Error Message: Failed to open a session for the virtual machine <Name>
Result Code: E_FAIL (0x80004005)
Component: ProgressProxy
Interface: IProgress {c20238e4-3221-4d3f-8891-81ce92d9f913}
VirtualBox
All posts tagged VirtualBox
Basically, there are two main options in configuring Check Point Cluster.
- High Availability (HA)
- Load Sharing
In order to configure Check Point with High Availability (HA) solution, we need to have two identical Check Point machine. Since everything is created in VirtualBox, creating another identical machine is so easy. Just right click on the machine that you wish to copy, and click Clone. You can also use the combination of Ctrl+O to clone it.
Now you already have two identical Check Point machine. Everything is copied exactly as a parent machine including IP Address. Therefore, the first thing you need to do is to change IP Address as it will cause IP conflict issue if both of them are located in the same network. Use sysconfig menu to change IP Address of the Check Point box. Please refer to the link below how to do it.
UPDATE – APRIL 20, 2012 How to change IP Address in Check Point firewall
Once everything is ready, follow the following steps in configuring Check Point Cluster with High Availability solution:
- Right click on Check Point
- Choose New Check Point
- Choose VPN-1 Pro/Express Cluster…
STATUS – April 18, 2012
Currently, I’m still reading the User Guide in figuring out what to do next. :).
I also discussed this matter in CPUG forum to get help from Check Point expert there.
I’ll update this post once I’ve knew what to do in completing HA setup in Check Point cluster
SIMILAR ISSUE
https://www.cpug.org/forums/installing-upgrading/938-clusterxl-win2003-splat.html
The topology is as follows:
Linux as a router
L
Windows Server 2003 as a router
| Ping test | IP Address from | Linux | Windows |
| Client to Router’s internal interface | 20.10 to 20.254 | Reply from 192.168.20.254: bytes=32 time<10ms TTL=64 | Reply from 192.168.20.254: bytes=32 time<10ms TTL=128 |
| Client to Router’s external interface | 20.10 to 30.254 | Reply from 192.168.30.254: bytes=32 time<10ms TTL=64 | Reply from 192.168.30.254: bytes=32 time<10ms TTL=128 |
| Client to Server | 20.10 to 30.10 | Reply from 192.168.30.10: bytes=32 time<10ms TTL=127 | Request timed out |
| Server to Router’s external interface | 30.10 to 30.254 | Reply from 192.168.30.254: bytes=32 time=10ms TTL=64 | Reply from 192.168.30.254: bytes=32 time<10ms TTL=128 |
| Server to Router’s internal interface | 30.10 to 20.254 | Reply from 192.168.20.254: bytes=32 time<10ms TTL=64 | Reply from 192.168.20.254: bytes=32 time<10ms TTL=128 |
| Server to Client | 30.10 to 20.10 | Reply from 192.168.20.10: bytes=32 time<10ms TTL=127 | Request timed out |
| C:\>tracert 192.168.30.10Tracing route to WIN2KSVR-01 [192.168.30.10]over a maximum of 30 hops:1 <10 ms <10 ms <10 ms 192.168.20.2542 <10 ms <10 ms <10 ms WIN2KSVR-01 [192.168.30.10]
Trace complete. C:\> |
C:\>tracert 192.168.30.10Tracing route to 192.168.30.10 over a maximum of 30 hops1 * * * Request timed out.2 * * * Request timed out.3 * * * Request timed out. | ||
| Routing | [cpmodule]# netstat -nrKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.20.254 0.0.0.0 UG 0 0 0 eth0 [cpmodule]# |
C:\>netstat -nrIPv4 Route Table==================================================================Interface List0x1 ……………………… MS TCP Loopback interface
0x10003 …08 00 27 07 88 b7 …… AMD PCNET Family PCI Ethernet Adapter 0x10004 …08 00 27 21 58 df …… AMD PCNET Family PCI Ethernet Adapter #3 ================================================================== ================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.20.0 255.255.255.0 192.168.20.254 192.168.20.254 20 192.168.20.254 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.20.255 255.255.255.255 192.168.20.254 192.168.20.254 20 192.168.30.0 255.255.255.0 192.168.30.254 192.168.30.254 20 192.168.30.254 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.30.255 255.255.255.255 192.168.30.254 192.168.30.254 20 224.0.0.0 240.0.0.0 192.168.20.254 192.168.20.254 20 224.0.0.0 240.0.0.0 192.168.30.254 192.168.30.254 20 255.255.255.255 255.255.255.255 192.168.20.254 192.168.20.254 1 255.255.255.255 255.255.255.255 192.168.30.254 192.168.30.254 1 =========================================================================== Persistent Routes: None |
SUMMARY
I’m not sure how come windows unable to route the ICMP traffic even though the route is there. Linux has no issue to route this traffic. Seems like we have a winner here J
UPDATE [Apr 9, 2012]
I’ve asked around at the following forum to get help on this issue.
Windows 2003 server can’t route network traffic?
http://forums.techarena.in/windows-server-help/1460989.htm
My IP Addressing in my lab is based on RFC1918.
To do that, go to File > Preferences or even better combination of Ctrl+G as a shortcut.
Then, you’ll be presented with the following VirtualBox – Settings menu.Click Network where we’ll change the network setting of our lab
Modify IP Address based on table below
| Windows | Linux | IPv4 Address | DHCP Server Address | Lower Address | Upper Address | |
| VirtualBox Host | Local Area Connection | eth0 | 192.168.56.1/24 | 192.168.56.100/24 | 192.168.56.101/24 | 192.168.56.110/24 |
| VirtualBox Host #2 | Local Area Connection2 | eth1 | 192.168.20.1/24 | 192.168.20.100/24 | 192.168.20.101/24 | 192.168.20.110/24 |
| VirtualBox Host #3 | Local Area Connection3 | eth2 | 192.168.30.1/24 | 192.168.30.100/24 | 192.168.30.101/24 | 192.168.30.110/24 |
This IP Addressing is only a guide. You can also use your own IP Address based on private ip address below.
| RFC1918 name | IP address range | number of addresses | classful description | largest CIDR block (subnet mask) | host id size |
|---|---|---|---|---|---|
| 24-bit block | 10.0.0.0 – 10.255.255.255 | 16,777,216 | single class A | 10.0.0.0/8 (255.0.0.0) | 24 bits |
| 20-bit block | 172.16.0.0 – 172.31.255.255 | 1,048,576 | 16 contiguous class Bs | 172.16.0.0/12 (255.240.0.0) | 20 bits |
| 16-bit block | 192.168.0.0 – 192.168.255.255 | 65,536 | 256 contiguous class Cs | 192.168.0.0/16 (255.255.0.0) | 16 bits |
REFERENCE
I’ve just installed and configured Microsoft ISA 2006 server in Windows Server 2003 in VirtualBox. The topology is as follow:
Installation of Windows Server 2003 and ISA Server 2006 are quite straight forward. If you have experience installing any Microsoft Operating system and know how to install software, you should not experience any issue here.
I’ve found a number of very good tutorial below even for beginner as screenshot is provided with explanation.
ISA Server 2006: Installing ISA 2006 Enterprise Edition (beta) in a Unihomed Workgroup Configuration
http://www.isaserver.org/tutorials/ISA-Server-2006-Installing-ISA-2006-Enterprise-Edition-beta-Unihomed-Workgroup-Configuration.htmlISA Firewall Quick Tip : Installing ISA Server 2006 Remotely
http://www.elmajdal.net/isaserver/installing_isa_server_2006_remotely.aspxStep by Step Guide Installing ISA 2006 Enterprise Edition Part 4
http://www.ahmedgroup.co.uk/articles/17/1/Step-by-Step-Guide-Installing-ISA-2006-Enterprise-Edition-Part-4/Page1.htmlGetting started with Microsoft ISA Server 2006, Part I: Installation
http://www.linglom.com/2007/12/28/getting-started-with-microsoft-isa-server-2006-part-i-installation/ISA Server 2006 Standard Edition Installation Guide
http://technet.microsoft.com/en-us/library/bb794856.aspx
Once the installation completed, I’ve performed ping test to both interfaces in ISA Server to make sure the client can communicate well with Windows Server 2003.
However, I was unable to ping them once ISA installation has completed. This is because ISA will block all ICMP traffic by default.
How to enable ping in ISA Server 2006?
I’ve found a good tutorial here written by Tarek Majdalani. It’s easy to understand with screenshot as well. Thanks Tarek 🙂
PROBLEM
Currently I’m able to ping from Client to internal interface of the ISA, but still having a problem to ping to the external.
Once the Microsoft Windows has been installed as a guest in VirtualBox, I always customize it as follows to make my job easier. I’ll explain in other post later why I configure it this way. Some of them have been explained in my earlier post.
Windows XP/7/Server 2003 and above
- Make sure the network setting for VirtualBox changed to Host-only Adapter as we need to operate this lab in isolate environment for security purposes
- Take snapshots and save as “Fresh Installation – Datee”
- Install VirtualBox Guest Addition
- Copy whoami to startup folder and execute it
Copytcpdump portable for windowsInstall WinDump, the Windows version of tcpdump- Enable Quick Edit Mode in cmd
- Add the Command Prompt to the Windows Explorer Right-Click Menu
- Show network icon in taskbar when connected
- Configure static IP Addresses for all network interfaces if it act as a router
- Take another snapshots (Host + T), and save as “Customized – Date”
Windows 2000
- Enable tab completion in Windows 2000
- Install Wireshark 1.2 for Windows 2000
- Install Nmap version 5.35DC1 or older for Windows 2000
- Copy WinDump into one of the executable path
Firewall/Router
- Enable at least 2 NIC
Linux
A Firewall Engineer 