All users configured on the ASA are assigned a privilege level. This privilege level is specified when configuring the username as follows:

hostname(config)# username name password password privilege priv_level

The privilege level can be any value from 0 (least permissive) to 15 (most permissive), with 2 being the default. Do note that if you want to grant the user access to privileged EXEC mode, you should use the range from 2 to 15. For the purpose of assigning read-only access to a user, we will use a privilege level of 5.

AAA refers to authentication, authorization and accounting. It allows us to authenticate who the user is, authorize what that user is allowed to do, and then keep an accounting record showing what that user has done. In order to create a read-only user account, we need to define which commands the user should be granted access to. This requires knowledge of who the user is, so we first need to ensure that user authentication is configured.

To enable AAA authentication, use the following command:

More »

Cisco Devices are not effected as they are running OpenSSL version 0.9.8 on the newest 9.01 IOS Software. Most Cisco Firewalls have Older IOS versions and therefore have older versions of OpenSSL.

The heartbleed bug was introduced in OpenSSL 1.0.1 and is present in
• 1.0.1
• 1.0.1a
• 1.0.1b
• 1.0.1c
• 1.0.1d
• 1.0.1e
• 1.0.1f
The bug is not present in 1.0.1g, nor is it present in the 1.0.0 branch nor the 0.9.8 branch of OpenSSL.

Microsoft Remote Desktop Services / RDS website Errors from a Windows 8 machine or a pc with Internet Explorer 10 or 11. You get the below Error


Browser Not Supported - This Web browser is not supported by RD Web Access. RD Web Access requires Internet Explorer 6.0 or later. You can download the latest version of Internet Explorer from the Windows Update Web site

This is caused by Microsoft not releasing an update to 2008 to allow it to be accessed in the later browsers. In order to get it to work we can implement a workaround that forces machines with newer browsers to access the site as IE9 compatability view.
More »

When creating a new Receive Connector on Exchange Server 2007 SP3 (Update Rollup 2) the creation failed with a non-retriabele error and a “the requested attribute does not exist” error:

Active Directory operation failed on GL-SRV.test.local. This error is not retriable. Additional information: The parameter is incorrect.
Active directory response: 00000057: LdapErr: DSID-0C090C26, comment: Error in attribute conversion operation, data 0, v1772

The requested attribute does not exist.

Exchange Management Shell command attempted:
new-ReceiveConnector -Name ‘’ -Usage ‘Internet’ -Bindings ‘’ -Fqdn ‘’ -Server ‘GL-SRV’

Elapsed Time: 00:00:00

According to this article on the Microsoft Exchange Team site more people are facing this issue (scroll through the comments). It looks like something specific to UR1 and UR2 for Exchange Server 2007 SP3:

Microsoft is aware of this issue and it is currently being investigated. It looks like the schema upgrade during SP3 is not performed properly sometimes, resulting in an incorrect schema for Service Pack 3. Unfortunately the setup application of SP3 continues, resulting in these kind of errors.

You can solve it by running the Exchange 2007 SP3 schema upgrade again: /PrepareSchema

After this creation of a new Receive Connector is successful.



Click Start, click Run, type “regedit” in the Open box, and then click OK.
In the left pane, locate and then click the following registry subkey:

On the Edit menu, click “Permissions”.
In the “Permissions for Installer” dialog box, consider the “Administrators” and the “Users” in the “Group or user names” list.
Make sure that the Full Control permission is set for the “Administrators” and the “Users” group.
If this permission is not set, click to select the Full Control check box under “Allow”.
Click “OK”.

A new server has been added to the forest as a new domain controller, on the new server after launching PowerShell command line, Use the Move-ADDirectoryServerOperationMasterRole command to transfer all the FSMO roles. Each role corresponding to a number :


Role Name Number
PDCEmulator 0
RIDMaster 1
InfrastructureMaster 2
SchemaMaster 3
DomainNamingMaster 4

Moving FSMO roles

Move-ADDirectoryServerOperationMasterRole -Identity “DC01” -OperationMasterRole 0,1,2,3,4



  1. Set valid password for vi-admin, for example F0t56otk!# should do
  2. Login to vMA shell as vi-admin
  3. Elevate session as root with “sudo –s”
  4. Run “pam-config –d –-cracklib” (note double dashes on front of cracklib)
  5. Exit root shell with “exit”
  6. Change vi-admin password with “passwd” to any password you’d like

Above pam-config command disables cracklib in vMA PAM (pluggable authentication module) configuration, cracklib is a PAM library which is used to enforce Linux, and it this case vMA account password strength.

This post is an index of password recovery procedures for Cisco products. For security reasons, the password recovery procedures listed here require physical access to the equipment.



Cisco 2600 Series Routers Cisco 3600 Series Routers Cisco 3700 Series Routers
Cisco 801, 802, 803, 804, 805, 811, and 813 Series Routers Cisco 806, 826, 827, 828, 831, 836 and 837 Series Routers Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers


Integrated Services Routers (ISR) Products

Cisco 1800 Series Routers Cisco 2800 Series Routers Cisco 3800 Series Routers
Cisco 2900 Series Routers Cisco 1900 Series Routers


High-End Routers

Cisco 12000 Series Routers Cisco uBR7100 Cisco 7200 Series Routers
Cisco 7000 Series Routers Cisco uBR7200 Cisco AGS
Cisco 7000 Series Route Switch Processor (RSP7000) Cisco uBR10000 Route Processor Module
Cisco 7100 Series Routers Cisco 7500 Series Routers Cisco XR 12000 Series Routers


LAN Switches

EtherSwitch/FastSwitch/FastHub Catalyst 2800 Series Switches Catalyst 4000/2980G/2948G Series Switches running Catalyst OS
Catalyst 1200 Series Switches Catalyst 2900-XL/3500-XL Series Switches Catalyst 4000/4500/4900 Switches running Cisco IOS
Catalyst 1600 Series Switches Catalyst 2901-2 Series Switches Catalyst 5500/5000/2926G/2926 Series Switches
Catalyst 1700 Series Switches Catalyst 2948G-L3/4908G-L3/4840G Series Switches Catalyst 6000 Series Switches Running Native IOS
Catalyst 1800 Series Switches Catalyst 2940, 2950/2955, 2960, 2970 Series Switches Catalyst 6500/6000 Series Switches running Catalyst OS
Catalyst 1900/2820 Series Switches Catalyst 3000/3100/3200 Series Switches Cisco Catalyst 6500 Series SSL Services Module in Native (IOS) Mode
Catalyst 2100 Series Switches Catalyst 3550, 3560, 3750 Series Switches Catalyst 8510-CSR Series Switch
Catalyst 2600 Series Switches Catalyst 2970 Switch Catalyst 2950 and Catalyst 2955 Switch
Catalyst 3550 Multilayer Switch Catalyst 3560 Switch Catalyst 3750 Switch
Catalyst 3900 Series Switches Catalyst 8540-CSR Series Switch Catalyst 6500 with Supervisor 720 Running Cisco IOS Software Prior to 12.2(17)SX

More »