Forefront TMG and UAG TCP Offload

Introduction

TCP Chimney Offload Overview

TCP Chimney Offload is a networking technology that helps transfer the workload from the CPU to a network adapter during network data transfer. In Windows Server 2008 and 2008 R2, TCP Chimney Offload enables the Windows networking subsystem to offload the processing of a TCP/IP connection to a network adapter that includes special support for TCP/IP offload processing. TCP Chimney Offload is available in all versions of Windows Server 2008, Windows Server 2008 R2 and Windows Vista. Both TCP/IPv4 connections and TCP/IPv6 connections can be offloaded if the network adapter supports this feature.

More Information

We have come across various problems at customer sites where their ISA, TMG or UAG was behaving in a very strange way. The configuration within the management console seemed to be OK, and all other network components with which the ISA / TMG / UAG Firewall communicating with also seemed to be configured just fine. Still, we’d see strange problems like:

· OWA Web Publishing Rules performing very, very poorly

· PPTP VPN access failed to establish a connection, while L2TP did not experience any problems.

· Adding a second site-to-site VPN tunnel caused the existing VPN tunnel to go down, and no VPN connectivity was possible until the new tunnel was removed from the configuration.

· SMTP server publishing returned lots of failed connection attempts. Some mail would come through, but a lot of mail just failed to be delivered.

Over time we realize that all of these problems were caused by advanced Network card features that are supported in newer versions of Windows. ISA, TMG and UAG are sometimes unable to work properly if these options are enabled. Somewhere deep within the Microsoft documentation these options are mentioned, with the advice to turn all these options off.
Issue

Issue with slow connectivity to UAG portals, end point scanning and general behaviour issues

Resolution or Work Round

Disable TCP Offload

Please be aware that when modifying the network card, you will lose connectivity to the server for a short period of time and I would recommend that you can get console access to the server

The following configuration should be added to the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]

“EnableRSS”=dword:00000000

“EnableTCPA”=dword:00000000

“EnableTCPChimney”=dword:00000000

“EnableSecurityFilters”=dword:00000000

clip_image001

To confirm the settings use the following command – netsh int tcp show global

The output should look something like this:

image

If receive side scaling and/or chimney offloading are enabled, you can disable them with the following commands:

netsh int tcp set global chimney=disabled

netsh int tcp set global rss=disabled

Installing and Running Splunk on CentOS 6.4

To be able to download the Splunk RPM you will need to create a free Splunk account to do this go to the following Web Site and signup:

https://www.splunk.com/page/sign_up

Once you have Signed up and logged in you will be able to download Splunk for a multitude of operating Systems for this tutorial we will be using the latest Linux 2.6+ Kernel version for CentOS:

image

If you would like to check what Kernel version you are currently running you can run uname –a at a shell prompt and this will tell you the current version as you can see from the following screenshot our copy of CentOS 6.4 is running kernel version 2.6.32

image

Click the link for the RPM version as we are using a Red hat derivative, and on the following page you can select the wget link to download the RPM directly from your Linux machine:

image

This will open a new window with the full wget command to download the RPM so make sure you are in a directory with enough space to store the rpm such as /tmp, once you press return wget will download the Splunk RPM into your current directory ready for installation.

Once the download has completed to install Splunk simply enter rpm –ivh splunk.*.rpm [Replace .* with the current version you downloaded]

image

Once the installation ahs been completed you will see a several importnat things to note:

  1. Splunk was installed into /opt/splunk – program files will be found in this directory
  2. To start he application /opt/splunk/bin/splunk start
  3. To control the application the website will be running on port 8000 on your server http://<yourserver FQDN>:8000

So firstly we need to start the application running so from a shell prompt /opt/splunk/bin/splunk start

You will then be prompted with the EULA you should read through this and scroll to the bottom and enter Y if you agree to the EULA

image

At this point Splunk will recognise this is the first time running the application and will run a file check, ensure nothing is listening on the TCP ports that it requires for its operation, it will set itself up to auto start with the machine and finally start the application listening.

Now open a web browser and marvel in amazement how easy your deployment of such a great tool was, you will need to change the admin credentials.

image

Once you have changed the password you are ready to go

image

Citrix XenApp 6.5 Hotfix Rollup Pack 2 BETA

Citrix has recently announced Hotfix Rollup pack 2 for XenApp 6.5 into Beta.

We have successfully deployed the Hotfix Rollup into our Test environment and so far we have no issues to report.

The following Citrix hot fixes have been added into the rollup:

XA650R01W2K8R2X64001, XA650R01W2K8R2X64002, XA650R01W2K8R2X64003, XA650R01W2K8R2X64004, XA650R01W2K8R2X64005, XA650R01W2K8R2X64006, XA650R01W2K8R2X64007, XA650R01W2K8R2X64009, XA650R01W2K8R2X64010, XA650R01W2K8R2X64011, XA650R01W2K8R2X64012, XA650R01W2K8R2X64013, XA650R01W2K8R2X64014, XA650R01W2K8R2X64015, XA650R01W2K8R2X64016, XA650R01W2K8R2X64017, XA650R01W2K8R2X64018, XA650R01W2K8R2X64019, XA650R01W2K8R2X64020, XA650R01W2K8R2X64021, XA650R01W2K8R2X64022, XA650R01W2K8R2X64023, XA650R01W2K8R2X64024, XA650R01W2K8R2X64025, XA650R01W2K8R2X64026, XA650R01W2K8R2X64027, XA650R01W2K8R2X64028, XA650R01W2K8R2X64029, XA650R01W2K8R2X64030, XA650R01W2K8R2X64031, XA650R01W2K8R2X64033, XA650R01W2K8R2X64034, XA650R01W2K8R2X64036, XA650R01W2K8R2X64037, XA650R01W2K8R2X64038, XA650R01W2K8R2X64039, XA650R01W2K8R2X64040, XA650R01W2K8R2X64042, XA650R01W2K8R2X64043, XA650R01W2K8R2X64044, XA650R01W2K8R2X64045, XA650R01W2K8R2X64046, XA650R01W2K8R2X64047, XA650R01W2K8R2X64048, XA650R01W2K8R2X64049, XA650R01W2K8R2X64050, XA650R01W2K8R2X64051, XA650R01W2K8R2X64052, XA650R01W2K8R2X64053, XA650R01W2K8R2X64055, XA650R01W2K8R2X64056, XA650R01W2K8R2X64057, XA650R01W2K8R2X64058, XA650R01W2K8R2X64059, XA650R01W2K8R2X64060, XA650R01W2K8R2X64061, XA650R01W2K8R2X64062, XA650R01W2K8R2X64063, XA650R01W2K8R2X64064, XA650R01W2K8R2X64065, XA650R01W2K8R2X64066, XA650R01W2K8R2X64067, XA650R01W2K8R2X64068, XA650R01W2K8R2X64069, XA650R01W2K8R2X64070, XA650R01W2K8R2X64071, XA650R01W2K8R2X64074, XA650R01W2K8R2X64077, XA650R01W2K8R2X64078, XA650R01W2K8R2X64080, XA650R01W2K8R2X64082, XA650R01W2K8R2X64083, XA650R01W2K8R2X64084, XA650R01W2K8R2X64086, XA650R01W2K8R2X64087, XA650R01W2K8R2X64088, XA650R01W2K8R2X64090, XA650W2K8R2X64032, XA650W2K8R2X64033, XA650W2K8R2X64034, XA650W2K8R2X64036, XA650W2K8R2X64R01

As you can see this will save a lot of post implementation patching, and if like us you like to keep things as up to date as possible, will save you time in the long run

The Citrix Patch can be downloaded from here:

http://support.citrix.com/article/CTX137585

If you would like any assistance in deploying patch or remedial work to your Citrix environments please feel free to give us a call on 0330 088 3338