Tuesday, September 22, 2015

IIS not Listening on Port 80

I was helping a client migrate an IIS web server from an aging on-site machine to a hosted VPS (Virtual Private Server). I ran into an issue with the VPS where I was getting a connection refused error whenever I tried to visit any of the sites hosted on the machine.

For testing, I set up a binding on one of the sites for 127.0.0.1:8080. When I browsed to this address on the server, the site loaded, so at least IIS wasn't completely dead.

This led me to suspect that IIS wasn't listening on the machine's other IP addresses. I ran a quick netstat to confirm this.

netstat -an | find ":80"

Sure enough, IIS was only listening on 127.0.0.1.

IIS is only listening on 127.0.0.1. Ignore the listener on port 8080 - this was set up for testing and was later removed.
The /i (ignore case) flag isn't necessary for this command to work since we aren't filtering any letters, but I tend to use it out of habit.

There are two ways to remedy this. I performed these steps on a Windows Server 2012 R2 machine, but they should work on pretty much any version of Windows Server.

Method 1: Delete the 127.0.0.1 Listener (Recommended)

The easiest way to fix this is to simply delete the 127.0.0.1 listener. This will cause IIS to listen on 0.0.0.0 (all IP addresses).

Open an elevated command prompt and run the following commands.

netsh
http
show iplisten

This will run netsh, switch to http mode, and list the current port 80 listeners, allowing you to quickly confirm what you have.


Next, run these commands.

del iplisten ipaddress=127.0.0.1
exit
iisreset

This will delete the listener on 127.0.0.1, exit netsh, and do an iisrest.


Run netstat again and you should now see IIS listening on 0.0.0.0.


Method 2: Add Listeners for Specific IP Addresses

The second options is to add listeners for specific IP addresses. I prefer the first method as this method has the potential to create a headache down the road if someone changes the machine's IP or adds additional IPs and doesn't know that you did this.

This starts off the same as the first method, but instead of deleting the 127.0.0.1 entry, use this command to add a listener for each IP that you want to listen on.

add iplisten ipaddress=x.x.x.x

When you're done adding listeners, do an iisreset, use netstat to confirm that the changes were successful, and you're done.

References

Monday, September 21, 2015

Restoring Spell Check Functionality in Notepad++

The spell check plugin is disabled by default in version 6.8 of Notepad++ due to a stability issue.


As of this writing, the stability issue appears to be resolved. The plugin will presumably be re-enabled by default in a future release, but it's easy to manually enable the plugin in the meantime. I have not had any issues since re-enabling spell check, but your mileage may vary. If you run into any problems, you can simply disable the plugin again.

To re-enable the spell check plugin, go to Plugins > Plugin Manager > Show Plugin Manager. Locate DSpellCheck in the Available tab and install it.


After restarting Notepad++, spell check functionality should be restored.

Sunday, September 13, 2015

Connecting to a Serial Console in Mac OSX

This post will cover a few methods of connecting to a serial console in OSX. It assumes that you already have a USB to serial converter with the drivers installed. If you're using an FTDI-based converter, OSX drivers are available here.

Screen

OSX comes with text-based utility called Screen that lets you connect to serial ports.

To use Screen, open a terminal and run the following command:

ls /dev/cu.*

This will tell you the name of your serial port. In my case the the serial port is /dev/cu.usbserial-FTG6HDUZ.


Next, run this command:

screen /dev/cu.usbserial-<yourserialportname> 9600




This will open a connection to the serial port at 9600 baud.

Screen running with a serial connection to a Cisco ASA

To close the connection, press Control-A, followed by Control-\.

Confirmation dialog when closing the connection

If you don't close the connection, the port will remain in use and you'll get an error if you try to connect to it later. If you have a session that you didn't disconnect from, you can reconnect to it with the screen -r command.

If you had more than one active session, you will be informed of this and given a list of session numbers.



If you're not sure which session you need, you can run the following command and it will list session numbers along with device names.

lsof | grep usbserial


Below are some additional command-line options that can be used with Screen

<baud_rate>
Usually 300, 1200, 9600 or 19200. This affects transmission as well as receive speed.

cs8 or cs7
Specify the transmission of eight (or seven) bits per byte.

ixon or -ixon
Enables (or disables) software flow-control (CTRL-S/CTRL-Q) for sending data.

ixoff or -ixon
Enables (or disables) software flow-control for receiving data

Serial Console Apps with a GUI Front-end

There are several good options if you want a serial console app that has a GUI front-end. All of the paid apps listed below have free trials available.

CoolTerm (free)

I tried a few freeware serial port applications and had the best luck with CoolTerm. CoolTerm works well, but some settings need to be tweaked for it work properly with Cisco gear.

First, click the Options button. In the Serial Port section, select the correct serial port from the drop-down menu and set the rest of the settings as shown in the screenshot below.

Serial Port settings for Cisco devices

Next, go the the Terminal section and configure your settings as shown below.

Terminal settings for Cisco devices

You may want to save these settings so you don't have to change them every time you use the program.

CoolTerm connected to a Cisco ASA

Serial ($29.99)

Serial is the least expensive of the paid apps. A nice feature of this app is that it has built-in support for most USB to serial converters, so there's no need to manually install drivers.

Serial detected my USB to serial converter with no problems

Configuring Serial's terminal with Cisco settings

Serial connected to a Cisco ASA


SecureCRT (starting at $99)

SecureCRT is my favorite terminal emulator on Windows. I haven't used the Mac version extensively, but at first glance it seems to be on par with its Windows counterpart.

SecureCRT connected to a Cisco ASA



ZOC ($79.99)

ZOC is another nice paid option.

Accessing ZOC's serial port settings

ZOC serial port settings for Cisco

ZOC connected to a Cisco ASA


References


Monday, September 7, 2015

Cisco ASA 5505 RAM Upgrade

I recently acquired a Cisco ASA 5505 for my home lab. It's an older unit that was manufactured before February, 2010. This means that it only has 256 MB of RAM. In most instances, running version 8.3 or later of the ASA software requires 512 MB of RAM. See this page for more details.

If you run one of these later versions without 512 MB of RAM, you'll get a warning like the one below at boot.


Since I want to be able to run the latest and greatest software, a RAM upgrade is in order.

Issuing the show version command shows how much RAM you have. It's time for an upgrade!


A Word of Caution

While this guide doesn't cover software upgrades, I feel that it's important to mention this since software and memory upgrades often go hand-in-hand.

Tread carefully if you're in a production environment and planning to upgrade from a pre-8.3 software version to 8.3 or later. A lot of changes were made in 8.3 and bad things will happen if the upgrade isn't performed correctly. A good write-up of the changes, as well as the correct upgrade procedure is available here.

Since I'm doing the upgrade on a lab ASA that doesn't have any meaningful configuration on it, I'm just going to upgrade straight to the latest version then do a write erase afterwards to clean up any residual weirdness.

Type of RAM Needed

The ASA 5505 uses 184-Pin DDR1 400 MHz (PC3200) RAM. ASAs are known for being picky about RAM, so I wouldn't buy any RAM that isn't specifically listed as being compatible with the 5505. However, if you have a stick of this type of RAM laying around, give it a try. It might just work.

If you're going to buy the RAM, you can expect to pay a small fortune if you source the RAM from Cisco. Fortunately, compatible RAM is fairly inexpensive on ebay.

RAM Upgrade Procedure

Remove the screws shown below and remove the top cover.



Remove the old RAM

RAM Location

Install the new RAM in the same manner that you would install RAM in a PC.


Top: Original 256 MB RAM stick
Bottom: New 512 MB RAM stick

Before putting the cover back on, go ahead and boot up the ASA and confirm that everything works properly.


The same ASA, now with 512 MB of RAM

If everything looks good, put the cover back on and you're done.