Commands to troubleshoot connectivity through a Cisco ASA

Packet Tracer

packet-tracer input <INTERFACE> <PROTOCOL> <SOURCE-IP> <SOURCE-PORT> <DESTINATION-IP> <DESTINATION-PORT>
packet-tracer input external tcp 11.22.33.44 1010 55.66.77.88 80

VPN Example

packet-tracer input internal udp 10.10.10.10 500 10.20.20.20 500
packet-tracer input internal udp 10.20.20.20 500 10.10.10.10 500

Packet Capture

capture *NAME_OF_CAPTURE* interface *INTERFACE_NAME* match *TRANSPORT_PROTOCOL (TCP / UDP / IP)* host X.X.X.X (This is the source IP address) host Y.Y.Y.Y (This is the destination IP address) eq *PORT_NUMBER*
capture cap1 interface external match tcp host 11.22.33.44 host 55.66.77.88 eq 80

Capture all syslog traffic to 10.10.10.10

capture cap2 interface internal real-time match udp any host 10.10.10.10 eq 514

View capture

show capture cap1

Show access-list

show access-list acl_external

Find access-list entries including port 514

show access-list | inc 514

Find log entries including port 514

show logging | inc 514

Show arp for specific interface

show arp | inc internal

List all installed hotfixes

Run the following from a command prompt to display all installed hotfixes

wmic qfe get HotfixID,ServicePackInEffect,InstallDate,InstalledBy,InstalledOn > "c:\path\filename.txt"

or

wmic /output:d:\hotfixes.txt qfe list

Scheduled Reboot Command

To schedule a reboot, create a batch script with the following command:

:: Reboots the computer in 5 mins
shutdown -r -t 300 -c "A scheduled reboot will occur in 5 mins. Open command prompt and type 'shutdown /a' to abort." -f -d P:0:0

This will alert any logged on users that the computer will reboot in 5 mins, and can be aborted by running shutdown /a.

Lastly, create a scheduled task to run the batch script at the required time.

Events

Event ID 1074 will occur in the System log when the command is run:
shutdown-event

Event IDs 6009, 6005 and 6013 will also appear in the System log, with a Source of EventLog.

The precise stop and start time can be found in Event IDs 13 and 12, in the System log, with a Source of Kernel-General.

Related Events

If a Windows Update requires a reboot, you may get Event ID 22 with a Source of WindowsUpdateClienthttp://technet.microsoft.com/en-us/library/cc735614(v=ws.10).aspx

When good Domain Controllers go bad!

Scenario

It’s a pleasant day and all is well with the world. Colleagues are skipping around the office with smiles on faces…until…duh duh daaa! One by one, services start failing:

  • Printers go offline:
    • First, for Win7 users
    • Then for all clients
    • Can still print from server though
  • File shares go offline
  • Active Directory replication fails
  • DNS console will not open

Basically, your main Domain Controller (DC) has just taken a dump…and so have you!

These are the steps I took to troubleshoot the issues and get everything back online.

[Read more…]

Force replication on a Domain Controller via command prompt

Scenario

You want to force replication to all Domain Controllers, across sites, but you also want to see the actual server names, and abort if any servers are unavailable.

Solution

Run the following command:

repadmin /syncall /d /e /a

Then run this to check everything replicated ok:

repadmin /replsummary

More info can be found here: http://technet.microsoft.com/en-us/library/cc835086(v=ws.10).aspx#BKMK_examples