Software

Windows Server 2016 Core: Apply Windows Updates, with SCONFIG

In my previous post ‘Windows Server 2016 Core Configuration, with SCONFIG‘ I stepped through how to use the sconfig tool to modify settings on Windows Server 2016 Core.  In this post, I will introduce you to how to go about running Windows Updates and applying them to your server.

Here are the steps I used:

  1. Log into the console of your Windows Server 2016 Core System
    You need to log in as an administrator and should arrive at a command prompt
  2. Enter the command Sconfig and press enter
    The Server Configuration tool interface should be displayed
  3. Select 6 from the Server Configuration List
    This opens the Windows update software, allowing you to search for updatable software
  4. Select from the list of results the software update that you would like to download and install.
    You can choose a single update or update them all
  5. Depending on the update you may be required to reboot your system, select yes to restart

That’s it – Congrats you have updated your Windows Server 2016 Core Server

Windows Server 2016 Core Configuration, with SCONFIG

Windows Server 2016 Core has a built-in configuration tool named Sconfig.  This tool is used to configure and manage several aspects of Server Core installations. This simplifies tasks such as changing settings such as network, remote desktop, hostname and domain memberships, etc.

To use the Server Configuration Tool

  1. Log into the console of your Windows Server 2016 Core System
    You need to log in as an administrator and should arrive at a command prompt
  2. Enter the command Sconfig and press enter
    The Server Configuration tool interface should be displayed

 

Note: You can use Server Configuration Tool in 2016 Server Core and 2016 Server with Desktop Experience installations.

ISP Redundancy Link Interface Cannot Be Created

While setting up ISP Redundancy on a Check Point cluster I ran into an issue preventing me from proceeding with my configuration.  I was eventually able to resolve this and felt that I would share with you and my future self the steps taken.

 

What is ISP Redundancy

ISP Redundancy enables reliable Internet connectivity by allowing a single or clustered Check Point Security Gateway to connect to the Internet via redundant Internet service provider (ISP) connections. If both links are active, connections pass through one link, or both links, depending on the operating mode. If one of the link fails, new connections are handled by the second link.

 

Configuration Steps

  1. Open the network object properties of the Security Gateway or cluster.
  2. Click Other > ISP Redundancy.
  3. Select Support ISP Redundancy.
  4. Select Load Sharing or Primary/Backup.
  5. Configure Links – Primary and Backup Connections
  6. Set tacking mode for Link failure and recovery
  7. Click OK — This is when I encounter my error

 

Error: Check Point SmartDashboard

At least one of your ISP Links lack a next hop IP Address configuration.
Note: next hop IP Address is also used to automatically monitor the ISP Link^s availability.

Error: Check Point SmartDashboard

ISP Redundancy configuration on clusters requires that the interfaces which lead to your ISPs, have the same names as the corresponding physical interfaces on the cluster^s members.

 

Resolution Steps Taken:

Discovered that the the interfaces in the topology tab did not have the same name on the vip (Virtual IP), so I changed to name so that all interfaces were matching.

After introducing the changes to the interface name of the vip, I retried the setup for ISP Redundancy and the issue resolved.

 

Check Point: SmartDashboard crashes when editing Management server object

I recently had an annoying issue with my Check Point Smart Dashboard.

Each time I connected to the Management with SmartConsole and editing the Security Management server object it causes an application crash. The crash would start with a UAC popup from the Windows registry:

Followed by the Check Point SmartSashboard application crash itself with the following message:

—————————
Check Point SmartDashboard
—————————
Check Point SmartDashboard has experienced a serious problem and must close immediately. Technical information will be saved in ‘C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\data\crash_report\FwPolicy.exe_990180413_1516652973.zip’.
If problem persists contact technical support or consult sk97988 to check whether solution exists.

 

To correct this problem I attempted the following solutions
Please note:  The solution which worked is at the bottom of this blog post (skip away, if you wish).

From sk100507:

I attempted to resolve the problem,  by cleaning the SmartConsole cache on the Security Management server.

To do so, I had deleted the C:\Program Files (x86)\CheckPoint\SmartConsole\R7x.xx\PROGRAM\data\CPMICache\ <machine name>

This did not work.

 

From sk100507:

I followed the procedure for deleting the GUI cache from the management server itself via the following steps:

Connect to the command line on Security Management server (over SSH, or console).

  1. Log in to the Expert mode.
  2. Stop Check Point services:
    [Expert@HostName]# cpstop
  3. Backup and remove the current cache files:
    [Expert@HostName]# mkdir -v /var/log/GUI_cache_bkp
    [Expert@HostName]# mv $FWDIR/conf/applications.C* /var/log/GUI_cache_bkp/
    [Expert@HostName]# mv $FWDIR/conf/CPMILinksMgr.db* /var/log/GUI_cache_bkp/
  4. Start Check Point services:
    [Expert@HostName]# cpstart
  5. Wait for 5-10 minutes for the cache to rebuild.
  6. Connect with SmartDashboard to Security Management Server.

This did not work.

 

And.. Finally a solution that did resolve this issue
From sk110712 – SmartConsole / SmartDashboard crashes when editing Management server object

Symptoms:

Connecting to Management R77.30 or R77.30.X with SmartConsole R77.30 and editing the Security Management server object causes an application crash.

Resolution:  By Using the GuiDBEdit Tool

 

  1. Close all SmartConsole windows.
  2. Connect to Security Management Server with GuiDBedit Tool.
  3. Navigate to Network Objects -> network_objects -> <Security Management object> -> portals
  4. Right-click and reset the portals.
  5. Save the changes: go to ‘File’ menu – click on ‘Save All’.
  6. Close the GuiDBedit Tool.
  7. Connect to Security Management Server / Domain Management Server with SmartDashboard.

 

This worked and problem now resolved

Hyper-V Virtualization: Turning Hyper-V On and Off

I recently started using Hyper-V on my Windows 10 workstation to task advantage of using technologies such as Docker that leverages Hyper-V to run its container images.  I also run VMware Player for running virtual machines.

The following commands make it a simpler task to toggle Hyper-V on and off again.

To Turn Hyper-V off, run the following command then restart your computer:

bcdedit /set hypervisorlaunchtype off

To turn Hyper-V back on, run the following command then restart your computer:

bcdedit /set hypervisorlaunchtype on (or auto start)

 

Note:  Quick method to check the status of Hyper-V – Get-WindowsOptionalFeature -Online -FeatureName *hyper*