You failed your CCNP exam. Now what?

You took one of the Cisco CCNP Routing and Switching certification exams. You went to the exam center, sat down, and started the exam. About 2 hours later, you saw the dreaded news appear on the screen:

You didn’t pass.

I’ve failed certification exams in the past, so I can relate to the facepalm-worthy feeling you get when you realize you dropped a couple of Benjamins on an exam that you just failed. I know the feeling of wanting to give up, the thoughts of thinking that this whole certification thing is stupid, and the desire to assign blame to whomever or whatever led to your failure.

Failing certification exams is a reality of any IT professional. And from what I’ve seen, sadly, not many people handle failure very well. I want to talk through this.

This isn’t meant to be a pep talk or a “you’ll do better next time” motivational speech. Neither is it meant to be an assignment of blame to you or anyone else. Rather it’s a cold, hard look at why you failed, and how you can pass next time.. or the time after that.

Why you failed

I’ve taken a lot of Cisco certification exams and read a lot of Cisco books over the years and I’ve noticed a pattern. Cisco likes to play off of common misconceptions and little known technical facts. Here’s a non-real but representative example:

Two switches are connected via an 802.1Q trunk. You delete the switched virtual interface for VLAN 1 but both switches still exchange CDP messages. What will prevent CDP messages from traversing VLAN 1 without affecting Cisco IP phones?

Select the best answer:

A. Prune VLAN1 from the trunk

B. Disable VLAN1

C. Disable CDP globally

D. Disable CDP on the trunk

E. None of these

If you’ve watched my Pluralsight course series on the CCNP SWITCH exam, you’ll recall that you can’t disable VLAN1 or prune it from a trunk. Well, you can try to prune it, but CDP messages will still pass. But do you disable CDP globally or just on the trunk interface? This is where obscure knowledge comes in. Cisco IP phones use CDP to get voice VLAN information, so disabling CDP globally is out. That leaves only two answers: disable CDP on the trunk interface or none of the above. Disabling CDP on the trunk interfaces will certainly stop the CDP messages from moving between the switches, and it won’t affect Cisco IP phones since CDP messages never leave a collision domain.

Now here’s the thing: I made that question and answer up on the fly. You have to be able to do that if you want to do well on the exam.

The exam blueprint is like The Oracle, and sometimes just as wrong

In The Matrix movies, you may remember the Oracle, a computer program that supposedly knows all. After seeing the Oracle for the first time, Neo asks Morpheus how accurate the Oracle’s “prophecies” are. Morpheus responds with something to the effect of, “Try not to think of it in terms of right and wrong. The Oracle is a guide to help you find the path.” Not surprisingly, it turned out the Oracle was kinda wrong on some stuff.

Well, the blueprint is a lot like that. It has stuff that never shows up on any exam. This is mainly because if the exam covered the entire blueprint, it would be 8 hours long. It also leaves off some topics that do appear on the exam. The lesson here is don’t depend on the exam blueprint. Make sure you know the topics for prerequisite and related exams. If you’re taking CCNP SWITCH, make sure you know the topics for ROUTE. If you’re taking TSHOOT, make sure you know ROUTE and SWITCH. Of course, make sure you know all the CCNA R&S topics upside down and backwards.

Each exam blueprint is a guide. It’s a guide to the other exam blueprints.

How to pass next time.. or the time after

Once you’ve already taken a CCNP exam, the next time you go in to take the same exam, you’re technically “brain dumping” parts of it. I’m not talking about cheating. I mean you’ve seen the exam already, and you have a feel for what the questions are like. If you’ve got lots of time and money, you can take the same exam over and over again, getting slightly better each time until you pass. I don’t recommend this strategy, not just because it’s expensive, but because it puts you in the super awkward situation of telling others how many times you took the exam. Trying until you pass is respectable, but you should have some serious expertise to show for it. If I’m interviewing you and it took you 5 tries to pass a CCNP exam, I’m going to grill you hard on the technical questions.

If you want to have a great chance of passing the next time, then study for the certification one step higher than the one you want to attain. If you’re studying for the CCNA, act like you’re studying for the CCNP. If you want the CCNP, act like you’re studying for the CCIE. Obviously the topics are different. You don’t need to study multicast in-depth for your CCNP. But for the topics that overlap, it’s better to overshoot than aim for the bare minimum.

Installing the VMware ESXi Embedded Host Client

If you have a home lab and don’t need vCenter, thee ESXi Embedded Host Client gives you web-based access to hidden features of your standalone ESXi host… without having to spin up a real vCenter server.

As most everyone knows, the old VMware vSphere C# client has been on its way out for years. One of the things keeping it alive is the fact that not everyone has a vCenter Server, and even those who do don’t necessarily use the Web Client. Sadly, there are some really cool features the old Windows client can’t touch, such as exposing hardware-assisted virtualization to individual VMs.

Here’s how to install it:

  1. Shut down all VMs and place the host in maintenance mode
  2. SSH into ESXi and execute the following
    [root@esxi:~] esxcli software vib install -v http://download3.vmware.com/software/vmw-tools/esxui/esxui-signed-4393350.vib
  3. Browse to https://[ESXi]/ui
    You should see the login screen:
    VMware ESXi Embedded Host Client Login Screen
  4. Log in using whatever credentials you use in the old C# vSphere client. You should see something that looks an awful lot like the vSphere Web Client:
    VMware ESXi Embedded Host Client Initial Screen

5 Reasons to Consider Leaving Apple

Remember when everyone had to have an Apple product — an iPhone, Macbook, or iPad? Look at how fast things changed. Android has been leading the tablet and smartphone market and crushing Apple for years now. So what does this mean for Apple?

#1 – Apple is now Apple, circa 1997.

Apple is trying to “me-too” its way back to success with its Apple Watch. We already have fitness bands that tell time. Apple’s desperate desire to “innovate” has ironically had the opposite effect — they’re just copying the success of others. It’s the same mistake they made in the late 1990’s after firing Steve Jobs. They copied IBM and almost went bankrupt. When Steve Jobs returned, Apple made a comeback.
But Steve Jobs is dead. This sounds harsh, but the fact is that Apple never did well without him. I remember owning Apple stock when it was $6 a share. That’s six dollars. With Jobs gone, it’s back to the 1990’s in terms of leadership.

#2 – Apple is falling behind.

Their initial success with the iPhone was because they got it to market faster than Google got Android out. Android predates the iPhone, but most people don’t know that and frankly don’t care. The iPhone got there first so Apple won.
Fast-forward several years. Samsung released an Android version of the Apple Watch before Apple did. They copied Apple before Apple could even get their own product out the door! Bottom line: Apple has lost its competitive edge.

#3 – Apple picks fights it can’t win.

Apple has notoriously sued other companies for various things. Now everyone else is suing apple for patent infringement and a slew of other offenses, and some of them have pretty strong cases. Their fat bank account makes it a prime target for litigation, which only detracts from its ability to provide valuable products and services.

#4 – Their products spy on you.

This isn’t news, and Apple certainly isn’t the only company with espionage built-in. But they really don’t like the idea of “hackers” poking around iOS. With Android and, to a lesser extent, Microsoft products it’s trivial for an experienced security professional to figure out what information is being collected. iOS can be jailbroken and analyzed just as well, but woe unto those who receive an update and have their iPhone bricked because they dared to jailbreak.

#5 – Apple’s leadership is alienating its customers.

In 2014 CEO Tim Cook famously said that those who aren’t of a particular political persuasion should sell Apple stock. He also said that he doesn’t always consider return-on-investment (ROI) when making business decisions. Perhaps people have different reasons for owning stock, but the most common is to get a return-on-investment. But it’s also more than that. People also buy Apple products to get a return-on-investment, whether its financial, emotional, or something else. Tim Cook’s comments indicate that he isn’t interested in serving customers in this way.

Is it too late for Apple?

Flexibility is a vital aspect of any technology. If it isn’t flexible, it can’t change rapidly to meet business or personal goals. Apple just might be turning back into the rigid, sluggish, and expensive relic it was in the late 1990’s. Just think of how AT&T is today. That could change, of course, but their ecosystem is set up in such a way that the longer you’re invested in their products, the harder it is to leave. Maybe we should take Tim Cook’s advice until Apple can get its act together.

My Twitter Philosophy

In recent months, especially since the launch of my Pluralsight courses, I’ve been more active on Twitter (By “active” I mean I log in once or twice a week). During this short period, I’ve made a few passing observations about this strange place called Twitter:

1. “A lot of people follow me for a few days then unfollow me if I don’t follow them back”

There are so many things wrong with this. Following someone just so they’ll follow you back is selfish. It’s pretty obvious these folks are just using others to increase their follower count. They follow 5,000 people and have 4,999 people following them. Yeah, not impressed. Seeing this doesn’t make me think that person is influential. It makes me think they’re obsessive. Continue reading

Citrix Web Interface: Error occurred while making the requested connection

I recently ran into a bizarre issue with users not being able to launch applications from a very old Citrix Presentation Server 4.0 farm when trying to launch from Citrix Web Interface 5.4. They were getting the eminently unhelpful, “An error occurred while making the requested connection.”

The Diagnosis

In the web interface application logs, I noticed this:

An error of type IMA with an error ID of 0x80000003 was reported from the Citrix XML Service at address (servername)

And this:

The farm MyFarm has been configured to use launch references, but a launch reference was not received from the Citrix XML Service. Check that the farm supports launch references or disable launch reference requests.

The Solution

To resolve this, I modified C:\inetpub\wwwroot\Citrix\XenApp\conf\WebInterface.conf on the Web Interface servers and changed the RequireLaunchReference directive as follows:
RequireLaunchReference=Off
(It was set to On)

And it worked. Supposedly, that directive must be set to Off when using Web Interface 5.4 with PS 4.0. But, I’ve been running for years with it set to On and it worked fine until recently. Another Citrix mystery.

Want more Citrix tips and tricks? Watch my Citrix NetScaler course!

How Knowledge Can Kill IT’s Value

IT people often intentionally withhold knowledge from those outside of IT. There are different reasons for this — some good and some very bad.

One reason IT folks withhold knowledge is that they believe the best way to learn is to teach yourself. After all, that’s how many of them learned. Unlike many others in business, most IT folks didn’t attain their skills through traditional education. They were self-starters when it came to their own education and taught themselves much of what they know. Such an approach has served them well, so they believe it will serve others well also.

While well-intentioned, this attitude is detrimental in business. Companies don’t hire IT people to mentor others to be like themselves. Rather, companies hire IT people to leverage their knowledge, skills, and expertise to achieve business objectives.

Contrast IT with the Legal department in this regard. People in Legal don’t withhold knowledge when asked. They are quick to “give the answer” and engage in discussion not only about Legal matters, but how those matters relate to the rest of the business. They aren’t threatened by sharing what they learned from their years in law school and real-world experience. But IT people often are reluctant, even averse to such self-exposure.

The reasons behind this apprehension when it comes to sharing knowledge aren’t important. It’s not your job to untrain this bad habit. What’s important is that the people you hire don’t try to hoard the “keys to the kingdom.” When you are interviewing candidates, make sure you find out whether a potential employee is willing to share his or her knowledge and expertise with others openly and candidly. If he’s not, politely show him the door.

An IT organization is only as good as the sum of its parts. Folks who hold tightly onto their knowledge like Frodo holding onto the One Ring are dragging your IT organization down and inhibiting the value it can provide. Don’t let that happen. Expect and demand open dialogue, widespread sharing, and consideration of the needs and objectives of the business. If IT can’t do that, it might as well not even be a part of the business.

Creating a Linux File Server for Windows CIFS/SMB, NFS, etc.

Recently I needed to build a multipurpose file server to host CIFS and NFS shares — CIFS for the Windows users, and NFS for VMWare to store ISOs. It needed to utilize back end storage (NetApp via iSCSI), provide Windows ACLs for the CIFS shares, and be able to authenticate against two different Active Directory domains. After careful consideration, I decided to use Red Hat Enterprise Linux 6.5 (RHEL) instead of Windows Server 2012.

Now you might be wondering, “Why on earth would you want to build a Linux file server to do all that when you can just use Windows?” There are a few reasons: Continue reading

Windows Server Core Full Configuration with PowerShell

How to Configure Server Core with Active Directory Services, DNS, and DHCP Using Nothing But PowerShell

Windows Server 2012 offers two installation options: Server Core or “Server with a GUI”. This begs the question: Why would you want to install Server Core instead of the GUI? One reason may be that you have limited physical hardware resources and want to keep the footprint as small as possible.

Recently I needed to build a domain controller, DHCP, and DNS server for a branch office. This office has a Riverbed Steelhead WAN optimization appliance which runs a nested VMware ESXi hypervisor. The appliance has limited memory and disk space, so I needed to keep the installation as small as possible (Incidentally, if I only needed DNS and DHCP, I would have just installed RedHat Enterprise Linux, but having the server be an Active Directory domain controller was also a requirement.)

I’m going to show you step-by-step how I configured Active Directory Services, DNS, and DHCP on a Windows Server 2012 Server Core installation. Continue reading