Memorise

THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE

login as: root
Using keyboard-interactive authentication.
Password:
Last login: Fri Jun 29 09:58:18 2018 from 83.244.171.242
— JUNOS 15.1X49-D45 built 2016-04-25 07:29:58 UTC

***********************************************************************
** **
** WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE **
** **
** It is possible that the primary copy of JUNOS failed to boot up **
** properly, and so this device has booted from the backup copy. **
** **
** Please re-install JUNOS to recover the primary copy in case **
** it has been corrupted and if auto-snapshot feature is not **
** enabled. **
** **
***********************************************************************

root@FW01-SHIRAJ-SRX% cli
shroot@FW01-SHIRAJ-SRX> show chassis alarms
1 alarms currently active
Alarm time Class Description
2018-06-28 12:48:36 GMT Minor Host 0 Boot from backup root <– This is where its booted from

root@FW01-SHIRAJ-SRX> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: backup (da0s1a) <– This is the partitions name

Partitions information:
Partition Size Mountpoint
s1a 2.4G /
s2a 2.4G altroot
s3e 185M /config
s3f 2.1G /var
s4a 224M recovery
s4e 15M

root@FW01-SHIRAJ-SRX> show system snapshot media internal
Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Jun 28 12:44:56 2018
Information for snapshot on internal (/dev/da0s2a) (primary)
Creation date: Nov 20 22:15:26 2016
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic <– This is the version it was on before the crash

root@FW01-SHIRAJ-SRX> request system snapshot media internal slice alternate <– Copy the working partition to crashed partition
Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were SHIRAJhived: /

root@FW01-SHIRAJ-SRX> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: backup (da0s1a)

Partitions information:
Partition Size Mountpoint
s1a 2.4G /
s2a 2.4G altroot
s3e 185M /config
s3f 2.1G /var
s4a 224M recovery
s4e 15M

root@FW01-SHIRAJ-SRX> show system alarms
1 alarms currently active
Alarm time Class Description
2018-06-28 12:48:36 GMT Minor Host 0 Boot from backup root

root@FW01-SHIRAJ-SRX> show system snapshot media internal slice 1
Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Jun 28 12:44:56 2018
Information for snapshot on internal (/dev/da0s2a) (primary)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic <– once copied check the partion have same version on slice 1 and slice 2

root@FW01-SHIRAJ-SRX> show system snapshot media internal slice 2
Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Jun 28 12:44:56 2018
Information for snapshot on internal (/dev/da0s2a) (primary)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic <– once copied check version is same

root@FW01-SHIRAJ-SRX>
root@FW01-SHIRAJ-SRX> request system reboot media internal
Reboot the system ? [yes,no] (no) yes

Shutdown NOW!
[pid 9183]

root@FW01-SHIRAJ-SRX>
*** FINAL System shutdown message from root@FW01-SHIRAJ-SRX ***

System going down IMMEDIATELY

TO UPDATE THE VERSION

root@FW01-SHIRAJ-SRX> request system software add no-copy no-validate /var/tmp/junos-srxsme-15.1X49-D60.7-domestic.tgz reboot <– update the software verion

root@FW01-SHIRAJ-SRX>
login as: root
Using keyboard-interactive authentication.
Password:
Last login: Fri Jun 29 11:10:42 2018 from 81.103.90.67
— JUNOS 15.1X49-D60.7 built 2016-09-13 22:27:47 UTC

root@FW01-SHIRAJ-SRX%
root@FW01-SHIRAJ-SRX%
root@FW01-SHIRAJ-SRX> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s1a
Backup Partition: da0s2a
Currently booted from: active (da0s1a)

Partitions information:
Partition Size Mountpoint
s1a 2.4G /
s2a 2.4G altroot
s3e 185M /config
s3f 2.1G /var
s4a 224M recovery
s4e 15M

root@FW01-SHIRAJ-SRX> show system snapshot media internal
Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Jun 29 11:41:10 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic <– check the backup partion have same version as primary

root@FW01-SHIRAJ-SRX> show system snapshot media internal slice 2
Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Jun 29 11:41:10 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic

root@FW01-SHIRAJ-SRX> request system snapshot media internal slice alternate <– copy the primary partition to backup
Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were SHIRAJhived: /

root@FW01-SHIRAJ-SRX> show system snapshot media internal
Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Jun 29 11:41:10 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic <– check the partition have same version
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jun 29 11:58:33 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic <– check the partition have same version

root@FW01-SHIRAJ-SRX>


Junos Space Password Recovery

Junos Space Password Recovery

Change admin password

You can change the admin password via the CLI option 1

Welcome to the Junos Space network settings utility.

Initializing, please wait

Junos Space Settings Menu

1> Change Password
2> Change Network Settings
3> Change Time Options
4> Retrieve Logs
5> Security
6> Expand VM Drive Size
7> (Debug) run shell

A> Apply changes
Q> Quit
R> Redraw Menu

Choice [1-7,AQR]:

Change Super user password

You are able to reset the super password back to factory default juniper123 by changing the mysql database. You will need to access the “run shell” (option 7) and run the command below:

mysql -u jboss -pnetscreen build_db

Once you have run this command you get this output:

[root@space-005056b07af1 ~]# mysql -u jboss -pnetscreen build_db
Warning: Using a password on the command line interface can be insecure.
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 225
Server version: 5.6.20-enterprise-commercial-advanced-log MySQL Enterprise Server - Advanced Edition (Commercial)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Now that we are into mysql, we can reset the “super” or user “enroute1” password back to the default of juniper123

mysql> update USER set password="ok89Nva6qHxytSHsP8AeLg==" where name="super";
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

Having updated the password, we can exit mysql and you should be able to log onto

To update the maintenance mode password

You will need to update the htpasswd file, with the new password for the “maintenance” user

htpasswd -sb /var/www/maintenance/maintPW maintenance password

Once this has been run, you will see this output:

[root@space-005056b0fdf8 ~]# htpasswd -sb /var/www/maintenance/maintPW maintenance password123
Updating password for user maintenance

To just fix the issue with the expired date:
update USER set expiryDate=”2029-11-21 07:51:54″ where name=”super”;

How To Fix “Device eth0 does not seem to be present, delaying initialization” Error

check network:

# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

 Try to start Eth0 device

# ifup eth0
Device eth0 does not seem to be present, delaying initialisation

To Solve this :

Delete networking interface rules file so that it can be regenerated and reboot your CentOS system.

# rm /etc/udev/rules.d/70-persistent-net.rules
# reboot

For me at this point my issue was resolved.

New Mac address has been generated:

# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x8086:0x100e (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:fe:c1:03", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

Now edit /etc/sysconfig/network-scripts/ifcfg-eth0,

Add   new  HWADDR generated or  remove it 
Remove UUID   line

Restart the networking service

# service network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Determining if ip address 192.168.1.99 is already in use for device eth0...
                                                           [  OK  ]
# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:FE:C1:03
          inet addr:192.168.1.99  Bcast:xxxxxxxx  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fefe:c103/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4400 errors:0 dropped:0 overruns:0 frame:0
          TX packets:129 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:387597 (378.5 KiB)  TX bytes:19567 (19.1 KiB)

Change / Update / Replace SSL Certificate on Windows Server 2012 R2 ADFS / WAP Servers

Change/Update/Replace SSL Certificate on Windows Server 2012 R2 ADFS/WAP Servers

You need a cert that has a private key that corresponds to the certificate. If you don’t make sure that you export the PFX and be sure to include the private key. It’s easy to miss this in the export wizard.

After you have the certificate imported into the ADFS Servers “Personal Store” then you need to make sure that you assign the appropriate permissions to the certificate. Specifically, you need to assign full control to the ADFS service account.

Now you’ll want to bounce over to the ADFS Console to “Set Service Communications Certificate”

You can do this via PowerShell as well:

Run Get-AdfsSslCertificate. Make a note of the thumbprint of the new certificate.

Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint thumbprint

Set-AdfsSslCertificate -Thumbprint thumbprint


i.e:
Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint DDEFDF4A73F48AD079B2C1BCBC60610863A3A7C9

Set-AdfsSslCertificate -Thumbprint DDEFDF4A73F48AD079B2C1BCBC60610863A3A7C9

Restart the ADFS Service (restart-service adfssrv)

if you get error with certificate don’t have private key use the certutil to repair

C:UsersAdministrator>certutil -repairstore my “77 f0 55 c4 4d 01 db 18”

you should see message like CertUtil: -repairstore command completed successfully. C:UsersAdministrator>

— Full GUI version —

You need a cert that has a private key that corresponds to the certificate.  If you don’t make sure that you export the PFX and be sure to include the private key.  It’s easy to miss this in the export wizard.

image

When you walk through the export wizard – make sure you choose the option to include the private key.

image

image

After you have the certificate imported into the ADFS Servers “Personal Store” then you need to make sure that you assign the appropriate permissions to the certificate.  Specifically, you need to assign full control to the ADFS service account.  If you are using a managed service account be sure to scope your search for that when assigning permissions.

image

image

Now you’ll want to bounce over to the ADFS Console to “Set Service Communications Certificate”

You can do this via PowerShell as well:

Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint thumbprint
Set-AdfsSslCertificate -Thumbprint thumbprint

image

You’ll see all the certs in the personal store enumerated – be sure to pick the right one (there is an option to view the cert before selecting it).  If you don’t see your cert it means you didn’t import it correctly or there’s no private key that corresponds to the cert.

Now you need to open PowerShell to run a few commands.

Run Get-AdfsSslCertificate.  Make a note of the thumbprint of the new certificate.

image

WARNING!!!

You might run into what I did which is what was messing me up and prompted me to author this article.  For some reason for me when I issue the Get-AdfsSslCertificate command it still showed my OLD certificate – not the new one that I just updated with the set service communication certificate step above.  You’ll need to confirm this by going into the certificate store and looking at the details of the certificate you set to be the service communication cert to see if the thumbprint there matches what you see with the GET command.  In my case, it didn’t match.

image

At this point you want to take that hex and paste it out to notepad and then remove all of the spaces and then when you issue the SET command make sure to paste that value for the CORRECT certificate in as the thumbprint.

Next run Set-AdfsSslCertification –thumbprint XXXXXXXXXXXXXXXXXXXXXX

Restart the ADFS Service (restart-service adfssrv)

The Powershell for all of this (including installing the role/feature) is:

Install-WebApplicationProxy -FederationServiceTrustCredential System.Management.Automation.PSCredential -CertificateThumbprint ‘thumbprintwiththequotes’ -FederationServiceName ‘adfs.getmobile.mobi’

OPTIONAL: Using a Web Application Proxy Server

Now if you are using a Web Application Proxy Server in front of your ADFS Server you need to do a few things.

I used the MMC console to see the certificate store on my ADFS server to export the PFX with the private key (make sure you do that!) so that I could import that key over on my WAP server.  Once you have that PFX just copy it over to the WAP and click on it – make sure that you import it into the PERSONAL STORE.  You can then open the MMC console to see the certificates there and make sure that it has been imported properly to the WAP.

image

image

Now at this point you should be able to run a PS command to replace the SSL cert and then restart the adfssrv on the WAP and you’re good to go.  For whatever reason that didn’t work for me so I just removed/reinstalled the WAP feature.  If you already have published web applications those won’t go away.  When you reinstall the WAP feature you’ll see your list of published apps show back up.  Basically, just walk through the wizard setup for the WAP again and then select the certificate we’ve been talking about from the list when the setup asks you.  That worked like a charm for me.

You can try the PowerShell commands here – hopefully they work for you:

Set-WebApplicationProxySslCertificate -Thumbprint thumbprint (the thumbprint is the same as the one we used above so you should be able to just copy and paste.  If you want to get it again you can issue the GET instead of the SET to see the thumbprints for the certs)

You’ll need to restart the service on the WAP:  Restart-Service adfssrv


How to configure shared Office 365 mailbox on iOS

Configuring a shared Office 365 mailbox on an iOS device using IMAP

Updated 27/07/17

On the iPad or iPhone, go to SETTINGS > MAIL > ADD ACCOUNT
Select OTHER from the list of types.
iOS Shared Office 365 Mailbox Step 1
Select ADD MAIL ACCOUNT

iOS Shared Office 365 Mailbox Step 2
Enter a name for the mail account (eg “Enquiries”)
Enter the email address of the shared mailbox
Enter the password of a mailbox that has access to the shared mailbox (eg your own password if you have access to the shared mailbox)
Enter a description for the mailbox (eg “Enquiries”)
Tap NEXT
Select IMAP
iOS Shared Office 365 Mailbox Step 3
Fill in the blank information:

iOS Shared Office 365 Mailbox Step 4

i) Host name: outlook.office365.com

ii) In the user name box, enter the email address of the account that has access to the shared mailbox, followed by a “\” and then the email address of the shared mailbox itself. (eg “your.name@yourdomain.com\enquiries@yourdomain.com”)

iii) Outgoing mail server: smtp.office365.com

iv) User name: Enter the email address of the mailbox with the permission to “send as” the shared mailbox.

v) Password: Enter the password of the mailbox with the permission to access the shared mailbox (same as step ‘iv’ above)

vi) Tap NEXT

Tap SAVE.
iOS Shared Office 365 Mailbox Step 5
Switch off the NOTES sync which should leave just MAIL switched on.
Tap SAVE
Exit the MAIL app by ending the task (doublle press the HOME button and slide the Mail app off the top of the screen)
Enter the MAIL app and check that the account works

 


Debugging a Site to Site VPN on an Juniper SRX series

Within this article we will look at the various steps required in debugging a Site to Site VPN on an SRX series gateway.

1. CONFIRM CONFIGURATION

First of all check the VPN configuration. This is also useful if and when you need to confirm the Phase 1 and Phase 2 parameter’s with the remote end.

admin@srx> show configuration security ike
admin@srx> show configuration security ipsec

2. CONFIRM PHASE 1

To confirm the successful completion of Phase 1 run the following command. If Phase 1 fails to complete revisit your Phase 1 parameters using the commands shown in Section 1.

admin@srx> show security ike security-associations
node1:
————————————————————————–
Index   Remote Address  State  Initiator cookie  Responder cookie  Mode
6950    [LOCAL PEER IP]  UP     33204fba87663d94  70acacd5f938f89b  Main

3. CONFIRM PHASE 2

To confirm the successful completion of Phase 2 run the following command. If Phase 2 fails to complete revisist your Phase 2 parameters using the commands shown in Section 1.

admin@srx> show security ipsec security-associations
node1:
————————————————————————–
Total active tunnels: 2
ID    Gateway          Port  Algorithm       SPI      Life:sec/kb  Mon vsys
<131073 [LOCAL PEER IP] 500   ESP:aes-128/sha1 4fb2c1cc 2041/ unlim  –   root
>131073 [LOCAL PEER IP] 500   ESP:aes-128/sha1 3e576ead 2041/ unlim  –   root

If Phase 2 has completed you can confirm further details on each of the SA`s (Security Associations) by using the SA index.

admin@srx> show security ipsec security-associations index 131073
node1:
————————————————————————–
Virtual-system: root
Local Gateway: [REMOTE PEER IP], Remote Gateway: [LOCAL PEER IP]
Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
DF-bit: clear
Direction: inbound, SPI: 4fb2c1cc, AUX-SPI: 0
, VPN Monitoring: –
Hard lifetime: Expires in 2028 seconds
Lifesize Remaining:  Unlimited
Soft lifetime: Expires in 1448 seconds
Mode: tunnel, Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
Anti-replay service: counter-based enabled, Replay window size: 64

Direction: outbound, SPI: 3e576ead, AUX-SPI: 0
, VPN Monitoring: –
Hard lifetime: Expires in 2028 seconds
Lifesize Remaining:  Unlimited
Soft lifetime: Expires in 1448 seconds
Mode: tunnel, Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
Anti-replay service: counter-based enabled, Replay window size: 64

4. IPSEC STATISTICS

To confirm statistics based on the Phase 2 SA run the following command. The output will contain a number of counters. The most interesting of these (for troubleshooting purposes) are the Encrypted and Decrypted counters.

admin@srx> show security ipsec statistics index 131073
node1:
————————————————————————–
ESP Statistics:
Encrypted bytes:        133593600
Decrypted bytes:       1128704777
Encrypted packets:         923864
Decrypted packets:        1438716
AH Statistics:
Input bytes:                    0
Output bytes:                   0
Input packets:                  0
Output packets:                 0
Errors:
AH authentication failures: 0, Replay errors: 1021
ESP authentication failures: 0, ESP decryption failures: 0
Bad headers: 0, Bad trailers: 0

5. PERFORM DEBUG (TRAFFIC)

If Phase 1 and Phase 2 are both establishing but traffic is still not passing the VPN tunnel, a packet-filter traffic debug of the tunnel will provide further granularity into each of the steps the packet takes.

admin@srx> configuration
admin@srx# edit security flow traceoptions

[edit security flow traceoptions]
admin@srx# set file vpn-debug
admin@srx# set flag basic-datapath
admin@srx# set flag packet-drops
admin@srx# set level 15

admin@srx# set packet-filter filter1 source-prefix [LOCAL PEER IP]
admin@srx# set packet-filter filter1 destination-prefix [REMOTE PEER IP]
admin@srx# set packet-filter filter1 protocol esp
admin@srx# set packet-filter filter2 destination-prefix [LOCAL PEER IP]
admin@srx# set packet-filter filter2 source-prefix [REMOTE PEER IP]
admin@srx# set packet-filter filter2 protocol esp

admin@srx# set packet-filter filter3 destination-prefix [INTERNAL SERVER IP]
admin@srx# set packet-filter filter3 destination-port ssh
admin@srx# set packet-filter filter3 protocol tcp
admin@srx# set packet-filter filter4 source-prefix [INTERNAL SERVER IP]
admin@srx# set packet-filter filter4 destination-port ssh
admin@srx# set packet-filter filter4 protocol tcp

admin@srx# run show log vpn-debug

6. PERFORM DEBUG (CRYPTO)

To debug the crypto engine the following commands are run.

admin@srx> configuration
admin@srx# edit security ike traceoptions

[edit security ike traceoptions]
admin@srx# set file vpn-debug-ike
admin@srx# set flag all
admin@srx# set level 15
admin@srx# top

[edit]
admin@srx# edit security ipsec traceoptions

[edit security ipsec traceoptions]
admin@srx# set file vpn-debug-ipsec
admin@srx# set flag all
admin@srx# set level 15

admin@srx# run show log vpn-debug-ike
admin@srx# run show log vpn-debug-ipsec

7. ADDITIONAL

A useful tip when viewing the debug logs is to tail the file via the shell whilst also removing the empty lines. This a) makes it easier to view and 2) also (as long as your ssh client buffer is configured correctly) allows you to go back over previous output should the debug log reach its maximum size.

root@srx100> start shell
root@srx100% tail -f /var/log/[logfile] | grep -Evi ^$


CAN NOT ACCESS TO HTTPS MANAGEMENT OF JUNIPER SSG VI CHROME (ERROR CODE: ERR_SSL_VERSION_OR_CIPHER_MISMATCH)

Can not access to https management of Juniper SSG through Chrome (Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH)

A secure connection cannot be established because this site uses an unsupported protocol.
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Resolution 1:
1. Go to the "Chrome://flags" from the address bar.
2. Find "Minimum SSL/TLS" version support"
3. Select " SSLv3" option. 

Resolution 2:
Access to WEB UI of ScreenOS
1. Go to Configuration/Admin/Management
2. Change Cipher to DES-SHA1 / 3DES-SHA1
3. Apply
Resolution 3 (best option):

1. Login to SSG using ssh then type

set ssl encrypt 3des sha-1

Excel formulas not updating

Symptoms: The value returned by your Excel formula does not update automatically, i.e. the formula continues to show the old value even after you’ve changed the values of the dependent cells.

When Excel formulas are not updating automatically, most likely it’s because the Calculationsetting has been changed to Manual instead of Automatic. To fix this, just set the Calculation option to Automatic again.

On the Excel ribbon, go to the Formulas tab > Calculation group, click the Calculation Optionsbutton, and select Automatic:
For Excel formulas to update automatically, enable 'Automatic' under Calculation Options.

Alternatively, you can change this setting in Excel Options:

  • In Excel 2003, click Tools > Options > Calculation > Calculation > Automatic.
  • In Excel 2007, click Office button > Excel options > Formulas > Workbook Calculation Automatic.
  • In Excel 2010Excel 2013, and Excel 2016, go to File > Options > Formulas > Calculation optionssection, and select Automatic under Workbook Calculation.

Another way to turn on the Automatic Calculation setting.


Unable to open ILO3 with TLS 1.2

In this case I was unable to connect to ILO3 on HP DL 380 G7 with Internet Explorer 11 from Windows 8.1 client workstation. ILO Firmware version was 1.20. Starting from Windows 8.1 and Internet Explorer 11 all TLS protocols are enabled and supported by default:

ILO was not failing back to lower version of TLS if TLS 1.2 was selected. After unselecting TLS 1.2 from Internet Explorer 11, I was able to connect to ILO interface. This is issue was resolved with later version ILO firmware. So, after patching the server with latest ILO firmware, I was able to connect to ILO3 interface using Internet Explorer 11 with TLS 1.2  selected.


Subnet Mask Cheat Sheet

IPv4 Subnet Mask Cheat Sheet


Addresses Netmask Amount of a Class C
/31 2 255.255.255.254 1/128
/30 4 255.255.255.252 1/64
/29 8 255.255.255.248 1/32
/28 16 255.255.255.240 1/16
/27 32 255.255.255.224 1/8
/26 64 255.255.255.192 1/4
/25 128 255.255.255.128 1/2
/24 256 255.255.255.0 1
/23 512 255.255.254.0 2
/22 1024 255.255.252.0 4
/21 2048 255.255.248.0 8
/20 4096 255.255.240.0 16
/19 8192 255.255.224.0 32
/18 16384 255.255.192.0 64
/17 32768 255.255.128.0 128
/16 65536 255.255.0.0 256
/15 131072 255.254.0.0 512
/14 262144 255.252.0.0 1024
/13 524288 255.248.0.0 2048
/12 1048576 255.240.0.0 4096
/11 2097152 255.224.0.0 8192
/10 4194304 255.192.0.0 16384
/9 8388608 255.128.0.0 32768
/8 16777216 255.0.0.0 65536

Guide to IPv4 subnets

/25 — 2 Subnets — 126 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.126 .127
.128 .129-.254 .255

/30 — 64 Subnets — 2 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.2 .3
.4 .5-.6 .7
.8 .9-.10 .11
.12 .13-.14 .15
.16 .17-.18 .19
.20 .21-.22 .23
.24 .25-.26 .27
.28 .29-.30 .31
.32 .33-.34 .35
.36 .37-.38 .39
.40 .41-.42 .43
.44 .45-.46 .47
.48 .49-.50 .51
.52 .53-.54 .55
.56 .57-.58 .59
.60 .61-.62 .63
.64 .65-.66 .67
.68 .69-.70 .71
.72 .73-.74 .75
.76 .77-.78 .79
.80 .81-.82 .83
.84 .85-.86 .87
.88 .89-.90 .91
.92 .93-.94 .95
.96 .97-.98 .99
.100 .101-.102 .103
.104 .105-.106 .107
.108 .109-.110 .111
.112 .113-.114 .115
.116 .117-.118 .119
.120 .121-.122 .123
.124 .125-.126 .127
.128 .129-.130 .131
.132 .133-.134 .135
.136 .137-.138 .139
.140 .141-.142 .143
.144 .145-.146 .147
.148 .149-.150 .151
.152 .153-.154 .155
.156 .157-.158 .159
.160 .161-.162 .163
.164 .165-.166 .167
.168 .169-.170 .171
.172 .173-.174 .175
.176 .177-.178 .179
.180 .181-.182 .183
.184 .185-.186 .187
.188 .189-.190 .191
.192 .193-.194 .195
.196 .197-.198 .199
.200 .201-.202 .203
.204 .205-.206 .207
.208 .209-.210 .211
.212 .213-.214 .215
.216 .217-.218 .219
.220 .221-.222 .223
.224 .225-.226 .227
.228 .229-.230 .231
.232 .233-.234 .235
.236 .237-.238 .239
.240 .241-.242 .243
.244 .245-.246 .247
.248 .249-.250 .251
.252 .253-.254 .255

/26 — 4 Subnets — 62 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.62 .63
.64 .65-.126 .127
.128 .129-.190 .191
.192 .193-.254 .255

/27 — 8 Subnets — 30 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.30 .31
.32 .33-.62 .63
.64 .65-.94 .95
.96 .97-.126 .127
.128 .129-.158 .159
.160 .161-.190 .191
.192 .193-.222 .223
.224 .225-.254 .255

/28 — 16 Subnets — 14 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.14 .15
.16 .17-.30 .31
.32 .33-.46 .47
.48 .49-.62 .63
.64 .65-.78 .79
.80 .81-.94 .95
.96 .97-.110 .111
.112 .113-.126 .127
.128 .129-.142 .143
.144 .145-.158 .159
.160 .161-.174 .175
.176 .177-.190 .191
.192 .193-.206 .207
.208 .209-.222 .223
.224 .225-.238 .239
.240 .241-.254 .255

/29 — 32 Subnets — 6 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.6 .7
.8 .9-.14 .15
.16 .17-.22 .23
.24 .25-.30 .31
.32 .33-.38 .39
.40 .41-.46 .47
.48 .49-.54 .55
.56 .57-.62 .63
.64 .65-.70 .71
.72 .73-.78 .79
.80 .81-.86 .87
.88 .89-.94 .95
.96 .97-.102 .103
.104 .105-.110 .111
.112 .113-.118 .119
.120 .121-.126 .127
.128 .129-.134 .135
.136 .137-.142 .143
.144 .145-.150 .151
.152 .153-.158 .159
.160 .161-.166 .167
.168 .169-.174 .175
.176 .177-.182 .183
.184 .185-.190 .191
.192 .193-.198 .199
.200 .201-.206 .207
.208 .209-.214 .215
.216 .217-.222 .223
.224 .225-.230 .231
.232 .233-.238 .239
.240 .241-.246 .247
.248 .249-.254 .255


IPv6 Subnet Cheat Sheet

IPv6 is a complete and different animal as far as subnetting goes. Please note the yellow rows as
each has special common use or notes. If there is nothing in the “Amount of a /64” column that means
it is to miniscule or to massive to justify calculation. Not much is the same with IPv6 compared to IPv4.
Route aggregation and purpose drive subnetting is something which every enterprise IPv6 deployment will make
use of, or it will fail miserably.


Subnet Addresses Amount of a /64
/128 1
/127 2
/126 4
/125 8
/124 16
/123 32
/122 64
/121 128
/120 256
/119 512
/118 1,024
/117 2,048
/116 4,096
/115 8,192
/114 16,384
/113 32,768
/112 65,536
/111 131,072
/110 262,144
/109 524,288
/108 1,048,576
/107 2,097,152
/106 4,194,304
/105 8,388,608
/104 16,777,216 This is equivalent to an IPv4 Internet or IPv4 /8
/103 33,554,432
/102 67,108,864
/101 134,217,728
/100 268,435,456
/99 536,870,912
/98 1,073,741,824
/97 2,147,483,648
/96 4,294,967,296
/95 8,589,934,592
/94 17,179,869,184
/93 34,359,738,368
/92 68,719,476,736
/91 137,438,953,472
/90 274,877,906,944
/89 549,755,813,888
/88 1,099,511,627,776
/87 2,199,023,255,552 1/8,388,608
/86 4,398,046,511,104 1/4,194,304
/85 8,796,093,022,208 1/2,097,152
/84 17,592,186,044,416 1/1,048,576
/83 35,184,372,088,832 1/524,288
/82 70,368,744,177,664 1/262,144
/81 140,737,488,355,328 1/131,072
/80 281,474,976,710,656 1/65,536
/79 562,949,953,421,312 1/32,768
/78 1,125,899,906,842,620 1/16,384
/77 2,251,799,813,685,240 1/8,192
/76 4,503,599,627,370,490 1/4,096
/75 9,007,199,254,740,990 1/2,048
/74 18,014,398,509,481,900 1/1,024
/73 36,028,797,018,963,900 1/512
/72 72,057,594,037,927,900 1/256
/71 144,115,188,075,855,000 1/128
/70 288,230,376,151,711,000 1/64
/69 576,460,752,303,423,000 1/32
/68 1,152,921,504,606,840,000 1/16
/67 2,305,843,009,213,690,000 1/8
/66 4,611,686,018,427,380,000 1/4
/65 9,223,372,036,854,770,000 1/2
/64 18,446,744,073,709,500,000 This is the standard end user allocation
/63 36,893,488,147,419,100,000 2
/62 73,786,976,294,838,200,000 4
/61 147,573,952,589,676,000,000 8
/60 295,147,905,179,352,000,000 16
/59 590,295,810,358,705,000,000 32
/58 1,180,591,620,717,410,000,000 64
/57 2,361,183,241,434,820,000,000 128
/56 4,722,366,482,869,640,000,000 256
/55 9,444,732,965,739,290,000,000 512
/54 18,889,465,931,478,500,000,000 1,024
/53 37,778,931,862,957,100,000,000 2,048
/52 75,557,863,725,914,300,000,000 4,096
/51 151,115,727,451,828,000,000,000 8,192
/50 302,231,454,903,657,000,000,000 16,384
/49 604,462,909,807,314,000,000,000 32,768
/48 1,208,925,819,614,620,000,000,000 65,536 This is the standard business allocation
/47 2,417,851,639,229,250,000,000,000 131,072
/46 4,835,703,278,458,510,000,000,000 262,144
/45 9,671,406,556,917,030,000,000,000 524,288
/44 19,342,813,113,834,000,000,000,000 1,048,576
/43 38,685,626,227,668,100,000,000,000 2,097,152
/42 77,371,252,455,336,200,000,000,000 4,194,304
/41 154,742,504,910,672,000,000,000,000 8,388,608
/40 309,485,009,821,345,000,000,000,000 16,777,216
/39 618,970,019,642,690,000,000,000,000 33,554,432
/38 1,237,940,039,285,380,000,000,000,000 67,108,864
/37 2,475,880,078,570,760,000,000,000,000 134,217,728
/36 4,951,760,157,141,520,000,000,000,000 268,435,456
/35 9,903,520,314,283,040,000,000,000,000 536,870,912
/34 19,807,040,628,566,000,000,000,000,000 1,073,741,824
/33 39,614,081,257,132,100,000,000,000,000 2,147,483,648
/32 79,228,162,514,264,300,000,000,000,000 4,294,967,296 This is the standard ISP Allocation
/31 158,456,325,028,528,000,000,000,000,000 8,589,934,592
/30 316,912,650,057,057,000,000,000,000,000 17,179,869,184
/29 633,825,300,114,114,000,000,000,000,000 34,359,738,368
/28 1,267,650,600,228,220,000,000,000,000,000 68,719,476,736
/27 2,535,301,200,456,450,000,000,000,000,000
/26 5,070,602,400,912,910,000,000,000,000,000
/25 10,141,204,801,825,800,000,000,000,000,000
/24 20,282,409,603,651,600,000,000,000,000,000
/23 40,564,819,207,303,300,000,000,000,000,000
/22 81,129,638,414,606,600,000,000,000,000,000
/21 162,259,276,829,213,000,000,000,000,000,000
/20 324,518,553,658,426,000,000,000,000,000,000
/19 649,037,107,316,853,000,000,000,000,000,000
/18 1,298,074,214,633,700,000,000,000,000,000,000
/17 2,596,148,429,267,410,000,000,000,000,000,000
/16 5,192,296,858,534,820,000,000,000,000,000,000
/15 10,384,593,717,069,600,000,000,000,000,000,000
/14 20,769,187,434,139,300,000,000,000,000,000,000
/13 41,538,374,868,278,600,000,000,000,000,000,000
/12 83,076,749,736,557,200,000,000,000,000,000,000
/11 166,153,499,473,114,000,000,000,000,000,000,000
/10 332,306,998,946,228,000,000,000,000,000,000,000
/9 664,613,997,892,457,000,000,000,000,000,000,000
/8 1,329,227,995,784,910,000,000,000,000,000,000,000