83 GHz, 1 GB
  Graphics: ATI Radeon X1600, ATY,RadeonX1600, PCIe, 128 MB
  Memory Module: DIMM1/BANK 1, 1 GB, DDR2 SDRAM, 667 MHz
  AirPort: spairportwireless_card_type_airportextreme (0x14E4, 0x89), 103.2 (3.120.28.3)
  Bluetooth: Version 1.7.3f4, 2 service, 1 devices, 1 incoming serial ports
  Network Service: Built-in Ethernet, Ethernet, en0
  Serial ATA Device: WDC WD1600JS-40NGB2, 149.05 GB
  Parallel ATA Device: PIONEER DVD-RW DVR-K05
  USB Device: Built-in iSight, Micron, Up to 480 Mb/sec, 500 mA
  USB Device: Hub in Apple Pro Keyboard, Mitsumi Electric, Up to 12 Mb/sec, 500 mA
  USB Device: Apple Optical USB Mouse, Logitech, Up to 1.5 Mb/sec, 100 mA
  USB Device: Apple Pro Keyboard, Mitsumi Electric, Up to 12 Mb/sec, 250 mA
  USB Device: Bluetooth HCI, Up to 12 Mb/sec, 500 mA
  USB Device: IR Receiver, Apple Computer, Inc., Up to 12 Mb/sec, 500 mA
  Hope someone can help me with this problem
  Cheers,
  Berry

  See
  What is a kernel panic,
  Technical Note TN2063: Understanding and Debugging Kernel Panics,
  Mac OS X Kernel Panic FAQ,
  Resolving Kernel Panics, and
  Tutorial: Avoiding and eliminating Kernel panics for more details.

• Problems with iMessage across mobile devices

  My wife and I both have iOS 5 on our iPhone 4's, and I have iOS 5 on my iPad 2 as well. I receive her messages from her phone on both my iPhone and my iPad, but my iPad won't let me reply: the Send button is blue, but the word "Send" stays grey, and won't function. Obviously it is receiving messages just fine, so I have something right in the settings, but why can't I send a message? It doesn't matter whether I am in my home wi-fii, or running across 3G- it won't work either way. Please help!

  I am having huge problems with imessage. I go to send an imessage and the sending bar at the top gets to around 90% and then just stops. It takes around 10 minutes before it finally says fails. Often you dont even realise it has failed as it says it has sent, yet when you check your phone there is a red dot against it. This is a huge problem both in and out of wifi areas. My phone is usless when trying to text my wife who also has an iphone 4s as it only sends an imessage around 50% of the times I Try.

• Problem with Pxe on IBM ThinkCenter

  I am having a problem getting Zen 7 Imaging to work on IBm ThinkCenter 6072
  desktops. I receive an ip address and going through the process seems to
  work up until it actually goes into the Zen bash prompt to start the
  program. The error reads "no network device found. Load network module
  first". We run Zen 7 sp1 ir2 on a NW6.5 sp5 server. My ultimate goal is to
  be able to run multcast image operations on the new IBM machines we just got
  in.
  Mike

  Most of the new ibms, laptops and desktop will not pxe boot. Any
  thoughts????
  "Mberg" <[email protected]> wrote in message
  news:mJbHj.933$[email protected]..
  > One more thing. These machines will pxe boot with a bootcd and allow me to
  > image.
  >
  >
  > "Mberg" <[email protected]> wrote in message
  > news:lIbHj.931$[email protected]..
  >>I am having a problem getting Zen 7 Imaging to work on IBm ThinkCenter
  >>6072 desktops. I receive an ip address and going through the process seems
  >>to work up until it actually goes into the Zen bash prompt to start the
  >>program. The error reads "no network device found. Load network module
  >>first". We run Zen 7 sp1 ir2 on a NW6.5 sp5 server. My ultimate goal is to
  >>be able to run multcast image operations on the new IBM machines we just
  >>got in.
  >>
  >> Mike
  >>
  >
  >

• Problem with PXE install of T500

  At my firm we have got a T500 for test and we are trying to make it run with our PXE environment.
  We run PXE boot with Dos, and get a failure upon unattended installation of XP, something like "The Installation has run out of memory, and can not continue" roughly translated from danish.
  We already have about 12 different machines in our setup, like T43, T60, T61 and they all run flawlessly in our setup. However this T500 kills the installation right after copying files to the partitioned harddrive.
  We had this problem before and had to trim down bios functions to get enough memory free for the installation. But what can we trim on the bios of the T500? (type 2241-CTO)
  Hope to get a fast reply
  Kind regards
  //Cosmodk

  Disable Intel ATM from bios. This should free some memory.
  Also fixes so issues with altiris pxe server if you are using it?

• Problem with persistence across scenes

  I have a student who has created some code- see below. At the moment this code is in Scene 5 - but the blocks also appear on other scenes.
  How does he limit this code to just one scene?
  Can he replicate this to be used on other scenes, but starting out fresh.
  Currently, 50 blocks spawn on top of one another. These are used for teaching addition or multiplication. When they've been dragged out into a pattern, we don't want that pattern on another scene, we want them on on top of the other.
  The code is not overly elegant, but it does work - except for being repeated across scenes.
  block = []
  //this function creates a block at a certain location and adds it to an array
  //new identifiers are block30 and so on
  function spawnBlock(){
    blockSpawn = attachMovie("block","block"+_root.getNextHighestDepth(),_root.getNextHighestDepth(),{_x:5 50,_y:300});
    block.push(blockSpawn._name);
  //this runs the spawnBlock funtion 50 times creating 50 new blocks
  //change 50 to the number of blocks desired
  for(i=0;i<50;i++){
    spawnBlock();
    //trace(block[i]); //testing if the funtion was working
  function dragSetup(clip){ //this is used to assign a movie clip to funtion that can be reused with each block that is created
    clip.onPress = function(){
    startDrag(this);
    clip.onRelease = clip.onReleaseOutside=function(){ //same as above
    stopDrag();
  //this lets each block that is needed to be dragged
  //add in more lines to let more blocks get dragged
  dragSetup(block0);
  dragSetup(block1);
  dragSetup(block2);
  dragSetup(block3);
  dragSetup(block4);
  dragSetup(block5);
  dragSetup(block6);
  dragSetup(block7);
  dragSetup(block8);
  dragSetup(block9);
  remainder removed for brevity.

  use:
  function clear_blockF():Void{
  for(var i:Number=block.length-1;i>=0;i--){
  this[block[i]].removeMovieClip();
  block.length=0;

• Problems with communication across a network using shared variables

  I have two programs(projects) running on two different computers connected with a LAN. I am using LabVIEW 8.0, and the DSC-module. The program on one of the computers have measurements that I want to collect and show on the program running on the other computer on the network. I choose the indicator where I want to show the data, select ''Properties'', ''Data binding'', ''Shared Variable Engine (NI-PSP)'', ''Network Items'' and then browse for a Network...but the problem is that in my ''Network Neighborhood'' There is only one computer...and that is the one I am one...not the computer on my Network that I want to communicate with....
  Have anyone any suggestions on how to solve this?
  Kind regards Mari

  Mari,
  Check this link regarding trouble shooting network-published shared variables:
  http://digital.ni.com/public.nsf/websearch/6E37AC5435E44F9F862570D2005FEF25?OpenDocument
  This might be a firewall issue, so I would check that first.
  Frode

• PXE across subnets using IP Helper Address

  For 10 years I have been trying to get my network engineers to add an IP Helper address of our SCCM PXE Server in order to provide an Enterprise PXE service for our campus (Large University). And every year they keep telling me
  they won’t do it due to security concerns. I’m not exactly sure what they mean or what they are afraid of but I am looking for others who have been in this same situation and have been able to accomplish what has been a never ending exercise in futility for
  me. I am looking for a white paper or a case study that I can use to help build my case and hope that someday I can convince our engineers that the world won't come to an end by adding IP Helper addresses.

  .. they won’t do it due to security concerns. I’m not exactly sure what they mean or what they are afraid of..
  You need to get to the bottom of their specific concerns....
  PXE involves the use of TFTP (to download the NBP + boot.sdi + boot.wim).
  TFTP is neither robust/resilient nor particularly secure.
  But I'm guessing that the concern must surely be more related to the payload/content (i.e. what is within the boot image itself) that might be the worry?
  The boot image (potentially) contains licensed products (not directly a security concern), and certificates, accounts, passwords, scripts ?
  If you have the F8 debug feature enabled in your boot image, it could be used to "live boot" a computer, access the filesystem on that computer, and basically provide uncontrolled access to the files/documents/data on that computer (assuming that your computers
  are not using any form of disk encryption).
  For this last reason, F8-debug should not remain enabled for "normal" operation.
  In our organisation, we mitigate that risk with disk encryption. We also don't distribute boot media nor full media - PXE is the only way we deploy OS (well, outside of the datacentre, that is).
  Our networking team were initially concerned about PXE - but not from the security aspect, more from the capacity/bandwidth perspective. So we worked with them to plan/design/place the boot servers, and the DP's placement.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Problems with PXE boot for clients

  Hi,
  I have an environment where I have clients on av VLAN connected to a Cisco 2960X (WS-C2960X-48LPD-L ) with layer 3 configuration. The clients do a PXE boot to get configuration. The thing is that this does not work on all switches. The switches have the exact same configuration, the only thing that differs is Hardware Board Revision Number. (That I can find..) The ones that works has 0x05 and the ones that doesn´t work has 0x12. The PXE server is connected on a different VLAN in the same switch.
  I have configured spanning-tree portfast on the interfaces. I have ip-helper on the VLAN. The PXE server is also the DHCP server.
  Any suggestions?
  Regards,
  Carina

  It seems NIC teaming was configured really incorrectly in this case. Different switches require different configuration with specific settings on the Windows Server side. Sometimes incorrect configurations work when network traffic is low but start behaving
  funny when it increases. The reason behind this is Windows hosts sending back answers to its peers via different physical links, and the switch doesn't expect it and drops "incorrect" frames.
  You can find detailed description of different teaming modes here:
  http://www.aidanfinn.com/?p=14004
  If you use LACP, be sure to set up port channel on Cisco switches or LACP trunk on HP switches. Otherwise you might want to use the Switch Independent mode.
  Evgeniy Lotosh
  MCSE: Server infractructire, MCSE: Messaging

• NetBoot across subnets with a bootpd relay

  Hello Apple Community!
  I've got 4 subnets at my school, each with various Macs around campus.  I have a Mavericks server on each subnet currently, each with their own NetBoot images.  It's a pain to keep everything updated.  I can get a single client Mac (pre-2011) to boot across subnets using the bless command, but that's not really a viable solution for us to run a bless command on each client every single time we want to netboot.  So far, the solution has been just to have dedicated netboot servers on each subnet, but I know there has to be a better way.
  This article (OS X Server: How to use NetBoot across subnets - Apple Support) describes three different methods for netbooting across subnets, but two of them are not really viable for us.  Those involve reconfiguring the network to allow BootP data to pass across subnets or configuring one server with multiple network connections, one for each subnet.  However, option #2 describes configuring a bootpd relay.  Based on my reading, this sounds like exactly what I need.  However, I can't find any good documentation to walk me through setting it up.
  I've thoroughly read the bootpd man page, which has had me editing the /etc/bootpd.plist on multiple servers.  This hasn't gotten me very far.  My clients still don't see the remote NetBoot server.  It seems like the relay is supposed to redirect broadcasts from the remote Netboot server, through a local NetBoot server to the client.  But I have no idea how to make this work.
  Could someone please give me more guidance on what I'm supposed to be doing here?  I'd like to host a single NetBoot server and have any client on any subnet be able to option-boot to see the NetBoot startup options (I have multiple NetBoot images, from Apple Service Toolkit to DeployStudio and Mavericks/Yosemite installers in between).  Even if I could get it to just netboot to one default source (AST), I could deal with that.  I'm also happy to host multiple NetBoot servers, but with all my NetBoot images in one location.  I'm stumped in this multiple subnet environment and I need help.  Please help.

  Thanks again for your feedback.  I had forgotten I left the "tftp://" on the IP address.  Though, I've tried that multiple ways, starting with IP only.  Also, per the bootpd man page (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man8/bootpd.8.html), <allow/> and <deny/> are lists for MAC address allowances and when nothing is defined everything goes through.  These are there by default, though I will remove them and see what happens.  Also, according to the man page, bootp_enabled enables on all connections when a boolean is set rather than an array.  Though I will still change this also and see what happens.  The array that comes after the netboot_disabled key is auto-generated by NetInstall when you turn the service on in Server.app.
  Essentially, that plist comes from a fresh activation of NetInstall.  I deleted the previous .plist, rebooted the server and when I turned on NetInstall, that's what was created, plus my bootp modifications.
  All that said, you said that you assumed I started the relay with the 'debug & logging' options enabled.  I haven't started the relay in any active sense.  So far, I've just been modifying this .plist, and rebooting a bunch of times, but that's where I seem to get lost.  Is there a way to actively "start" the relay?  I'd love to look at these 'debug & logging' options.  As for the 'Startup Disk' prefs on the client Mac, they do not show any significant change.  Basically, they just don't see the remote server as a startup option.  I have not gleaned any pertinent info from console, though I'm not sure I know what I'm looking for.
  On a side note, I had a wild hair to try something different.  I set my local subnet's server to look at a NetBootSP0 folder that was actually a symlink to a NetBootSP0 folder that was mounted as a file share from the remote NetBoot server.  This really looked like it might work.  When you boot the client, it saw the startup volumes from the remote server.  However, upon boot, it doesn't seem to make the connection and winds up booting back to the internal hard drive.  It was worth a try...

• Two Cisco ASA 5505, IPSec Multiple Subnets, Problem with Phase2, DSL

  Hi all.
  we have following IPSec configuration:
  ASA Site 1:
  Cisco Adaptive Security Appliance Software Version 9.1(1)
  crypto ipsec ikev1 transform-set TSAES esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set TSMD5 esp-3des esp-md5-hmac
  crypto ipsec ikev2 ipsec-proposal PropAES256
  access-list SITE_2 extended permit ip 172.27.0.0 255.255.0.0 172.27.97.0 255.255.255.0
  access-list SITE_2 extended permit ip 172.28.60.0 255.255.254.0 172.27.97.0 255.255.255.0
  access-list SITE_2 extended permit ip 172.22.0.0 255.255.0.0 172.27.97.0 255.255.255.0
  access-list SITE_2 extended permit ip 172.27.0.0 255.255.0.0 172.27.99.0 255.255.255.0
  access-list SITE_2 extended permit ip 172.22.0.0 255.255.0.0 172.27.99.0 255.255.255.0
  crypto map CMVPN 5 match address SITE_2
  crypto map CMVPN 5 set peer IP_SITE2
  crypto map CMVPN 5 set ikev2 ipsec-proposal PropAES256
  crypto map CMVPN interface OUTSIDE
  route OUTSIDE 172.27.97.0 255.255.255.0 citic-internet-gw 255
  route OUTSIDE 172.27.99.0 255.255.255.0 citic-internet-gw 255
  tunnel-group IP_SITE2 type ipsec-l2l
  tunnel-group IP_SITE2 general-attributes
  default-group-policy VPN_S2S_WAN
  tunnel-group IP_SITE2 ipsec-attributes
  ikev2 remote-authentication pre-shared-key *****
  ikev2 local-authentication pre-shared-key *****
  ASA Site 2:
  Cisco Adaptive Security Appliance Software Version 9.1(4)
  access-list SITE_1 extended permit ip 172.27.97.0 255.255.255.0 172.28.60.0 255.255.254.0
  access-list SITE_1 extended permit ip 172.27.97.0 255.255.255.0 172.27.0.0 255.255.0.0
  access-list SITE_1 extended permit ip 172.27.97.0 255.255.255.0 172.22.0.0 255.255.0.0
  access-list SITE_1 extended permit ip 172.27.99.0 255.255.255.0 172.27.0.0 255.255.0.0
  access-list SITE_1 extended permit ip 172.27.99.0 255.255.255.0 172.22.0.0 255.255.0.0
  crypto map CMVPN 10 match address SITE_1
  crypto map CMVPN 10 match address SITE_1
  crypto map CMVPN 10 set peer IP_SITE1
  crypto map CMVPN 10 set ikev2 ipsec-proposal IKEV2AES
  crypto map CMVPN 10 set reverse-route
  crypto map CMVPN interface OUTSIDE
  tunnel-group IP_SITE1 type ipsec-l2l
  tunnel-group IP_SITE1 general-attributes
  default-group-policy VPN_S2S_WAN
  tunnel-group IP_SITE1 ipsec-attributes
  ikev2 remote-authentication pre-shared-key *****
  ikev2 local-authentication pre-shared-key *****
  We are not able to reach from 172.22.20.x ips 172.27.99.x.
  It seems so that the phase2 for this subnet is missing…...... as long as we try to reach from 172.27.99.x any ip in 172.22.20.x.
  We are using similar configuration on many sites and it works correctly expect sites with DSL line.
  We can exclude problem with NAT,ACL or routing. The connection is working fine as long as “we open all phase 2 manually” . After re-open (idle timeout) the tunnel the problem comes back.
  Thanks in advance for your help.
  Regards.
  Jan
  ASA Site 1# sh vpn-sessiondb detail l2l filter ipaddress ASA Site 2
  Session Type: LAN-to-LAN Detailed
  Connection   : IP ASA Site 2
  Index        : 3058                   IP Addr      : IP ASA Site 2
  Protocol     : IKEv2 IPsec
  Encryption   : IKEv2: (1)AES256  IPsec: (3)AES256
  Hashing      : IKEv2: (1)SHA512  IPsec: (3)SHA1
  Bytes Tx     : 423634                 Bytes Rx     : 450526
  Login Time   : 19:59:35 HKT Tue Apr 29 2014
  Duration     : 1h:50m:45s
  IKEv2 Tunnels: 1
  IPsec Tunnels: 3
  IKEv2:
    Tunnel ID    : 3058.1
    UDP Src Port : 500                    UDP Dst Port : 500
    Rem Auth Mode: preSharedKeys
    Loc Auth Mode: preSharedKeys
    Encryption   : AES256                 Hashing      : SHA512
    Rekey Int (T): 86400 Seconds          Rekey Left(T): 79756 Seconds
    PRF          : SHA512                 D/H Group    : 5
    Filter Name  :
    IPv6 Filter  :
  IPsec:
    Tunnel ID    : 3058.2
    Local Addr   : 172.22.0.0/255.255.0.0/0/0
    Remote Addr  : 172.27.97.0/255.255.255.0/0/0
    Encryption   : AES256                 Hashing      : SHA1
    Encapsulation: Tunnel
    Rekey Int (T): 28800 Seconds          Rekey Left(T): 22156 Seconds
    Rekey Int (D): 4608000 K-Bytes        Rekey Left(D): 4607648 K-Bytes
    Idle Time Out: 25 Minutes             Idle TO Left : 24 Minutes
    Bytes Tx     : 312546                 Bytes Rx     : 361444
    Pkts Tx      : 3745                   Pkts Rx      : 3785
  IPsec:
    Tunnel ID    : 3058.3
    Local Addr   : 172.27.0.0/255.255.0.0/0/0
    Remote Addr  : 172.27.97.0/255.255.255.0/0/0
    Encryption   : AES256                 Hashing      : SHA1
    Encapsulation: Tunnel
    Rekey Int (T): 28800 Seconds          Rekey Left(T): 22165 Seconds
    Rekey Int (D): 4608000 K-Bytes        Rekey Left(D): 4607952 K-Bytes
    Idle Time Out: 25 Minutes             Idle TO Left : 24 Minutes
    Bytes Tx     : 50014                  Bytes Rx     : 44621
    Pkts Tx      : 496                    Pkts Rx      : 503
  IPsec:
    Tunnel ID    : 3058.4
    Local Addr   : 172.27.0.0/255.255.0.0/0/0
    Remote Addr  : 172.27.99.0/255.255.255.0/0/0
    Encryption   : AES256                 Hashing      : SHA1
    Encapsulation: Tunnel
    Rekey Int (T): 28800 Seconds          Rekey Left(T): 22324 Seconds
    Rekey Int (D): 4608000 K-Bytes        Rekey Left(D): 4607941 K-Bytes
    Idle Time Out: 25 Minutes             Idle TO Left : 24 Minutes
    Bytes Tx     : 61074                  Bytes Rx     : 44461
    Pkts Tx      : 402                    Pkts Rx      : 437
  NAC:
    Reval Int (T): 0 Seconds              Reval Left(T): 0 Seconds
    SQ Int (T)   : 0 Seconds              EoU Age(T)   : 6648 Seconds
    Hold Left (T): 0 Seconds              Posture Token:
    Redirect URL :
  ....  after ping from 172.27.99.x any ip in 172.22.20.x.
  ASA Site 1# sh vpn-sessiondb detail l2l filter ipaddress ASA Site 2
  Session Type: LAN-to-LAN Detailed
  Connection   : IP ASA Site 2
  Index        : 3058                   IP Addr      : IP ASA Site 2
  Protocol     : IKEv2 IPsec
  Encryption   : IKEv2: (1)AES256  IPsec: (4)AES256
  Hashing      : IKEv2: (1)SHA512  IPsec: (4)SHA1
  Bytes Tx     : 784455                 Bytes Rx     : 1808965
  Login Time   : 19:59:35 HKT Tue Apr 29 2014
  Duration     : 2h:10m:48s
  IKEv2 Tunnels: 1
  IPsec Tunnels: 4
  IKEv2:
    Tunnel ID    : 3058.1
    UDP Src Port : 500                    UDP Dst Port : 500
    Rem Auth Mode: preSharedKeys
    Loc Auth Mode: preSharedKeys
    Encryption   : AES256                 Hashing      : SHA512
    Rekey Int (T): 86400 Seconds          Rekey Left(T): 78553 Seconds
    PRF          : SHA512                 D/H Group    : 5
    Filter Name  :
    IPv6 Filter  :
  IPsec:
    Tunnel ID    : 3058.2
    Local Addr   : 172.22.0.0/255.255.0.0/0/0
    Remote Addr  : 172.27.97.0/255.255.255.0/0/0
    Encryption   : AES256                 Hashing      : SHA1
    Encapsulation: Tunnel
    Rekey Int (T): 28800 Seconds          Rekey Left(T): 20953 Seconds
    Rekey Int (D): 4608000 K-Bytes        Rekey Left(D): 4606335 K-Bytes
    Idle Time Out: 25 Minutes             Idle TO Left : 24 Minutes
    Bytes Tx     : 652492                 Bytes Rx     : 1705136
    Pkts Tx      : 7419                   Pkts Rx      : 7611
  IPsec:
    Tunnel ID    : 3058.3
    Local Addr   : 172.27.0.0/255.255.0.0/0/0
    Remote Addr  : 172.27.97.0/255.255.255.0/0/0
    Encryption   : AES256                 Hashing      : SHA1
    Encapsulation: Tunnel
    Rekey Int (T): 28800 Seconds          Rekey Left(T): 20962 Seconds
    Rekey Int (D): 4608000 K-Bytes        Rekey Left(D): 4607942 K-Bytes
    Idle Time Out: 25 Minutes             Idle TO Left : 24 Minutes
    Bytes Tx     : 60128                  Bytes Rx     : 52359
    Pkts Tx      : 587                    Pkts Rx      : 594
  IPsec:
    Tunnel ID    : 3058.4
    Local Addr   : 172.27.0.0/255.255.0.0/0/0
    Remote Addr  : 172.27.99.0/255.255.255.0/0/0
    Encryption   : AES256                 Hashing      : SHA1
    Encapsulation: Tunnel
    Rekey Int (T): 28800 Seconds          Rekey Left(T): 21121 Seconds
    Rekey Int (D): 4608000 K-Bytes        Rekey Left(D): 4607931 K-Bytes
    Idle Time Out: 25 Minutes             Idle TO Left : 24 Minutes
    Bytes Tx     : 70949                  Bytes Rx     : 50684
    Pkts Tx      : 475                    Pkts Rx      : 514
  IPsec:
    Tunnel ID    : 3058.5
    Local Addr   : 172.22.0.0/255.255.0.0/0/0
    Remote Addr  : 172.27.99.0/255.255.255.0/0/0
    Encryption   : AES256                 Hashing      : SHA1
    Encapsulation: Tunnel
    Rekey Int (T): 28800 Seconds          Rekey Left(T): 28767 Seconds
    Rekey Int (D): 4608000 K-Bytes        Rekey Left(D): 4608000 K-Bytes
    Idle Time Out: 25 Minutes             Idle TO Left : 24 Minutes
    Bytes Tx     : 961                    Bytes Rx     : 871
    Pkts Tx      : 17                     Pkts Rx      : 14
  NAC:
    Reval Int (T): 0 Seconds              Reval Left(T): 0 Seconds
    SQ Int (T)   : 0 Seconds              EoU Age(T)   : 7852 Seconds
    Hold Left (T): 0 Seconds              Posture Token:
    Redirect URL :

  Hi,
  on 212 is see
  tunnel-group 195.xxx.xxx.xxx type ipsec-l2l
  tunnel-group 195.xxx.xxx.xxx ipsec-attributes
  pre-shared-key
  When you define the peer with static tunnel-group entry ASA is looking for peer configuration in static crypto map. If the peer is behind static NAT configure a proper static crypto map with matching acl and proposals.
  If the peer is behind dynamic nat refer this example :http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/81883-ipsec-iosrtr-dyn-pix-nat.html
  Regards,
  Abaji.

• Problems with counter in renaming interface not maintaining consistency across multiple libraries

  Happy New Year, all.
  We have a problem in Aperture that I was curious if others had, and I'm hoping somebody has figured out a workaround they will share with me. Originally, we used Aperture and it had one huge library for our different types of photography. We had to change away from that setup because if there was a problem it would take ages to troubleshoot a ~500GB library and perform actions like rebuilding the library. We didn't want to do this, but splitting into six libraries has improved the speed in general and has made rebuilding smaller individual libraries quicker.
  We shoot a lot of photos and want each photo to have a unique number (along with a custom name). We set up a rename option in Aperture that has "Custom Name_Counter" and set counter to be six digits. The problem this seemed to create is that the counter in the rename function doesn't produce a unique number consistently across libraries. If I'm in library A, and I rename a batch of files, the counter will go up and remember its last number as long as I stay in Library A. The minute I switch to Library B, the number is at where it was the last time I used Library B. This indicates to me that the preferences travel with the library.
  Does anybody know a way that I can have a global preferences file, rather than a library preferences file? It seems it maybe used to be this way, but one of the version 3 upgrades forced me to delete a preferences file for the Facebook bug a couple of version 3 subversions ago.
  On a different note, another problem with renaming is that it is so slow. Renaming master files for even 100 or so files takes minutes. Does anybody else have this happen? Sometimes it's faster, but I haven't been able to figure out a pattern to this.
  I've submitted feature requests for revamping the renaming interface for Aperture for at least a couple of years. It never seems to improve. iView Media Pro, a program I used six years ago, had a great renaming setup and I wish Aperture
  Maybe it's time to reinstall Aperture. I bought it on disc, so it's not through the App store. Does anybody have experience reinstalling? I would, of course, like to keep keywords and other preferences.

  hallerphoto wrote:
  Machine is a Mac Pro dual quad-core 2.16 GHz.
  I am unaware of a 2.16 GHz Mac Pro tower. Are you referring to a Macbook Pro or to an iMac? Or is it a configuration I am just unaware of?
  My concern is that it seems that you may be making major workflow compromises that might be better dealt with by hardware changes as feasible. E.g. most 2.16 GHz Mac CPUs are about 1/6 as strong as a top Mac Pro today or about 1/4 as strong as today's Macbook Pros, and that has huge implications on Aperture performance.
  Also, graphics processors of the 2.16 GHz era were ridiculously weak compared to modern Macs. Aperture has historically performed best with strong GPUs (e.g. the strongest G5 towers would not run Aperture without a GPU upgrade). If you stay with the existing box a GPU upgrade may (if feasible) be in order.
  You did not mention RAM, which has defining impact on Aperture performance.
  Even if no hardware upgrades are made, it is useful to know what hardware performance bottlenecks may exist. So some questions:
  • Which Mac(s), exactly?
  • Which OS version and which Aperture version?
  • How much RAM is on board?
  • If a Mac Pro, which GPU card is in use?
  • What mass storage (hard drives and SSDs), how connected and how full?
  Thanks.
  -Allen

• Problems with *.zmg Image deploy via PXE

  Hi all,
  I am currently faced with the following problem unfortunately:
  We use ZCM pre boot (pxe) to image our clients with a windows7.zmg image which was configured with sysprep.
  The image is created on a PC, which has a 300GB HDD. The windows partition is over the total size of the hdd.
  This imaging process on a new pc is as following script shows:
  Code:
  # Delete + MBR partition table
  dd if = /dev/zero of=/dev/sda bs=512 count=1
  # partition
  fdisk /dev/sda << EOF
  w
  EOF
  # imaging
  img rp server IP path/to/image.zmg
  This works quite well so far, with the only problem, that the partition on the new PC has the maximum of 300 GB. So if I image this image on a pc, which hdd has 500 GB, 200 GB will remain unpartitioned.
  I have redesigned the imaging now follows:
  Code:
  # imaging
  img pc1 NTFS
  img rp server IP path/to/image.zmg a1: p1
  img pa1
  Now the entire HDD is used for the partition, but after the imaging the PC doesn`t boot, and stops with a black screen and a blinking cursor.
  I am typing this on a problem with the mbr, but does not know how to fix it: (
  I have to modify the imaging-process, that i can use the image on every HDD size with the result, that always the max partitionsize is used.

  hi all, i am having an issue where found out that Imaging Script cannot be used to multicast so i am running in to a problem now. If i push out an image via zcm script bundle it works fine with your suggestions but i cannot seem to figure out why the image wipes out all the hard drives in the systems during multicast image set or a single image load via pxe boot.
  First problem:
  if i push out an image via Zenworks Image preboot bundle file set is set to 1 it wipes out all the hardrvie in the system (tow hard drive, disk 0 and disk 1. i can certainly fix the disk resizing issue by adding a script to unattaned file after the image is loaded to resize the disk automatically using diskpart commands. which works fine.
  Second problem:
  here is what i did:
  1. created an multicast Image Set
  2. number of clients needed set to 1
  3. Time out in five minutes
  It does not load the image znd waits for session to start.
  how can i automate this via zcm to make sure on pxe boot the both pcs receive the image as scheduled in zcm.
  Please assist.
  thank you.

• I own an iPhone 4s come across a problem with syncing music to my phone.

  I own an iPhone 4s and I have recently come across a problem with syncing music to my phone. Whenever I try to sync it, nine or ten songs get synced then the sync cancels. It only syncs the first song on each album but not for all of them, some of the albums don't sync at all. I have been dealing with this problem for a while. I have updated iTunes to the newest update and iOS 7 to the newest update.

  Well, the fact is, you have a carrier locked iPhone...locked to Verizon, to be specific. The only way that phone will work is if it is first activated on Verizon's network. Once you do that, you can then request that Verizon unlock the sim slot. However, once Verizon unlocks the sim slot, I doubt you'll be able to get the phone to work with any GSM carrier in the US. The unlocking of the sim slot is done for International travel outside of the US.
  If you want to use Straight Talk, your best bet is to sell this phone & use the proceeds to purchase an officially unlocked iPhone 4S directly from Apple.
  Good luck.

• I am having problems with video and high content webpages freezing.  I am also getting pixel lines across my webpages.  Maybe two or three lines.  I was running os 10.4 but I just up graded to 10.6 the other day.  I have 2GB of RAM.

  I am having problems with video and high content webpages freezing.  I am also getting pixel lines across my webpages.  Maybe two or three lines.  I was running os 10.4 but I just up graded to 10.6 the other day.  I have 2GB of RAM.

  Exactlly which model iMac do you have?
  see > How to identify iMac models
  Unfortunately that is not all that uncommon for the Early Intel iMac's given there age and the fact that the air intakes are probably choked with dust. Then add the extra heat caused by running a more intense OS X which is causing it to run a little warmer than normal and putting extra stress on the graphic and display components.
  My 6½ year old 17" Early 2006 Core Duo w/2GB of RAM is also running 10.6.8 and is also starting to get a single line that (knock on wood) goes away after a few minutes, while many others started getting permanent ones after 2 or 3 years. One thing that I think has helped, is that about every 3 or 4 months I shutdown and vigorously vacuum out the bottom grill work and small vent under the stand to keep it running cool.
  On that note: unfortunately I can only suggest that you clean your intake vents and hope that no permanent or irreversible damage has been done.