Computers: June 2007 Archives

I needed to connect to one of my client's VPN networks today. They used some form of Microsoft VPN server - they could not tell me exactly what version...

Since I am running on a Mac, I tried to use the built-in VPN client from Internet Connect. Since this is a Microsoft VPN it would most probably be PPTP based and not L2TP. So I created a new connection and tried... No luck - I got an authentication error, even though my credentials were perfect.

To test the credentials were really correct, I connected using Windows XP. The system prompted me to change my password as this was the first time I logged in, which I did. After that I was logged in successfully.

So I tried logging in using the Mac VPN client again. This time it worked! So the lesson learnt here is that you have to log in at least once using a Microsoft client to reset your password, before you can use your Mac client.

Now I know...

In the Linux world one has netstat and fuser to figure out which PID has opened a given socket. In Mac OS X, netstat does not provide PID's and fuser is missing...

I found this interesting article on how to solve this dillema.

Basically you use the lsof utility that displays a list of open files (a socket is handled as a special file) and the owner PID's:

waldo@waldopcm waldo $ sudo lsof -i -P | grep 500
Password:
racoon 189 root 6u IPv4 0x9a92820 0t0 UDP 10.211.55.4:500
racoon 189 root 7u IPv4 0x8deb0d0 0t0 UDP 10.211.55.4:4500
racoon 189 root 8u IPv6 0x9a92270 0t0 UDP [fe80:8::21c:42ff:fe00:1]:500
racoon 189 root 9u IPv4 0x9a92410 0t0 UDP 10.37.129.3:500
racoon 189 root 10u IPv4 0x9a920d0 0t0 UDP 10.37.129.3:4500
racoon 189 root 11u IPv6 0xa0af380 0t0 UDP [fe80:7::21c:42ff:fe00:0]:500
racoon 189 root 12u IPv4 0xa0af520 0t0 UDP 169.254.108.92:500
racoon 189 root 13u IPv4 0x9a92c30 0t0 UDP 169.254.108.92:4500
racoon 189 root 14u IPv4 0x8deb4e0 0t0 UDP 192.168.0.72:500
racoon 189 root 15u IPv4 0xa0b5270 0t0 UDP 192.168.0.72:4500
racoon 189 root 16u IPv4 0x9a93790 0t0 UDP localhost:500
racoon 189 root 17u IPv4 0x9a924e0 0t0 UDP localhost:4500
racoon 189 root 18u IPv6 0x9a93040 0t0 UDP [fe80:1::1]:500
racoon 189 root 19u IPv6 0x8dece10 0t0 UDP localhost:500

In this case port 500 is a UDP port opened by process with PID 189.

It is then a trivial matter of finding the process's name:

waldo@waldopcm waldo $ ps auxp 189
root 189 0.0 -0.0 27680 328 ?? Ss Sat07PM 0:01.06 racoon

or you could simply determine the name from the first column in the output from lsof.

racoon is Mac OS X's IKE (ISAKMP/Oakley) key management daemon. This process interfered with my Cisco VPN.

Voila!

So yesterday I upgraded to 10.4.10 only to discover my Cisco VPN is not working anymore. It gives an Error 51... That was real bad since I have a client that I support using VPN.

I tried everything to revert to 10.4.9 but it is not that easy to roll back a service pack. Eventually I stumbled across an article on Parallel's forum indicating that my problem might be related to the fact that yesterday I also upgraded from 4124 to 4128...

I did the following to fix it:

1. Disabled the fw0 interface (this only fixed the Error 51 - it loaded VPN client but I could still not make a connection)
2. Uninstalled Cisco VPN
3. Uninstalled Parallel
4. Installed Cisco VPN
5. Rebooted
6. Started Cisco VPN and connected successfully to remote VPN site
7. *Whilst being connected to my remote client, I reinstalled Parallels.
8. Rebooted
9. Everything is working!

So a word of caution - never install two updates simultaneously.

My wife's Parallels broke today. For some reason it just died when starting up - no matter what mode we tried to start Windows XP in. We tried repairing Windows XP by means of the installation CD, but this caused even weirder errors.

So I ran a Disk Repair and Permissions Repair - neither working.

I then decided I am going to try and upgrade the disk image to the latest Parallels - 3.0. Well, whilst copying the .hdd file this happened:

karin-nells-computer:~/Library/Parallels/winxp karin$ cp winxp.hdd winxp_backup.hdd
cp: winxp.hdd: Input/output error

Hmmm.... Bad sector? So my mission started to find a utility that can (a) find bad sectors, and (b) relocate them. This was necessary since both Finder as well as cp failed with an IO error.

I looked at TechTool Pro 4, but alas, just as I was about to purchase it I discovered it is only available as a shipping product - not a download. Bummer.

Next I looked at DiskWarrior - this seemed like it could do the job so I paid $115 for it, and downloaded it. Running it on my laptop with the iMac in firewire target disk mode, I rebuilt the directory structures but it did not fix anything. Damn - $115 wasted.

(PS: I needed to recover her Parallels image since all our accounting information is stored in QuickBooks for Windows).

I found a trial of Drive Genius - and ran the surface scan. About 1/3 way through the disk it started picking up some bad sectors - so at least now I confirmed this. But it cannot do anything with those bad sectors. By now I was getting desperate.

I googled some more (this is now after about 10 hours on/off searching for solutions) and found a solution. A free solution too!

The idea is simple - I want to copy the Parallels disk image to a new area on the hard drive where there are no bad sectors, and I am willing to sacrifice the couple of bad blocks causing all this trouble. So by using

dd if=winxp.hdd of=winxp_copy.hdd conv=noerror,sync

I managed to copy the file with 10 bad blocks filled with NUL bytes - a fair compromise.

PS: dd is a standard Unix utility for copying raw data blocks.

I started up Parallels - ran through the automatic NTFS check at startup and only lost 10 files - all which are replaceable.