Citrix Hypervisor 7.1 CU2 “This host does not appear to have any network interfaces” during fresh install of XenServer 7.1

During the installation of XS 7.1 CU2 NIC driver not installed / does not work.

Installed CH 8.1 and the driver installed out of the box with no issues.

Error Message: “This host does not appear to have any network interfaces. If interfaces are present you may need to load a device driver on the previous screen for them to be detected.”

Integrated NIC 1: QLogic 2x1GE+2x10GE QL41264HMCU CNA

NIC Slot 7: QLogic 10GE 2P QL41112HxCU-DE Adapter

Related:

Citrix Hypervisor 7.1 CU2 “This host does not appear to have any network interfaces” during fresh install of Xenserv 7.1

During the installation of XS 7.1 CU2 NIC driver not installed / does not work.

Installed CH 8.1 and the driver installed out of the box with no issues.

Error Message: “This host does not appear to have any network interfaces. If interfaces are present you may need to load a device driver on the previous screen for them to be detected.”

Integrated NIC 1: QLogic 2x1GE+2x10GE QL41264HMCU CNA

NIC Slot 7: QLogic 10GE 2P QL41112HxCU-DE Adapter

Related:

PVS Vdisk Inconsistency – Replication Status Shows Error ” Server Not Reachable” When NIC Teaming is Configured

  • Verify if NIC Teaming is configured as Active-Active. Reconfigure as Active-Passive.

Steps:

Open Network team configuration and make sure the team is Active Active.

Verify the NICs configured under Active Adaptors and confirm no Standby Adaptors are configured.

Reconfigure the Team and make sure Active and standby adaptors are configured.

Please note that NIC team configuration will differ for different adapter manufacturers, check the configuration guide to follow appropriate steps to reconfigure.

Reconfigure NIC teaming may interrupt the network connection. Please make sure to take proper actions to avoid production impact.


User-added image

  • Verify the MTU setting of NIC on all PVS servers

Since the status of the replication is synced via UDP on PVS port 6895, the communication failure over this udp port will also effects the status of the replications.

The different MTU of the NICs of PVS servers will also block this kind of UDP communication between them. For example, if one of the NIC has MTU of 1500(default) and the other NIC has MTU of 6000, the udp packets which is larger than 1500 will be lost due to the different fragmentation. From MTU of 6000, the udp packet larger than 1500 but less than 6000, so it will not be fragmented. But the peer has MTU of 1500, so it is unable to accepted this packet and causing packet loss.

You need to check the MTU value of all PVS servers by command:

netsh interface ipv4 show subinterface

If MTUs are different on all PVS servers, please change it to the same value (The default value 1500 is recommended):

netsh interface ipv4 set subinterface “ Ethernet ” mtu=1500 store=persistent

Please replace Ethernet with the NIC name of your PVS server.

Related:

  • No Related Posts

Problem with iPXE when using a USB Ethernet Adapter

I need a solution

Hi, 

Wondering if anybody else has come across this

We recently upgrade to Ghost 3.3 RU2 with iPXE (faster way of connecting devices to imaging sessions) 

Laptops and PCs with dedicated Ethernet ports are working (when secure boot is disabled) 

We have some new devices that have no Ethernet ports – we have a mixture of USB Ethernet adapters

The drivers have been added and if you use PXE they work and image fine 

However if we try using iPXE they boot and download the wim file but then freeze and dont load the WinPE – we have tried leaving it all afternoon but nothing happens

If we try it again and wait until the ipxe starts and the wim file download reaches 100% and then remove the USB Ethernet adapter for a few seconds then plug it back in the WinPE session loads and the device joins the session and images fine. Its as if it gets stuck trying to pass some type of security check – maybe UEFI related. 

Just wondering if anybody else has come across this issue ? 

Thanks

0

Related:

Location awareness not working

I need a solution

Hi,

I want to apply the location-based policy based on the ethernet network connection in SEPM. Like if I’m connected with the certain ethernet connection say ‘XYZ’ than my location changes to say ‘Office’ and when I’m connected with the ethernet say ‘ABC’ my location changes to the home.

I have tried NIC Description where I provided my network SSID and also tried NIC name but no results.
 

0

Related:

  • No Related Posts

Sophos Wireless Access Points: APX offline after initial configuration

Wireless Access Points going offline after initial configuration

This can be caused if you are using a PoE enabled switch and have manually set the power on the ports to a maximum of less than a certain wattage depending on access points used. Below is a list of the APX access points and their maximum used power ratings:

  • APX320 – Maximum Power: 11.5W
  • APX530 – Maximum Power: 16.7W
  • APX740 – Maximum Power: 22.4W

In addition to the maximum power ratings that could be configured on the PoE switch, below are the supported PoE types:

  • APX320 – PoE Requirements: 802.3af
  • APX530 – PoE Requirements: 802.3at
  • APX740 – PoE Requirements: 802.3at

This article describes the steps to resolve the issue of the access points failing to power up after initial configuration is sent to it.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos UTM

Sophos Firewall

Sophos Central Wireless

We recommend using a separate PoE injector to see if the problem is power from the switch. If using a separate PoE injector fixes the problem, then you will need to investigate the power supplied to the unit via your PoE enabled switch and ensure it is set to a value that supports the APX device in use.

Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning Vulnerability

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances.

The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nexus-aci-dos

Security Impact Rating: Medium

CVE: CVE-2019-1977

Related:

  • No Related Posts

Post Distribution Services Are Disabled

I need a solution

Very similar to an issue discussed here but I didn’t want to ressurect a dead thread.

After distributing an image to a HP Z6 G4 workstation the machine will not complete its configuration.  When I visit the machine and login using a local administrator account I find that the “DHCP Client (dhcp)” and “TCP/IP NetBIOS Helper (lmhosts)” services are set to disabled.  If I configure both services to “Automatic”, restart, and then have Ghost perform a domain join everything appears normal.

The first time this happened I thought it was a misconfiguration issue from trying to capture and distribute an already established/dirty image.  The second, and most recent, time I created an entirely new build from scratch but experienced the same results.

Similar to the linked thread the machine in question has two NICs.  The first is listed as a Intel(R) Ethernet Connection (3) I219-LM and is disconnected and not in use.  The second is a Intel(R) Ethernet Connection X722 for 1GbE.

Also similarly the image was created without using Sysprep against a Windows 10 Build 1903 system.

0

Related:

Unsolicited incoming ARP reply detected

I need a solution

So here goes…..

SEP 14.2, Windows installation, Within the firewall policy the checkbox for Enable anti-MAC spoofing is turned on. All is good to here.

We have 3 sites, A, B and C. All clients have the same clients on them, they have not been updated since Feb and the SEPM hasn’t been touched either.

In the last month we have seen several machine get the usual popup in the botton right of the desktop with – “Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer. Packet data is shown in the right window.”

Now, we can see in the logs some activity, like one here and there across the 2 other site `A` and `B`, but for the site `C` we are seeing a lot more, like 60 a day.

We know the ARP requests are coming from two (2) wireless contollers but not every client is alerting, off the 200 clients, only 3 have alerted so far.

First Question:

Is there a limit which is hit for a client which triggers the popup message on the client?

So in trying to get to the bottom of the issue and reading every community MAC/ ARP spoofing thread I have not been able to get any closer. 

If I look at the logs in SEP under, monitor> logs> Network and Host exploit mitigation> Attacks and choose a device i have a question on the way it presents the log of a device when viewed in DETAIL view.

Log from the SEPM on the client

———————————————–

Client Affected

Computer Name    
Current:    LaptopHostname
When event occurred:    LaptopHostname

IP Address    
Current:    10.2.xx4.136 **(this is the actual Laptop’s IP)
When event occurred:    10.2.xx4.254 **(This is the wireless controller/AP)
Local MAC:    1C4D7072Dxxx **(this is the Laptops MAC address)
User Name:    Username
Operating system:    Windows 10 Enterprise Edition
Location Name:    Default
Domain Name:    exampledomain.com
Group Name:    My CompanyexampledomainClient DevicesC **(site `C`)
Server Name:    xxx-SEPM-01
Site Name:    Site:xxx_SEPM

Risk Detected
Event Time:    18/07/2019 18:04:29
Begin Time:    18/07/2019 18:03:25
End Time:    18/07/2019 18:03:25
Number:    6
Event Description:    Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer. Packet data is shown in the right window.
Event Type:    MAC Spoofing
Hack Type:    0
Severity:    Minor and above
Application Name:    NA
Network Protocol:    Other
Traffic Direction:    Inbound
Remote IP:    10.2.xx4.136 **(this is the Laptops IP address)
Remote MAC:    B40C25E08010 **(this is the wireless controller/AP MAC address)
Remote Host Name:    N/A
Alert:    1
Local Port:    0
Remote Port:    0

So I am confused with why the SEPM log has picked up the wireless IP address as its IP address (also actual client IP address and MAC) under – When Event Occured (under IP address section)? This then inturn looks like it then analysing the remote IP (which is the laptops actual IP address) and the Remote MAC of the wireless device, so all confused and now alerting.

Question 2

Am i reading the above log correctly?

Any help would be appreciated.

Thanks

0

Related:

  • No Related Posts