Memorise

Exchange Server 2013 and 2016 Standard Edition can’t mount databases that are larger than 1024 GB

Applies to: Exchange Server 2013 Standard EditionExchange Server 2016 Standard Edition

This issue occurs because the default database size limit for Exchange Server 2013 Standard Edition and Exchange Server 2016 Standard Edition is 1,024 gigabytes (GB). There is no default database size limit for the Enterprise Edition. The Exchange store checks database size limits periodically and dismounts a database when the size limit is reached. Therefore, this issue may occur after the database is automatically dismounted.

Additionally, when you perform a failover of the database, the failover fails, and an event that resembles the following is logged in Event Viewer:

Note The database maximum size is hard-coded as 1,024 GB in the event, even though you may have changed it to a higher value in the registry.

Resolution


In order to have the full functionality of the Exchange database availability group (DAG) again, you must buy an Enterprise Edition license and apply it to the server.

Workaround


Important
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.To mount the database again, and to prevent the database from being automatically dismounted, follow these steps:

  1. Start Registry Editor.
  2. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-<database GUID>

    Note You can retrieve the GUID of a database by running the following command in the Exchange Management Shell:

    Get-MailboxDatabase -Identity "<database name>" | Format-Table Name, GUID
  3. If the Database Size Limit in GB DWORD value exists for the subkey, change it to the size that you want, in GB.
  4. If the Database Size Limit in GB DWORD value does not exist for the subkey, create a new DWORD value with that name, and then set its value to the size that you want, in GB.
  5. Mount the database on the server by using Exchange Management Shell and the -Force switch.

Notes

  • When you change this setting, the change is propagated to all servers that host a copy of this database.
  • This registry key may be deleted after an Exchange cumulative update is applied.
  • This registry setting still does not allow the automatic failover of databases within the DAG. You must use the -Force switch when you mount the database with this registry setting in place.

THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE

login as: root
Using keyboard-interactive authentication.
Password:
Last login: Fri Jun 29 09:58:18 2018 from 83.244.171.242
— JUNOS 15.1X49-D45 built 2016-04-25 07:29:58 UTC

***********************************************************************
** **
** WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE **
** **
** It is possible that the primary copy of JUNOS failed to boot up **
** properly, and so this device has booted from the backup copy. **
** **
** Please re-install JUNOS to recover the primary copy in case **
** it has been corrupted and if auto-snapshot feature is not **
** enabled. **
** **
***********************************************************************

root@FW01-SHIRAJ-SRX% cli
shroot@FW01-SHIRAJ-SRX> show chassis alarms
1 alarms currently active
Alarm time Class Description
2018-06-28 12:48:36 GMT Minor Host 0 Boot from backup root <– This is where its booted from

root@FW01-SHIRAJ-SRX> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: backup (da0s1a) <– This is the partitions name

Partitions information:
Partition Size Mountpoint
s1a 2.4G /
s2a 2.4G altroot
s3e 185M /config
s3f 2.1G /var
s4a 224M recovery
s4e 15M

root@FW01-SHIRAJ-SRX> show system snapshot media internal
Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Jun 28 12:44:56 2018
Information for snapshot on internal (/dev/da0s2a) (primary)
Creation date: Nov 20 22:15:26 2016
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic <– This is the version it was on before the crash

root@FW01-SHIRAJ-SRX> request system snapshot media internal slice alternate <– Copy the working partition to crashed partition
Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were SHIRAJhived: /

root@FW01-SHIRAJ-SRX> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: backup (da0s1a)

Partitions information:
Partition Size Mountpoint
s1a 2.4G /
s2a 2.4G altroot
s3e 185M /config
s3f 2.1G /var
s4a 224M recovery
s4e 15M

root@FW01-SHIRAJ-SRX> show system alarms
1 alarms currently active
Alarm time Class Description
2018-06-28 12:48:36 GMT Minor Host 0 Boot from backup root

root@FW01-SHIRAJ-SRX> show system snapshot media internal slice 1
Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Jun 28 12:44:56 2018
Information for snapshot on internal (/dev/da0s2a) (primary)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic <– once copied check the partion have same version on slice 1 and slice 2

root@FW01-SHIRAJ-SRX> show system snapshot media internal slice 2
Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Jun 28 12:44:56 2018
Information for snapshot on internal (/dev/da0s2a) (primary)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic <– once copied check version is same

root@FW01-SHIRAJ-SRX>
root@FW01-SHIRAJ-SRX> request system reboot media internal
Reboot the system ? [yes,no] (no) yes

Shutdown NOW!
[pid 9183]

root@FW01-SHIRAJ-SRX>
*** FINAL System shutdown message from root@FW01-SHIRAJ-SRX ***

System going down IMMEDIATELY

TO UPDATE THE VERSION

root@FW01-SHIRAJ-SRX> request system software add no-copy no-validate /var/tmp/junos-srxsme-15.1X49-D60.7-domestic.tgz reboot <– update the software verion

root@FW01-SHIRAJ-SRX>
login as: root
Using keyboard-interactive authentication.
Password:
Last login: Fri Jun 29 11:10:42 2018 from 81.103.90.67
— JUNOS 15.1X49-D60.7 built 2016-09-13 22:27:47 UTC

root@FW01-SHIRAJ-SRX%
root@FW01-SHIRAJ-SRX%
root@FW01-SHIRAJ-SRX> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s1a
Backup Partition: da0s2a
Currently booted from: active (da0s1a)

Partitions information:
Partition Size Mountpoint
s1a 2.4G /
s2a 2.4G altroot
s3e 185M /config
s3f 2.1G /var
s4a 224M recovery
s4e 15M

root@FW01-SHIRAJ-SRX> show system snapshot media internal
Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Jun 29 11:41:10 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic <– check the backup partion have same version as primary

root@FW01-SHIRAJ-SRX> show system snapshot media internal slice 2
Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Jun 29 11:41:10 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic

root@FW01-SHIRAJ-SRX> request system snapshot media internal slice alternate <– copy the primary partition to backup
Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were SHIRAJhived: /

root@FW01-SHIRAJ-SRX> show system snapshot media internal
Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Jun 29 11:41:10 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic <– check the partition have same version
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jun 29 11:58:33 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic <– check the partition have same version

root@FW01-SHIRAJ-SRX>


Junos Space Password Recovery

Junos Space Password Recovery

Change admin password

You can change the admin password via the CLI option 1

Welcome to the Junos Space network settings utility.

Initializing, please wait

Junos Space Settings Menu

1> Change Password
2> Change Network Settings
3> Change Time Options
4> Retrieve Logs
5> Security
6> Expand VM Drive Size
7> (Debug) run shell

A> Apply changes
Q> Quit
R> Redraw Menu

Choice [1-7,AQR]:

Change Super user password

You are able to reset the super password back to factory default juniper123 by changing the mysql database. You will need to access the “run shell” (option 7) and run the command below:

mysql -u jboss -pnetscreen build_db

Once you have run this command you get this output:

[root@space-005056b07af1 ~]# mysql -u jboss -pnetscreen build_db
Warning: Using a password on the command line interface can be insecure.
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 225
Server version: 5.6.20-enterprise-commercial-advanced-log MySQL Enterprise Server - Advanced Edition (Commercial)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Now that we are into mysql, we can reset the “super” or user “enroute1” password back to the default of juniper123

mysql> update USER set password="ok89Nva6qHxytSHsP8AeLg==" where name="super";
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

Having updated the password, we can exit mysql and you should be able to log onto

To update the maintenance mode password

You will need to update the htpasswd file, with the new password for the “maintenance” user

htpasswd -sb /var/www/maintenance/maintPW maintenance password

Once this has been run, you will see this output:

[root@space-005056b0fdf8 ~]# htpasswd -sb /var/www/maintenance/maintPW maintenance password123
Updating password for user maintenance

To just fix the issue with the expired date:
update USER set expiryDate=”2029-11-21 07:51:54″ where name=”super”;

How To Fix “Device eth0 does not seem to be present, delaying initialization” Error

check network:

# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

 Try to start Eth0 device

# ifup eth0
Device eth0 does not seem to be present, delaying initialisation

To Solve this :

Delete networking interface rules file so that it can be regenerated and reboot your CentOS system.

# rm /etc/udev/rules.d/70-persistent-net.rules
# reboot

For me at this point my issue was resolved.

New Mac address has been generated:

# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x8086:0x100e (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:fe:c1:03", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

Now edit /etc/sysconfig/network-scripts/ifcfg-eth0,

Add   new  HWADDR generated or  remove it 
Remove UUID   line

Restart the networking service

# service network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Determining if ip address 192.168.1.99 is already in use for device eth0...
                                                           [  OK  ]
# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:FE:C1:03
          inet addr:192.168.1.99  Bcast:xxxxxxxx  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fefe:c103/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4400 errors:0 dropped:0 overruns:0 frame:0
          TX packets:129 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:387597 (378.5 KiB)  TX bytes:19567 (19.1 KiB)

Change / Update / Replace SSL Certificate on Windows Server 2012 R2 ADFS / WAP Servers

Change/Update/Replace SSL Certificate on Windows Server 2012 R2 ADFS/WAP Servers

You need a cert that has a private key that corresponds to the certificate. If you don’t make sure that you export the PFX and be sure to include the private key. It’s easy to miss this in the export wizard.

After you have the certificate imported into the ADFS Servers “Personal Store” then you need to make sure that you assign the appropriate permissions to the certificate. Specifically, you need to assign full control to the ADFS service account.

Now you’ll want to bounce over to the ADFS Console to “Set Service Communications Certificate”

You can do this via PowerShell as well:

Run Get-AdfsSslCertificate. Make a note of the thumbprint of the new certificate.

Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint thumbprint

Set-AdfsSslCertificate -Thumbprint thumbprint


i.e:
Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint DDEFDF4A73F48AD079B2C1BCBC60610863A3A7C9

Set-AdfsSslCertificate -Thumbprint DDEFDF4A73F48AD079B2C1BCBC60610863A3A7C9

Restart the ADFS Service (restart-service adfssrv)

if you get error with certificate don’t have private key use the certutil to repair

C:UsersAdministrator>certutil -repairstore my “77 f0 55 c4 4d 01 db 18”

you should see message like CertUtil: -repairstore command completed successfully. C:UsersAdministrator>

— Full GUI version —

You need a cert that has a private key that corresponds to the certificate.  If you don’t make sure that you export the PFX and be sure to include the private key.  It’s easy to miss this in the export wizard.

image

When you walk through the export wizard – make sure you choose the option to include the private key.

image

image

After you have the certificate imported into the ADFS Servers “Personal Store” then you need to make sure that you assign the appropriate permissions to the certificate.  Specifically, you need to assign full control to the ADFS service account.  If you are using a managed service account be sure to scope your search for that when assigning permissions.

image

image

Now you’ll want to bounce over to the ADFS Console to “Set Service Communications Certificate”

You can do this via PowerShell as well:

Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint thumbprint
Set-AdfsSslCertificate -Thumbprint thumbprint

image

You’ll see all the certs in the personal store enumerated – be sure to pick the right one (there is an option to view the cert before selecting it).  If you don’t see your cert it means you didn’t import it correctly or there’s no private key that corresponds to the cert.

Now you need to open PowerShell to run a few commands.

Run Get-AdfsSslCertificate.  Make a note of the thumbprint of the new certificate.

image

WARNING!!!

You might run into what I did which is what was messing me up and prompted me to author this article.  For some reason for me when I issue the Get-AdfsSslCertificate command it still showed my OLD certificate – not the new one that I just updated with the set service communication certificate step above.  You’ll need to confirm this by going into the certificate store and looking at the details of the certificate you set to be the service communication cert to see if the thumbprint there matches what you see with the GET command.  In my case, it didn’t match.

image

At this point you want to take that hex and paste it out to notepad and then remove all of the spaces and then when you issue the SET command make sure to paste that value for the CORRECT certificate in as the thumbprint.

Next run Set-AdfsSslCertification –thumbprint XXXXXXXXXXXXXXXXXXXXXX

Restart the ADFS Service (restart-service adfssrv)

The Powershell for all of this (including installing the role/feature) is:

Install-WebApplicationProxy -FederationServiceTrustCredential System.Management.Automation.PSCredential -CertificateThumbprint ‘thumbprintwiththequotes’ -FederationServiceName ‘adfs.getmobile.mobi’

OPTIONAL: Using a Web Application Proxy Server

Now if you are using a Web Application Proxy Server in front of your ADFS Server you need to do a few things.

I used the MMC console to see the certificate store on my ADFS server to export the PFX with the private key (make sure you do that!) so that I could import that key over on my WAP server.  Once you have that PFX just copy it over to the WAP and click on it – make sure that you import it into the PERSONAL STORE.  You can then open the MMC console to see the certificates there and make sure that it has been imported properly to the WAP.

image

image

Now at this point you should be able to run a PS command to replace the SSL cert and then restart the adfssrv on the WAP and you’re good to go.  For whatever reason that didn’t work for me so I just removed/reinstalled the WAP feature.  If you already have published web applications those won’t go away.  When you reinstall the WAP feature you’ll see your list of published apps show back up.  Basically, just walk through the wizard setup for the WAP again and then select the certificate we’ve been talking about from the list when the setup asks you.  That worked like a charm for me.

You can try the PowerShell commands here – hopefully they work for you:

Set-WebApplicationProxySslCertificate -Thumbprint thumbprint (the thumbprint is the same as the one we used above so you should be able to just copy and paste.  If you want to get it again you can issue the GET instead of the SET to see the thumbprints for the certs)

You’ll need to restart the service on the WAP:  Restart-Service adfssrv


How to configure shared Office 365 mailbox on iOS

Configuring a shared Office 365 mailbox on an iOS device using IMAP

Updated 27/07/17

On the iPad or iPhone, go to SETTINGS > MAIL > ADD ACCOUNT
Select OTHER from the list of types.
iOS Shared Office 365 Mailbox Step 1
Select ADD MAIL ACCOUNT

iOS Shared Office 365 Mailbox Step 2
Enter a name for the mail account (eg “Enquiries”)
Enter the email address of the shared mailbox
Enter the password of a mailbox that has access to the shared mailbox (eg your own password if you have access to the shared mailbox)
Enter a description for the mailbox (eg “Enquiries”)
Tap NEXT
Select IMAP
iOS Shared Office 365 Mailbox Step 3
Fill in the blank information:

iOS Shared Office 365 Mailbox Step 4

i) Host name: outlook.office365.com

ii) In the user name box, enter the email address of the account that has access to the shared mailbox, followed by a “\” and then the email address of the shared mailbox itself. (eg “your.name@yourdomain.com\enquiries@yourdomain.com”)

iii) Outgoing mail server: smtp.office365.com

iv) User name: Enter the email address of the mailbox with the permission to “send as” the shared mailbox.

v) Password: Enter the password of the mailbox with the permission to access the shared mailbox (same as step ‘iv’ above)

vi) Tap NEXT

Tap SAVE.
iOS Shared Office 365 Mailbox Step 5
Switch off the NOTES sync which should leave just MAIL switched on.
Tap SAVE
Exit the MAIL app by ending the task (doublle press the HOME button and slide the Mail app off the top of the screen)
Enter the MAIL app and check that the account works

 


Debugging a Site to Site VPN on an Juniper SRX series

Within this article we will look at the various steps required in debugging a Site to Site VPN on an SRX series gateway.

1. CONFIRM CONFIGURATION

First of all check the VPN configuration. This is also useful if and when you need to confirm the Phase 1 and Phase 2 parameter’s with the remote end.

admin@srx> show configuration security ike
admin@srx> show configuration security ipsec

2. CONFIRM PHASE 1

To confirm the successful completion of Phase 1 run the following command. If Phase 1 fails to complete revisit your Phase 1 parameters using the commands shown in Section 1.

admin@srx> show security ike security-associations
node1:
————————————————————————–
Index   Remote Address  State  Initiator cookie  Responder cookie  Mode
6950    [LOCAL PEER IP]  UP     33204fba87663d94  70acacd5f938f89b  Main

3. CONFIRM PHASE 2

To confirm the successful completion of Phase 2 run the following command. If Phase 2 fails to complete revisist your Phase 2 parameters using the commands shown in Section 1.

admin@srx> show security ipsec security-associations
node1:
————————————————————————–
Total active tunnels: 2
ID    Gateway          Port  Algorithm       SPI      Life:sec/kb  Mon vsys
<131073 [LOCAL PEER IP] 500   ESP:aes-128/sha1 4fb2c1cc 2041/ unlim  –   root
>131073 [LOCAL PEER IP] 500   ESP:aes-128/sha1 3e576ead 2041/ unlim  –   root

If Phase 2 has completed you can confirm further details on each of the SA`s (Security Associations) by using the SA index.

admin@srx> show security ipsec security-associations index 131073
node1:
————————————————————————–
Virtual-system: root
Local Gateway: [REMOTE PEER IP], Remote Gateway: [LOCAL PEER IP]
Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
DF-bit: clear
Direction: inbound, SPI: 4fb2c1cc, AUX-SPI: 0
, VPN Monitoring: –
Hard lifetime: Expires in 2028 seconds
Lifesize Remaining:  Unlimited
Soft lifetime: Expires in 1448 seconds
Mode: tunnel, Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
Anti-replay service: counter-based enabled, Replay window size: 64

Direction: outbound, SPI: 3e576ead, AUX-SPI: 0
, VPN Monitoring: –
Hard lifetime: Expires in 2028 seconds
Lifesize Remaining:  Unlimited
Soft lifetime: Expires in 1448 seconds
Mode: tunnel, Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
Anti-replay service: counter-based enabled, Replay window size: 64

4. IPSEC STATISTICS

To confirm statistics based on the Phase 2 SA run the following command. The output will contain a number of counters. The most interesting of these (for troubleshooting purposes) are the Encrypted and Decrypted counters.

admin@srx> show security ipsec statistics index 131073
node1:
————————————————————————–
ESP Statistics:
Encrypted bytes:        133593600
Decrypted bytes:       1128704777
Encrypted packets:         923864
Decrypted packets:        1438716
AH Statistics:
Input bytes:                    0
Output bytes:                   0
Input packets:                  0
Output packets:                 0
Errors:
AH authentication failures: 0, Replay errors: 1021
ESP authentication failures: 0, ESP decryption failures: 0
Bad headers: 0, Bad trailers: 0

5. PERFORM DEBUG (TRAFFIC)

If Phase 1 and Phase 2 are both establishing but traffic is still not passing the VPN tunnel, a packet-filter traffic debug of the tunnel will provide further granularity into each of the steps the packet takes.

admin@srx> configuration
admin@srx# edit security flow traceoptions

[edit security flow traceoptions]
admin@srx# set file vpn-debug
admin@srx# set flag basic-datapath
admin@srx# set flag packet-drops
admin@srx# set level 15

admin@srx# set packet-filter filter1 source-prefix [LOCAL PEER IP]
admin@srx# set packet-filter filter1 destination-prefix [REMOTE PEER IP]
admin@srx# set packet-filter filter1 protocol esp
admin@srx# set packet-filter filter2 destination-prefix [LOCAL PEER IP]
admin@srx# set packet-filter filter2 source-prefix [REMOTE PEER IP]
admin@srx# set packet-filter filter2 protocol esp

admin@srx# set packet-filter filter3 destination-prefix [INTERNAL SERVER IP]
admin@srx# set packet-filter filter3 destination-port ssh
admin@srx# set packet-filter filter3 protocol tcp
admin@srx# set packet-filter filter4 source-prefix [INTERNAL SERVER IP]
admin@srx# set packet-filter filter4 destination-port ssh
admin@srx# set packet-filter filter4 protocol tcp

admin@srx# run show log vpn-debug

6. PERFORM DEBUG (CRYPTO)

To debug the crypto engine the following commands are run.

admin@srx> configuration
admin@srx# edit security ike traceoptions

[edit security ike traceoptions]
admin@srx# set file vpn-debug-ike
admin@srx# set flag all
admin@srx# set level 15
admin@srx# top

[edit]
admin@srx# edit security ipsec traceoptions

[edit security ipsec traceoptions]
admin@srx# set file vpn-debug-ipsec
admin@srx# set flag all
admin@srx# set level 15

admin@srx# run show log vpn-debug-ike
admin@srx# run show log vpn-debug-ipsec

7. ADDITIONAL

A useful tip when viewing the debug logs is to tail the file via the shell whilst also removing the empty lines. This a) makes it easier to view and 2) also (as long as your ssh client buffer is configured correctly) allows you to go back over previous output should the debug log reach its maximum size.

root@srx100> start shell
root@srx100% tail -f /var/log/[logfile] | grep -Evi ^$


CAN NOT ACCESS TO HTTPS MANAGEMENT OF JUNIPER SSG VI CHROME (ERROR CODE: ERR_SSL_VERSION_OR_CIPHER_MISMATCH)

Can not access to https management of Juniper SSG through Chrome (Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH)

A secure connection cannot be established because this site uses an unsupported protocol.
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Resolution 1:
1. Go to the "Chrome://flags" from the address bar.
2. Find "Minimum SSL/TLS" version support"
3. Select " SSLv3" option. 

Resolution 2:
Access to WEB UI of ScreenOS
1. Go to Configuration/Admin/Management
2. Change Cipher to DES-SHA1 / 3DES-SHA1
3. Apply
Resolution 3 (best option):

1. Login to SSG using ssh then type

set ssl encrypt 3des sha-1

Excel formulas not updating

Symptoms: The value returned by your Excel formula does not update automatically, i.e. the formula continues to show the old value even after you’ve changed the values of the dependent cells.

When Excel formulas are not updating automatically, most likely it’s because the Calculationsetting has been changed to Manual instead of Automatic. To fix this, just set the Calculation option to Automatic again.

On the Excel ribbon, go to the Formulas tab > Calculation group, click the Calculation Optionsbutton, and select Automatic:
For Excel formulas to update automatically, enable 'Automatic' under Calculation Options.

Alternatively, you can change this setting in Excel Options:

  • In Excel 2003, click Tools > Options > Calculation > Calculation > Automatic.
  • In Excel 2007, click Office button > Excel options > Formulas > Workbook Calculation Automatic.
  • In Excel 2010Excel 2013, and Excel 2016, go to File > Options > Formulas > Calculation optionssection, and select Automatic under Workbook Calculation.

Another way to turn on the Automatic Calculation setting.


Unable to open ILO3 with TLS 1.2

In this case I was unable to connect to ILO3 on HP DL 380 G7 with Internet Explorer 11 from Windows 8.1 client workstation. ILO Firmware version was 1.20. Starting from Windows 8.1 and Internet Explorer 11 all TLS protocols are enabled and supported by default:

ILO was not failing back to lower version of TLS if TLS 1.2 was selected. After unselecting TLS 1.2 from Internet Explorer 11, I was able to connect to ILO interface. This is issue was resolved with later version ILO firmware. So, after patching the server with latest ILO firmware, I was able to connect to ILO3 interface using Internet Explorer 11 with TLS 1.2  selected.