FW-1  

MetaIP Support Tips

Most Recent Version: NG FP2 (as of: 10/22/2002)

Questions:

1) How do I integrate MetaIP with FW-1 version 4.1?
2) I get "Unknown IP Address" in my FW-1 log.
3) I have 4.1 sp2 and I can't install the UAT on the PDC/BDC (no domain controller found).
4) DHCP server fails to start with 1066 1 error.
5) How do I backup and restore my configuration?
6) How do I reindex the LDAP database?

Answers:

1) How do I integrate MetaIP with FW-1 version 4.1?
    1) Install MetaIP suite on dedicated box "A" and reboot.
    2) Run UAT setup on box "A".  This will install a UAT service on any and all PDC/BDCs (box "B") and reboot them.
    3) Run fwuam.exe on the firewall (box "C").  This will install necessary registry hacks.
    4) Configure rule on the firewall to look like:
Source Destination Service Action Track
Users@src* dst_object Any Client_Auth** Long

*you will need to create user accounts on FW-1 OR create "generic*" account!
**Edit/Properties, choose the Single Sign On property.

2) I get "Unknown IP Address" in my FW-1 log.
The user didn't log into the Domain Controller or the P/BDC does not have a UAT service running.

3) I have 4.1 sp2 and I can't install the UAT on the PDC/BDC.
    You get "no domain controller found."  You must force the installation by running the installation command-line:
C:\MetaIP\Inet> setup /force /user:username /pass:password /UAM:server  \\PDC,BDC

4) DHCP server fails to start with 1066 1 error.
    You made updates to your configuration and leases, but did not update the server.  Right click on the server name and choose "update and restart".

5) How do I backup and restore my configuration?
     Back up the ..\MetaIP\LDAP\Data directory.  This directory should be full of files ending in .dbb, which are you LDAP database files.  If you get any errors copying files, make sure you stop the MetaIP LDAP service (this may also entail stopping the MetaIP Manager service), and try again.
     To restore, perform the reverse operation.  Stop the above services, wipe the Data directory, and add your own dbb files into the directory.  Restart the services.  Once things are up, perform an "Update and Restart" on all services (DNS, DHCP...).  This will write the database info into the "hard" files kept by those services.

6) How do I reindex the LDAP database?
   On the command line, type:

metaip/ldap/reindex.cmd

When you re-index look for errors (like corrupt zones and scopes).  MetaIP will print them out on the DOS screen.  The NT Event Viewer sometimes has useful info about MetaIP (not great but at least look at it after migration also check event viewer on old box).

Home | Services | Training | Support | Contact Us | Search

Copyright 2006, Security Evolution, Inc.