Of ponies and network hardware
Aug. 16th, 2007 07:07 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
altivoFirst the good part. Asher is much better this evening. Evidently the additional medication and washing his hay have made a difference. The cough continues, but he's breathing normally again. He's still on hydroxyzine morning and evening, but also gets 2 ml of clenbutyrol (I think I spelled that right, it's an asthma medication) in syrup form morning and evening. He doesn't like it much, but he's so well behaved that it's not a problem yet. He's also supposed to get a small dose of dexamethasone (a steroid type anti-inflammatory) but only once a week because it can cause laminitis. We don't need that. If he stays this much improved on the other two drugs, we may be able to omit the dex. With any luck, by the time cold weather comes around we'll be able to stop soaking the hay. That's going to be a real problem in sub-zero weather.
Unlike Asher, I'm a wreck. I worked twice my normal day today trying to get the Watchguard thing to behave, and failed. On the advice of other Watchguard users, I upgraded the appliance software and the control software. This made it necessary to rebuild the entire configuration from scratch because they provide no means to translate the existing config file to the newer format. I checked and rechecked everything, but now we are worse off than we were before.
The IPSEC connection no longer activates at all, from either end. Neither end provides any helpful error messages either. The best I get is "SA deleted or negotiation failed." No shit, Sherlock. So how about telling me WHERE it failed? Or WHY? Or which end rejected the attempt?
Finally I convinced the network admin at the other end to let us run the link in the clear for a day or two until this can be resolved. Only then I find out that the primary application for which the link is needed will no longer run. It was working on the old version, but the new version is killing its connection because the "http/tcp header does not match content". This appears to be coming from the HTTP proxy, except I didn't activate an HTTP proxy. I don't want one, don't need one, and in any case, the application has nothing to do with web servers or browsing.
Although the upgrade instructions tell you to back up your configuration files and your hardware image (which of course I did, in two places) they give you not a clue on how to return to the previous configuration if the new one doesn't work properly. It appears not to be possible. The installation routine that would install the old image can no longer talk to the firmware in the box now that the new image is in place. Thanks, Watchguard. So we have a situation that is worse than it was before. The link that worked mostly on the old version but would go down unexpectedly without explanation no longer works at all.
I'm totally fed up with it. They're going to have to call in a specialist to make it work, if that's even possible.
Then to top it all off, I find a comment in Monday's post from a product manager at Watchguard, asking me to call him to discuss my complaints. So once you start giving them bad publicity, even in a really obscure place like a furry blog, they notice it. But when you try to pry information out of their support services, for which you pay substantial money each year, there's nothing forthcoming.
Unlike Asher, I'm a wreck. I worked twice my normal day today trying to get the Watchguard thing to behave, and failed. On the advice of other Watchguard users, I upgraded the appliance software and the control software. This made it necessary to rebuild the entire configuration from scratch because they provide no means to translate the existing config file to the newer format. I checked and rechecked everything, but now we are worse off than we were before.
The IPSEC connection no longer activates at all, from either end. Neither end provides any helpful error messages either. The best I get is "SA deleted or negotiation failed." No shit, Sherlock. So how about telling me WHERE it failed? Or WHY? Or which end rejected the attempt?
Finally I convinced the network admin at the other end to let us run the link in the clear for a day or two until this can be resolved. Only then I find out that the primary application for which the link is needed will no longer run. It was working on the old version, but the new version is killing its connection because the "http/tcp header does not match content". This appears to be coming from the HTTP proxy, except I didn't activate an HTTP proxy. I don't want one, don't need one, and in any case, the application has nothing to do with web servers or browsing.
Although the upgrade instructions tell you to back up your configuration files and your hardware image (which of course I did, in two places) they give you not a clue on how to return to the previous configuration if the new one doesn't work properly. It appears not to be possible. The installation routine that would install the old image can no longer talk to the firmware in the box now that the new image is in place. Thanks, Watchguard. So we have a situation that is worse than it was before. The link that worked mostly on the old version but would go down unexpectedly without explanation no longer works at all.
I'm totally fed up with it. They're going to have to call in a specialist to make it work, if that's even possible.
Then to top it all off, I find a comment in Monday's post from a product manager at Watchguard, asking me to call him to discuss my complaints. So once you start giving them bad publicity, even in a really obscure place like a furry blog, they notice it. But when you try to pry information out of their support services, for which you pay substantial money each year, there's nothing forthcoming.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-08-17 12:56 am (UTC)no subject
Date: 2007-08-17 02:02 am (UTC)The
no subject
Date: 2007-08-17 02:18 am (UTC)/dev/mapperis a component of the Logical Volume Manager (LVM), and is often used for configuring DM-Crypt, a filesystem encryption mechanism.no subject
Date: 2007-08-17 02:19 am (UTC)no subject
Date: 2007-08-17 02:25 am (UTC)no subject
Date: 2007-08-17 02:27 am (UTC)I checked. No /dev/mapper on my system, and you confirm it because I don't use LVM and certainly don't use filesystem encryption.
no subject
Date: 2007-08-17 04:28 am (UTC)no subject
Date: 2007-08-17 04:32 am (UTC)For what good it will do though.
As to that wonderful sounding hassle you're having I'm kind of glad I never became a network admin.
I'm sorry its been a bad day for you pony, I can only offer this bag of "Oaty treats" and this collection of shedded fur.
no subject
Date: 2007-08-17 05:18 am (UTC)no subject
Date: 2007-08-17 07:17 am (UTC)no subject
Date: 2007-08-17 10:51 am (UTC)Maybe I should blog about some of the other companies that I think are just as bad or worse: Microsoft, TrippLite, APC, Sirsi/Dynix...
no subject
Date: 2007-08-17 11:00 am (UTC)Well if they're anything like the place where my housemate works they use front line staff to buffer the complaints. But they're middle manager heavy and each tries to do things to justify their existance in the company. Hence a lot undertake management fads, and pretending to "listen to the client to help improve future products" sounds just like something they'd pull.
no subject
Date: 2007-08-17 11:01 am (UTC)no subject
Date: 2007-08-17 11:36 am (UTC)no subject
Date: 2007-08-17 11:45 am (UTC)no subject
Date: 2007-08-17 01:04 pm (UTC)no subject
Date: 2007-08-17 02:58 pm (UTC)I wonder how they ended up finding your blog in the first place?
That's just weird.
Crap UPSes
Date: 2007-08-17 03:22 pm (UTC)TrippLite makes slightly better hardware in my experience, but they lie in their specs and advertising. For instance, they say the product is "Linux compatible" but it really isn't. They have Linux control and automated shutdown software, but it only works with RedHat version 6 (that's a long time out of date) and they aren't updating it. So the units are Linux compatible only in the sense that a Linux machine will still run if plugged into one. No automated shutdown is possible unless you have a Windows machine also connected, to trigger a remote shutdown command over the network. I complained loudly about this and was told "Tough." They have no intention of changing anything, and their control interface is "proprietary" so they won't release any information to let anyone else write control software. It has to be reverse engineered.
CyberPower is just cheap and cheesy. Their software is Windows only and not even good there. For one thing they deny that it tries to connect to the internet, but it does so. Every firewall we've used has detected it trying. No, it's not set to e-mail if the power goes off or anything. It tries to "phone home" every ten minutes while running. That means you can't have an internect connection on "auto-connect" in Windows XP because it will keep dialing out even if you aren't using the computer.
no subject
Date: 2007-08-17 03:28 pm (UTC)no subject
Date: 2007-08-17 03:30 pm (UTC)Last time I accepted an invitation like that, it did no good at all. They just offered to buy back the product, not to fix it or even do better in the future.
no subject
Date: 2007-08-17 04:33 pm (UTC)Around the time of my eye surgery, someone I didn't know friended me for his journal that was to document surgical experiences. Somehow he was able to search through the text in my posts and found the one's I'd made about the surgery. He never did respond to my emails asking how he found me.
no subject
Date: 2007-08-17 08:43 pm (UTC)no subject
Date: 2007-08-17 08:46 pm (UTC)I had written instructions from this same tech guy, but he omitted that particular setting so I had assumed the default was correct. It wasn't.