New book! Learn Cisco Network Administration in a Month of Lunches

The pre-release of my new book, Learn Cisco Network Administration in a Month of Lunches, is available from Manning Publications’ early access program.

The book is a tutorial designed for beginners who want to learn how to administer Cisco switches and routers. Set aside a portion of your lunch hour every day for a month, and you’ll start learning practical Cisco Network administration skills faster than you ever thought possible.

Pass the First Time: Study Tips for the CCNP Routing and Switching Certification

If you’re studying for or considering the CCNP R&S certification, here are a few things to keep in mind:

The CCNP exams test CCNA-level skills and knowledge, too

This is a good thing, because it helps weed out those who “brain dump” the exams. If you got lucky with OSPF on your CCNA exam, you’re not going to get lucky on the CCNP ROUTE exam. You really DO need to know this stuff. You can’t just pass the CCNA composite exam and then forget everything. You have to have a solid foundation to build on. You’re never too educated to go back and revisit the fundamentals.

Spend most of your time studying configuration and troubleshooting at the command line interface.

There’s no hard and fast rule on this, but a good rule of thumb is make sure AT LEAST 50% of your time is spent in IOS. Both the ROUTE and SWITCH exams have some simulations, but the TSHOOT exam has a LOT. If you’re not proficient with the command line interface, you won’t pass. Again, this weeds out the dumpers, and it raises the difficulty level of attaining the cert.

Write down all your questions in one place and periodically revisit them.

You’ll be amazed at how many questions you will learn the answer to without realizing it. Some questions you’ll look at and think, “Duh, that one’s easy. How did I not know that before?” From my CCIE studies, I have a list of questions that I organized by category: Layer 2, Layer 3, Security, QoS, etc. Writing down questions also reminds you of how much you DON’T know, highlights your misconceptions, and becomes a de-facto study guide. The last thing you want going into the exam is a false sense of security.

The exams cover a LOT of topics, and some of them are pretty in depth.

This is where a lot of people get frustrated, confused, or just overwhelmed. They look at the exam topics, see the magnitude of it all, and try to study and memorize everything about everything.

This is one of the biggest reasons I’m creating a series of CCNP R&S courses for Pluralsight.

The first one, Basic Networking for CCNP Routing and Switching 300-101 ROUTE was released this month. In each course I focus on real-world customer requirements and then demonstrate how to configure them step-by-step, explaining each command as I go. When watching the courses, you’ll quickly get an idea of what areas you need to study more and what areas you already know.

Not only that, each course module includes an assessment which thoroughly tests your knowledge of the relevant exam material. And, if you get an answer wrong, it will take you to the exact spot in the course where I cover that particular topic. It’s an incredibly effective way to study and learn quickly.

Check out the entire CCNP Routing and Switching learning path.

Creating a File Share with PowerShell and Windows Server Core

Sometimes you just need to create a file share.

With Windows Server Core, you don’t have all the old GUI tools that we’re all used to. So you have to make do with PowerShell and the old fake DOS prompt. Fortunately, with a little help, it’s pretty easy.

First, create the folder you want to share. In this case, c:\share

Next, modify the ACL to grant the DOMAIN\File Server Admins group full control

$sharepath = "c:\share"
$Acl = Get-ACL $SharePath
$AccessRule= New-Object System.Security.AccessControl.FileSystemAccessRule("DOMAIN\File Server Admins","full","ContainerInherit,Objectinherit","none","Allow")
$Acl.AddAccessRule($AccessRule)
Set-Acl $SharePath $Acl

Finally, create the share and grant everyone full access.
NET SHARE sharename=c:\share  "/GRANT:Everyone,FULL"

Done.

5 Reasons to Consider Leaving Apple

Remember when everyone had to have an Apple product — an iPhone, Macbook, or iPad? Look at how fast things changed. Android has been leading the tablet and smartphone market and crushing Apple for years now. So what does this mean for Apple?

#1 – Apple is now Apple, circa 1997.

Apple is trying to “me-too” its way back to success with its Apple Watch. We already have fitness bands that tell time. Apple’s desperate desire to “innovate” has ironically had the opposite effect — they’re just copying the success of others. It’s the same mistake they made in the late 1990’s after firing Steve Jobs. They copied IBM and almost went bankrupt. When Steve Jobs returned, Apple made a comeback.
But Steve Jobs is dead. This sounds harsh, but the fact is that Apple never did well without him. I remember owning Apple stock when it was $6 a share. That’s six dollars. With Jobs gone, it’s back to the 1990’s in terms of leadership.

#2 – Apple is falling behind.

Their initial success with the iPhone was because they got it to market faster than Google got Android out. Android predates the iPhone, but most people don’t know that and frankly don’t care. The iPhone got there first so Apple won.
Fast-forward several years. Samsung released an Android version of the Apple Watch before Apple did. They copied Apple before Apple could even get their own product out the door! Bottom line: Apple has lost its competitive edge.

#3 – Apple picks fights it can’t win.

Apple has notoriously sued other companies for various things. Now everyone else is suing apple for patent infringement and a slew of other offenses, and some of them have pretty strong cases. Their fat bank account makes it a prime target for litigation, which only detracts from its ability to provide valuable products and services.

#4 – Their products spy on you.

This isn’t news, and Apple certainly isn’t the only company with espionage built-in. But they really don’t like the idea of “hackers” poking around iOS. With Android and, to a lesser extent, Microsoft products it’s trivial for an experienced security professional to figure out what information is being collected. iOS can be jailbroken and analyzed just as well, but woe unto those who receive an update and have their iPhone bricked because they dared to jailbreak.

#5 – Apple’s leadership is alienating its customers.

In 2014 CEO Tim Cook famously said that those who aren’t of a particular political persuasion should sell Apple stock. He also said that he doesn’t always consider return-on-investment (ROI) when making business decisions. Perhaps people have different reasons for owning stock, but the most common is to get a return-on-investment. But it’s also more than that. People also buy Apple products to get a return-on-investment, whether its financial, emotional, or something else. Tim Cook’s comments indicate that he isn’t interested in serving customers in this way.

Is it too late for Apple?

Flexibility is a vital aspect of any technology. If it isn’t flexible, it can’t change rapidly to meet business or personal goals. Apple just might be turning back into the rigid, sluggish, and expensive relic it was in the late 1990’s. Just think of how AT&T is today. That could change, of course, but their ecosystem is set up in such a way that the longer you’re invested in their products, the harder it is to leave. Maybe we should take Tim Cook’s advice until Apple can get its act together.

Building Windows Server with Puppet and Chocolatey

Forget using scripts and group policies to configure a new Windows Server machine. Using Chocolatey and Puppet, you can do it faster & easier than ever (and it’s more fun too). This is especially true if you’re using a Server Core installation and don’t have a GUI to help you along. Oh, and if you don’t know Puppet, you really should watch my course Puppet Fundamentals for System Administrators on Pluralsight 🙂

Assign IP address using PowerShell:

$ New-NetIPAddress –InterfaceAlias "Ethernet" –IPAddress "192.168.51.29" –PrefixLength 24 -DefaultGateway 192.168.51.8

$ Set-DnsClientServerAddress -InterfaceAlias “Ethernet” -ServerAddresses 192.168.50.20, 192.168.50.21

Install Chocolatey:

$ set-executionpolicy unrestricted
$ iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))

Restart PowerShell

Install VMware tools

$ choco install vmware-tools

The server will automatically restart.

Rename server

$ rename-computer -newname newservername

Reboot

restart-computer

Join to domain
add-computer -domain benpiper.com

Reboot again
restart-computer

Install Puppet
choco install puppet

Configure Puppet
Configure c:\programdata\puppetlabs\puppet\etc\puppet.conf

Generate puppet certificate
puppet_interactive

Sign puppet certificate on puppet master
puppet cert sign newservername

Apply appropriate profiles to server. Remember to restart the Puppet master if you change your Hiera configuration.

Run Puppet agent
puppet_interactive

Verify
puppet resource dism
puppet resource package

My Twitter Philosophy

In recent months, especially since the launch of my Pluralsight courses, I’ve been more active on Twitter (By “active” I mean I log in once or twice a week). During this short period, I’ve made a few passing observations about this strange place called Twitter:

1. “A lot of people follow me for a few days then unfollow me if I don’t follow them back”

There are so many things wrong with this. Following someone just so they’ll follow you back is selfish. It’s pretty obvious these folks are just using others to increase their follower count. They follow 5,000 people and have 4,999 people following them. Yeah, not impressed. Seeing this doesn’t make me think that person is influential. It makes me think they’re obsessive. Continue reading

Citrix Web Interface 5.4: Error occurred while making the requested connection

I recently ran into a bizarre issue with users not being able to launch applications from a very old Citrix Presentation Server 4.0 farm when trying to launch from Citrix Web Interface 5.4. They were getting the eminently unhelpful, “An error occurred while making the requested connection.”

In the web interface application logs, I noticed this:

An error of type IMA with an error ID of 0x80000003 was reported from the Citrix XML Service at address (servername)

And this:

The farm MyFarm has been configured to use launch references, but a launch reference was not received from the Citrix XML Service. Check that the farm supports launch references or disable launch reference requests.

To resolve this, I modified C:\inetpub\wwwroot\Citrix\XenApp\conf\WebInterface.conf on the Web Interface servers and changed the RequireLaunchReference directive as follows:
RequireLaunchReference=Off
(It was set to On)

And it worked. Supposedly, that directive must be set to Off when using Web Interface 5.4 with PS 4.0. But, I’ve been running for years with it set to On and it worked fine until recently. Another Citrix mystery.

Want more Citrix tips and tricks? Watch my course Citrix NetScaler 10: Design and Deployment!

Net Neutrality is a Scam

One of the biggest scams of the Internet is in full swing right now. You may have heard of it. It’s called “net neutrality.”

Fundamentally, net neutrality is about preventing Internet service providers (ISPs) from throttling or blocking traffic or providing paid prioritization of certain content. In addition, specific rules proposed by the FCC Chairman Tom Wheeler would allow the FCC to arbitrate peering disputes between carriers. Traditionally, carriers have connected each other’s networks with each other for a nominal cost or none at all. The idea being that the mutual benefit of using each other’s network for transit is payment enough. The proposed FCC rules, however, will turn this once amicable transaction into a litigious battleground that could result in the destabilization of the Internet’s backbone.

I recall an article from a 1997 issue of Wired magazine which predicted the collapse of the Internet would be caused by increased growth without the infrastructure to support it. That never happened, in part due to technical innovation which kept up with growth, but also because ISPs and backbone carriers were able to throttle traffic during peak times to ensure everyone could have reasonably fast and reliable internet access.

Now, almost 20 years later, we’re looking at potential regulation that will micromanage how ISPs manage and build out their networks. As a network engineer, I understand the need to throttle or simply block certain types of traffic. But unfortunately, the technical facts have gotten lost amidst the raw politicization of the net neutrality debate. I recently saw a graphic put out by the pro-net neutrality group “Battle for the Net” that shows a picture of the United States Senate and a caption that asks, “Does your state have the Internet’s worst enemy?” It then proceeds to list all the Senators that are supposedly trying to “kill Net Neutrality.” And this is the problem with the net neutrality movement. It’s purely political and devoid of any thoughtful technical or practical discussion. Organizations like Battle for the Net don’t bother to make a case for net neutrality. They assume that it is an absolute good and that being for the Internet means being for net neutrality. The discussion has devolved from a debate into a marketing battle plagued by word games and politics. Net neutrality advocates have adopted the language that this is “a battle for the Internet” and an effort to “keep the internet open.” Apparently, by breaking decades of precedent and giving the FCC more power to control what Internet service providers do, the Internet will somehow become better. The narrative they put forth is that the big bad cable companies with their zillions of dollars are trying to make end users’ Internet experience slow and expensive, and are fighting valiant efforts to “keep the internet free” (Nevermind the fact that the cable companies gave us broadband Internet and brought us out of the dial-up era to begin with.) This David versus Goliath theme is great for stirring emotions, but it falls flat in the face of a little bit of scrutiny. Google, whose income is more than double that of Comcast, is strongly in favor of “net neutrality” regulations. So is Netflix. And Facebook. Regardless of where you stand on net neutrality, one thing is certain: this is not about big money corporations versus the gentle folks of the Internet. It is about giant corporations duking it out for power, control, and government favor. As usual, the politics of net neutrality has turned the debate into more of a sporting event where everyone roots for his own team no matter what. But it’s actually worse than that. If you’re against net neutrality, some will perceive you as being anti-Internet or against Internet freedom. I find this both amusing and disturbing. Amusing, because the notion that giving the FCC unprecedented regulatory power over the Internet will somehow increase freedom to be absurd. And disturbing, because so many have blindly taken sides on this debate without an understanding of its implications or what it’s even about.

One such implication is privacy. How will the FCC ensure that ISPs are complying with the new regulations and not throttling or blocking certain types of traffic? The only way to know is by looking at the traffic, which can only be done with detailed logs of what an ISP’s users are doing. This goes beyond what websites you visited or how many gigabytes you downloaded. This gets down to individual connections. What IP address and port did you connect to? What protocol were you using? Certainly, these things can be logged now, and in fact probably are. But the difference is that, as of now, the FCC has no authority to demand such logs. With net neutrality regulations in place, they will, and they will also have the power to exact fines if ISPs fail to retain logs for a certain period of time. So, you will be able to BitTorrent without restriction, but Uncle Sam is probably going to know about it. Of course, this is already happening with the NSA pretty much spying on everything. But again, the difference is that instead of spying secretly, the collection of your Internet activity will be open and shameless. That may not bother you. Honestly, it doesn’t really bother me. The point is that net neutrality regulations come with some pretty long and tangled strings attached. And it’s wise to unravel them and see where they lead before throwing in your support for the wolf in sheep’s clothing.

How Knowledge Can Kill IT’s Value

IT people often intentionally withhold knowledge from those outside of IT. There are different reasons for this — some good and some very bad.

One reason IT folks withhold knowledge is that they believe the best way to learn is to teach yourself. After all, that’s how many of them learned. Unlike many others in business, most IT folks didn’t attain their skills through traditional education. They were self-starters when it came to their own education and taught themselves much of what they know. Such an approach has served them well, so they believe it will serve others well also.

While well-intentioned, this attitude is detrimental in business. Companies don’t hire IT people to mentor others to be like themselves. Rather, companies hire IT people to leverage their knowledge, skills, and expertise to achieve business objectives.

Contrast IT with the Legal department in this regard. People in Legal don’t withhold knowledge when asked. They are quick to “give the answer” and engage in discussion not only about Legal matters, but how those matters relate to the rest of the business. They aren’t threatened by sharing what they learned from their years in law school and real-world experience. But IT people often are reluctant, even averse to such self-exposure.

The reasons behind this apprehension when it comes to sharing knowledge aren’t important. It’s not your job to untrain this bad habit. What’s important is that the people you hire don’t try to hoard the “keys to the kingdom.” When you are interviewing candidates, make sure you find out whether a potential employee is willing to share his or her knowledge and expertise with others openly and candidly. If he’s not, politely show him the door.

An IT organization is only as good as the sum of its parts. Folks who hold tightly onto their knowledge like Frodo holding onto the One Ring are dragging your IT organization down and inhibiting the value it can provide. Don’t let that happen. Expect and demand open dialogue, widespread sharing, and consideration of the needs and objectives of the business. If IT can’t do that, it might as well not even be a part of the business.