Of ponies and network hardware
Aug. 16th, 2007 07:07 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
altivoFirst the good part. Asher is much better this evening. Evidently the additional medication and washing his hay have made a difference. The cough continues, but he's breathing normally again. He's still on hydroxyzine morning and evening, but also gets 2 ml of clenbutyrol (I think I spelled that right, it's an asthma medication) in syrup form morning and evening. He doesn't like it much, but he's so well behaved that it's not a problem yet. He's also supposed to get a small dose of dexamethasone (a steroid type anti-inflammatory) but only once a week because it can cause laminitis. We don't need that. If he stays this much improved on the other two drugs, we may be able to omit the dex. With any luck, by the time cold weather comes around we'll be able to stop soaking the hay. That's going to be a real problem in sub-zero weather.
Unlike Asher, I'm a wreck. I worked twice my normal day today trying to get the Watchguard thing to behave, and failed. On the advice of other Watchguard users, I upgraded the appliance software and the control software. This made it necessary to rebuild the entire configuration from scratch because they provide no means to translate the existing config file to the newer format. I checked and rechecked everything, but now we are worse off than we were before.
The IPSEC connection no longer activates at all, from either end. Neither end provides any helpful error messages either. The best I get is "SA deleted or negotiation failed." No shit, Sherlock. So how about telling me WHERE it failed? Or WHY? Or which end rejected the attempt?
Finally I convinced the network admin at the other end to let us run the link in the clear for a day or two until this can be resolved. Only then I find out that the primary application for which the link is needed will no longer run. It was working on the old version, but the new version is killing its connection because the "http/tcp header does not match content". This appears to be coming from the HTTP proxy, except I didn't activate an HTTP proxy. I don't want one, don't need one, and in any case, the application has nothing to do with web servers or browsing.
Although the upgrade instructions tell you to back up your configuration files and your hardware image (which of course I did, in two places) they give you not a clue on how to return to the previous configuration if the new one doesn't work properly. It appears not to be possible. The installation routine that would install the old image can no longer talk to the firmware in the box now that the new image is in place. Thanks, Watchguard. So we have a situation that is worse than it was before. The link that worked mostly on the old version but would go down unexpectedly without explanation no longer works at all.
I'm totally fed up with it. They're going to have to call in a specialist to make it work, if that's even possible.
Then to top it all off, I find a comment in Monday's post from a product manager at Watchguard, asking me to call him to discuss my complaints. So once you start giving them bad publicity, even in a really obscure place like a furry blog, they notice it. But when you try to pry information out of their support services, for which you pay substantial money each year, there's nothing forthcoming.
Unlike Asher, I'm a wreck. I worked twice my normal day today trying to get the Watchguard thing to behave, and failed. On the advice of other Watchguard users, I upgraded the appliance software and the control software. This made it necessary to rebuild the entire configuration from scratch because they provide no means to translate the existing config file to the newer format. I checked and rechecked everything, but now we are worse off than we were before.
The IPSEC connection no longer activates at all, from either end. Neither end provides any helpful error messages either. The best I get is "SA deleted or negotiation failed." No shit, Sherlock. So how about telling me WHERE it failed? Or WHY? Or which end rejected the attempt?
Finally I convinced the network admin at the other end to let us run the link in the clear for a day or two until this can be resolved. Only then I find out that the primary application for which the link is needed will no longer run. It was working on the old version, but the new version is killing its connection because the "http/tcp header does not match content". This appears to be coming from the HTTP proxy, except I didn't activate an HTTP proxy. I don't want one, don't need one, and in any case, the application has nothing to do with web servers or browsing.
Although the upgrade instructions tell you to back up your configuration files and your hardware image (which of course I did, in two places) they give you not a clue on how to return to the previous configuration if the new one doesn't work properly. It appears not to be possible. The installation routine that would install the old image can no longer talk to the firmware in the box now that the new image is in place. Thanks, Watchguard. So we have a situation that is worse than it was before. The link that worked mostly on the old version but would go down unexpectedly without explanation no longer works at all.
I'm totally fed up with it. They're going to have to call in a specialist to make it work, if that's even possible.
Then to top it all off, I find a comment in Monday's post from a product manager at Watchguard, asking me to call him to discuss my complaints. So once you start giving them bad publicity, even in a really obscure place like a furry blog, they notice it. But when you try to pry information out of their support services, for which you pay substantial money each year, there's nothing forthcoming.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-08-17 04:32 am (UTC)For what good it will do though.
As to that wonderful sounding hassle you're having I'm kind of glad I never became a network admin.
I'm sorry its been a bad day for you pony, I can only offer this bag of "Oaty treats" and this collection of shedded fur.
no subject
Date: 2007-08-17 05:18 am (UTC)no subject
Date: 2007-08-17 07:17 am (UTC)