Friday, September 25, 2009

Nortel Business Secure Router 222 and CISCO ASA 5500 Series VPN Connection


You would like to connect Nortel Small Business Router 222 to CISCO ASA 5505 or 5510 type device. You were probably not successful for a while (at least for me).

What Worked For Me:
  • The major issue for me was to find what types of SA negotiation parameters to choose for the Phase 1. Pretty much this works only with 3DES-SHA1 combo for me. I tried others and won't work.
  • Phase 2 appears to have not much problem whatever you choose.
  • Also it seems that if you set the IKE->Policies : key lifetime to 86400 on the Nortel side they do not like.
Nortel Side:
  • Go to the VPN menu on the left
  • Edit or Create a new VPN Entry
  • Connection Type: Branch Office
  • Check Active
  • NAT Transversal enabled
  • Key management: IKE
  • Negotiation Mode: mAIN
  • Encapsulation Mode: Tunnel
  • Authentication: Pre-Shared Key
  • Local ID Type: IP
  • Content: The Outside IP address of the Nortel
  • Peer ID Type: IP
  • Content: The Peer VPN Access point address of CISCO ASA
  • My IP Address: The Outside IP address of the Nortel
  • Secure Gatway Address: The Peer VPN Access point address of CISCO ASA
  • ESP (Selected)
  • Go to Advanced Menu
  • Enable Replay Detection: Yes
  • Phase 1
  • Multiple Proposal: Not Checked
  • Negotiation Mode: Main
  • Encryption Algorithm: 3DES (most important, do not choose anything else)
  • Authentication Algorithm: SHA1 (most important, do not choose anything else)
  • SA Life Time (seconeds): 24000 (do not choose 86400)
  • Key Group DH1 (but make sure that IKE Policies on the CISCO end has this combo)
  • Phase 2
  • Multiple Proposal: Not Checked
  • Active Protocol: ESP
  • Encryption Algorithm: ASE 256 (but can be 3DES)
  • Authentication Algorithm: SHA1
  • SA Life Time (Seconds): 24000 (do not use 86400)
  • Encapsulation: Tunnel
  • Perfect Forwarding Security: None (very important)
On the CISCO Side (ASDM)
  • Go to Configuration
  • Open IKE->Policies node and be sure that 3des-sha DH group 1 pre-share authentication is in there. Lifetime(secs) can be left to 86400
  • Now use the VPN Wizard to complete the rest.

Sunday, September 20, 2009

Snow Leopard Break Fix List


After upgrading Snow Leopard I have started to experience many things that were broken. This lists the issues and fixes if I learn about them.

The List:
  • Development environment (gcc, make etc): Requires a re-installation of Xcode that came with the Leopard CD.
  • /usr/include/stdarg.h:4:25 Error when building something: Apprently needs OS 10.4 SDK installed and many stuff have to use gcc-4.0 to build. While updating Xcode, be sure to add that optional 10.4! Once you do that do
export CC=/usr/bin/gcc-4.0

In addition removing -arch pcc from the build line and leaving only -arch i386 may get your to build what you want.
  • macports: Get the Snow Leopard version from MacPorts web site.
  • HP Printer Driver: See my previous post. If you HAD an HP printer then you may need to completely clean the driver software from your Mac.
  • CISCO VPN Client 4.9.01: Re-installing will reactive the program.

Saturday, September 19, 2009

Snow Leopard and HP LaserJet 3020 Print Pauses After Upgrade


After upgrading to Snow Leopard we were unable to print any longer using our HP LaserJet 3020 (All in One). The Event Log in the Printer Queue said:

/usr/libexec/cups/backend/usb failed"

When we opened the Terminal and type in a command


We saw the following error message:

"Unable to load class driver "/Library/Printers/hp/hpio/HPIOPrinterClassDriver.plugin": No such file or directory"

We Tried To Fix with the Following But Nothing Worked:
  • Got the latest 6.0.1 Driver for HP is at
  • Check: http://localhost:631/ which is the local CUPS driver admin page.

First, from the System Preferences (i.e., control panel) "Printers and Faxes" remove the malfunctioning printer queue for the LaserJet.

Next, Completely Cleanup Driver by doing the following. Please note that this requires a system administration privilege and so I am not going to explain how that is done. If you do not know how to do a "sudo" then you should not do this. Please ask for an assistance from any Unix or Mac OS X knowledgeable person. I suggest that you use Time Machine to get at least one backup of current operating environment.

rm -rf /Library/Application Support/hp folder
rm -
rf /Library/Frameworks/HPDeviceModel.framework
rm -
rf /Library/Frameworks/HPPml.framework
rm -
rf /Library/Frameworks/HPServicesInterface.framework
rm -
rf /Library/Frameworks/HPSmartPrint.framework
rm -
rf /Library/LaunchAgents/com.hp.launchurlagent.plist
rm -
rf /Library/Printers/hp folder
rm -
rf /Library/Printers/PPDs/Contents/Resources/hp*.gz
rm -
rf /System/Library/Extensions/

This have completely cleaned up all the HP printer data.

Reboot the system.

Go back to the Printer and Faxes control panel and this time the System will load the latest printer driver from the Internet after you add the printer queue for the Laser Jet, and you should be all set to go.

Friday, September 18, 2009

ERROR: Cannot use the special principal 'sa'. Microsoft SQL Server, Error: 15405

As of May 2012 This is The Most Popular Post For People To Come To This Blog.
People must be having this issue all over the world!

You tried to create or alter a table column (or likewise attributes in a table) with Microsoft SQL Server Management Studio and get the following error.

ERROR: Cannot use the special principal 'sa'. Microsoft SQL Server, Error: 15405

You can get into the SQL server with 'sa' in Mixed Mode authentication. You have even given the sa permissions to all of the databases.

Root Cause:

The database ownership is still not correct when you restored or re-attached database. This happens for example, if you restore a database using an integrated authentication account.

Try This Fix:

Open the SQL Query windows in the Microsoft SQL Server Management Studio, and try something that resemble below by changing. TheNameOfYourDatabase to the database you are using. Do this with every database that you have that you need the 'sa' access. This will change the owner of the database to the account you designate.

use TheNameOfYourDatabase
exec sp_changedbowner 'sa', 'true'