Audiocodes Mediant VE SBC only shows InternalIF OSN

After configuring Audiocodes’ VM based SBC in a single NIC state, a need come up where a WAN interface needed to be brought online. When attempting to set an IP to the interface group the following error was displayed:

nwDevTable_CrossValidateRow: Validation failed, the ethernet group (index 1) already contains the OSN interface. No other device can be configured on this group. MATRIX DeviceTable: Unable to Activate Line(1) since it is invalid

As we can see, the Ethernet Device Status shows InternalIF OSN is the only other available device.

IP Interface Status doesn’t show much help either:

An idea attempted was exporting the configuration ini file, adding the configuration entries for the second NIC, applying the changed configuration file and restarting appears to bring it up, but it still had a red state of down/unknown. (the WAN_DEV Ethernet Device was created in the config file)

The following steps were taken to get the Audiocodes VM to work:

  • Delete the logical Virtual Machine network interface
  • Restart the VM
  • Add a new NIC to the VM
  • Restart the VM

Once those steps were taken, the interface came up, and the IP was active!

How to deal with The target of the symbolic link doesn’t exist

The other day I came across a Hyper-V host server where an OS crash had occurred. A new OS install was made on the C: drive. After the rebuild, the D: drive’s VMs (VHDX’s etc.) were visible and appeared to be fully available, but when an attempt was made to import the existing VMs or even access the files, the following error message was displayed:

"The target of the symbolic link doesn't exist"

Trying to access the with Windows Explorer gave an Error 0x80070780: The File cannot be accessed by the system.

The following observations were made:

In Windows Explorer, the files appeared with the attributes “APL”, which stands for:

  • A = ARCHIVE
  • L = Reparse Points
  • P = Sparse File

The command attrib was attempted to remove the L and the P, but no avail:

An interesting note, Windows Explorer had “Reparse Points” and “Sparse File” attributes, but looking at Attrib, it saw the files as symbolic links. It threw me off, but looking at how Windows Explorer saw the file started me down the path of Deduplication.

Looking at https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/understand, we see that Windows Deduplication works with reparse points, so perhaps this data drive had deduplication turned on for data drive.

On that note, the Data Deduplication feature was installed, the server restarted, and YES!!! All the large files (VHDX, ISO, etc.) were available!!

To disable DeDuplication:

If DeDuplication is disabled, it doesn’t actually undo the work that was done, and if it is disabled, garbage cleanup commands can’t be run.

It’s VERY Important that Deduplication is left enabled, but leave the entire drive Excluded.

Once that’s done, run the following two commands (which will take quite a bit of time depending on how much data there is).

The unoptimise command:

Start-DedupJob -Volume  -Type Unoptimization

Check the status:

Get-DedupJob

Clean up the Garbage:

Start-DedupJob -Volume -Type GarbageCollection

Once both above commands are run, you can remove the deduplication role from the server.

Serious vulnerability in Cisco IOS

Jeremy Kirk at Databreach just wrote about a serious vulnerability found on nearly all of Cisco’s IOS devices (Including ASA’s). The vulnerability named Thangrycat requires a good amount of effort to patch the affected hardware, although at the moment, its saving grace is that the attach requires the  “local attacker” to be authenticated in order to write a modified firmware image to the component.

Not all gloom and doom, but a significant find!