At the moment we’re running Cisco Prime Infrastructure 2.1 on a Gen1 physical appliance. We’re looking to take the upgrade path from 2.1 all the way up to 3.1 (currently only 3.0.2 is supported on the Gen1 appliance).
First stop, 2.2.
The Gen1 appliance upgrade path isn’t a fun one. It requires that we back up our current application database, wipe our appliance, do a bare-metal install of 2.2, and then restore our application database. Cisco’s documentation for application backup and restore can be found here: http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/administrator/guide/PIAdminBook/backup_restore.html#72460
Back up the PI application database to an FTP repository (I recommend FileZilla Server for hosting a light-weight FTP server on your workstation).
- Create a ftp repository on your Prime Infrastructure server via CLI
- SSH to PI
user username password plain password
- Verify your repository configuration
- Backup your Prime Infrastructure application
backup backup-name repository repository-name application NCS
Install Prime Infrastructure 2.2
Reboot your appliance from the PI 2.2 installation media and follow the on-screen configuration prompts. For more information follow Cisco’s Installation Guide
Restore your application database
- SSH to the Prime Infrastructure server and setup your ftp repository again
user username password plain password
- Verify your repository configuration, and check that your backup is there
- Run the restore command, taking note of the scary warnings
restore BACKUP_NAME.tar.gpg repository REPOSITORY_NAME application NCS
After running February 2016’s batch of Microsoft security updates, we started receiving calls from end users about errors when attempting to update their passwords through the Citrix web interface.
While the error indicates the password change failed, it does in fact work, and users can log out and log back in with the new password.
Thankfully it didn’t take long for some savvy Citrix support forums users to pinpoint the issue to a recent patch Microsoft released which changes the api behavior for NetUserChangePassword.
Uninstalling patches KB3126587 or KB3126593 from your Citrix XML brokers will resolve the issue, but on March 8th 2016, Microsoft released a security update which addresses the problem.
Simply install the new patch on your XML brokers –which does require a reboot!– and you should be good to go.
See Citrix’s updated support article below, along with Microsoft’s patch information.
Windows 10 devices have started to trickle into our production environment and I needed a quick way to apply Windows 10 specific policies to these computers.
By creating a WMI filter that looks for the Windows 10 version number and then linking that query to our Windows 10 group policies, we can ensure that only Windows 10 PCs will get the policies we want.
First we use the command line utility ‘wmic‘ to find out what version of Windows wmi is reporting. (Make note of the version number, quite a jump from previous versions of windows; Windows 7 used 6.1, Windows 8 used 6.2, and Windows 8.1 used 6.3)
wmic os get buildnumber,caption,version
- Open Group Policy Management and expand Domains -> your Domain -> WMI Filters
- Right click WMI Filters and select New
- Enter a name for the filter, I went with the descriptive “Windows 10,” and then click Add
- Namespace should say
root\CIMv2 and under query we’ll enter the following
select * from Win32_OperatingSystem where Version like "10.%" and ProductType="1"
- Click OK and then Save
- Now find the policy that you want to apply the filter to and look for the section at the bottom that says WMI Filtering
- Click the drop down box and select your new Windows 10 WMI Filter
You can validate that the WMI filter worked correctly by running a group policy results report on a Windows 10 PC that would receive the policy.
Look at the details tab of the report and then under WMI Filters
After upgrading our Firepower Management Center to 6.0, we noticed that usernames were no longer populating in our dashboards. Instead of showing users, all we could see was “No Authentication Required.”
After opening a support case, TAC pointed me to the following bug: cscux39125 (cisco login required).
To resolve the issue we need to set the active directory domain to our domain’s NetBIOS short name in Firepower’s realm configuration.
To change your realm configuration go to System -> Integration -> Realms
Go to Realm Configuration and edit the AD Primary Domain field to your domain’s NetBIOS short name.
For more information see the following support forums post: https://supportforums.cisco.com/discussion/12879381/sourcefire-60-firesight-mc-60-users-not-populating
Just got in a new Cisco ISR 4431 and needed to upgrade IOS-XE out of the box. Cisco has been nice enough to include a 1Gb USB flash drive with their new ISRs, making the software upgrade process a cinch. Here are the steps involved to install a new version of IOS-XE via USB drive.
- Download your chosen version of IOS-XE from cisco.com. Keep in mind there are often may different trains and revisions of code available.
- To help you decide which version of code is right for you, there’s the cisco IOS feature navigator found here.
- To help differentiate the different designations of code, i.e., MD, ED, GD, take a look here.
- Typically I opt for a gold star release, which are cisco recommended releases “based on software quality, stability and longevity.”
- Copy the downloaded image to your USB drive and insert it into the ISR
- Copy the IOS-XE image from the usb to the ISR’s bootflash
- Enter global configuration mode and set the ISR to boot from the new image
boot system flash bootflash:isr4400-universalk9.03.13.05.S.154-3.S5-ext.SPA.bin
- Verify the correct boot system parameters
- Save your configuration
copy running-config startup-config
- Reload the ISR
- When the device finishes reloading, verify that the device is running the correct version of IOS-XE
This type of software installation is referred to as a consolidated package. Cisco also supports the installation of individual packages from an IOS-XE image. To see Cisco’s full documentation for software configuration on an ISR 4400 as well as instructions for consolidated and individual package installs please see here.